System and method for data storage firewall on data storage unit
First Claim
1. A file storage unit for storing data files via an external file interface, said external file interface accessible to a directly attached external unit said file storage unit comprising:
- a physical file storage for storing files homogenously on at least part of said physical file storage;
said external file interface for direct access of said external unit supporting sector level commands for direct-attached storage;
a storage firewall located in between said physical file storage and said external file interface containing sector level rules associated with respective files having a file access restriction for allowing or blocking sector level requests between said external file interface and said at least part of physical file storage for storing files homogenously;
a policy mode indicator containing a policy mode for altering said sector level rules of said storage firewall whereby said file storage unit autonomously allows or blocks access to said files having file access restriction from said directly attached external unit according to said sector level rules associated with said files having a file access restriction and said policy mode of said policy mode unit.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method is introduced for implementing a storage firewall for protecting files when a storage device connects to a digital appliance. A storage device may connect to a number of appliances and is therefore at risk of getting infected with viruses and other malware risking subsequent transfer of these infections to other appliances. The storage device is further at risk of leaking sensitive information or loosing critical information. The storage firewall protects data on a storage device that connects to a digital appliance in various manners using a standard, unencrypted partition and a standard file system. Protected and unprotected files may reside homogeneously on the file system of the storage device. Using the storage firewall, files on digital appliance may be protected from infected files residing on storage device connected to digital appliance. No application is required to be activated on digital appliance when storage device connects to digital appliance. Protection is activated by default and carried out by storage device.
12 Citations
17 Claims
-
1. A file storage unit for storing data files via an external file interface, said external file interface accessible to a directly attached external unit said file storage unit comprising:
-
a physical file storage for storing files homogenously on at least part of said physical file storage; said external file interface for direct access of said external unit supporting sector level commands for direct-attached storage; a storage firewall located in between said physical file storage and said external file interface containing sector level rules associated with respective files having a file access restriction for allowing or blocking sector level requests between said external file interface and said at least part of physical file storage for storing files homogenously; a policy mode indicator containing a policy mode for altering said sector level rules of said storage firewall whereby said file storage unit autonomously allows or blocks access to said files having file access restriction from said directly attached external unit according to said sector level rules associated with said files having a file access restriction and said policy mode of said policy mode unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of protecting files stored on a file storage unit, some of which have restricted access conditions, from a directly attached external device configured for accessing files stored on said file storage unit through an external file interface using sector level commands for direct-attached storage the method comprising:
-
a. storing said files homogenously on sectors within a single partition of said file storage unit, b. identifying permissions of said homogeneously stored files as either unrestricted files or restricted access files, c. identifying permissions for sectors associated with said restricted access files according to said identified file permissions, d. calculating permissions for requested sector internally within said file storage unit using said identified permissions of said sector and a current policy mode, e. allowing full accessibility functionality for sectors of said unrestricted files, whilst restricting accessibility functionality to sectors of said restricted files according to said internally calculated permissions of said sectors associated with said stored restricted access files. - View Dependent Claims (9, 10, 11, 12, 16, 17)
-
-
13. A file storage device for storing files in sectors for subsequent access through an external file interface said file interface accessible to a digital appliance directly attached to said file storage device, the device comprising:
said externally accessible interface by said directly attached digital appliance for direct access of said files through sector level commands to support direct-attached storage, and an internal inaccessible interface located above said sector level access to limit access to certain files according to an indication of sector level rules for said stored sectors associated with a respective file of a file access restriction, and an internal policy mode indicator containing a policy mode for internally altering access restrictions as indicated by said indication of said sector level rules associated with a respective file of a file access restriction in respect to said policy mode whereby said digital appliance accesses said stored files on directly attached said storage device according to said indication of sector level rules associated with respective said stored files in respect to said policy mode. - View Dependent Claims (14, 15)
Specification