Method and apparatus for providing access to files based on user identity
First Claim
1. A method of providing a file system, the method comprising:
- in a data storage device operatively coupled to a host device, performing;
commencing authentication of a user to determine access rights of the user to data stored at the data storage device;
in response to the user not being authenticated as having access rights other than public access rights to the data stored at the data storage device, providing to the host device a third file system, contents of the third file system being restricted to files authorized by the public access rights; and
in response to the user being authenticated as having access rights other than public access rights to the data stored at the data storage device, determining whether the user is authenticated as a device owner, wherein;
in response to the user being authenticated as the device owner, providing to the host device a first file system, the first file system being a native file system of the data storage device, andin response to the user not being authenticated as the device owner, providing to the host device a second file system, the second file system being restricted to files that the user is authenticated as being authorized to access.
2 Assignments
0 Petitions
Accused Products
Abstract
A storage device provides a file system to a host based on the access rights of a user determined during authentication. If the authentication does not succeed, the storage device provides to the user a file system restricted to files authorized by public access rights. If the authentication does succeed, and the user is a device owner, the storage device provides to the user the native file system. If the authentication succeeds, and the user is not a device owner, the storage device provides a file system that is restricted to files that the given user is authorized to access. Due to the internal nature of the mechanism for safeguarding files, this security measure cannot be circumvented by simply connecting the storage device to another host that does not respect the permission rules of the file system.
-
Citations
21 Claims
-
1. A method of providing a file system, the method comprising:
in a data storage device operatively coupled to a host device, performing; commencing authentication of a user to determine access rights of the user to data stored at the data storage device; in response to the user not being authenticated as having access rights other than public access rights to the data stored at the data storage device, providing to the host device a third file system, contents of the third file system being restricted to files authorized by the public access rights; and in response to the user being authenticated as having access rights other than public access rights to the data stored at the data storage device, determining whether the user is authenticated as a device owner, wherein; in response to the user being authenticated as the device owner, providing to the host device a first file system, the first file system being a native file system of the data storage device, and in response to the user not being authenticated as the device owner, providing to the host device a second file system, the second file system being restricted to files that the user is authenticated as being authorized to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A storage device, comprising:
-
a first memory module operative to store a first file system, the first file system being a native file system of the storage device and being of a first file system type; a second memory module operative to store generated data; an authentication module operative to authenticate a user; and a controller operative to activate the authentication module and, in response to the user being authenticated as a device owner, to provide access to the first file system, and in response to the user not being authenticated as the device owner, to generate a second file system of the first file system type, wherein, depending on the authentication of the user as determined by the authentication module, a subset of files included in the first file system are included in the second file system and the second file system is stored in the second memory module. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A data storage device comprising:
-
a first memory module; a second memory module; an authentication module; and a controller, wherein the controller includes; a first interface operative to communicate with a host device while the data storage device is operatively coupled to the host device; a second interface configured to communicate with the first memory module, the authentication module, and the second memory module, the first memory module being operative to store a first file system, the first file system being a native file system of the data storage device and having a first file system type, the authentication module being operative to determine the identity of a user, and the second memory module being operative to store generated data; and logic operative to activate the authentication module and, in response to the user being authenticated as a device owner, to provide to the user access to the first file system, and in response to the user not being authenticated as the device owner, to generate a second file system having the first file system type and including a subset of files included in the first file system according to access rights of the user and to provide to the user access to the second file system. - View Dependent Claims (18, 19, 20, 21)
-
Specification