System and method of protecting files from unauthorized modification or deletion

US 8,239,674 B2
Filed: 06/22/2007
Issued: 08/07/2012
Est. Priority Date: 11/21/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a write request for a file;

creating a first version of a temporary file associated with the file in response to the write request in order to verify that the temporary file can be created, the first version of the temporary file having a setting to restrict write access to only a component that created the first version of the temporary file;

closing the first version of the temporary file to enable a component that initiated the write request to access a second version of the temporary file;

authenticating modifications to the second version of the temporary file after data has been written to the second version of temporary file by the component that initiated the write request; and

concurrently updating the file and a backup file with data from the second version of temporary file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the invention, a method comprises receiving a write request for a file. A temporary file associated with the file is created in response to the write request. A write-lock is applied to the temporary file, namely the file includes a setting that restricts write access to only a component that created or opens the temporary file. Thereafter, the temporary file is closed to disable the write-lock and to enable a component that initiated the write request to access the temporary file.

Citations

16 Claims

1. A method comprising:
- receiving a write request for a file;
  
  creating a first version of a temporary file associated with the file in response to the write request in order to verify that the temporary file can be created, the first version of the temporary file having a setting to restrict write access to only a component that created the first version of the temporary file;
  
  closing the first version of the temporary file to enable a component that initiated the write request to access a second version of the temporary file;
  
  authenticating modifications to the second version of the temporary file after data has been written to the second version of temporary file by the component that initiated the write request; and
  
  concurrently updating the file and a backup file with data from the second version of temporary file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising receiving authentication data when the second version of the temporary file is opened by the component that initiated the write request.
  - 3. The method of claim 2 further comprising receiving notification that data has been written to the second version of the temporary file.
  - 4. The method of claim 3 further comprising:
    - reading the data written to the second version of the temporary file;
      
      generating a write data value based on the data written to the second version of the temporary file; and
      
      comparing the write data value with the authentication data.
  - 5. The method of claim 4 further comprising updating the file with the write data if a match is detected between the write data value and the authentication data.
  - 6. The method of claim 5 further comprisingsending a notification to the component that a successful write operation has been conducted;
    - receiving signaling that no further write requests are targeted for the file; and
      
      closing the second version of the temporary file.
  - 7. The method of claim 1 further comprising:
    - receiving a read request for the file;
      
      creating a second temporary file with write access allowed exclusively for a security agent responsible for controlling secured access to data;
      
      writing data from a data backup component of the security agent to the second temporary file, the data backup component including the data that corresponds to data currently in the file; and
      
      opening the second temporary file with read access to read the data.
  - 8. The method of claim 7 further comprising closing the second temporary file after the data has been read.
  - 9. The method of claim 1, wherein the receiving of the write request includes receiving a command including a password and a filename, the password being information used to authentication origination of subsequent commands before creating the temporary file.

10. Software stored in a non-transitory machine-readable medium of a computing device and, when executed, protect both static and dynamic files stored within the computing device from unauthorized modification or deletion, the software comprising:
- a communication component adapted to control communications with and receive a Write command associated with a file from a program; and
  
  a security agent operating as an intermediary between the program and an operating system of the computing device, the security agent to receive the Write command, to create a first version of a temporary file associated with the file, the first temporary file is created with file-sharing settings that restrict write access of the first temporary file by only the security agent, to close the first version of the temporary file to enable access to a second version of the temporary file, to authenticate modifications to the second version of the temporary file after data has been written to the second version of the temporary file in response to the Write command, and to concurrently update the file and a backup file with data written to the second version of the temporary file.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The software of claim 10 wherein the security agent creates the first temporary file that also precludes a write or read access to the first temporary file by any component other than the security agent.
  - 12. The software of claim 10 wherein the security agent to notify the program that the Write command cannot be fulfilled if the security agent cannot create the first temporary file.
  - 13. The software of claim 10 wherein the security agent to receive a Read command and to initiate an operation to create a second temporary file to obtain data written to the first temporary file during the Write command.
  - 14. The software of claim 10 further comprising a command handler component to parse the Write command and return a status of operation message that includes a result value to identify whether the Write command was processed correctly.

15. A computing device, comprising:
- a processor;
  
  a hard disk drive to store an operating system; and
  
  a security agent stored within the hard disk drive, the security agent operating as an intermediary between a component of the computing device and the operating system, the security agent to create and use temporary files associated with a file to be modified in order to protect the file from unauthorized modification or deletion, the security agent to (i) create a first version of a temporary file in response to a Write command from the component of the computing device, the first temporary file having a setting to restrict write access to only a component that created or opens the first version of the temporary file, (ii) closing the first version of the temporary file to enable the component to access a second version of the temporary file, and (iii) authenticate modifications of the second version of the temporary file after data has been written to the second version of the temporary file by the component of the computing device; and
  
  concurrently updating the file and a backup file with the data from the second version of the temporary file.
- View Dependent Claims (16)
- - 16. The computing device of claim 15 wherein the security agent to create a second temporary file in response to a Read command from the component, the second temporary file having a setting to deny write access and allow read access of the second temporary file by a plurality of components within the computing device including the component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Lee, Charles, Hall, David N. Jr.
Primary Examiner(s)
Lanier, Benjamin

Application Number

US11/821,165
Publication Number

US 20080120727A1
Time in Patent Office

1,873 Days
Field of Search

713165-167, 726 26- 30
US Class Current

713/165
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2147 Locking files

System and method of protecting files from unauthorized modification or deletion

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of protecting files from unauthorized modification or deletion

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links