System and method for controlling access to decrypted data
First Claim
1. A method for accessing a protected file system, comprising:
- receiving a passphrase and salt;
generating a decryption key using the passphrase and salt;
decrypting an access control list (ACL) using the decryption key to obtain one or more ACL process names and one or more ACL process file checksums;
storing an access table, the access table including the one or more ACL process names, one or more ACL process identifications, and the one or more ACL process file checksums;
receiving a request from a requesting process to access the file system, the request including a requesting process identification and a requesting process name;
checking the requesting process name for a corresponding ACL process name in the access table; and
(i) allowing the requesting process access to the file system if the requesting process name matches a corresponding ACL process name and the requesting process identification matches a corresponding ACL process identification;
or(ii) allowing the requesting process access to the file system if the requesting process identification does not match a corresponding ACL process identification but a calculated process file checksum matches a corresponding ACL process file checksum and storing the requesting process identification that did not match in the access table.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for accessing a protected file system includes receiving a request from a process to access the file system, the request including a requesting process identification and a requesting process name; decrypting an ACL to obtain ACL process names, ACL process identifications, and ACL process file checksums; allowing the process access to the file system if the requesting process name matches a corresponding ACL process name and the requesting process identification matches a corresponding ACL process identification; or allowing the process access to the file system if the requesting process identification does not match a corresponding ACL process identification but a calculated process file checksum matches a corresponding ACL process file checksum. In one embodiment, the ACL information can be stored in a key ring.
-
Citations
20 Claims
-
1. A method for accessing a protected file system, comprising:
-
receiving a passphrase and salt; generating a decryption key using the passphrase and salt; decrypting an access control list (ACL) using the decryption key to obtain one or more ACL process names and one or more ACL process file checksums; storing an access table, the access table including the one or more ACL process names, one or more ACL process identifications, and the one or more ACL process file checksums; receiving a request from a requesting process to access the file system, the request including a requesting process identification and a requesting process name; checking the requesting process name for a corresponding ACL process name in the access table; and (i) allowing the requesting process access to the file system if the requesting process name matches a corresponding ACL process name and the requesting process identification matches a corresponding ACL process identification;
or(ii) allowing the requesting process access to the file system if the requesting process identification does not match a corresponding ACL process identification but a calculated process file checksum matches a corresponding ACL process file checksum and storing the requesting process identification that did not match in the access table. - View Dependent Claims (2, 3, 4, 7, 8, 9, 10)
-
-
5. A system, comprising:
a network; a server coupled to the network, the server including an encrypted file system and an encrypted access control list, the server further comprising; a processor; a non-transitory computer readable medium storing a set of instructions executable by the processor to; receive a passphrase and a salt; generate a decryption key using the passphrase and salt; decrypt the encrypted access control list (ACL) using the decryption key to obtain one or more ACL process names and one or more ACL process file checksums; store an access table, the access table including the one or more ACL process names, one or more ACL process identifications, and the one or more ACL process file checksums; receive a request from a requesting process to access the file system, the request including a requesting process identification and a requesting process name; check the requesting process name for a corresponding ACL process name in the access table; and (i) allow the requesting process access to the file system if the requesting process name matches a corresponding ACL process name and the requesting process identification matches a corresponding ACL process identification;
or(ii) allow the requesting process access to the file system if the requesting process identification does not match a corresponding ACL process identification but a calculated process file checksum matches a corresponding ACL process file checksum and store the requesting process identification that did not match in the access table. - View Dependent Claims (6, 11, 12, 13)
-
14. A computer program product comprising a non-transitory computer readable medium storing a set of computer instructions, the set of computer instructions executable by a processor to perform a method comprising:
-
accessing an encrypted access control list (ACL); receiving a passphrase and a salt; generating a decryption key using the passphrase and salt; decrypting the access control list (ACL) using the decryption key to obtain one or more ACL process names and one or more ACL process file checksums; storing an access table, the access table including the one or more ACL process names, one or more ACL process identifications, and the one or more ACL process file checksums; receiving a request from a process to access the encrypted file system, the request including a requesting process identification and a requesting process name; checking the requesting process name for a corresponding ACL process name in the access table; and (i) allowing the requesting process access to the file system if the requesting process name matches a corresponding ACL process name and the requesting process identification matches a corresponding ACL process identification;
or(ii) allowing the requesting process access to the file system if the requesting process identification does not match a corresponding ACL process identification but a calculated process file checksum matches a corresponding ACL process file checksum and storing the requesting process identification that did not match in the access table. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification