Controlling access to an NFS share

US 8,874,907 B1
Filed: 09/28/2007
Issued: 10/28/2014
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to data that is accessible via a Network File System (NFS) protocol, the method comprising:

utilizing a computer to perform;

receiving a request from a client program to gain access to the data;

authenticating the client program;

creating a mount point which comprises the data, wherein said creating the mount point comprises;

creating at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value;

creating a path for the mount point which incorporates the at least one cryptographic value, wherein said creating the path comprises creating a first path to the mount point incorporating the first cryptographic value, and;

creating the mount point at the path, wherein the mount point is useable to access the data in a secure manner;

receiving a mount request from the client program to mount the path;

accepting the mount request from the client program;

locking the mount for use only by the client program;

receiving a request to unmount the mount point using a second path which incorporates the second cryptographic value; and

performing the unmount on the mount point using the first path which incorporates the first cryptographic value.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing authentication of users accessing an NFS shared file system. A shared secret is used as a component of the mount point used to access the NFS share. Upon receiving a request to access to the data in the NFS share, the process creates at least one cryptographic value and then creates a path to the mount point which incorporates the cryptographic value. The process then creates the mount point at the path, e.g., /PATH:k1, where k1 is the cryptographic value. Creation of the mount point is preferably performed using NFS protocol semantics, without requiring any changes to the NFS protocol semantics. A second cryptographic value, k2, may be used for unmounting the mount point.

15 Citations

View as Search Results

12 Claims

1. A method for controlling access to data that is accessible via a Network File System (NFS) protocol, the method comprising:
- utilizing a computer to perform;
  
  receiving a request from a client program to gain access to the data;
  
  authenticating the client program;
  
  creating a mount point which comprises the data, wherein said creating the mount point comprises;
  
  creating at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value;
  
  creating a path for the mount point which incorporates the at least one cryptographic value, wherein said creating the path comprises creating a first path to the mount point incorporating the first cryptographic value, and;
  
  creating the mount point at the path, wherein the mount point is useable to access the data in a secure manner;
  
  receiving a mount request from the client program to mount the path;
  
  accepting the mount request from the client program;
  
  locking the mount for use only by the client program;
  
  receiving a request to unmount the mount point using a second path which incorporates the second cryptographic value; and
  
  performing the unmount on the mount point using the first path which incorporates the first cryptographic value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1,wherein said creating the mount point which comprises the data further comprises:
    - providing the at least one cryptographic value to a server process over a secure channel;
      
      providing the at least one cryptographic value to a second process over a secure channel, wherein the second process is controlled by the server process;
      
      wherein the second process performs said creating the mount point which comprises the data.
  - 3. The method of claim 1, further comprising:
    - receiving an unmount request from the client program to unmount the path after said locking; and
      
      destroying the mount point based on the unmount request.
  - 4. The method of claim 1,wherein said creating the mount point which comprises the data is performed using NFS protocol semantics.
  - 5. The method of claim 1,wherein the data comprises a backup catalog and backup images maintained by backup software in a Network File System shared memory, wherein the backup catalog and backup images are created in response to backing up of files in the Network File System shared memory.
  - 6. The method of claim 1,wherein said creating at least one cryptographic value comprises creating a value k1;
    - wherein said creating the path to the mount point comprises creating a path having a form /PATH;
      
      k1.

7. A non-transitory computer readable memory medium storing program instructions for controlling access to data that accessible via a Network File System (NFS) protocol, wherein the program instructions are executable to:
- receive a request from a client program to gain access to the data;
  
  authenticate the client program;
  
  create a mount point which comprises the data, wherein in creation of the mount point, the program instructions are executable to;
  
  create at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value;
  
  create a path for the mount point which incorporates the at least one cryptographic value, wherein to create the path, the program instructions are executable to create a first path to the mount point incorporating the first cryptographic value, and;
  
  create the mount point at the path, wherein the mount point is useable to access the data in a secure manner;
  
  receive a mount request from the client program to mount the path;
  
  accept the mount request from the client program;
  
  lock the mount for use only by the client program;
  
  receive a request to unmount the mount point using a second path which incorporates the second cryptographic value; and
  
  perform the unmount on the mount point using the first path which incorporates the first cryptographic value.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable memory medium of claim 7,wherein in creation of the mount point comprising the data, the program instructions are further executable to:
    - provide the at least one cryptographic value to a server process over a secure channel;
      
      provide the at least one cryptographic value to a second process over a secure channel, wherein the second process is controlled by the server process;
      
      wherein the second process creates the mount point which comprises the data.
  - 9. The non-transitory computer readable memory medium of claim 7, wherein the program instructions are further executable to:
    - receive an unmount request from the client program to unmount the path after said locking; and
      
      destroy the mount point based on the unmount request.
  - 10. The non-transitory computer readable memory medium of claim 7,wherein said creating the mount point which comprises the data is performed using NFS protocol semantics.
  - 11. The non-transitory computer readable memory medium of claim 7,wherein the data comprises a backup catalog and backup images maintained by backup software in a Network File System shared memory, wherein the backup catalog and backup images are created in response to backing up of files in the Network File System shared memory.
  - 12. The non-transitory computer readable memory medium of claim 7,wherein said creating at least one cryptographic value comprises creating a value k1;
    - wherein said creating the path to the mount point comprises creating a path having a form /PATH;
      
      k1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veritas Technologies, LLC (Whitehouse Group Ltd.)
Original Assignee
Symantec Operating Corporation (NortonLifeLock Inc.)
Inventors
Browning, William, Wu, Weibao, Zhang, Xianbo, Christensen, Aaron, Damodharan, Prabhu
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US11/864,621
Time in Patent Office

2,587 Days
Field of Search

713/165, 713/154, 713/155, 380/28, 380/277
US Class Current

713/165
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

Controlling access to an NFS share

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to an NFS share

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links