Authenticated file handles for network file systems
First Claim
1. A method for enhancing a file handle within a distributed file sharing system including one or more file sharing computers connected to a network, the method comprising:
- receiving a first client request, wherein the first client request includes information about a client computer;
in response to receiving the first client request, creating a standard file handle;
generating a first combination that includes information about the client computer received from the first client request, the standard file handle and a key that includes a random value, wherein the random value of the key is restricted to the one or more file sharing computers;
encrypting the first combination and appending the encrypted first combination to the standard file handle, creating an enhanced file handle;
sending the enhanced file handle to the client computer;
receiving a second client request, wherein the second client request includes information about the client computer and the enhanced file handle;
in response to receiving the second client request, the one or more file sharing computers uncoupling the file handle and the encrypted first combination from the enhanced file handle;
generating a second combination from information about the client computer received in the second client request, the standard file handle uncoupled from the enhanced file handle of the second client request and the key that includes the random value that is restricted to the one or more file sharing computers;
encrypting the second combination;
comparing the encrypted second combination to the encrypted first combination; and
in response to determining the encrypted second combination matches the encrypted first combination, accepting the second client request.
1 Assignment
0 Petitions
Accused Products
Abstract
One or more file sharing computers receives a client request including an IP address and port number used by the client (computer). The one or more computers respond by creating an enhanced file handle from a hash on a combination of the IP address, port number, restricted key, and a standard file handle, and concatenating the hash with the standard file handle. The enhanced file handle is sent to the client and used by the client in a second request. The one or more computers uncouple the standard file handle and hash combination. Using the client IP address, port number, restricted key and standard file handle from the client second request, the one or more computers create a second combination. The second combination hash is compared to the first combination hash and in response to determining a match, the second request is accepted, and otherwise denied.
-
Citations
6 Claims
-
1. A method for enhancing a file handle within a distributed file sharing system including one or more file sharing computers connected to a network, the method comprising:
-
receiving a first client request, wherein the first client request includes information about a client computer; in response to receiving the first client request, creating a standard file handle; generating a first combination that includes information about the client computer received from the first client request, the standard file handle and a key that includes a random value, wherein the random value of the key is restricted to the one or more file sharing computers; encrypting the first combination and appending the encrypted first combination to the standard file handle, creating an enhanced file handle; sending the enhanced file handle to the client computer; receiving a second client request, wherein the second client request includes information about the client computer and the enhanced file handle; in response to receiving the second client request, the one or more file sharing computers uncoupling the file handle and the encrypted first combination from the enhanced file handle; generating a second combination from information about the client computer received in the second client request, the standard file handle uncoupled from the enhanced file handle of the second client request and the key that includes the random value that is restricted to the one or more file sharing computers; encrypting the second combination; comparing the encrypted second combination to the encrypted first combination; and in response to determining the encrypted second combination matches the encrypted first combination, accepting the second client request. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsRussell, Paul F., Sahlberg, Leif R.
-
Primary Examiner(s)Gelagay, Shewaye
-
Application NumberUS14/164,420Publication NumberTime in Patent Office337 DaysField of SearchNoneUS Class Current713/168CPC Class CodesG06F 16/176 Support for shared access t...G06F 21/6218 to a system of files or obj...H04L 63/166 at the transport layerH04L 9/3242 involving keyed hash functi...
