Over network operation restriction enforcement
First Claim
1. A computer system, comprising:
- one or more processors;
one or more network interfaces;
one or more storage devices; and
one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at the one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following;
receive, over the one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at the one or more storage devices;
based at least on receiving the request, identify a geographical locale of the remote computer system;
access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed;
based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system;
permit or deny performance of the requested operation on the particular file, including one of;
based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file;
based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and
send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied.
2 Assignments
0 Petitions
Accused Products
Abstract
The enforcement of operation restriction on a file system entity over a network. The file system entity exists on a server (which could be a single machine, a cluster of servers, or a cloud computing environment). The server facilitates setting up of a session over a network with a client. As part of this facilitation, the server receives from the client a locale of the client. Upon subsequent receipt from the client of a request to perform an operation on the file system entity, the client consults supplemental data to determine whether the requested operation is permitted on the file system entity. The supplemental data may comprise at least one of the locality information or operation expiry data.
-
Citations
20 Claims
-
1. A computer system, comprising:
-
one or more processors; one or more network interfaces; one or more storage devices; and one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at the one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following; receive, over the one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at the one or more storage devices; based at least on receiving the request, identify a geographical locale of the remote computer system; access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed; based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system; permit or deny performance of the requested operation on the particular file, including one of; based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file; based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, implemented at a computer system that includes one or more processors, for utilizing locale information when permitting or denying requested operations on a plurality of files stored at one or more storage devices, the method comprising:
-
receiving, over one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at one or more storage devices that are accessible to the computer system; based at least on receiving the request, identifying a geographical locale of the remote computer system; accessing data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed; based at least on accessing the data, identifying that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system; permitting or denying performance of the requested operation on the particular file, including one of; based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file; based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and sending, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer readable devices having stored thereon computer-executable instructions that are executable by one or more processors of a computer system to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following:
-
receive, over one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at one or more storage devices that are accessible to the computer system; based at least on receiving the request, identify a geographical locale of the remote computer system; access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed; based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system; permit or deny performance of the requested operation on the particular file, including one of; based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file; based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied. - View Dependent Claims (18, 19, 20)
-
Specification