Secured file system management

US 9,514,325 B2
Filed: 09/15/2014
Issued: 12/06/2016
Est. Priority Date: 09/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method for processing file system requests using a file server, the method comprising:

receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure in an existing directory;

obtaining a community of interest (COI) credential associated with the user identification;

identifying the existing file system structure in the path;

providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory;

determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and

determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and

assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;

wherein;

if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure includes assessing user access permission to the existing file and decrypting the content with the COI credential; and

if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing file includes returning an indication, to the caller, that the file does not exist;

wherein the COI credential comprises a CIO key, a metadata key, and a file block key.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for establishing a secure file system are disclosed, in which system endpoints such as files and directories in a file system are protected using a security appliance. The security appliance protects each endpoint in the file system from unauthorized access by making those endpoints invisible to unauthorized users. The security appliance organizes users and endpoints into various communities of interest (COI). A user COI groups users such that all users associated with that particular COI have authorization to view the same one or more endpoints located in file storage.

Citations

11 Claims

1. A method for processing file system requests using a file server, the method comprising:
- receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure in an existing directory;
  
  obtaining a community of interest (COI) credential associated with the user identification;
  
  identifying the existing file system structure in the path;
  
  providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory;
  
  determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and
  
  determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and
  
  assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;
  
  wherein;
  
  if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure includes assessing user access permission to the existing file and decrypting the content with the COI credential; and
  
  if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing file includes returning an indication, to the caller, that the file does not exist;
  
  wherein the COI credential comprises a CIO key, a metadata key, and a file block key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising, based on an assessment that the caller has permission to access the file, providing access to the existing file system structure.
  - 3. The method of claim 2, wherein the file system structure comprises an existing file, and wherein providing access to the existing file comprises returning a file handle to the existing file to the caller.
  - 4. The method of claim 1, wherein receiving a file system request comprises receiving at least one of a file read request or a file write request.
  - 5. The method of claim 1, wherein the file system structure comprises a symbolic link to a file.
  - 6. The method of claim 1, wherein receiving a file system request comprises receiving a directory access request.
  - 7. The method of claim 1, wherein the file server obtains the COI credential from a stealth appliance that is communicatively connected to the file server.

8. A system for processing file system requests, comprising:
- a file server having a file storage and a file system manager, the file storage for storing one or more directories and files;
  
  wherein the file system manager performs the steps of;
  
  receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure an existing directory;
  
  obtaining, from a stealth appliance that is separate from the file server, a community of interest (COI) credential associated with a user identification;
  
  identifying the file system structure in the path;
  
  providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory;
  
  determining whether at least one COI included in the COI credential matches a COI associated with the file system structure, wherein a content stored under the directory is encrypted with the COI credential;
  
  assessing visibility of the file to the caller based on the COI associated with the file system structure;
  
  wherein;
  
  if at least one COI included in the COI credential matches a COI associated in the file system structure, assessing user access permission to the file and decrypting the content with the COI credential; and
  
  if no COI included in the COI credential matches a COI associated in the file system structure, returning an indication, to the caller, that the file does not exist;
  
  wherein the COI credential comprises a CIO key, a metadata key, and a file block key.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein the caller comprises a user application.
  - 10. The system of claim 9, wherein the user application is located on the file server.
  - 11. The system of claim 9, wherein the user application is located on a client device remote from the file server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Shet, Uday Datta, Bruso, Kelsey L
Primary Examiner(s)
Hailu, Teshome

Application Number

US14/486,238
Publication Number

US 20160078243A1
Time in Patent Office

813 Days
Field of Search

726/27
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/102 Entity profiles

Secured file system management

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secured file system management

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links