Secured file system management
First Claim
Patent Images
1. A method for processing file system requests using a file server, the method comprising:
- receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure in an existing directory;
obtaining a community of interest (COI) credential associated with the user identification;
identifying the existing file system structure in the path;
providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory;
determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and
determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and
assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;
wherein;
if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure includes assessing user access permission to the existing file and decrypting the content with the COI credential; and
if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing file includes returning an indication, to the caller, that the file does not exist;
wherein the COI credential comprises a CIO key, a metadata key, and a file block key.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for establishing a secure file system are disclosed, in which system endpoints such as files and directories in a file system are protected using a security appliance. The security appliance protects each endpoint in the file system from unauthorized access by making those endpoints invisible to unauthorized users. The security appliance organizes users and endpoints into various communities of interest (COI). A user COI groups users such that all users associated with that particular COI have authorization to view the same one or more endpoints located in file storage.
-
Citations
11 Claims
-
1. A method for processing file system requests using a file server, the method comprising:
-
receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure in an existing directory; obtaining a community of interest (COI) credential associated with the user identification; identifying the existing file system structure in the path; providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory; determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;
wherein;if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure includes assessing user access permission to the existing file and decrypting the content with the COI credential; and if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing file includes returning an indication, to the caller, that the file does not exist; wherein the COI credential comprises a CIO key, a metadata key, and a file block key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for processing file system requests, comprising:
-
a file server having a file storage and a file system manager, the file storage for storing one or more directories and files; wherein the file system manager performs the steps of; receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing file system structure an existing directory; obtaining, from a stealth appliance that is separate from the file server, a community of interest (COI) credential associated with a user identification; identifying the file system structure in the path; providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that the caller has permission to access the existing directory; determining whether at least one COI included in the COI credential matches a COI associated with the file system structure, wherein a content stored under the directory is encrypted with the COI credential; assessing visibility of the file to the caller based on the COI associated with the file system structure;
wherein;if at least one COI included in the COI credential matches a COI associated in the file system structure, assessing user access permission to the file and decrypting the content with the COI credential; and if no COI included in the COI credential matches a COI associated in the file system structure, returning an indication, to the caller, that the file does not exist; wherein the COI credential comprises a CIO key, a metadata key, and a file block key. - View Dependent Claims (9, 10, 11)
-
Specification