Data backup and self-service data restoration

US 9,742,752 B1
Filed: 06/20/2014
Issued: 08/22/2017
Est. Priority Date: 06/20/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed by a first user terminal,the method comprising:

the first user terminal sending a restore command to a network server, wherein the restore command controls the network server to restore a file from a first storage device to a second user terminal;

the first user terminal receiving an authentication request from the network server requesting that a user be authenticated for access to the file from the second user terminal;

the first user terminal determining whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file;

if the security descriptor indicates that the user is authenticated for access to the file from the second user terminal, restoring the file from the first storage device to the second user terminal;

if the security descriptor indicates that the user is not authenticated for access to the file from the second user terminal;

the first user terminal creating a virtual endpoint comprising a temporary file, wherein the virtual endpoint comprises an emulation of the second user terminal generated from a configuration parameter of the second user terminal, and wherein the temporary file comprises a security context generated from a security parameter associated with the file to be restored;

authenticating the user within the virtual endpoint for access to the temporary file based on the security parameter; and

the first user terminal restoring the file to the second user terminal if the user is granted access within the virtual endpoint to the temporary file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user terminal stores security information for each of a plurality of files during a backup of the files. The user terminal also stores information regarding the configuration settings of one or more terminals from which a user may access the plurality of files. During a restore of the files to a remote user terminal, the user terminal at which the restore command was issued utilizes the saved security information to emulate the remote terminal as a virtual endpoint for the files. The user terminal determines whether the user is authorized to access the files within the virtual endpoint based on the saved security information, and restores the files to the remote terminal if the user is authorized for access to the files within the virtual endpoint.

Citations

19 Claims

1. A method performed by a first user terminal,the method comprising:
- the first user terminal sending a restore command to a network server, wherein the restore command controls the network server to restore a file from a first storage device to a second user terminal;
  
  the first user terminal receiving an authentication request from the network server requesting that a user be authenticated for access to the file from the second user terminal;
  
  the first user terminal determining whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file;
  
  if the security descriptor indicates that the user is authenticated for access to the file from the second user terminal, restoring the file from the first storage device to the second user terminal;
  
  if the security descriptor indicates that the user is not authenticated for access to the file from the second user terminal;
  
  the first user terminal creating a virtual endpoint comprising a temporary file, wherein the virtual endpoint comprises an emulation of the second user terminal generated from a configuration parameter of the second user terminal, and wherein the temporary file comprises a security context generated from a security parameter associated with the file to be restored;
  
  authenticating the user within the virtual endpoint for access to the temporary file based on the security parameter; and
  
  the first user terminal restoring the file to the second user terminal if the user is granted access within the virtual endpoint to the temporary file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising retrieving the security record from a second storage device that is different from the first storage device, wherein the security record is linked to the file and comprises the security parameter of the file to be restored.
  - 3. The method of claim 2 wherein retrieving the security record from a second storage device that is different from the first storage device comprises:
    - retrieving a security index associated with a filename of the file to be restored from the second storage device;
      
      determining an offset value associated with the security index, wherein the offset value identifies an offset from a beginning of a security catalog file; and
      
      retrieving the security record from the security catalog file beginning from the offset value.
  - 4. The method of claim 2 further comprising retrieving the configuration parameter from a configuration file stored at one of the first and second storage devices, wherein the configuration file comprises configuration parameters for each of a plurality of user terminals communicatively connected to the network server.
  - 5. The method of claim 2 wherein the file to be restored comprises a first file in a plurality of files to be restored, and wherein the restore command further controls the network server to restore a second file in the plurality of files from the first storage device to the second user terminal.
  - 6. The method of claim 5 further comprising:
    - determining that the second file is linked to the security record of the first file; and
      
      restoring the second file to the second user terminal if the second file is linked to the security record of the first file, and if the user is authorized for access to the first file from the remote terminal.
  - 7. The method of claim 1 wherein if the first user terminal is not capable of emulating the remote terminal, creating a virtual endpoint comprising a temporary file comprises:
    - the first user terminal selecting a computing device that is capable of emulating the second user terminal;
      
      the first user terminal creating the virtual endpoint and the temporary file at the selected computing device; and
      
      the first user terminal controlling the selected computing device to authenticate the user for access to the temporary file within the virtual endpoint based on the security parameter.
  - 8. The method of claim 7 wherein controlling the selected computing device to authenticate the user for access to the temporary file within the virtual endpoint based on the security parameter comprises:
    - the first user terminal obtaining a security record linked to the file to be restored, wherein the security record comprises a security descriptor for the file;
      
      the first user terminal providing the security descriptor to a platform of the selected computing device;
      
      the first user terminal receiving a message from the selected computing device indicating whether the user is authenticated within the virtual endpoint for access to the temporary file; and
      
      the first user terminal authenticating the user for access to the temporary file if the message from the selected computing device indicates that the user is authenticated within the virtual endpoint for access to the temporary file.
  - 9. The method of claim 1 wherein determining whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file comprises:
    - obtaining the security record linked to the file to be restored, wherein the security record comprises the security descriptor for the file;
      
      providing the security descriptor to an operating system of the first user terminal; and
      
      authenticating the user for access to the temporary file if the operating system authenticates the user for access to the temporary file based on the security descriptor.

10. A first user terminal comprising:
- a communications interface circuit configured to communicate data with a network server; and
  
  a processor circuit configured to;
  
  send a restore command to the network server, wherein the restore command controls the network server to restore a file from a first storage device to a second user terminal;
  
  receive an authentication request from the network server requesting that a user be authenticated for access to the file from the second user terminal;
  
  determine whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file;
  
  if the security descriptor indicates that the user is authenticated for access to the file from the second user terminal, restore the file from the first storage device to the second user terminal; and
  
  if the security descriptor indicates that the user is not authenticated for access to the file from the second user terminal;
  
  create a virtual endpoint comprising a temporary file, wherein the virtual endpoint comprises an emulation of the second user terminal generated from a configuration parameter of the second user terminal, and wherein the temporary file comprises a security context generated from a security parameter associated with the file to be restored;
  
  authenticate the user within the virtual endpoint for access to the temporary file based on the security parameter; and
  
  restore the file to the second user terminal if the user is granted access within the virtual endpoint to the temporary file.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The first user terminal of claim 10 wherein the processor circuit is further configured to retrieve the security record from a second storage device that is different from the first storage device, and wherein the security record is linked to the file and comprises the security parameter of the file to be restored.
  - 12. The first user terminal of claim 11 wherein to retrieve the security record from the second storage device, the processor circuit is further configured to:
    - retrieve a security index associated with a filename of the file to be restored from the second storage device;
      
      determine an offset value associated with the security index, wherein the offset value identifies an offset from a beginning of a security catalog file; and
      
      retrieve the security record from the security catalog file beginning from the offset value.
  - 13. The first user terminal of claim 11 wherein the processor circuit is further configured to retrieve the configuration parameter from a configuration file stored at one of the first and second storage devices, and wherein the configuration file comprises corresponding configuration parameters for each of a plurality of user terminals communicatively connected to the network server.
  - 14. The first user terminal of claim 11 wherein the file to be restored comprises a first file in a plurality of files to be restored, and wherein the restore command further controls the network server to restore a second file in the plurality of files from the first storage device to the second user terminal.
  - 15. The first user terminal of claim 14 wherein the processor circuit is further configured to:
    - determine that the second file is linked to the security record of the first file; and
      
      restore the second file to the second user terminal if the second file is linked to the security record of the first file, and if the user is authorized for access to the first file from the remote terminal.
  - 16. The first user terminal of claim 10 wherein if the first user terminal is not capable of emulating the remote terminal, the processing circuit is further configured to:
    - select a computing device that is capable of emulating the second user terminal;
      
      create the virtual endpoint and the temporary file at the selected computing device; and
      
      control the selected computing device to authenticate the user for access to the temporary file within the virtual endpoint based on the security parameter.
  - 17. The first user terminal of claim 16 wherein to control the selected computing device to authenticate the user for access to the temporary file within the virtual endpoint based on the security parameter, the processing circuit is further configured to:
    - obtain a security record linked to the file to be restored, wherein the security record comprises a security descriptor for the file;
      
      provide the security descriptor to a platform of the selected computing device;
      
      receive a message from the selected computing device indicating whether the user is authenticated within the virtual endpoint for access to the temporary file; and
      
      authenticate the user for access to the temporary file from the second user terminal if the message from the selected computing device indicates that the user is authenticated for access within the virtual endpoint to the temporary file.
  - 18. The first user terminal of claim 10 wherein to determine whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file, the processor circuit is further configured to:
    - obtain the security record linked to the file to be restored, wherein the security record comprises the security descriptor for the file;
      
      provide the security descriptor to an operating system of the first user terminal; and
      
      authenticate the user for access to the temporary file if the operating system authenticates the user for access to the temporary file based on the security descriptor.

19. A computer program product comprising a physical computer-readable storage medium storing a control application that, when executed by a processor circuit on a first user terminal, configures the first user terminal to:
- send a restore command to the network server, wherein the restore command controls the network server to restore a file from a first storage device to a second user terminal;
  
  receive an authentication request from the network server requesting that a user be authenticated for access to the file from the second user terminal;
  
  determine whether the user is authenticated for access to the file from the second user terminal based on a security descriptor in a security record for the file;
  
  if the security descriptor indicates that the user is authenticated for access to the file from the second user terminal, restore the file from the first storage device to the second user terminal;
  
  if the security descriptor indicates that the user is not authenticated for access to the file from the second user terminal;
  
  create a virtual endpoint comprising a temporary file, wherein the virtual endpoint comprises an emulation of the second user terminal generated from a configuration parameter of the second user terminal, and wherein the temporary file comprises a security context generated from a security parameter associated with the file to be restored;
  
  authenticate the user within the virtual endpoint for access to the temporary file based on the security parameter; and
  
  restore the file to the second user terminal if the user is granted access within the virtual endpoint to the temporary file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Pothireddy, Vijaya Kumar, Banduchode, Aravind Kumar
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
Little, Vance

Application Number

US14/310,060
Time in Patent Office

1,159 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1402   Saving, restoring, recoveri...

G06F 11/1458   Management of the backup or...

G06F 21/6209   to a single file or object,...

G06F 2201/815   Virtual

H04L 63/08   for authentication of entit...

Data backup and self-service data restoration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data backup and self-service data restoration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links