Distributed filesystem network security extension
First Claim
1. In a data processing system comprising (1) a storage medium on which is stored at least a first having a preset access permission, (2) at least a first standard port and a second secure port for connecting said data processing system to external client systems, and (3) logic for selectively routing transmission of said at least one file via said first port and said second port, a method for providing security for transmission of said at least one file, said method comprising:
- responsive to a request for access to said first file by said external client system, checking said preset access permission of said first file; and
when said preset access permission of said first file indicates secured access is required for said first file, dynamically routing a transmission of said first file to external client system via said second port.
1 Assignment
0 Petitions
Accused Products
Abstract
A security protocol that dynamically implements enhanced mount security of a filesystem when access to sensitive files on a networked filesystem is requested. When the user of a client system attempts to access a specially-tagged sensitive file, the server hosting the filesystem executes a software code that terminates the current mount and re-configures the server ports to accept a re-mount from the client via a more secure port. The server re-configured server port is provided the IP address of the client and matches the IP address during the re-mount operation. The switch to a secure mount is completed in a seamless manner so that authorized users are allowed to access sensitive files without bogging down the server with costly encryption and other resource-intensive security features. No significant delay is experienced by the user, while the sensitive file is shielded from un-authorized capture during transmission to the client system.
-
Citations
30 Claims
-
1. In a data processing system comprising (1) a storage medium on which is stored at least a first having a preset access permission, (2) at least a first standard port and a second secure port for connecting said data processing system to external client systems, and (3) logic for selectively routing transmission of said at least one file via said first port and said second port, a method for providing security for transmission of said at least one file, said method comprising:
-
responsive to a request for access to said first file by said external client system, checking said preset access permission of said first file; and
when said preset access permission of said first file indicates secured access is required for said first file, dynamically routing a transmission of said first file to external client system via said second port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a data processing system comprising (1) a storage medium on which is stored at least a first having a preset access permission, (2) at least a first standard port and a second secure port for connecting said data processing system to external client systems, and (3) logic for selectively routing transmission of said at least one file via said first port and said second port, a system for providing security for transmission of said at least one file, said system comprising:
-
logic, responsive to a request for access to said first file by said external client system, for checking said preset access permission of said first file; and
when said preset access permission of said first file indicates secured access is required for said first file, logic for dynamically routing a transmission of said first file to external client system via said second port. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. In a network comprising (1) a server hosting a filesystem and having at least a first standard port and a second secure port, (2) a client, and (3) a plurality of transmission subnets for linking said server and said client, wherein said plurality of transmission subnets include a first standard subnet and a second secure subnet, a filesystem access control mechanism comprising:
-
logic, responsive to a request for access to said first file by said external client system, for checking said preset access permission of said first file; and
when said preset access permission of said first file indicates secured access is required for said first file, logic for dynamically routing a transmission of said first file to external client system via said second port. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification