Method and system for providing restricted access to a storage medium
DC CAFCFirst Claim
Patent Images
1. A method for applying an operation access privilege to a storage medium, comprises:
- associating an operation access privilege with at least a portion of the storage medium;
intercepting by at least one trap layer an attempted operation on said at least a portion of the storage medium,wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation;
comparing the attempted operation to the operation access privilege; and
allowing, or denying the attempted operation based on the comparing the attempted operation to the operation access privilege.
2 Assignments
Litigations
2 Petitions
Accused Products
Abstract
A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.
451 Citations
103 Claims
-
1. A method for applying an operation access privilege to a storage medium, comprises:
-
associating an operation access privilege with at least a portion of the storage medium; intercepting by at least one trap layer an attempted operation on said at least a portion of the storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation; comparing the attempted operation to the operation access privilege; and allowing, or denying the attempted operation based on the comparing the attempted operation to the operation access privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. An apparatus for providing a write once read many (WORM) computer storage device comprising:
-
a computer storage device comprising at least two partitions; a first of said at least two partitions comprising control components; and a second of said at least two partitions comprising encrypted data;
wherein said storage device is adapted to be coupled via an interface to a system, wherein said system is configured to apply an operation access privilege to said computer storage medium, comprising;being configured to associate an access privilege with at least a portion of the computer storage medium; being configured to intercept an attempted operation on said at least a portion of the computer storage medium, wherein said being configured to intercept occurs regardless of an identity of a user attempting the attempted operation; being configured to compare the attempted operation to the access privilege; and being configured to allow, or deny the attempted operation based on comparing the attempted operation to the access privilege wherein at least one of;
said being configured to associate, to allow, or to deny is based on enforcing a policy.
-
-
42. A computer implemented method for intercepting, by at least one computer processor, an attempted download of data to at least a portion of a computer storage medium, comprising:
-
receiving, by the at least one computer processor, at least one attempted download operation to store the data, by the at least one computer processor, on the at least a portion of the computer storage medium; intercepting, by the at least one computer processor, by at least one computer file system trap layer or at least one computer file system filter layer the at least one attempted download operation on the at least a portion of the computer storage medium, wherein said intercepting, by the at least one computer processor, occurs regardless of an identity of a user attempting the attempted operation; determining, by the at least one computer processor, whether the at least one attempted download operation is permitted based upon analysis, by the at least one computer processor, of the content of the data as well as based on a comparison of the at least one attempted download operation to a computer file system operation access privilege, and permitting, or not permitting, by the at least one computer processor, the at least one attempted download operation based on said determining, by the at least one computer processor. - View Dependent Claims (43)
-
-
44. A computer implemented method for intercepting, by at least one computer processor, an attempted operation on at least a portion of a computer storage medium, comprising:
-
receiving, by the at least one computer processor, at least one attempted operation comprising creating an executable file to operate on data with respect to the at least a portion of the computer storage medium; intercepting, by the at least one computer processor, by at least one computer file system trap layer or said at least one computer file system filter layer said at least one attempted operation comprising creating said executable file on the computer storage medium, wherein said intercepting, by the at least one computer processor, occurs regardless of an identity of a user attempting the attempted operation; determining, by the at least one computer processor, whether the at least one attempted operation is permitted based upon analysis, by the at least one computer processor, of the content of the data, wherein the analysis, by the at least one computer processor, identifies, by the at least one computer processor, content comprising at least one of; harmful content, a computer virus, malware, adware, spyware, a computer worm, or a malicious file; and permitting, or not permitting the attempted operation comprising creating said executable file based on said determining. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51)
-
-
52. A method for intercepting an attempted download of data to at least a portion of a computer storage medium, comprising:
-
receiving at least one attempted download operation to store the data on the at least a portion of the computer storage medium; intercepting by at least one computer file system trap layer or said at least one computer file system filter layer the at least one attempted download operation on the at least a portion of the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation; determining whether the at least one attempted download operation is permitted based upon analysis of the content of the data, and permitting, or not permitting the at least one attempted download operation based on said determining. - View Dependent Claims (53)
-
-
54. A method for intercepting an attempted operation on at least a portion of a computer storage medium, comprising:
-
receiving at least one attempted operation to operate on data with respect to the at least a portion of the computer storage medium, wherein said at least one attempted operation comprises creating at least one file capable of being executed on a computer processor; intercepting by at least one computer file system trap layer or said at least one computer file system filter layer said at least one attempted operation comprising creating said at least one file on the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation of creating said at least one file; determining whether the at least one attempted operation is permitted based upon analysis of the content of the data, wherein the analysis identifies content comprising at least one of; harmful content, a computer virus, malware, adware, spyware, a computer worm, or a malicious file; and permitting, or not permitting the attempted operation comprising creating a file capable of execution based on said determining. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61)
-
-
62. A non-transitory computer accessible storage medium embodied thereon computer program product, said computer program product for applying a computer file system operation access privilege to a computer storage medium when executed on at least one computer processor, performing a method of:
-
associating, by the at least one computer processor, the computer file system operation access privilege with at least a portion of the computer storage medium; intercepting, by the at least one computer processor, by at least one computer file system trap layer or said at least one computer file system filter layer an attempted operation on said at least a portion of the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation; comparing, by the at least one computer processor, the attempted operation to the operation access privilege; and allowing, or denying, by the at least one computer processor, the attempted operation based on the comparing of the attempted operation to the operation access privilege. - View Dependent Claims (63, 64, 65)
-
-
66. A data processing system configured to apply a computer file system operation access privilege to a computer storage medium, comprises:
-
at least one computer processor configured to associate the computer file system operation access privilege with at least a portion of the computer storage medium; said at least one computer processor configured to intercept, by at least one computer file system trap layer or at least one computer file system filter layer, an attempted operation on said at least a portion of the computer storage medium, wherein said interception occurs regardless of an identity of a user that attempts the attempted operation; said at least one computer processor configured to compare the attempted operation to the computer file system operation access privilege; and said at least one computer processor configured to allow, or deny the attempted operation based on the comparison of the attempted operation to the computer file system operation access privilege. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
-
Specification