US2018189300A1PendingUtilityA1
Method and system for providing restricted access to a storage medium
Est. expiryJul 31, 2018(expired)· nominal 20-yr term from priority
Inventors:Kamel Shaath
G06F 12/1416G06F 12/1466G06F 2221/2141G06F 21/6227G06F 16/176G06F 16/122G06F 17/30165G06F 17/30082
56
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer implemented method for screening for file operations based on applying, by at least one computer processor, a computer file system operation access privilege comprising security identification credentials, to a computer storage medium, comprises:
associating, by the at least one computer processor, the computer file system operation access privilege for at least one specific operation to a user or group, with at least a portion of the computer storage medium; wherein said at least one specific operation computer file system operation access privilege comprises at least one of: create computer file system operation access privilege, read computer file system operation access privilege, delete computer file system operation access privilege, rename computer file system operation access privilege, move computer file system operation access privilege, execute computer file system operation access privilege, append computer file system operation access privilege, overwrite computer file system operation access empty privilege, or overwrite computer file system operation access any file privilege intercepting, by the at least one computer processor, by at least one computer file system trap layer or at least one file system filter layer, an attempted operation on said at least a portion of the computer storage medium,
wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation;
comparing, by the at least one computer processor, the attempted operation to the computer file system operation access privilege; and allowing, or denying, by the at least one computer processor, the attempted operation based on the comparing the attempted operation to the computer file system operation access privilege.
2 . The computer implemented method according to claim 1 , wherein said associating comprises:
associating said at least one specific operation computer file system operation access privilege with a file group based on at least one mask comprising at least one naming convention and at least one extension.
3 . The computer implemented method according to claim 1 , wherein said associating comprises:
associating said at least one specific operation computer file system operation access privilege with at least one content group based on at least one mask of strings contained within a targeted file group comprising at least one naming convention and at least one extension.
4 . The computer implemented method according to claim 1 , wherein said associating comprises:
associating said at least one specific operation computer file system operation access privilege with at least one file group comprising a universal mask comprising all files.
5 . The computer implemented method according to claim 1 , wherein said associating comprises:
associating said at least one specific operation computer file system operation access privilege of a file life cycle with an explicit file path or directory.
6 . The computer implemented method according to claim 5 , wherein said associating comprises:
applying recursively to all child folders said at least one specific operation computer file system operation access privilege of said file life cycle with said explicit file path or directory.
7 . The computer implemented method according to claim 1 , wherein said associating comprises:
wherein, within a file lifecycle, associating policies with at least one file or group of files based on at least one explicit file path or directory
8 . The computer implemented method according to claim 7 , wherein said associating comprises associating applying recursively to all child folders.
9 . The computer implemented method according to claim 1 , wherein said associating comprises:
wherein said within a file lifecycle; associate file lifecycle of said at least one specific operation computer file system operation access privilege with files or group of files based on an file path naming convention directory mask.
10 . The computer implemented method according to claim 9 , wherein said associating comprises associating applying recursively thereafter to all child folders.
11 . The computer implemented method according to claim 1 , wherein said associating comprises:
wherein within a file lifecycle of said at least one specific operation computer file system operation access privileges, associating file lifecycle of said at least one specific operation computer file system operation access privilege with files or group of files based on an explicit file path or directory.
12 . The computer implemented method according to claim 9 , wherein said associating comprises associating applying recursively thereafter to all child folders.
13 . The computer implemented method according to claim 1 , wherein said associating comprises:
wherein said policies comprises at least one of:
retention,
protection, or
creation.
associating a read policy with a file lifecycle to control who can read file contents, and allowing trusted applications to read contents.
14 . The computer implemented method according to claim 1 , wherein said associating comprises:
allowing trusted applications that can be validated using a sequence of encrypted validation to specify encryption keys to encrypt the file contents during the read operations.
15 . The computer implemented method according to claim 1 , wherein said associating comprises:
associating a file lifecycle security privilege of said at least one specific operation computer file system operation access privileges and permissions with a combination of user and group credentials and a trusted application that is registered in the policy engine.
16 . The computer implemented method according to claim 1 , wherein said associating comprises:
defining trusted applications with explicit definitions including signatures and validation checksums to be created and used by other file lifecycle privilege of said at least one specific operation computer file system operation access privileges.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.