IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0694784
(2007-03-30)
|
등록번호 |
US-8655914
(2014-02-18)
|
발명자
/ 주소 |
- Prahlad, Anand
- Kavuri, Srinivas
- Varadharajan, Prakash
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
2 인용 특허 :
133 |
초록
▼
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.
대표청구항
▼
1. A computer-implemented method of securing storage operations in a data management system, comprising: receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external
1. A computer-implemented method of securing storage operations in a data management system, comprising: receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, and wherein the secondary copy stored at the external remote storage location is not actively being used by a live data server; andexecuting a storage access control system to provide a security infrastructure to selectively limit access to the secondary copy of data, wherein executing the storage access control system includes: querying a file system at the source location for preexisting access control information, wherein the access control information is associated with the source location, andwherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations,wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; andapplying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system,wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, andwherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access for the individual users and groups of users to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. 2. The method of claim 1 wherein the storage operation comprises a backup of the data from the source location to the external remote storage location. 3. The method of claim 1 wherein the storage operation comprises making a snapshot copy of the data. 4. The method of claim 1 wherein the source location data comprises a file system object. 5. The method of claim 1 wherein the source location data comprises an application data object. 6. The method of claim 1 wherein the external remote storage location comprises a storage device for storing secondary copies of data. 7. The method of claim 1 wherein applying the access control information to the secondary copy at the external remote storage location further comprises storing the access control information with the secondary copy of the data at the external remote storage location. 8. The method of claim 1 wherein applying the access control information to the secondary copy at the external remote storage location further comprises encrypting the data based on the access control information. 9. The method of claim 1, further comprising: retrieving user email addresses for use by the storage access control system; andsending an email message to one or more of the user email addresses if the storage operation fails. 10. The method of claim 1, further comprising: receiving criteria from a user for a two-pass search of the external remote storage location;performing a first pass search of portions of the external remote storage location that have already been accessed by the user; andperforming a second pass search of results of the course search to determine which of the results the user is authorized to receive. 11. The method of claim 1, further comprising: searching one or more portions of the external remote storage location based on search criteria received from a user; anddisplaying a no access indicator on search results the user is not authorized to access, wherein the search results are generated in response to the searching the one or more portions of the external remote storage location. 12. A non-transitory computer-readable medium storing instruction that, when executed by at least one data processing device, performs a method of securing storage operations in a data management system, comprising: receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, andwherein the secondary copy stored at the external remote storage location is not actively being used by a live data server;querying a file system, by a storage access control system, at the source location for preexisting access control information, wherein the access control information is associated with the source location, andwherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations,wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; andapplying settings of the storage access control system to the secondary copy by applying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system,wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, andwherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. 13. The computer-readable medium of claim 12 wherein the storage operation comprises a backup of the data from the source location to the external remote storage location. 14. The computer-readable medium of claim 12 wherein the storage operation comprises making a snapshot copy of the data. 15. The computer-readable medium of claim 12 wherein the source location data comprises a file system object. 16. The computer-readable medium of claim 12 wherein the source location data comprises an application data object. 17. The computer-readable medium of claim 12 wherein the external remote storage location comprises a storage device for storing secondary copies of data. 18. The computer-readable medium of claim 12 wherein applying the access control information to the secondary copy at the external remote storage location further comprises storing the access control information with the secondary copy of the data at the external remote storage location. 19. The computer-readable medium of claim 12 wherein applying the access control information to the secondary copy at the external remote storage location further comprises encrypting the data based on the access control information. 20. A system for securing storage operations in a data management system, the system comprising: means for receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location,wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, and wherein the secondary copy stored at the external remote storage location is not actively being used by a live data server;means for querying, by a storage access control system, a file system at the source location for preexisting access control information, wherein the access control information is associated with the source location, andwherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations,wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; andmeans for applying settings of the storage access control system to the secondary copy by applying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system,wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, andwherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. 21. The system of claim 20 wherein the storage operation comprises a backup of the data from the source location to the external remote storage location. 22. The system of claim 20 wherein the storage operation comprises making a snapshot copy of the data. 23. The system of claim 20 wherein the source location data comprises a file system object. 24. The system of claim 20 wherein the source location data comprises an application data object. 25. The system of claim 20 wherein the external remote storage location comprises a storage device for storing secondary copies of data. 26. The system of claim 20 wherein applying the access control information to the secondary copy at the external remote storage location further comprises storing the access control information with the secondary copy of the data at the external remote storage location. 27. The system of claim 20 wherein applying the access control information to the secondary copy at the external remote storage location further comprises encrypting the data based on the access control information.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.