최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0562312 (2012-07-31) |
등록번호 | US-9361243 (2016-06-07) |
우선권정보 | CA-2244626 (1998-07-31) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 1 인용 특허 : 359 |
A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write acces
A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.
1. A method for applying an operation access privilege to a storage medium, comprises: associating an operation access privilege with at least a portion of the storage medium;intercepting by at least one trap layer an attempted operation on said at least a portion of the storage medium, wherein said
1. A method for applying an operation access privilege to a storage medium, comprises: associating an operation access privilege with at least a portion of the storage medium;intercepting by at least one trap layer an attempted operation on said at least a portion of the storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation;comparing the attempted operation to the operation access privilege; andallowing, or denying the attempted operation based on the comparing the attempted operation to the operation access privilege. 2. The method according to claim 1, wherein said allowing or said denying, by the at least one computer processor, comprises at least one of: allowing, or denying, by the at least one computer processor, the attempted operation based on a content of a logical file associated with said at least a portion of the computer storage medium. 3. The method according to claim 2, wherein said allowing, or said denying, by the at least one computer processor, comprises at least one of: allowing, or cancelling, by the at least one computer processor, the attempted operation based on the content of the file. 4. The method according to claim 1, wherein said allowing, or said denying, by the at least one computer processor, the attempted operation comprises: allowing, by the at least one computer processor, a create file operation to create a file on at least a portion of the computer storage medium;evaluating, by the at least one computer processor, a content of the file; andat least one of: allowing, by the at least one computer processor, the attempted operation, ordeleting, by the at least one computer processor, the file based on said evaluating. 5. The method according to claim 1, wherein said associating, by the at least one computer processor, the access privilege comprises: associating, by the at least one computer processor, the computer file system operation access privilege with said at least a portion of the computer storage medium based on a file attribute of a logical file associated with said at least a portion of the storage medium. 6. The method according to claim 1, wherein said enforcing, by the at least one computer processor, the computer file system operation access privilege comprises: enforcing, by the at least one computer processor, a retention access privilege comprising:preventing, by the at least one computer processor, said a least a portion of the computer storage medium in a retained state from being modified while a retention period of said at least a portion of the storage medium is unexpired. 7. The computer implemented method according to claim 6, wherein said enforcing, by the at least one computer processor, the retention access privilege is enforced for at least one of: a file name, a file attribute, a file path, or a file content, of a logical file associated with said at least a portion of the computer storage medium. 8. The computer implemented method according to claim 6, wherein said enforcing, by the at least one computer processor, the retention access privilege comprises: determining, by the at least one computer processor, if said at least a portion of the computer storage medium is eligible to enter the retained state based on a content of said at least a portion of the computer storage medium. 9. The computer implemented method according to claim 8, wherein said determining, by the at least one computer processor, comprises: determining, by the at least one computer processor, if said at least a portion of the computer storage medium is eligible to enter the retained state based on a content group associated with said at least a portion of the computer storage medium, the content group associated based on evaluating, by the at least one computer processor, said at least a portion of the computer storage medium for pre-defined content. 10. The computer implemented method according to claim 6, wherein said associating, by the at least one computer processor, the retention access privilege comprises holding the retained state. 11. The computer implemented method according to claim 10, wherein said holding, by the at least one computer processor, the retained state comprises at least one of: suspending, by the at least one computer processor, expiration of a retained state portion of the computer storage medium;suspending, by the at least one computer processor, an unexpired retained state portion of the computer storage medium from entering an expired retained state;suspending, by the at least one computer processor, clearing, by the at least one computer processor, of a read only attribute of the retained state portion of the computer storage medium by setting, by the at least one computer processor, a temporary attribute of the retained state portion of the computer storage medium; orsuspending, by the at least one computer processor, deletion, by the at least one computer processor, of an expired retained state portion of the computer storage medium. 12. The computer implemented method according to claim 1, wherein said allowing or denying comprises: enforcing, by the at least one computer processor, the computer file system operation access privilege comprising: enforcing a retention access privilege comprising: triggering, by the at least one computer processor, one or more background processes when said at least a portion of the computer storage medium enters a retained state. 13. The computer implemented method according to claim 12, wherein the one or more background processes comprises at least one of: creating, by the at least one computer processor, metadata for the retention;identifying, by the at least one computer processor, the user retaining said at least a portion of the computer storage medium;storing, by the at least one computer processor, user identification for the user retaining, by the at least one computer processor, said at least a portion of the computer storage medium;identifying, by the at least one computer processor, the retention access privilege retaining, by the at least one computer processor, said at least a portion of the computer storage medium;storing, by the at least one computer processor, the retention access privilege retaining, by the at least one computer processor, said at least a portion of the computer storage medium;generating, by the at least one computer processor, a digital signature of the content of said at least a portion of the computer storage medium;generating, by the at least one computer processor, a digital signature comprising a hash of the content of said at least a portion of the computer storage medium;generating, by the at least one computer processor, a digital signature of the content of at least one of a default data stream associated with a file associated with said at least a portion of the computer storage medium or one or more alternate data streams associated with the file associated with said at least a portion of the computer storage medium;storing, by the at least one computer processor, the digital signature;determining, by the at least one computer processor, if any other policies apply;creating, by the at least one computer processor, at least one of an alternate data stream or an extended attribute to store the metadata;encrypting, by the at least one computer processor, hash keys for the metadata; orstoring, by the at least one computer processor, the hash keys. 14. The computer implemented method according to claim 6, wherein said enforcing, by the at least one computer processor, the retention access privilege comprises: triggering, by the at least one computer processor, retention of said at least a portion of the computer storage medium based on at least one of:the attempted operation;setting, by the at least one computer processor, a read-only attribute of the file;renaming, by the at least one computer processor, the file to a file name;renaming, by the at least one computer processor, the file to a particular name;resizing, by the at least one computer processor, the file;resizing, by the at least one computer processor, the file to a particular size;creating, by the at least one computer processor, an extended attribute associated with the file; orcreating, by the at least one computer processor, an alternate data stream associated with the file. 15. The computer implemented method according to claim 6, wherein said enforcing, by the at least one computer processor, the retention access privilege comprises: enforcing, by the at least one computer processor, an archive access privilege comprising queuing, by the at least one computer processor, said at least a portion of the computer storage medium to be copied to an alternate media, when said at least a portion of the computer storage medium is retained. 16. The computer implemented method according to claim 1, wherein said allowing, or said denying, by the at least one computer processor, the attempted operation comprises: forcing, by the at least one computer processor, a secure erasure for a delete operation on said at least a portion of the computer storage medium, wherein the secure erasure comprises at least one of:overwriting, by the at least one computer processor, the content of said at least a portion of the computer storage medium, oroverwriting, by the at least one computer processor, an alternate data stream associated with said at least a portion of the computer storage medium. 17. The computer implemented method according to claim 1, wherein said allowing, or said denying, by the at least one computer processor, comprises at least one of: allowing, by the at least one computer processor, the operation on a directory if the directory is empty; ordenying, by the at least one computer processor, the operation on the directory if the directory is not empty. 18. The computer implemented method according to claim 1, wherein said allowing, or said denying, by the at least one computer processor, comprises at least one of: allowing, or denying, by the at least one computer processor, the attempted operation based on at least one of an application or a process attempting, by the at least one computer processor, the attempted operation. 19. The computer implemented method according to claim 18, wherein said allowing, or said denying, by the at least one computer processor, the attempted operation based on at least one of the application or the process comprises at least one of: allowing, by the at least one computer processor, the attempted operation for at least one of a named or a registered process;denying, by the at least one computer processor, the attempted operation for at least one of the named or the registered process; orallowing, by the at least one computer processor, the attempted operation for a privileged application, the privileged application comprising: an application operable to be authenticated, by the at least one computer processor, via a digital signature. 20. The computer implemented method according to claim 1, wherein said allowing or denying comprises: enforcing the computer file system operation access privilege comprises enforcing a access privilege based on an application, the access privilege comprising at least one of: enforcing, by the at least one computer processor, application based intercepting of the attempted operation;disabling, by the at least one computer processor, an operation option provided to the user;expanding, by the at least one computer processor, the scope of an operation based on the application; orat least one of allowing, or denying, by the at least one computer processor, the attempted operation based on validating, by the at least one computer processor, a child object of a parent object of an attempted operation. 21. The computer implemented method according to claim 1, wherein said allowing or denying comprises: enforcing the computer file system operation access privilege comprises enforcing, by the at least one computer processor, a secure time routine, the routine comprising at least one of:using, by the at least one computer processor, a secure clock;maintaining, by the at least one computer processor, a system clock comprising using the secure clock;accounting, by the at least one computer processor, for deviations based on inaccuracies of the secure clock;verifying, by the at least one computer processor, operation of a secure clock or authenticating the secure clock;at least one of: denying, by the at least one computer processor, at least one attempted operation,preventing, by the at least one computer processor, said at least a portion of the computer storage medium from being retained, or rendering, by the at least one computer processor, the computer storage medium read-only, if the secure clock can not be at least one of: verified, by the at least one computer processor, or authenticated, by the at least one computer processor; orrunning, by the at least one computer processor, the secure clock independent of a server. 22. The computer implemented method according to claim 1, further comprising: evaluating, by the at least one computer processor, content of a file at time of file creation wherein said file is configured to launch a process; andlaunching, by the at least one computer processor, the process to determine at least one restriction or computer file system operation access privilege for the process. 23. The computer implemented method according to claim 22, comprising: determining, by the at least one computer processor, a harmful process belongs to a virus based on said launching, by the at least one computer processor; anddisabling, by the at least one computer processor, at least one operation for said harmful process. 24. The computer implemented method of claim 1, further comprising at least one of: assigning, by the at least one computer processor, metadata to a given file relating to operations permitted on said given file;assigning, by the at least one computer processor, metadata to a given file relating to validating contents of a given file; orconfirming, by the at least one computer processor, contents have not been modified or tampered with, comprising at least one of: a hash, a hash key, an SHA hash, an encryption key, or a digital signature. 25. The computer implemented method of claim 1, wherein said intercepting, by the at least one computer processor, further comprises at least one of: interacting, by the at least one computer processor, between said at least one computer file system trap layer or said at least one computer file system filter layer and at least one other component;retrieving, by the at least one computer processor, additional information by said at least one computer file system trap layer or said at least one computer file system filter layer; ordetermining, by the at least one computer processor, a role said at least one computer file system trap layer or said at least one computer file system filter layer will perform comprising:determining, by the at least one computer processor, whether to at least one of: allow, reject, or modify a request. 26. The computer implemented method of claim 1, wherein said intercepting, by the at least one computer processor, further comprises: triggering, by the at least one computer processor, by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of:intercepting, by the at least one computer processor, a delete operation, and determining, by the at least one computer processor, when to actually erase contents, wherein, at least one of:an erasure comprises overwriting, by the at least one computer processor, at least one of content or at least a portion of a file with a predetermined pattern;an erasure is triggered immediately, by the at least one computer processor; oran erasure is tagged, by the at least one computer processor, when the file is marked for deletion and at least one of: the actual erasure takes place, by the at least one computer processor, once the file is closed, depending on file system; orthe erasure is performed on file cleanup, by the at least one computer processor, after the file is closed. 27. The computer implemented method of claim 1, wherein said intercepting, by the at least one computer processor, further comprising: triggering, by the at least one computer processor, by said at least one computer file system trap layer or said at least one computer file system filter layer initiating, by the at least one computer processor, other actions comprising at least one of: creating, by the at least one computer processor, file signatures upon certain conditions comprising when the file retention is triggered comprising at least one of: creating, by the at least one computer processor, said file signature when the file is finally closed and is no longer modified;creating, by the at least one computer processor, said file signature triggered immediately; orcreating, by the at least one computer processor, said file signature when the file is in final cleanup and all handles or channels are closed, or contents are flushed from the cache. 28. The computer implemented method of claim 1, wherein said intercepting further comprises at least one of: triggering, by the at least one computer processor, by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of: intercepting, by the at least one computer processor, at least one of: a plurality of file types; at least one directory; or alternate data streams;interrogating, by the at least one computer processor, contents of at least one directory to enable additional operations comprising at least one of: determining, by the at least one computer processor, if said at least one directory is empty, or not,determining, by the at least one computer processor, whether to allow at least one of rename, or delete operations,determining, by the at least one computer processor, if the at least one directory is not empty and if not empty, then at least one of: rejecting, by the at least one computer processor, all delete operations,rejecting, by the at least one computer processor, all rename operations, orrejecting, by the at least one computer processor, all move operations, ordetermining, by the at least one computer processor, if the at least one directory is not empty, and if not empty, then at least one of: allowing, by the at least one computer processor, all operations, orallowing, by the at least one computer processor, certain operations;intercepting, by the at least one computer processor, an open directory for enumeration operation to prevent browsing of at least one directory contents comprising at least one of: allowing, by the at least one computer processor, file and directory operations that are for a specific file or directory name to succeed, but making, by the at least one computer processor, operations enumerating contents fail;intercepting, by the at least one computer processor, similar operations comprising at least one of: modifying, by the at least one computer processor, security, adding or removing files, by the at least one computer processor, changing attributes, by the at least one computer processor, or adding or removing, by the at least one computer processor, directories;intercepting, by the at least one computer processor, operations to the default data stream portion of a file, or alternate data streams, and conditionally allowing, disallowing, or modifying, by the at least one computer processor, such requests depending on policies; ordetermining, by the at least one computer processor, policies dynamically by at least one of: querying, by the at least one computer processor, a parent directory, querying, by the at least one computer processor, a parent volume, querying, by the at least one computer processor, associated policies, defining, by the at least one computer processor, policies at an individual object level, forcing, by the at least one computer processor, additional operations, or triggering, by the at least one computer processor, other operations. 29. The computer implemented method of claim 1, wherein said at least one computer file system trap layer or said at least one computer file system filter layer automatically encrypts or decrypts, by the at least one computer processor, contents of a logical storage volume or medium, and at least one of: wherein if the at least one computer file system trap layer or said at least one computer file system filter layer is unavailable then contents are obscured, by the at least one computer processor, by the encryption of the contents on the physical volume;wherein if the at least one computer file system trap layer or said at least one computer file system filter layer determines conditions are normal, then the at least one computer file system trap layer or said at least one computer file system filter layer allows access to the volume, by the at least one computer processor, and decrypts contents, by the at least one computer processor, allowing, by the at least one computer processor, the actual files to be accessed as a normal file system; orwherein if the at least one computer file syste trap layer or said at least one computer file system filter layer determines, by the at least one computer processor, that conditions are abnormal, then the at least one computer file system trap layer or said at least one computer file system filter layer, by the at least one computer processor, rejects all access requests. 30. The computer implemented method of claim 1, wherein said intercepting, by the at least one computer processor, is further comprising at least one of: triggering, by the at least one computer processor, by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of: intercepting, by the at least one computer processor, an additional partition, or volume management operations, anddepending, by the at least one computer processor, on the protection policies, at least one of allows or disallows, by the at least one computer processor, said volume management operations, or modifies, by the at least one computer processor, said volume management operations to prohibit any anomalies comprising at least one of: preventing, by the at least one computer processor, delete or format operations on protected partitions; orintercepting, by the at least one computer processor, other operations comprising at least one of: snapshot creation, by the at least one computer processor,dismount operations, by the at least one computer processor, orpartition resizing, by the at least one computer processor comprising: shrinking, by the at least one computer processor, or expansion, by the at least one computer processor. 31. The computer implemented method of claim 1, wherein said intercepting, by the at least one computer processor, comprising at least one of: wherein said at least one computer file system trap layer or said at least one computer file system filter layer is implemented to at least one of: validate and compare, by the at least one computer processor, byte streams, or search, by the at least one computer processor, for digital signatures;wherein said at least one computer file system trap layer or said at least one computer file system filter layer interacts, by the at least one computer processor, with additional components on the hardware level to at least one of: determine, by the at least one computer processor, additional operations or restrictions, or to trigger, by the at least one computer processor, additional actions within the at least one computer file system trap layer or said at least one computer file system filter layer, or to trigger, by the at least one computer processor, additional actions at the hardware layer;wherein said at least one computer file system trap layer or said at least one computer file system filter layer triggers, by the at least one computer processor, additional actions on a physical storage device comprising at least one of: triggering, by the at least one computer processor, certain logical, or physical sectors of the computer storage medium to become un-readable, un-writable; or un-modifiable, by the at least one computer processor;wherein said at least one computer file system trap layer or said at least one computer file system filter layer enables, by the at least one computer processor, defining a type of storage technology where certain deficiencies or shortcomings of a given physical medium are exploited, by the at least one computer processor, to achieve a secure, tamper proof, type of computer storage medium comprising at least one of: triggering, by the at least one computer processor, such media with known limitations on the number of re-writes to mark certain sectors as permanently un- modifiable as if the number re-writes have been exhausted;triggering, by the at least one computer processor, such media with known limitations on the number of re-writes to mark certain sectors as permanently unreadable or corrupt as if the number re-writes have been exhausted or it is physically corrupt;applying to various media types comprising at least one of: flash drives or NAND; ormarking physical media as destroyed and permanently unreadable at the physical hardware level;wherein said at least one computer file system trap layer or said at least one computer file system filter layer interacts with other components comprising control of system time, comprising at least one of:a. controlling incorporating the use of monitoring tools or components that intercept or poll the system time and determine whether system time is within an allowed range or not, comprising at least one of: i. providing a time source that is used that is external or internal to the system to validate the system time relative to at least one of GMT or universal time, orii. allowing for a small deviation by the algorithm, based on the actual time source that allows for variance in time based on how long the clock has been running;b. wherein if the system time is changed beyond an allowed deviation, then external tools provide for at least one of: i. attempting to reset time and date according to average deviation time applied to how long the clock has been running, orii. if such attempt fails, then triggering said at least one computer file system trap layer or said at least one computer file system filter layer to at least one of: locking down at least one storage volume or repository, or preventing any modifications, or preventing all access; orc. wherein time management system is self learning comprising: monitoring average deviation or maintaining an average on an ongoing basis at a regular interval resulting in an average number of seconds per period and at least one of: i. when the system starts up, the time management component gets the system time and compares it to the time source (clock) and applies the average deviation to how long the clock has been running to determine whether it is within the allowable range or not;ii. when if the external clock or time source is unavailable at boot time then the system is considered unsecure and the time is considered unverifiable and hence the system is locked down and all volumes are at least one of: set to read-only, or prevented from access by triggering such states on the at least one computer file system trap layer or said at least one computer file system filter layer associated with such volumes and partitions; iii. when the system is running, the time management establishes a reference time and polls the system time at a regular interval, knowing what time to expect and hence it not necessarily having to query the time source for any additional time, and in this case any attempt to alter the time outside what is projected is reset accordingly and if the reset fails, then the system is set in an unsecure state and the at least one computer file system trap layer or said at least one computer file system filter layer is notified accordingly which triggers locking the volume, or taking the volume offline;iv. when in the event the system is set to sleep, and then is woken up, then the time management tools detect that state and take the appropriate action to determine what the correct time is and reset accordingly, and failure to reset triggers an unsecure state and the associated locking of volumes in read-only or preventing all access;v. when in some cases it is necessary to poll the physical external source to validate what the time is regardless of the projected time just in case the time management monitoring tools are unable to determine whether the system was asleep or not; and applies the same algorithm to reset the time accordingly;vi. when in the event the secure time source or clock cannot be validated or queried then the unsecure state is triggered;vii. when under a condition, if the time management tools are shutdown or the system locks down, and the at least one computer file system trap layer or said at least one computer file system filter layer prevents any access or modification of the volumes; viii. when time management cannot be overridden, then changing the system motherboard, or BIOS battery cannot overrule the secure time; orix. when the secure time source incorporates additional secure signatures or validation to determine that it is a trusted source, the system cannot be bluffed or spoofed, and such signatures and identifiers incorporate combinations of at least one of a hash code, an encryption, or a unique identified time on the time source itself; ord. wherein time management is incorporated as whole or partially within the at least one computer file system trap layer or said at least one computer file system filter layer; ore. wherein the system further comprises retention integration comprising secure communication with authorized applications at least one of external to the data management system, or in a partner application, wherein at least one of: wherein, with these definitions, trusted and secure components can have certain privileges that allow the setting of the state of the individual files and directories under certain state and allow exclusive access to managing such state to the trusted applications; orwherein, these controls limit what operations comprising at least one of: file retention manipulation can be performed, when files can be retained, when the retention can be extended, when the file can be excluded from retention, or when the file is to be deleted, or eventually erased by the at least one computer file system trap layer or said at least one computer file system filter layer. 32. The computer implemented method according to claim 1, wherein said at least one computer file system trap layer or said at least one computer file system filter layer is implemented within a file system layer. 33. The computer implemented method according to claim 1, wherein said allowing, or said denying the attempted operation comprises: allowing creating a file relating to the attempted operation on a first portion of the computer storage medium while restricting access to said first portion of the computer storage medium. 34. The computer implemented method according to claim 33, further comprising: evaluating a content of said file relating to the attempted operation; andat least one of allowing, or denying the attempted operation based on said evaluating. 35. The computer implemented method according to claim 1, further comprising: evaluating a content of a file relating to the attempted operation; andat least one of allowing, or denying the attempted operation based on said evaluating. 36. The computer implemented method according to claim 35, wherein said content is analyzed, by the at least one computer processor, for existence of harmful content; and wherein said intercepting comprises intercepting upon file creation based on said computer file system operation access privilege. 37. The computer implemented method according to claim 36, wherein said harmful content comprises at least one of: a computer virus,malware,adware,spyware,a computer worm, ora malicious file. 38. The computer implemented method according to claim 26, wherein the method further comprises: allowing, by the at least one computer processor, a file of said harmful content to be created to evaluate the contents of the file, anddeleting, by the at least one computer processor, the file if the file is determined to be harmful. 39. The method according to claim 1, wherein said at least a portion of the computer storage medium comprises at least one of: a volume,a directory, ora partition. 40. The method according to claim 1, wherein said attempted operation comprises: file creation. 41. An apparatus for providing a write once read many (WORM) computer storage device comprising: a computer storage device comprising at least two partitions;a first of said at least two partitions comprising control components; anda second of said at least two partitions comprising encrypted data; wherein said storage device is adapted to be coupled via an interface to a system, wherein said system is configured to apply an operation access privilege to said computer storage medium, comprising: being configured to associate an access privilege with at least a portion of the computer storage medium;being configured to intercept an attempted operation on said at least a portion of the computer storage medium, wherein said being configured to intercept occurs regardless of an identity of a user attempting the attempted operation;being configured to compare the attempted operation to the access privilege; andbeing configured to allow, or deny the attempted operation based on comparing the attempted operation to the access privilegewherein at least one of: said being configured to associate, to allow, or to deny is based on enforcing a policy. 42. A computer implemented method for intercepting, by at least one computer processor, an attempted download of data to at least a portion of a computer storage medium, comprising: receiving, by the at least one computer processor, at least one attempted download operation to store the data, by the at least one computer processor, on the at least a portion of the computer storage medium;intercepting, by the at least one computer processor, by at least one computer file system trap layer or at least one computer file system filter layer the at least one attempted download operation on the at least a portion of the computer storage medium, wherein said intercepting, by the at least one computer processor, occurs regardless of an identity of a user attempting the attempted operation;determining, by the at least one computer processor, whether the at least one attempted download operation is permitted based upon analysis, by the at least one computer processor, of the content of the data as well as based on a comparison of the at least one attempted download operation to a computer file system operation access privilege, and permitting, or not permitting, by the at least one computer processor, the at least one attempted download operation based on said determining, by the at least one computer processor. 43. The computer implemented method of claim 42, wherein the analysis, by the at least one computer processor, is performed on at least one of a same or a different device than the device comprising the storage device. 44. A computer implemented method for intercepting, by at least one computer processor, an attempted operation on at least a portion of a computer storage medium, comprising: receiving, by the at least one computer processor, at least one attempted operation comprising creating an executable file to operate on data with respect to the at least a portion of the computer storage medium;intercepting, by the at least one computer processor, by at least one computer file system trap layer or said at least one computer file system filter layer said at least one attempted operation comprising creating said executable file on the computer storage medium, wherein said intercepting, by the at least one computer processor, occurs regardless of an identity of a user attempting the attempted operation;determining, by the at least one computer processor, whether the at least one attempted operation is permitted based upon analysis, by the at least one computer processor, of the content of the data, wherein the analysis, by the at least one computer processor, identifies, by the at least one computer processor, content comprising at least one of: harmful content,a computer virus,malware,adware,spyware,a computer worm, ora malicious file; andpermitting, or not permitting the attempted operation comprising creating said executable file based on said determining. 45. The computer implemented method of claim 44, wherein the analysis, by the at least one computer processor, is performed on at least one of: a same or a different device than the device comprising the storage device. 46. The computer implemented method of claim 44, wherein the attempted operation, by the at least one computer processor, comprises at least one of: reading, by the at least one computer processor, from,accessing, by the at least one computer processor,writing, by the at least one computer processor, to,sending, by the at least one computer processor, to, orreceiving, by the at least one computer processor, from, the at least a portion of the storage device. 47. The computer implemented method of claim 44, wherein said intercepting, by the at least one computer processor, comprises: intercepting, by the at least one computer processor, a request for said at least one attempted operation, andat least one of: waiting, by the at least one computer processor, for a user intervention, orwaiting, by the at least one computer processor, for a determination whether the operation should be allowed. 48. The computer implemented method of claim 44, wherein said intercepting, by the at least one computer processor, comprises at least one of: determining, by the at least one computer processor, or validating, by the at least one computer processor, at least one of a signature or another identifier of a file; or determining, by the at least one computer processor, if a file is one of: known origin, or unknown origin. 49. The computer implemented method of claim 44, wherein said intercepting, by the at least one computer processor, comprises: intercepting, by the at least one computer processor, all operations on a file of unknown origin; anddetermining, by the at least one computer processor, an action to be taken comprising at least one of: suspending, by the at least one computer processor, operation until at least one of a user intervention, or an administrator intervention; ordenying and rejecting, by the at least one computer processor, at least one of said attempted operation on said file of unknown origin. 50. The computer implemented method of claim 44, wherein said intercepting comprises: intercepting, by the at least one computer processor, said at least one attempted operation; andat least one of: modifying, by the at least one computer processor, said at least one attempted operation to at least one of: prevent modification, by the at least one computer processor,triggering, by the at least one computer processor, an action; ortriggering, by the at least one computer processor, a delete on file close;modifying, by the at least one computer processor, a privilege on a file open operation to at least one of: removing, by the at least one computer processor, write access, orprohibiting, by the at least one computer processor, write access; ormarking, by the at least one computer processor, a file for deletion, and upon file close automatically deleting, by the at least one computer processor, the file. 51. The computer implemented method of claim 44, wherein said intercepting, by the at least one computer processor, is implemented within a file system layer. 52. A method for intercepting an attempted download of data to at least a portion of a computer storage medium, comprising: receiving at least one attempted download operation to store the data on the at least a portion of the computer storage medium;intercepting by at least one computer file system trap layer or said at least one computer file system filter layer the at least one attempted download operation on the at least a portion of the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation;determining whether the at least one attempted download operation is permitted based upon analysis of the content of the data, and permitting, or not permitting the at least one attempted download operation based on said determining. 53. The method of claim 52, wherein the analysis is performed on at least one of a same or a different device than the device comprising the storage device. 54. A method for intercepting an attempted operation on at least a portion of a computer storage medium, comprising: receiving at least one attempted operation to operate on data with respect to the at least a portion of the computer storage medium, wherein said at least one attempted operation comprises creating at least one file capable of being executed on a computer processor;intercepting by at least one computer file system trap layer or said at least one computer file system filter layer said at least one attempted operation comprising creating said at least one file on the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation of creating said at least one file;determining whether the at least one attempted operation is permitted based upon analysis of the content of the data, wherein the analysis identifies content comprising at least one of: harmful content,a computer virus,malware,adware,spyware,a computer worm, ora malicious file; andpermitting, or not permitting the attempted operation comprising creating a file capable of execution based on said determining. 55. The method of claim 54, wherein the analysis is performed on at least one of: a same or a different device than the device comprising the storage device. 56. The method of claim 54, wherein the attempted operation comprises at least one of: reading from,accessing,writing to,sending to, orreceiving from, the at least a portion of the storage device. 57. The method of claim 54, wherein said intercepting comprises: intercepting a request for said at least one attempted operation, and at least one of: waiting for a user intervention, orwaiting for a determination whether the operation should be allowed. 58. The method of claim 54, wherein said intercepting comprises at least one of: determining or validating at least one of a signature or another identifier of a file; ordetermining if a file is one of: known origin, or unknown origin. 59. The method of claim 54, wherein said intercepting comprises: intercepting all operations on a file of unknown origin; anddetermining an action to be taken comprising at least one of: suspending operation until at least one of a user intervention, or an administrator intervention; ordenying and rejecting at least one of said attempted operation on said file of unknown origin. 60. The method of claim 54, wherein said intercepting comprises: intercepting said at least one attempted operation; andat least one of: modifying said at least one attempted operation to at least one of: prevent modification,triggering an action; ortriggering a delete on file close;modifying a privilege on a file open operation to at least one of: removing write access, orprohibiting write access; ormarking a file for deletion, and upon file close automatically deleting the file. 61. The method of claim 54, wherein said intercepting is implemented within a file system layer. 62. A non-transitory computer accessible storage medium embodied thereon computer program product, said computer program product for applying a computer file system operation access privilege to a computer storage medium when executed on at least one computer processor, performing a method of: associating, by the at least one computer processor, the computer file system operation access privilege with at least a portion of the computer storage medium;intercepting, by the at least one computer processor, by at least one computer file system trap layer or said at least one computer file system filter layer an attempted operation on said at least a portion of the computer storage medium, wherein said intercepting occurs regardless of an identity of a user attempting the attempted operation;comparing, by the at least one computer processor, the attempted operation to the operation access privilege; andallowing, or denying, by the at least one computer processor, the attempted operation based on the comparing of the attempted operation to the operation access privilege. 63. The computer program product according to claim 62, wherein said allowing or said denying of the attempted operation of the method comprises at least one of: allowing, or denying, by the at least one computer processor, the attempted operation based on a content of a logical file associated with said at least a portion of the computer storage medium;allowing, or cancelling, by the at least one computer processor, the attempted operation based on the content of the file; orallowing, by the at least one computer processor, a create file operation to create a file on at least a portion of the computer storage medium, evaluating, by the at least one computer processor, a content of the file, and at least one of : allowing, by the at least one computer processor, the attempted operation, or deleting, by the at least one computer processor, the file based on said evaluating. 64. The method according to claim 62, wherein said associating the access privilege comprises associating the access privilege with said at least a portion of the computer storage medium based on a file attribute of a logical file associated with said at least a portion of the computer storage medium. 65. The method according to claim 62, wherein said enforcing the access privilege comprises enforcing a retention access privilege comprising preventing said a least a portion of the computer storage medium in a retained state from being modified while a retention period of said at least a portion of the computer storage medium is unexpired. 66. A data processing system configured to apply a computer file system operation access privilege to a computer storage medium, comprises: at least one computer processor configured to associate the computer file system operation access privilege with at least a portion of the computer storage medium;said at least one computer processor configured to intercept, by at least one computer file system trap layer or at least one computer file system filter layer, an attempted operation on said at least a portion of the computer storage medium, wherein said interception occurs regardless of an identity of a user that attempts the attempted operation;said at least one computer processor configured to compare the attempted operation to the computer file system operation access privilege; andsaid at least one computer processor configured to allow, or deny the attempted operation based on the comparison of the attempted operation to the computer file system operation access privilege. 67. The data processing system according to claim 66, wherein said allowance or said denial of the attempted operation comprises at least one of said at least one computer processor configured to allow, or deny the attempted operation based on a content of a logical file associated with said at least a portion of the computer storage medium. 68. The data processing system according to claim 67, wherein said allowance, or said denial comprises at least one of allowance, or cancellation of the attempted operation based on the content of the file. 69. The data processing system according to claim 66, wherein said allowance, or said denial of the attempted operation comprises being configured to: allow a create file operation to create a file on at least a portion of the computer storage medium;evaluate a content of the file; andat least one of allowance of the attempted operation, or deletion of the file based on said evaluation. 70. The data processing system according to claim 66, wherein said association of the computer file system operation access privilege comprises association of the access privilege with said at least a portion of the computer storage medium based on a file attribute of a logical file associated with said at least a portion of the computer storage medium. 71. The data processing system according to claim 66, wherein said allowance or denial comprises: enforcing the computer file system operation access privilege comprising: enforcing a retention access privilege comprising: preventing said a least a portion of the computer storage medium in a retained state from being modified while a retention period of said at least a portion of the computer storage medium is unexpired. 72. The data processing system according to claim 71, wherein said enforcing a retention access privilege is enforced for at least one of: a file name, a file attribute, a file path, or a file content, of a logical file associated with said at least a portion of the computer storage medium. 73. The method according to claim 71, wherein said enforcing a retention access privilege comprises determining if said at least a portion of the computer storage medium is eligible to enter the retained state based on a content of said at least a portion of the computer storage medium. 74. The method according to claim 73, wherein said determining comprises determining if said at least a portion of the computer storage medium is eligible to enter the retained state based on a content group associated with said at least a portion of the computer storage medium, the content group associated based on evaluating said at least a portion of the computer storage medium for pre-defined content. 75. The method according to claim 71, wherein said associating the access privilege comprises holding the retained state. 76. The method according to claim 75, wherein said holding the retained state comprises at least one of: suspending expiration of a retained state portion of the computer storage medium;suspending an unexpired retained state portion of the computer storage medium from entering an expired retained state;suspending clearing of a read only attribute of the retained state portion of the computer storage medium by setting a temporary attribute of the retained state portion of the computer storage medium; orsuspending deletion of an expired retained state portion of the computer storage medium. 77. The method according to claim 66, wherein said enforcing the access privilege comprises enforcing a retention access privilege comprising triggering one or more background processes when said at least a portion of the computer storage medium enters a retained state. 78. The method according to claim 77, wherein the one or more background processes comprises at least one of: creating metadata for the retention;identifying the user retaining said at least a portion of the computer storage medium;storing user identification for the user retaining said at least a portion of the computer storage medium;identifying the retention access privilege retaining said at least a portion of the computer storage medium;storing the retention access privilege retaining said at least a portion of the computer storage medium;generating a digital signature of the content of said at least a portion of the computer storage medium;generating a digital signature comprising a hash of the content of said at least a portion of the computer storage medium;generating a digital signature of the content of at least one of a default data stream associated with a file associated with said at least a portion of the computer storage medium or one or more alternate data streams associated with the file associated with said at least a portion of the computer storage medium;storing the digital signature;determining if any other policies apply;creating at least one of an alternate data stream or an extended attribute to store the metadata;encrypting hash keys for the metadata; or storing the hash keys. 79. The method according to claim 71, wherein said enforcing the retention access privilege comprises triggering retention of said at least a portion of the computer storage medium based on at least one of: the attempted operation;setting a read-only attribute of the file;renaming the file to a file name;renaming the file to a particular name;resizing the file;resizing the file to a particular size;creating an extended attribute associated with the file; or creating an alternate data stream associated with the file. 80. The method according to claim 71, wherein said enforcing the retention access privilege comprises enforcing an archive access privilege comprising queuing said at least a portion of the computer storage medium to be copied to an alternate media, when said at least a portion of the computer storage medium is retained. 81. The method according to claim 66, wherein said allowing, or said denying the attempted operation comprises forcing a secure erasure for a delete operation on said at least a portion of the computer storage medium, wherein the secure erasure comprises at least one of overwriting the content of said at least a portion of the computer storage medium or overwriting an alternate data stream associated with said at least a portion of the computer storage medium. 82. The method according to claim 66, wherein said allowing, or said denying comprises at least one of: allowing the operation on a directory if the directory is empty; ordenying the operation on the directory if the directory is not empty. 83. The method according to claim 66, wherein said allowing, or said denying comprises at least one of allowing, or denying the attempted operation based on at least one of an application or a process attempting the attempted operation. 84. The method according to claim 83, wherein said allowing, or said denying the attempted operation based on at least one of the application or the process comprises at least one of: allowing the attempted operation for at least one of a named or a registered process;denying the attempted operation for at least one of the named or the registered process; orallowing the attempted operation for a privileged application, the privileged application comprising an application operable to be authenticated via a digital signature. 85. The method according to claim 66, wherein said enforcing the access privilege comprises enforcing a access privilege based on an application, the access privilege comprising at least one of: enforcing application based intercepting of the attempted operation;disabling an operation option provided to the user;expanding the scope of an operation based on the application; orat least one of allowing, or denying the attempted operation based on validating a child object of a parent object of an attempted operation. 86. The method according to claim 66, wherein said enforcing the access privilege comprises enforcing a secure time routine, the routine comprising at least one of: using a secure clock;maintaining a system clock comprising using the secure clock;accounting for deviations based on inaccuracies of the secure clock;verifying operation of a secure clock or authenticating the secure clock;at least one of: denying at least one attempted operation,preventing said at least a portion of the computer storage medium from being retained, orrendering the computer storage medium read-only, if the secure clock can not be at least one of: verified or authenticated; orrunning the secure clock independent of a server. 87. The method according to claim 66, further comprising: evaluating a content of a file relating to the attempted operation; andat least one of allowing, or denying the attempted operation based on said evaluating. 88. The method according to claim 87, wherein said content is analyzed for existence of harmful content. 89. The method according to claim 88, wherein said harmful content comprises at least one of: a computer virus,malware,adware,spyware,a computer worm, ora malicious file. 90. The method according to claim 88, wherein the method further comprises: allowing a file of said harmful content to be created to evaluate the contents of the file, anddeleting the file if the file is determined to be harmful. 91. The method according to claim 66, further comprising: evaluating content of a file wherein said file launches a process; andlaunching the process to determine at least one restriction or access privilege for the process. 92. The method according to claim 91, comprising: determining a harmful process belongs to a virus based on said launching; and disabling at least one operation for said harmful process. 93. The method of claim 66, further comprising at least one of: assigning metadata to a given file relating to operations permitted on said given file;assigning metadata to a given file relating to validating contents of a given file; orconfirming contents have not been modified or tampered with, comprising at least one of: a hash, a hash key, an SHA hash, an encryption key, or a digital signature. 94. The method of claim 66, wherein said intercepting further comprises at least one of: interacting between said at least one computer file system trap layer or said at least one computer file system filter layer and at least one other component;retrieving additional information by said at least one computer file system trap layer or said at least one computer file system filter layer; ordetermining a role said at least one computer file system trap layer or said at least one computer file system filter layer will perform comprising whether to at least one of:allow, reject, or modify a request. 95. The method of claim 66, wherein said intercepting further comprises: triggering by said at least one computer file system trap layer or said at least onecomputer file system filter layer initiating other actions comprising at least one of: intercepting a delete operation, anddetermining when to actually erase contents, wherein, at least one of:an erasure comprises overwriting at least one of content or at least a portion of a file with a predetermined pattern;an erasure is triggered immediately; oran erasure is tagged when the file is marked for deletion and at least one of: the actual erasure takes place once the file is closed, depending on file system; orthe erasure is performed on file cleanup after the file is closed. 96. The method of claim 66, wherein said intercepting further comprising: triggering by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of: creating file signatures upon certain conditions comprising when the file retention is triggered comprising at least one of: creating said file signature when the file is finally closed and is no longer modified;creating said file signature triggered immediately; orcreating said file signature when the file is in final cleanup and all handles or channels are closed, or contents are flushed from the cache. 97. The method of claim 66, wherein said intercepting further comprises at least one of: triggering by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of: intercepting at least one of: a plurality of file types; at least one directory; or alternate data streams;interrogating contents of at least one directory to enable additional operations comprising at least one of: determining if said at least one directory is empty, or not,determining whether to allow at least one of rename, or delete operations,determining if the at least one directory is not empty and if not empty, then at least one of: rejecting all delete operations,rejecting all rename operations, orrejecting all move operations, ordetermining if the at least one directory is not empty, and if not empty, then at least one of: allowing all operations, orallowing certain operations;intercepting an open directory for enumeration operation to prevent browsing of at least one directory contents comprising at least one of: allowing file and directory operations that are for a specific file or directory name to succeed, but making operations enumerating contents fail;intercepting similar operations comprising at least one of: modifying security, adding or removing files, changing attributes, or adding or removing directories;intercepting operations to the default data stream portion of a file, or alternate data streams, and conditionally allowing, disallowing, or modifying such requests depending on policies; ordetermining policies dynamically by at least one of: querying a parent directory, querying a parent volume, querying associated policies, defining policies at an individual object level, forcing additional operations, or triggering other operations. 98. The method of claim 66, wherein said at least one computer file system trap layer or said at least one computer file system filter layer automatically encrypts or decrypts contents of a logical storage volume or medium, and at least one of: wherein if the at least one computer file system trap layer or said at least one computer file system filter layer is unavailable then contents are obscured by the encryption of the contents on the physical volume;wherein if the at least one computer file system trap layer or said at least one computer file system filter layer determines conditions are normal, then the at least one computer file system trap layer or said at least one computer file system filter layer allows access to the volume and decrypts contents allowing the actual files to be accessed as a normal file system; orwherein if the at least one computer file system trap layer or said at least one computer file system filter layer determines that conditions are abnormal, then the at least one computer file system trap layer or said at least one computer file system filter layer rejects all access requests. 99. The method of claim 66, wherein said intercepting is further comprising at least one of: triggering by said at least one computer file system trap layer or said at least one computer file system filter layer initiating other actions comprising at least one of: intercepting an additional partition, or volume management operations, anddepending on the protection policies, at least one of allows or disallows said volume management operations, or modifies said volume management operations to prohibit any anomalies comprising at least one of: preventing delete or format operations on protected partitions; orintercepting other operations comprising at least one of: snapshot creation,dismount operations, orpartition resizing comprising: shrinking, or expansion. 100. The method of claim 66, wherein said intercepting comprising at least one of: wherein said at least one computer file system trap layer or said at least one computer file system filter layer is implemented to at least one of: validate and compare byte streams, or look for digital signatures;wherein said at least one computer file system trap layer or said at least one computer file system filter layer interacts with additional components on the hardware level to at least one of: determine additional operations or restrictions, or to trigger additional actions within the at least one computer file system trap layer or said at least one computer file system filter layer, or to trigger additional actions at the hardware layer;wherein said at least one computer file system trap layer or said at least one computer file system filter layer triggers additional actions on a physical storage device comprising at least one of: triggering certain logical, or physical sectors of the computer storage medium to become un-readable, un-writable; or un-modifiable;wherein said at least one computer file system trap layer or said at least one computer file system filter layer enables defining a type of storage technology where certain deficiencies or shortcomings of a given physical medium are exploited to achieve a secure, tamper proof, type of computer storage medium comprising at least one of: triggering such media with known limitations on the number of re-writes to mark certain sectors as permanently un-modifiable as if the number re-writes have been exhausted;triggering such media with known limitations on the number of re-writes to mark certain sectors as permanently unreadable or corrupt as if the number re-writes have been exhausted or it is physically corrupt;applying to various media types comprising at least one of: flash drives or NAND; ormarking physical media as destroyed and permanently unreadable at the physical hardware level;wherein said at least one computer file system trap layer or said at least one computer file system filter layer interacts with other components comprising control of system time, comprising at least one of:a. controlling incorporating the use of monitoring tools or components that intercept or poll the system time and determine whether system time is within an allowed range or not, comprising at least one of: i. providing a time source that is used that is external or internal to the system to validate the system time relative to at least one of GMT or universal time, orii. allowing for a small deviation by the algorithm, based on the actual time source that allows for variance in time based on how long the clock has been running;b. wherein if the system time is changed beyond an allowed deviation, then external tools provide for at least one of: iii. attempting to reset time and date according to average deviation time applied to how long the clock has been running, oriv. if such attempt fails, then triggering said at least one computer file system trap layer or said at least one computer file system filter layer to at least one of: locking down at least one storage volume or repository, or preventing any modifications, or preventing all access; orc. wherein time management system is self learning comprising: monitoring average deviation or maintaining an average on an ongoing basis at a regular interval resulting in an average number of seconds per period and at least one of: v. when the system starts up, the time management component gets the system time and compares it to the time source (clock) and applies the average deviation to how long the clock has been running to determine whether it is within the allowable range or not;vi. when if the external clock or time source is unavailable at boot time then the system is considered unsecure and the time is considered unverifiable and hence the system is locked down and all volumes are at least one of: set to read-only, or prevented from access by triggering such states on the at least one computer file system trap layer or said at least one computer file system filter layer associated with such volumes and partitions;vii. when the system is running, the time management establishes a reference time and polls the system time at a regular interval, knowing what time to expect and hence it not necessarily having to query the time source for any additional time, and in this case any attempt to alter the time outside what is projected is reset accordingly and if the reset fails, then the system is set in an unsecure state and the at least one computer file system trap layer or said at least one computer file system filter layer is notified accordingly which triggers locking the volume, or taking the volume offline;viii. when in the event the system is set to sleep, and then is woken up, then the time management tools detect that state and take the appropriate action to determine what the correct time is and reset accordingly, and failure to reset triggers an unsecure state and the associated locking of volumes in read-only or preventing all access;ix. when in some cases it is necessary to poll the physical external source to validate what the time is regardless of the projected time just in case the time management monitoring tools are unable to determine whether the system was asleep or not; and applies the same algorithm to reset the time accordingly;x. when in the event the secure time source or clock cannot be validated or queried then the unsecure state is triggered;xi. when under a condition, if the time management tools are shutdown or the system locks down, and the at least one computer file system trap layer or said at least one computer file system filter layer prevents any access or modification of the volumes;xii. when time management cannot be overridden, then changing the system motherboard, or BIOS battery cannot overrule the secure time; orxiii. when the secure time source incorporates additional secure signatures or validation to determine that it is a trusted source, the system cannot be bluffed or spoofed, and such signatures and identifiers incorporate combinations of at least one of a hash code, an encryption, or a unique identified time on the time source itself; ord. wherein time management is incorporated as whole or partially within the at least one computer file system trap layer or said at least one computer file system filter layer; ore. wherein the system further comprises retention integration comprising secure communication with authorized applications at least one of external to the data management system, or in a partner application, wherein at least one of:wherein, with these definitions, trusted and secure components can have certain privileges that allow the setting of the state of the individual files and directories under certain state and allow exclusive access to managing such state to the trusted applications; orwherein, these controls limit what operations comprising at least one of: file retention manipulation can be performed, when files can be retained, when the retention can be extended, when the file can be excluded from retention, or when the file is to be deleted, or eventually erased by the at least one computer file system trap layer or said at least one computer file system filter layer. 101. The method according to claim 66, wherein said at least one computer file system trap layer or said at least one computer file system filter layer is implemented within a file system layer. 102. The method according to claim 66, wherein said allowing, or said denying the attempted operation comprises: allowing creating a file relating to the attempted operation on a first portion of the computer storage medium while restricting access to said first portion of the computer storage medium. 103. The method according to claim 102, further comprising: evaluating a content of said file relating to the attempted operation; andat least one of allowing, or denying the attempted operation based on said evaluating.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.