Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
1999-03-15
2002-01-01
Nguyen, Hiep T. (Department: 2187)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C707S793000, C713S152000
Reexamination Certificate
active
06336175
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to data storage and more particularly to a method of providing restricted write access on a data storage medium.
BACKGROUND OF THE INVENTION
In the past, operating systems restricted file access based on three criteria. The first criterion relates to the physical limitations of the storage device. For example, a CD-ROM drive only provides read access and therefore is restricted to read-only operation. The second relates to limitations of the storage medium. For example, a CD is a read-only medium, a CDR is a read/write medium but when a CD is full, the writer becomes a read-only medium, and so forth. The third relates to file access privileges. For example, in the UNIX operating system a file is stored with a set of access privileges including read and write privileges. Some files arc read only and others arc read/write and so forth.
Unfortunately, these access privileges fail to adequately provide protection for archival storage devices such as magnetic tape or removable optical media.
An example of a popular operating system is Windows NT®. Using Windows NT®, device drivers are hidden from applications by a protected subsystem implementing a programming and user interface. Devices are visible to user-mode programs, which include protected subsystems, only as named file objects controlled by the operating system input/output (IO) manager. This architecture limits an amount of knowledge necessary to implement device drivers and applications. In order to provide reasonable performance, the two separated systems, device drivers and applications, operate independently.
For example, when a write operation is requested by an application, the request is made via a file object handle. The application does not actually communicate with the storage device nor does the device driver for that storage device communicate with the application. Each communicates with the operating system independently. Thus, when the write command is issued for writing data to a device, the data is stored in buffer memory while the destination device is being accessed. A successful completion status is provided to the application. When the destination storage device is available, the stored data is written to the destination storage device. When the storage device is unavailable or fails to support write operations, the data is not successfully written. An error message may result, but will not be directed toward the application since it is not known to the device driver or is inaccessible. For example, the application may have terminated before the error occurs. Alternatively, no error message results and when the buffer is flushed or when the system is rebooted, the data is lost. Neither of these results is acceptable in normal computer use.
Fortunately, most devices are easily verified as to their capabilities. Read only devices are known as are read/write devices. Because a CD-ROM drive never becomes a read/write device, it is easily managed. When a device supports both read/write media and read only media the problem becomes evident.
In order to better highlight the problem, an example is presented. When a hard disk is full, accessing a file results in updating of file information relating to a last access date and so forth, journaling. File access information is updated each time a file is retrieved. The information requires no extra memory within the hard disk and therefore, the status of the hard disk, full or available disk space, is unimportant since the new file access information overwrites previous file access information. Thus, the file system writes to storage media even when full, so long as the capability of doing so exists.
When an archive data store is used with a data store device, it is often desirable that it not be written to. Therefore, accessing a file requires that the file access information is not updated—journaling is not performed. Unfortunately, when the data store device is accessed via a read/write file object handle, updating of the file access information is performed by the file system. As such, the data store is altered even when this is not desired. Further, since a single data store device accepts any number of different data stores during a period of time when the file system is in continuous operation, it is impractical if not impossible to remount the data store device with a new data store device driver and a new file object handle whenever the read/write privileges change. Currently, there is no adequate solution to overcome this problem.
In an attempt to overcome these and other limitations of the prior art, it is an object of the present invention to provide a method of limiting access privileges for a storage medium that supports increased flexibility over those of the prior art.
SUMMARY OF THE INVENTION
In accordance with the invention there is provided a method of providing restricted access to a storage medium in communication with a computer comprising the step of:
executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
executing a trap layer on the computer, the trap layer logically disposed above the file system layer;
providing to the trap layer at least a disabled file system command relating to the storage medium and supported by the file system for the storage medium;
intercepting data provided to the file system layer including an intercepted file system command;
comparing the intercepted file system command to each of the at least a disabled file system command to produce at least a comparison result; and,
when each of the at least a comparison result is indicative of other than a match, providing the intercepted file system command to the file system layer.
In some embodiments an application layer is in execution logically above the trap layer such that the trap layer is logically disposed between the application layer and the file system layer; and when a comparison result from the at least a comparison result is indicative of a match, providing an error indication to the application layer. Preferably, the error indication is provided from the trap layer.
In accordance with the invention there is further provided a method of restricting access to a storage medium in communication with a computer, the method comprising the step of:
executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
providing to the file system layer at least a disabled file system command for the storage medium, the disabled file system command supported by the file system for the storage medium, the at least a disabled file system command being other than all write commands, other than all read commands, and other than all write commands and all read commands;
comparing file system commands provided to the file system layer to each of the at least a disabled file system command to produce at least a comparison result; and,
when each of the at least a comparison result is indicative of other than a match, executing the file system command.
In an embodiment the method also comprises the following steps: providing an indication of a data write access privilege for the entire logical storage medium, the data write access privilege indicative of a restriction to alteration of a same portion of each file stored on the logical storage medium; and restricting file access to the logical storage medium in accordance with the indication while allowing access to free space portions of the same logical storage medium.
In accordance with the invention there is also provided a method of restricting access by a computer to a storage medium other than a write once medium in communication with the computer, the method comprising the steps of: providing an indication of a data write access privilege for the entire logical storage medium indicating a disabled operation relating to alteration of a portion of each file stored within the logical storage medium, the indication other than a read only indication; and, restricting
Gossage Jonathan
Lulu Yasser
Shaath Kamel
Walker Tony
Yaqun Fu
Albrecht Ralph P.
KOM Networks Inc.
Venable
LandOfFree
Method and system for providing restricted write access to a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing restricted write access to a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing restricted write access to a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2860407