CA2448614A1 - Storage access keys - Google Patents

Storage access keys Download PDF

Info

Publication number
CA2448614A1
CA2448614A1 CA002448614A CA2448614A CA2448614A1 CA 2448614 A1 CA2448614 A1 CA 2448614A1 CA 002448614 A CA002448614 A CA 002448614A CA 2448614 A CA2448614 A CA 2448614A CA 2448614 A1 CA2448614 A1 CA 2448614A1
Authority
CA
Canada
Prior art keywords
information
data location
access
storage device
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002448614A
Other languages
French (fr)
Other versions
CA2448614C (en
Inventor
James Williams
William Bridge
Richard Long
Patrick Ritto
Thomas Sepez
Angelo Pruscino
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2448614A1 publication Critical patent/CA2448614A1/en
Application granted granted Critical
Publication of CA2448614C publication Critical patent/CA2448614C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • G06F21/805Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors using a security table for the storage sub-system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1435Saving, restoring, recovering or retrying at system level using file system or storage system metadata
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9017Indexing; Data structures therefor; Storage structures using directory or table look-up
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching
    • Y10S707/99936Pattern matching access

Abstract

Methods are provided for communicating with and regulating access to a storage system (130) contained within a file system (50). Storage access keys (152, 157, 160, 163) are used to communicate to the file system changes in location of data stored in the storage system (130). Fence keys (910) are used to regulate access to the storage system (130).

Claims (42)

1. A method for managing access to a first data location on a storage device, comprising:
receiving from a requestor a request to access the first data location, the request comprising first information adapted to identify the first data location and second information adapted to identify data expected to be in the first data location, the second information adapted to be compared with third information, the third information being adapted to identify data stored in the first data location, the third information being associated with the storage device, comparing the second information with the third information, granting access to the first data location if the second information matches the third information, denying access to the first data location if the second information does not match the third information, and notifying the requestor that the second information does not match the third information, if the second information does not, match the third information.
2. The method of claim 1, further comprising notifying the requestor of a second data location, the second data location containing the data expected to be in the first data location.
3. The method of claim 1, further comprising disregarding a portion of the third information by applying a mask to the third information.
4. The method of claim 1, further comprising changing a portion of the third information by applying a mask to the third information.
5. The method of claim 4, wherein the comparing and changing steps are executed as an atomic operation.
6. The method of claim 1, wherein the third information is persistent.
7. The method of claim 1, wherein the storage device is a first storage device and the third information is stored in a second storage device.
8. The method of claim 7, wherein the second storage device is a memory.
9. The method of claim 1, wherein the request to access the first data location is a data input request.
10. The method of claim l, wherein the request to access the first data location is a data output request.
11. The method of claim 1, wherein the request to access the first data location is a data movement request.
12. A method for regulating access by a first process to a first data location on a storage device, comprising:
receiving from the first process a request to access the first data location, the request comprising first information adapted to identify the first data location and second information adapted to identify the first process, the second information adapted to be compared with third information, the third information being adapted to identify the access rights of the first process, the third information being associated with the storage device.

comparing the second information with the third information, granting access to the first data location if the second information matches the third information, and denying access to the first data location if the second information does not match the third information.
13. The method of claim 12, wherein the first data location contains information adapted to identify the access rights of a second process, fiurther comprising disallowing the second process access to a second data location on the storage device by changing data contained in the first data location.
14. The method of claim 12, wherein the third information is persistent.
15. The method of claim 12, wherein the storage device is a first storage device and the third information is stored in a second storage device.
16. The method of claim 12, wherein the second storage device is a memory.
17. A computer program product that includes a medium useable by a processor, the medium having stored thereon a sequence of instructions which, when executed by said processor, causes said processor to execute a method for managing access to a first data location on a storage device, comprising:
receiving from a requestor a request to access the first data location, the request comprising first information adapted to identify the first data location and second information adapted to identify data expected to be in the first data location, the second information adapted to be compared with third information, the third information being adapted to identify data stored in the first data location, the third information being associated with the storage device, comparing the second information with the third information, granting access to the first data location if the second information matches the third information, denying access to the first data location if the second information does not match the third information, and notifying the requestor that the second information does not match the third information, if the second information does not match the third information.
18. The computer program product of claim 17, further comprising notifying the requestor of a second data location, the second data location containing the data expected to be in the first data location.
19. The computer program product of claim 17, further comprising disregarding a portion of the third information by applying a mask to the third information.
20. The computer program product of claim 17, further comprising changing a portion of the third information by applying a mask to the third information.
21. The computer program product of claim 20, wherein the comparing and changing steps are executed as an atomic operation.
22. The computer program product of claim 17, wherein the third information is persistent.
23. The computer program product of claim 17, wherein the storage device is a first storage device and the third information is stored in a second storage device.
24. The computer program product of claim 23, wherein the second storage device is a memory.
25. The computer program product of claim 17, wherein the request to access the first data location is a data input request.
26. The computer program product of claim 17, wherein the request to access the first data location is a data output request.
27. The computer program product of claim 17, wherein the request to access the first data location is a data movement request.
28. A computer program product that includes a medium useable by a processor, the medium having stored thereon a sequence of instructions which, when executed by said processor, causes said processor to execute a method for regulating access by a first process to a first data location on a storage device, comprising:
receiving from the first process a request to access the first data location, the request comprising first information adapted to identify the first data location and second information adapted to identify the first process, the second information adapted to be compared with third information, the third information being adapted to identify the access rights of the first process, the third information being associated with the storage device.
comparing the second information with the third information, granting access to the first data location if the second information matches the third information, and denying access to the first data location if the second information does not match the third information.
29. The computer program product of claim 28, wherein the first data location contains information adapted to identify the access rights of a second process, further comprising disallowing the second process access to a second data location on the storage device by changing data contained in the first data location.
30. The computer program product of claim 28, wherein the third information is persistent.
31. The computer program product of claim 28, wherein the storage device is a first storage device and the third information is stored in a second storage device.
32. The computer program product of claim 28, wherein the second storage device is a memory.
33. A system for managing access to a first data location on a storage device, comprising:
an access request receiver adapted to receive an access request from a requestor, the access request comprising first information adapted to identify the first data location and second information adapted to identify data expected to be in the first data location, the second information adapted to be compared with third information, the third information being adapted to identify data stored in the first data location, the third information being associated with the storage device, a key fetcher adapted to locate and retreive the third information, a key comparer adapted to compare the second information with the third information, generate a comparison success if the second information matches the third information, and generate a comparison failure if the second information does not match the third information, a comparison success processor adapted to respond to the comparison success by taking a success action, and a comparison failure processor adapted to respond to the comparison failure by taking a failure action.
34. The system of claim 33, wherein the success action comprises granting access to the first data location,
35. The system of claim 33, wherein the failure action comprises denying access to the first data location
36. The system of claim 33, wherein the failure action comprises notifying the requestor that the second information does not match the third information.
37. The system of claim 33, further comprising a mask applier.
38. The system of claim 37, wherein the mask applier is adapted to discard a portion of the third information.
39. The system of claim 37, wherein the mask applier is adapted to modify a portion of the third information.
40. A system for regulating access by a first process to a first data location on a storage device, comprising:
an access request receiver adapted to receive an access request from a requestor, the access request comprising first information adapted to identify the first data location and second information adapted to identify the first process, the second information adapted to be compared with third information, the third information being adapted to identify access rights of the first process, the third information being associated with the storage device, a key fetcher adapted to locate and retreive the third information, a key comparer adapted to compare the second information with the third information, generate a comparison success if the second information matches the third information, and generate a comparison failure if the second information does not match the third information, a comparison success processor adapted to respond to the comparison success by taking a success action, and a comparison failure processor adapted to respond to the comparison failure by taking a failure action.
41. The system of claim 40, wherein the success action comprises granting the first process access to the first data location,
42. The system of claim 40, wherein the failure action comprises denying the first process access to the first data location.
CA2448614A 2001-05-31 2002-05-22 Storage access keys Expired - Lifetime CA2448614C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/873,130 2001-05-31
US09/873,130 US6715050B2 (en) 2001-05-31 2001-05-31 Storage access keys
PCT/US2002/016535 WO2002097633A1 (en) 2001-05-31 2002-05-22 Storage access keys

Publications (2)

Publication Number Publication Date
CA2448614A1 true CA2448614A1 (en) 2002-12-05
CA2448614C CA2448614C (en) 2012-07-17

Family

ID=25361029

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2448614A Expired - Lifetime CA2448614C (en) 2001-05-31 2002-05-22 Storage access keys

Country Status (6)

Country Link
US (2) US6715050B2 (en)
EP (1) EP1402374A4 (en)
JP (1) JP4721639B2 (en)
AU (1) AU2002305701B2 (en)
CA (1) CA2448614C (en)
WO (1) WO2002097633A1 (en)

Families Citing this family (81)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6915397B2 (en) * 2001-06-01 2005-07-05 Hewlett-Packard Development Company, L.P. System and method for generating point in time storage copy
US6895467B2 (en) * 2001-10-22 2005-05-17 Hewlett-Packard Development Company, L.P. System and method for atomizing storage
US7028300B2 (en) * 2001-11-13 2006-04-11 Microsoft Corporation Method and system for managing resources in a distributed environment that has an associated object
US7631066B1 (en) * 2002-03-25 2009-12-08 Symantec Operating Corporation System and method for preventing data corruption in computer system clusters
US7340489B2 (en) * 2002-04-10 2008-03-04 Emc Corporation Virtual storage devices
US7073038B2 (en) * 2002-05-22 2006-07-04 Storage Technology Corporation Apparatus and method for implementing dynamic structure level pointers
US20040133441A1 (en) * 2002-09-04 2004-07-08 Jeffrey Brady Method and program for transferring information from an application
US7583275B2 (en) * 2002-10-15 2009-09-01 University Of Southern California Modeling and video projection for augmented virtual environments
US7401064B1 (en) * 2002-11-07 2008-07-15 Data Advantage Group, Inc. Method and apparatus for obtaining metadata from multiple information sources within an organization in real time
US7284100B2 (en) * 2003-05-12 2007-10-16 International Business Machines Corporation Invalidating storage, clearing buffer entries, and an instruction therefor
US7660833B2 (en) * 2003-07-10 2010-02-09 Microsoft Corporation Granular control over the authority of replicated information via fencing and unfencing
US8539063B1 (en) 2003-08-29 2013-09-17 Mcafee, Inc. Method and system for containment of networked application client software by explicit human input
US7840968B1 (en) 2003-12-17 2010-11-23 Mcafee, Inc. Method and system for containment of usage of language interfaces
US8825702B2 (en) * 2004-02-24 2014-09-02 Oracle International Corporation Sending control information with database statement
US7783735B1 (en) * 2004-03-22 2010-08-24 Mcafee, Inc. Containment of network communication
US7895264B2 (en) * 2004-07-15 2011-02-22 Yhc Corporation Storage cluster server network
US7424584B2 (en) * 2004-08-12 2008-09-09 International Business Machines Corporation Key-controlled object-based memory protection
US7873955B1 (en) 2004-09-07 2011-01-18 Mcafee, Inc. Solidifying the executable software set of a computer
US20060074897A1 (en) * 2004-10-04 2006-04-06 Fergusson Iain W System and method for dynamic data masking
GB2420639A (en) * 2004-11-24 2006-05-31 Hewlett Packard Development Co Monitoring Copy on write (COW) faults to control zero-copy data transfer
US8140795B2 (en) * 2005-02-28 2012-03-20 Lenovo (Singapore) Pte. Ltd. Hard disk drive with write-only region
US7603552B1 (en) * 2005-05-04 2009-10-13 Mcafee, Inc. Piracy prevention using unique module translation
US7856661B1 (en) 2005-07-14 2010-12-21 Mcafee, Inc. Classification of software on networked systems
US7516285B1 (en) * 2005-07-22 2009-04-07 Network Appliance, Inc. Server side API for fencing cluster hosts via export access rights
EP1927060B1 (en) * 2005-08-09 2019-10-09 Nexsan Technologies Canada Inc. Data archiving method and system
US8306918B2 (en) * 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
US7757269B1 (en) 2006-02-02 2010-07-13 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US7895573B1 (en) 2006-03-27 2011-02-22 Mcafee, Inc. Execution environment file inventory
US7870387B1 (en) 2006-04-07 2011-01-11 Mcafee, Inc. Program-based authorization
US8352930B1 (en) 2006-04-24 2013-01-08 Mcafee, Inc. Software modification by group to minimize breakage
US8555404B1 (en) 2006-05-18 2013-10-08 Mcafee, Inc. Connectivity-based authorization
US20080022157A1 (en) * 2006-07-24 2008-01-24 Shannon Hsinhen Chang 'isolating a tape drive from communication'
JP4464378B2 (en) * 2006-09-05 2010-05-19 株式会社日立製作所 Computer system, storage system and control method for saving storage area by collecting the same data
US7757057B2 (en) * 2006-11-27 2010-07-13 Lsi Corporation Optimized rollback of copy-on-write snapshot volumes
US8332929B1 (en) 2007-01-10 2012-12-11 Mcafee, Inc. Method and apparatus for process enforced configuration management
US9424154B2 (en) 2007-01-10 2016-08-23 Mcafee, Inc. Method of and system for computer system state checks
US20080208806A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation Techniques for a web services data access layer
US7827201B1 (en) * 2007-04-27 2010-11-02 Network Appliance, Inc. Merging containers in a multi-container system
US7671567B2 (en) * 2007-06-15 2010-03-02 Tesla Motors, Inc. Multi-mode charging system for an electric vehicle
US8195931B1 (en) 2007-10-31 2012-06-05 Mcafee, Inc. Application change control
US8701189B2 (en) 2008-01-31 2014-04-15 Mcafee, Inc. Method of and system for computer system denial-of-service protection
US20090196417A1 (en) * 2008-02-01 2009-08-06 Seagate Technology Llc Secure disposal of storage data
US20100031057A1 (en) * 2008-02-01 2010-02-04 Seagate Technology Llc Traffic analysis resistant storage encryption using implicit and explicit data
US8103844B2 (en) * 2008-02-01 2012-01-24 Donald Rozinak Beaver Secure direct platter access
US8615502B2 (en) 2008-04-18 2013-12-24 Mcafee, Inc. Method of and system for reverse mapping vnode pointers
US9215066B2 (en) * 2008-06-25 2015-12-15 Oracle America, Inc. Method and system for making information in a data set of a copy-on-write file system inaccessible
US8015343B2 (en) 2008-08-08 2011-09-06 Amazon Technologies, Inc. Providing executing programs with reliable access to non-local block data storage
US8255373B2 (en) * 2008-10-24 2012-08-28 Microsoft Corporation Atomic multiple modification of data in a distributed storage system
US8544003B1 (en) 2008-12-11 2013-09-24 Mcafee, Inc. System and method for managing virtual machine configurations
US8381284B2 (en) 2009-08-21 2013-02-19 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US8341627B2 (en) 2009-08-21 2012-12-25 Mcafee, Inc. Method and system for providing user space address protection from writable memory area in a virtual environment
US8707082B1 (en) * 2009-10-29 2014-04-22 Symantec Corporation Method and system for enhanced granularity in fencing operations
US9552497B2 (en) 2009-11-10 2017-01-24 Mcafee, Inc. System and method for preventing data loss using virtual machine wrapped applications
US8925101B2 (en) 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US8938800B2 (en) 2010-07-28 2015-01-20 Mcafee, Inc. System and method for network level protection against malicious software
US8549003B1 (en) 2010-09-12 2013-10-01 Mcafee, Inc. System and method for clustering host inventories
US8621260B1 (en) 2010-10-29 2013-12-31 Symantec Corporation Site-level sub-cluster dependencies
US9075993B2 (en) 2011-01-24 2015-07-07 Mcafee, Inc. System and method for selectively grouping and managing program files
US9378769B2 (en) * 2011-01-31 2016-06-28 Oracle International Corporation System and method for storing data with host configuration of storage media
US9112830B2 (en) 2011-02-23 2015-08-18 Mcafee, Inc. System and method for interlocking a host and a gateway
US8620868B2 (en) * 2011-05-31 2013-12-31 Conexant Systems, Inc. Database hierarchical inheritance
US9594881B2 (en) 2011-09-09 2017-03-14 Mcafee, Inc. System and method for passive threat detection using virtual memory inspection
US8694738B2 (en) 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US9069586B2 (en) 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8973144B2 (en) 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8800024B2 (en) 2011-10-17 2014-08-05 Mcafee, Inc. System and method for host-initiated firewall discovery in a network environment
US8713668B2 (en) 2011-10-17 2014-04-29 Mcafee, Inc. System and method for redirected firewall discovery in a network environment
US9836514B2 (en) 2011-11-07 2017-12-05 Empire Technology Development Llc Cache based key-value store mapping and replication
US9038194B2 (en) * 2011-11-30 2015-05-19 Red Hat, Inc. Client-side encryption in a distributed environment
US8739272B1 (en) 2012-04-02 2014-05-27 Mcafee, Inc. System and method for interlocking a host and a gateway
US9146790B1 (en) * 2012-11-02 2015-09-29 Symantec Corporation Performing fencing operations in multi-node distributed storage systems
US8973146B2 (en) 2012-12-27 2015-03-03 Mcafee, Inc. Herd based scan avoidance system in a network environment
WO2015060857A1 (en) 2013-10-24 2015-04-30 Mcafee, Inc. Agent assisted malicious application blocking in a network environment
US10235404B2 (en) * 2014-06-25 2019-03-19 Cohesity, Inc. Distributed key-value store
US10204237B2 (en) * 2016-07-01 2019-02-12 Workday, Inc. Sensitive data service access
US11079971B2 (en) * 2017-03-31 2021-08-03 Veritas Technologies Llc Input/output (i/o) fencing without dedicated arbitrators
US11016990B2 (en) * 2017-08-02 2021-05-25 Salesforce.Com, Inc. Fencing out nodes in a distributed clustered system
US11962467B2 (en) * 2017-08-14 2024-04-16 International Business Machines Corporation Managing heterogeneous cluster environment
US10664574B1 (en) * 2017-09-15 2020-05-26 Architecture Technology Corporation Distributed data storage and sharing in a peer-to-peer network
CN110737394B (en) * 2018-07-20 2023-09-01 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for managing cache
US11151267B2 (en) * 2019-02-25 2021-10-19 International Business Machines Corporation Move data and set storage key based on key function control

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4962533A (en) * 1989-02-17 1990-10-09 Texas Instrument Incorporated Data protection for computer systems
US5249231A (en) * 1992-05-04 1993-09-28 Motorola, Inc. Memory tagging for object reuse protection
JP2912840B2 (en) * 1994-12-07 1999-06-28 富士通株式会社 File management system
US5802590A (en) 1994-12-13 1998-09-01 Microsoft Corporation Method and system for providing secure access to computer resources
US5768632A (en) * 1996-03-22 1998-06-16 Allen-Bradley Company, Inc. Method for operating inductrial control with control program and I/O map by transmitting function key to particular module for comparison with function code before operating
US5900019A (en) 1996-05-23 1999-05-04 International Business Machines Corporation Apparatus for protecting memory storage blocks from I/O accesses
US6026402A (en) * 1998-01-07 2000-02-15 Hewlett-Packard Company Process restriction within file system hierarchies
US6338138B1 (en) 1998-01-27 2002-01-08 Sun Microsystems, Inc. Network-based authentication of computer user
US6405202B1 (en) 1998-04-27 2002-06-11 Trident Systems, Inc. System and method for adding property level security to an object oriented database
US6345347B1 (en) 1999-09-27 2002-02-05 International Business Machines Corporation Address protection using a hardware-defined application key
WO2001033383A1 (en) * 1999-11-01 2001-05-10 Mangosoft Corporation Internet-based shared file service with native pc client access and semantics and distributed version control

Also Published As

Publication number Publication date
EP1402374A4 (en) 2008-01-23
US6715050B2 (en) 2004-03-30
EP1402374A1 (en) 2004-03-31
JP2004528659A (en) 2004-09-16
JP4721639B2 (en) 2011-07-13
CA2448614C (en) 2012-07-17
AU2002305701B2 (en) 2008-04-03
US20040181558A1 (en) 2004-09-16
US20030079100A1 (en) 2003-04-24
WO2002097633A1 (en) 2002-12-05
US7152148B2 (en) 2006-12-19

Similar Documents

Publication Publication Date Title
CA2448614A1 (en) Storage access keys
US6131165A (en) Permit for controlling access to services in protected memory systems
JP2004528659A5 (en)
US6081807A (en) Method and apparatus for interfacing with a stateless network file system server
US5737523A (en) Methods and apparatus for providing dynamic network file system client authentication
US7512693B2 (en) Dual-component state token with state data direct access index for systems with high transaction volume and high number of unexpired tokens
US9495084B2 (en) Method and apparatus for widget and widget-container distribution control based on content rules
US8707422B2 (en) Method and apparatus for process enforced configuration management
US7925751B1 (en) Mechanism for controlled sharing of files in a clustered application environment
US7058630B2 (en) System and method for dynamically controlling access to a database
JP2003044343A (en) Data security method for distributed file system
US20030200436A1 (en) Access control method using token having security attributes in computer system
US20120239634A1 (en) Method and apparatus for accessing database and database application system
WO2004003686A3 (en) Single system user identity
US20080018926A1 (en) Post deployment electronic document management and security solution
US20160283749A1 (en) Method for encrypting database
AU2003258703A1 (en) Methods and systems for controlling access to a data object by means of locks
US20070067357A1 (en) Methods and apparatus to provide a database version control system
US6928427B2 (en) Efficient computational techniques for authorization control
US7150041B2 (en) Disk management interface
WO2004012029A3 (en) Restricting access to a method in a component
JP2008243198A (en) Access authority control system
US7337252B2 (en) System and method for resolving conflicts of re-locking resources
US10999310B2 (en) Endpoint security client embedded in storage drive firmware
CN100438400C (en) Network device and method for use under non-security mode

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20220524