What technology area does this patent fall under?

Primary CPC classification G06F21/604. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Dec 03 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Data access control based on storage validation

US10496598B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10496598-B2
Application number	US-201514868759-A
Country	US
Kind code	B2
Filing date	Sep 29, 2015
Priority date	Sep 29, 2015
Publication date	Dec 3, 2019
Grant date	Dec 3, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system and method to control access to data are disclosed. A command to mount a specified file system as a trusted file system is received. Whether the specified file system is marked as a trustable file system is determined, where marking as a trustable file system based on verifying integrity protection for the specified file system. The specified file system is mounted as a trusted file system based on determining that the specified file system is marked as a trustable file system. A command to access data on the specified file system is received. A determination is made as to whether the specified file system was mounted with a specification to be a trusted file system. Access to the data is permitted or denied based on determining that the mounting specified mounting as a trusted file system.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: maintaining a set of trustable file system indicators; verifying, prior to receiving a command to mount a specified file system within at least one file system, integrity protection for the at least one file system based on determining that a system performing the integrity protection is operating on the at least one file system and indicates that that the integrity of the file system is being maintained; storing, prior to receiving the command to mount the at least one file system and based on the verifying integrity protection for the specified file system within the at least one file system, a respective trustable file system indicator associated with the specified file system within the set of trustable file system indicators; receiving, on a processor subsequent to storing the respective trustable file system indicator, the command to mount the specified file system, wherein the command indicates that the specified file system is to be mounted as a trusted file system; determining, based on the receiving the command to mount a specified file system, that the respective trustable file system indicator associated with the specified file system within the set of trustable file system indicators indicates that the specified file system is marked as a trustable file system, the specified file system being marked as a trustable file system; and mounting, based on receiving the command and based on determining that the specified file system is marked as a trustable file system, the specified file system as a trusted file system. 2. The method of claim 1 , further comprising: receiving a command to access data on the specified file system; determining, based on receiving the command to access data, that the command to mount the specified file system specified mounting the specified file system as a trusted file system; accessing the data based on determining that the command to mount specified mounting as a trusted file system; and avoiding access of the data based on determining that the command to mount did not specify mounting as a trusted file system. 3. The method of claim 2 , where the command to access data comprises a command to execute a process with an elevated privilege, where the process is defined by the data. 4. The method of claim 2 , where the command to access data comprises a command to retrieve the data. 5. The method of claim 1 , wherein the set of trustable file system indicators comprises a respective trustable file system indicator that is associated with each respective file system for which integrity protection has been verified, the respective trustable file system indicator reflecting marking of its associated file system as a trustable file system. 6. The method of claim 1 , further comprising: determining, from among a plurality of file systems, the specified file system as a file system to mount as a trusted file system; and initiating, based on determining the specified file system, the command to mount the specified file system as a trusted file system. 7. The method of claim 6 , further comprising storing configuration data for a plurality of file systems, the plurality of file systems comprising the specified file system, and wherein the determining the specified file system is based on the configuration data. 8. The method of claim 1 , wherein the verifying is performed prior to mounting the specified file system and while the specified file system is not mounted. 9. The method of claim 1 , wherein the verifying is performed during a boot process of the system performing integrity protection. 10. The method of claim 1 , wherein the verifying is performed prior to mounting the specified file system and at a time when the specified file system is first presented to the system performing the integrity protection. 11. A device, comprising: a processor; a memory coupled to the processor; a data storage, coupled to the processor, the data storage comprising at least one file system; and a file system mounting processor that when operating: maintain a set of trustable file system indicators; verify, prior to receiving a command to mount a specified file system within at least one file system, integrity protection for the at least one file system based on determining that a system performing the integrity protection is operating on the at least one file system and indicates that that the integrity of the file system is being maintained; store, prior to receiving the command to mount the at least one file system and based on verification of integrity protection for the specified file system within the at least one file system, a respective trustable file system indicator associated with the specified file system within the set of trustable file system indicators; receives, subsequent to storing the respective trustable file system indicator, the command to mount the specified file system, wherein the command indicates that the specified file system is to be mounted as a trusted file system; determines, based on receiving the command to mount a specified file system, that the respective trustable file system indicator associated with the specified file system within the set of trustable file system indicators indicates that the specified file system is marked as a trustable file system, the specified file system being marked as a trustable file system; and mounts, based on receiving the command and based on determining that the specified file system is marked as a trustable file system, the specified file system as a trusted file system. 12. The device of claim 11 , further comprising a data access control processor that when operating: receives a command to access data on the specified file system; determines, based on the receiving the command to access data, that the command to mount the specified file system specified mounting the specified file system as a trusted file system; accesses the data based on determining that the command to mount specified mounting as a trusted file system; and avoids access of the data based on determining that the command to mount did not specify mounting as a trusted file system. 13. The device of claim 12 , where the command to access integrity protected data comprises a command to execute a process with an elevated privilege, where the process is defined by the integrity protected data. 14. The device of claim 12 , where the command to access integrity protected data comprises a command to retrieve the integrity protected data. 15. The device of claim 12 , wherein the command to mount the specified file system further specifies at least one allowed access type from within a plurality of access types, each allowed access type within the plurality of access types indicating an access type authorized for data on the specified file system, and where the file system mounting processor, when operating: determines a requested access type corresponding to the command to access the data, and wherein access to the data is further based on the requested access type corresponding to one of the at least one allowed access type. 16. The device of claim 15 , wherein the command to mount the specified file system specifies a plurality of allowed access types, and wherein access to the data is further based on the requested access type corresponding to an allowed access type within the plurality of allowed access types. 17. The device of claim 11 , where the set of trustable file system indicators comprises a respective trustable file system indicator

Assignees

Blackberry Ltd

Inventors

Classifications

G06F21/604Primary
Tools and structures for managing or administering access control systems · CPC title
G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
H04L63/10
for controlling access to devices or network resources · CPC title
G06F16/182
Distributed file systems · CPC title
G06F16/11Primary
File system administration, e.g. details of archiving or snapshots (error detection or correction of the data by redundancy in operations G06F11/14) · CPC title

Patent family

Related publications grouped by family.

View patent family 54703810

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10496598B2 cover?: A system and method to control access to data are disclosed. A command to mount a specified file system as a trusted file system is received. Whether the specified file system is marked as a trustable file system is determined, where marking as a trustable file system based on verifying integrity protection for the specified file system. The specified file system is mounted as a trusted file sy…
Who is the assignee on this patent?: Blackberry Ltd
What technology area does this patent fall under?: Primary CPC classification G06F21/604. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Dec 03 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).