Determining trusted file awareness via loosely connected events and file attributes
US-2024364713-A1 · Oct 31, 2024 · US
System and method for proxying IO sessions to inject external processing
US12117966B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12117966-B2 |
| Application number | US-202117446539-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 31, 2021 |
| Priority date | Aug 31, 2021 |
| Publication date | Oct 15, 2024 |
| Grant date | Oct 15, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example method includes injecting processing into sessions including IO sessions. Events in a file system are intercepted and processed. During processing, policies may be applied to the events. Some of the policies are triggered such that external actions or processing is applied to the event. Once the actions have been performed, the event may be processed by the file system.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: intercepting an event at a filter driver in a kernel space, wherein the event is associated with a resource of a computing system, wherein the event is associated with a session and wherein the session includes an entry for each event associated with the resource that occurred in the session; directing the event to a proxy engine operating in a user space; determining the session associated with the event is a session of interest by the proxy engine; generating a reconstructed session from entries in the session, which is stored in a session cache, wherein the reconstructed session includes the event; applying a policy to the reconstructed session to determine an action to be performed on the event using metadata and/or data stored in the session, wherein the metadata is related to the event; forwarding the reconstructed session to an external system, wherein the action is performed by the external system and wherein the action includes injecting an external processing into an IO (input/output) associated with the event based on the reconstructed session before the event is committed in the computing system, wherein the action is obscuring data, by the external system, associated with the event, wherein the data is unobscured when authorized at a later time; and returning the event to the filter driver to resume processing in the kernel space. 2. The method of claim 1 , wherein the event is returned to the filter driver when the session is not of interest for normal processing in the kernel space. 3. The method of claim 1 , wherein the metadata includes a session identifier, a handle, an identity of a user, process metadata including process ID, executable name, resource location, and application name, and timestamps and the data includes data to be written or data read from a data store. 4. The method of claim 1 , wherein the action is logging, further comprising logging the event by the external system. 5. The method of claim 1 , wherein the action is authorization, further comprising authorizing or denying the event by the external system. 6. The method of claim 1 , wherein the action further includes manipulation, the method further comprising: manipulating data associated with the event that is to be written to a data store by the external system; or manipulating data, by the external system, that has been read from the data store and returning the manipulated data to a requestor. 7. The method of claim 1 , further comprising interpreting the event. 8. A non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: intercepting an event at a filter driver in a kernel space, wherein the event is associated with a resource of a computing system, wherein the event is associated with a session and wherein the session includes an entry for each event associated with the resource that occurred in the session; directing the event to a proxy engine operating in a user space; determining the session associated with the event is a session of interest by the proxy engine; generating a reconstructed session from entries in the session, which is stored in a session cache, wherein the reconstructed session includes the event; applying a policy to the reconstructed session to determine an action to be performed on the event using metadata and/or data stored in the session, wherein the metadata is related to the event; forwarding the reconstructed session to an external system, wherein the action is performed by the external system and wherein the action includes injecting an external processing into an IO (input/output) associated with the event based on the reconstructed session before the event is committed in the computing system, wherein the action is obscuring data, by the external system, associated with the event, wherein the data is unobscured when authorized at a later time; and returning the event to the filter driver to resume processing in the kernel space. 9. The non-transitory storage medium of claim 8 , wherein the event is returned to the filter driver when the session is not of interest for normal processing in the kernel space. 10. The non-transitory storage medium of claim 8 , wherein the metadata includes a session identifier, a handle, an identity of a user, process metadata including process ID, executable name, resource location, and application name, and timestamps and the data includes data to be written or data read from a data store. 11. The non-transitory storage medium of claim 8 , wherein the action is logging, further comprising logging the event by the external system. 12. The non-transitory storage medium of claim 8 , wherein the action is authorization, further comprising authorizing or denying the event by the external system. 13. The non-transitory storage medium of claim 8 , wherein the action further includes manipulation, the method further comprising: manipulating data associated with the event that is to be written to a data store by the external system; or manipulating data, by the external system, that has been read from the data store and returning the manipulated data to a requestor. 14. The non-transitory storage medium of claim 8 , further comprising interpreting the event. 15. A method, comprising: intercepting an event at a filter driver in a kernel space, wherein the event is associated with a resource of a computing system, wherein the event is associated with a session and wherein the session includes an entry for each event associated with the resource that occurred in the session; directing the event to a proxy engine operating in a user space; determining the session associated with the event is a session of interest by the proxy engine; generating a reconstructed session from entries in the session, which is stored in a session cache, wherein the reconstructed session includes the event; applying a policy to the reconstructed session to determine an action to be performed on the event using metadata and/or data stored in the session, wherein the metadata is related to the event; forwarding the reconstructed session to an external system, wherein the action is performed by the external system and wherein the action includes injecting an external processing into an IO (input/output) associated with the event based on the reconstructed session before the event is committed in the computing system, wherein the action is authorization or manipulation, by the external system, associated with the event, wherein the data is unobscured when authorized at a later time; and returning the event to the filter driver to resume processing in the kernel space.
Assignees
Inventors
Classifications
Caching, prefetching or hoarding of files · CPC title
where tasks reside in different layers, e.g. user- and kernel-space · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
File access structures, e.g. distributed indices (arrangements of input from, or output to, record carriers G06F3/06) · CPC title
Intercept · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12117966B2 cover?
- One example method includes injecting processing into sessions including IO sessions. Events in a file system are intercepted and processed. During processing, policies may be applied to the events. Some of the policies are triggered such that external actions or processing is applied to the event. Once the actions have been performed, the event may be processed by the file system.
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/1734. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 15 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).