Access control to block storage devices for a shared disk based file system
US8086585B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2008 |
| Grant date | Dec 27, 2011 |
| Priority date | — |
| Expiry date | Feb 21, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F16/1774
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
For enhanced access control, a client includes a token in each read or write command sent to a block storage device. The block storage device evaluates the token to determine whether or not read or write access is permitted at a specified logical block address. For example, the token is included in the logical block address field of a SCSI read or write command. The client may compute the token as a function of the logical block address of a data block to be accessed, or a metadata server may include the token in each block address of each extent reported to the client in response to a metadata request. For enhanced security, the token also is a function of a client identifier, a logical unit number, and access rights of the client to a particular extent of file system data blocks.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.