Data Theft Deterrence,申请号US201514870625-传众专利搜索

发明名称	Data Theft Deterrence
摘要	A method and system for regulating access by an access program to a data object residing in a storage system, which may be used to protect against data theft in a storage server. The storage server receives, from a client node, a certificate request for a certificate pertaining to access of the data object by the access program. The storage server validates the certificate request and in response, generates the certificate and transmits the certificate to the client node. The certificate request and the certificate each include a signature of the access program and an identifier of the data object. The storage server receives from the client node an I/O request for access of the data object by the access program. The storage server determines whether the I/O request is valid or invalid and processes the I/O request with privileged handling or degraded handling, respectively.
申请公布号	US2017093844(A1)	申请公布日期	2017.03.30
申请号	US201514870625	申请日期	2015.09.30
申请人	INTERNATIONAL BUSINESS MACHINES CORPORATION	发明人	Chambliss David;Childress Rhonda L.;Goldberg Itzhack;Mor Nir;Pickover Cliff;Sondhi Neil
分类号	H04L29/06	主分类号	H04L29/06
代理机构		代理人
主权项	1. A method for regulating access by an access program to a data object residing in a storage system, said method comprising: receiving, by a storage server from a client node, a certificate request for a certificate pertaining to access of the data object by the access program, said storage system comprising the storage server and the data object, said client node comprising the access program, said certificate request comprising a signature of the access program and an identifier of the data object; said storage server validating the certificate request and in response, said storage server generating the certificate and transmitting the certificate to the client node, said certificate comprising the signature of the access program, the identifier of the data object, and a certificate authentication code for validating the certificate; after said transmitting the certificate, said storage server receiving from the client node an input/output (I/O) request for access of the data object by the access program; and said storage server determining whether the I/O request is valid or invalid and processing the I/O request with privileged handling or degraded handling, respectively.
地址	ARMONK NY US