Method and apparatus for authentication of file read events

摘要

A computerized method and apparatus for distinguishing between false positive read events and true positive events of reading a file, comprising determining an amount of date read from the file, in case the amount of data exceeds a threshold generating a true positive read event, otherwise generating a false positive read event in case a decision condition is met, and an apparatus to carry out the same.

主权项

1. A computerized method for distinguishing between false positive read events and true positive events of reading a file, comprising:
monitoring access to a file stored on a data storage device by a computer system serving as a controller; determining an amount of data read from the file during the access to the file and subsequent access to the file until a decision condition is met causing the controller to provide an indication if the access to the file is a false positive read event or a true positive read event; wherein if the amount of data read from the file exceeds a threshold value a true positive read event indication is generated, otherwise a false positive read event indication is generated, wherein the threshold is determined according to a formula: T=max(1,min(32,32−16*log(K.sub.2/K)*S/K)) wherein: T is the threshold in KB, K is the minimum size of file for which the entire file is read in KB; K.sub.2 is the minimum size of the file for which half of the file is read in KB; and S is the actual size of the file in KB.