Method For Applying Local Volume File System Policies(encryption, compression and etc) on Cloud(HTTP(S) Server) Files
20220374392 · 2022-11-24
Inventors
Cpc classification
H04L67/06
ELECTRICITY
H04L63/04
ELECTRICITY
H04L63/205
ELECTRICITY
H04L67/02
ELECTRICITY
G06F16/183
PHYSICS
H04L69/18
ELECTRICITY
International classification
G06F16/11
PHYSICS
H04L67/06
ELECTRICITY
Abstract
The user can apply the local volume file system policies like encryption/decryption, file, backup, antivirus, file compression/decompression, file monitoring and etc to the cloud (HTTPS server) files:
The cloud (HTTPS server) files are not vulnerable to man in the middle attack when they are on the way to the cloud (HTTPS server) from the local computer and vice versa, since the files are secured by local volume file system policies (encryption/decryption) in the local computer before they are stored in the cloud (HTTPS server).
The user need not to rely on the cloud (HTTPS server) for the security of the cloud (HTTPS server) files, since the: files are secured by local volume file system policies (encryption/decryption) in the local computer before they are stored in the cloud (HTTPS Server).
Claims
1. By intercepting the file transfer requests with HTTP(S), FTP, CIFS, WebDAV, samba and NFS protocols to the file server, completing the intercepted file transfer requests with filesystem calls to dummy local folder or dummy local volume, intercepting the filesystem calls to the dummy local volume or dummy local folder after the modules responsible for local volume file system policies processed the filesystem calls and making the file transfer to file server after the modules responsible for local volume file system policies processed the filesystem calls, the client can apply the local volume file system policies like encryption/decryption, file backup, antivirus, file compression/decompression and file monitoring, to the files in the file server. The HTTP(S), FTP, CIFS, WebDAV, samba and NFS applications need not to be modified since the file transfer is intercepted and local volume filesystem policies are applied on the fly.
Description
BRIEF DESCRIPTION OF DRAWINGS
[0031]
[0032]
[0033]
[0034]
[0035]
DETAILED DESCRIPTION OF THE INVENTION
[0036] We can apply the local volume file system policies to the cloud (HTTP Server) files by adding the following three modules in the local computer [0037] Cloud Traffic Redirector. [0038] Cloud File IO Filter [0039] Cloud File IO Manager
[0040] Cloud Traffic Redirector
[0041] A network filter in user or kernel mode (Can be WFP callout driver in windows, a netfilter/iptable module in linux, a netfilter/iptable module in android)
[0042] Intercepts the incoming and outgoing HTTPS packets and the incoming DNS packets.
[0043] Gets the IP address of the cloud (HTTPS server) (example—onedrive.live.com) by looking into the incoming DNS packets.
[0044] When a HTTPS client application sends HTTPS traffic to the cloud (HTTPS server), the destination IP address and port are updated with the IP address and port of the cloud file io manager. Thus the traffic to the cloud (HTTPS server) is redirected to the cloud file io manager.
[0045] When the cloud file io manager sends HTTPS traffic to a HTTPS client application, the source IP address and port are updated with the IP address and port of the cloud (HTTPS server). Thus the HTTPS traffic appears to be from the cloud (HTTPS server) for the HTTPS client application.
[0046] Creates the special folder c:\FS_POLICIES_FOR_CLOUD or a volume X:\ with removable volume properties.
[0047] Cloud File IO Filter
[0048] Intercepts system calls after the local volume file system policies are applied and before the system calls reaches the file system driver (Can be a file system filter driver with FSFILTER BOTTOM class in windows, a REDIRFS based file system filter driver in linux, a module using FileObserver class in android).
[0049] Intercepts and processes the file open (create/open), file read, file write and file close requests targeted for the files inside the special folder (c:\FS_POLICIES_FOR_CLOUD) and bypasses the file requests to other volumes and folders or intercepts and processes the file open (create/open), file read, file write and file close requests targeted for the files inside the special volume (X:\) and bypasses the file requests to other volumes.
[0050] File io requests to special folders can be initiated by cloud file IO manager and the modules responsible for local volume file system policies. The cloud file IO filter has to handle the file io requests initiated by both cloud file IO manager and the modules responsible for local volume file system policies.
[0051] Completes the file open (create/open) and file close operations with status success.
[0052] Sends the file contents of file write operations to the cloud file IO manager and completes the file write request with success status.
[0053] Pends the read operations and completes them with success status when the file contents received from the cloud file IO manager.
[0054] Cloud File IO Manager
[0055]
[0056] A local proxy server or a common remote proxy server for a set of users
[0057] When a HTTPS client application tries to establish a session with the cloud (HTTPS server), the request is redirected to the cloud file io manager, the cloud file io manager establishes a redirected session with the HTTPS client application, establishes a on behalf session with the cloud (HTTP server) using the same credentials obtained form the redirected session and creates a special folder for the session (c:\FS_POLICIES_FOR_CLOUD\onedrive_files or X:\onedrive_files).
[0058] When a HTTPS client application tries to close a session with the cloud (HTTPS server), the request is redirected, to the cloud file io manager, the cloud file io manager closes the redirected session with the HTTPS client application, closes the on behalf session with the cloud (HTTP server) and deletes the special folder (c:\FS_POLICIES_FOR_CLOUD\onedrive_files or X:\onedrive_files).
[0059]
[0060] When a HTTPS POST/PUT path_to_file file_content request is received in the redirected session, the cloud file io manager does a file create (for HTTPS POST) request or a file open (for HTTPS PUT) request With the file name c:\FS_POLICIES_FOR_CLOUD:\onedrive_files\path_to_file.
[0061] The cloud file io filter completes the file create or file open request with success.
[0062] Then the cloud file io manager does a file write request with the file_content.
[0063] The file write request goes through the file system driver stack which includes the modules responsible for local volume file system policies and these modules apply the local volume file system policies on the file_content.
[0064] The cloud file io filter sends the file_content to the cloud file io manager and completes the file write request with success.
[0065] Then the cloud file io manager sends the HTTPS POST/PUT path_to_file file_content (with local volume file system policies applied) request to the cloud (HTTPS server) in the on behalf session.
[0066] Then the cloud file io manager does a file close request.
[0067] The cloud file io filter completes the file close request with success.
[0068]
[0069] When a HTTPS GET path_to_file request is received in the redirected session, the cloud file io manager sends a HTTPS GET path_to_file request to the cloud (HTTPS server) in the on behalf session.
[0070] Then the cloud file io manager does a file open request with the file name c:\FS_POLICIES_FOR_CLOUD\onedrive_files\path_to_file.
[0071] The cloud file io filter completes the file open request with success.
[0072] Then the cloud file io manager does a file read request.
[0073] When the HTTPS GET path_to_file response file_content is received in the on behalf session, the cloud file io manager sends the file_content to the cloud file io filter.
[0074] The cloud file io filter completes the file read request with the file_content.
[0075] The completed file read request goes through the file system driver stack which includes the modules responsible for local volume file system policies and these modules apply the local volume file System policies on the file_content.
[0076] The read request initiated by the cloud file io manager is completed with the file_content with local volume file system policies applied.
[0077] Then the cloud file io manager sends the HTTPS GET path_to_file response file_content (with local volume file system policies applied) to the HTTPS client application in the redirected session.
[0078] Then the cloud file io manager does a file close request.
[0079] The cloud file io filter completes the file close request with success.
[0080] The cloud file io manager need not to be a local proxy server in case of HTTP server or HTTPS offloaded to network card. In these cases the cloud traffic redirector can act as the cloud file io manager, since the cloud traffic redirector can directly intercept the HTTP request and responses (without HTTPS encryption).
[0081] In these cases the cloud file io manager uses the same session initiated by a HTTP client application to communicate with the cloud (HTTP(S) server). In other words the session initiated by a HTTPS client application to cloud (HTTPS server), acts as both redirected and on behalf session.
[0082] The file operations initiated by the cloud file io manager, can be cached or noncached. In case of cached operations, files should be flushed after every write, so that changes to the files are reflected immediately in the cloud.
[0083] When the cloud file io manager is a common remote proxy server for a set of users, a common file system policies can be applied for the set of users. So that the files can be easily shared between the set of users.
[0084] If the cloud traffic redirector creates a removable volume (X:\), the files inside the volume X:\ are encrypted and decrypted irrespective of local machine. So that the files can be accessed from different machines, if the same encryption and decryption configuration is used.