LOGICAL ACCESS BLOCK PROCESSING PROTOCOL FOR TRANSPARENT SECURE FILE STORAGE

摘要

The packet payload of network file data packets corresponds to read and written portions of a file (220) recognized by a file system. Individual packet payload data (222), is preferably processed into a sequence of logical access blocks (224), with each logical access block containing a corresponding portion of the packet payload data (222). The file management header (226) is virutalized for all files associated with a real mount point and locally stored by the platform effectively as part of the policy data held by the policy store. The file management header (226) includes a unique file GUID (228), security parameter index (230), and a security signature (232). The security parameter index (230) is preferably a composite of security information including an encryption key identifier (key) (234), a security options array (236), and file related information (238). The logical access blocks (224) received in the packet payload data are processed (202) to apply error correction, where the error correction field (246) is present, and validate the integrity of the LAB data fields (240), including the LAB compression headers (244) if present, against the digital signature (242) values. The filed management header (226) is read, typically in advance, by the NFS/CIFS state machine process to obtain the encryption key identifier from the field (234) and compression algorithm identity, if applicable from the options index field.