Extraordinarily large amounts of information are stored on electronic media, such as personal computer hard disk drives and other well-known data storage media. Increasingly, the information is exclusively stored on such media; no "hard" (i.e., paper) copies exist for much information. It can readily be appreciated that such so-called "paperless" information storage systems consume less space and virtually no natural resources, in contrast to systems that require information to be stored on paper. Unfortunately, it is not uncommon for electronic data storage media to "crash", i.e., to become damaged or otherwise lose its information. Such information loss can be devastating to the information owner and highly costly.
Accordingly, many computer system managers routinely make back up copies of computer files. Typically, once each day (or at some other specified periodicity) a system manager will cause the computer system to copy files that are resident on the hard disk drives of the system onto storage media such as other hard disk drives or magnetic tape. Should a file or entire hard disk drive in the system be damaged, lost, or otherwise rendered inaccessible, the back up copy of the file that is stored on, e.g., the storage tape can be copied back into the system.
Such back up systems suffer from several drawbacks. First, they usually require user interaction to initiate the back up process, and consequently occupy the time of a person who must undertake the tedious chore. Further, systems which back up computer files and store the files in the same premises as the system being backed up are of little value in the event of a catastrophe such as a fire or flood. This is because the backed up file copies can be expected to perish along with the files that are resident in the system, thereby rendering the back up system a failure.
An example of an alternate back up system is disclosed in U.S. Pat. No. 5,479,654, which teaches sending changed portions of computer files via modem to an off-site electronic storage facility. As taught in the 5,479,654 patent, segments of computer files are checked for changes that have been made since the previous back up. This check first consists of comparing a so-called "exclusive-OR" ("XOR") product of the file against an XOR value that was calculated previously for the stored back up version of the file. If the XORs do not agree, a file change is indicated, and the changed portion of the file is sent via modem, LAN, WAN, or other network device to the off-site facility.
On the other hand, if the XORs do agree, a second, more rigorous check is made to determine whether the segment has been changed since the last back up. The second check consists of comparing a cyclic redundancy check (CRC) product of the segment against a previously recorded CRC value. If the CRCs do not match, a file change is indicated, and the changed portion of the file is sent via modem, LAN, WAN, or other network device to the off-site facility. Otherwise, the segment is assumed to have not been changed since the last back up.
Unfortunately, the system disclosed in the 5,479,654 patent can require two calculations per check. Each calculation consumes computing time, and as recognized by the present invention, it is consequently desirable to minimize the number of calculations undertaken to determine whether a change has been made to a computer file. As further recognized herein, it is nevertheless desirable to undertake an initial "quick and dirty" check to reduce the number of computationally rigorous checks that must be made.
Moreover, as recognized by the present invention it is necessary to manage the transmission of data to the off-site storage facility, to avoid one user interfering with the back up operations of another user. Still further, the present invention recognizes that some files need not initially be backed up at all. And, the present invention recognizes that file restoration can be provided for in more than one way to reduce the time required to restore lost files to a computer system.
In addition to the above considerations, the present invention recognizes that data backup undertaken at predetermined intervals might risk failing to backup data that is generated and lost between the intervals. Fortunately, the present invention recognizes that data backup via wide area networks can be undertaken as a user is actively using a computer, thereby providing real time and, hence, almost completely up to date data backup.
Moreover, when data is to be transmitted via wide area networks, the data is preferably first encrypted for security reasons. The present invention recognizes that the longer a user employs a single key for encrypting data, the greater the risk that the key will be broken. For this reason, it is preferably to use more than one key to encrypt data. Unfortunately, in the context of data backup over time, the present invention understands that the use of more than one key over a period of time is rendered somewhat difficult because it is difficult during subsequent decryption to associate the correct encryption key with the blocks that were originally encrypted with the key. As recognized herein, however, it is possible to facilitate the use of more than one encryption key to thereby reduce the risk of encryption system compromise. The present invention still further recognizes that in addition, it is desirable and possible to provide a session-unique key for each transmission session that cannot be broken unless every bit of data to be transmitted is known a priori.
Accordingly, it is an object of the present invention to provide a system and method for backing up computer files at predetermined intervals or continuously, as he computer is being used. Another object of the present invention is to provide a system and method for backing up computer files to a remote facility via modem, LAN, WAN, or other network device. Still another object of the present invention is to provide a system and method for backing up computer files by automatically sending only changed portions of the files to an off-site facility. Yet another object of the present invention is to provide a system and method for backing up computer files that is easy to use and cost-effective. Another object of the present invention is to provide easy to use and effective encryption processes for backing up data via a wide area network. Yet another object of the present invention is to provide a data backup system which automatically updates a centrally stored common software library.