A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawing hereto: Copyright (copyright) 1999, Wild File, Inc. All Rights Reserved.
1. Field of the Invention
This invention relates generally to data protection, and more particularly to low level firewall protection between a host computer and a storage medium.
2. Description of the Related Art
The proliferation of computers in the workforce today has significantly increased the importance of electronic data storage, the loss of which can lead to unacceptable disruptions of operations.
In response, data recovery methods have been implemented to reduce the impact of unexpected data corruption or loss, such as the method disclosed in U.S. application Ser. No. 09/450,266, filed Nov. 29, 1999, entitled xe2x80x9cMETHOD, SOFTWARE AND APPARATUS FOR SAVING, USING AND RECOVERING DATA.xe2x80x9d Essentially, these data recovery methods reside between the OS and the storage medium, such as a disk drive, and are generally loaded into host memory at boot up. Through renaming and data redirection, these data recovery methods save old data prior to alteration, thus allowing the data to be recovered. Although these methods provide exceptional data protection once they are loaded into memory, many do not provide data protection prior to being loaded into memory.
As such, many data recovery methods can be circumvented by inappropriate software, such as a computer virus, that can cause writes to the disk drive undetected by the data recovery method. For example, a virus may write to the disk drive at boot up before any data recovery methods are loaded into memory, thus corrupting or deleting recovery data needed for recovering prior states of the disk drive.
Moreover, a user may unintentionally corrupt recovery data by loading software into memory before the data recovery software is loaded. For example, a user may boot up the PC using an xe2x80x9cemergency recoveryxe2x80x9d floppy disk that attempts to overwrite portions of the disk vital to the engine. The process of booting up from a floppy disk is a way in which a user can easily and inadvertently load software that is unaware of any data recovery mechanisms for managing the disk-based data. Thus, without the data recovery mechanism loaded in between the disk and the OS (applications), the data recovery mechanism""s disk-based data can be directly altered and thus corrupted.
In view of the forgoing, there is a need for data protection at a hardware level. The data protection mechanism should reduce the ability of inappropriate software access to the storage medium, and provide data protection without needing to be loaded into the host system memory.
The embodiments of the present invention fill these needs by providing a low level firewall between a host computer and a storage medium. Broadly speaking, a special write command is defined that is configured to be distinguishable from a standard write command. In addition, a protected area of a storage medium is defined. Then, a command to change data in the protected area of the storage medium is received. If the command is a special write command the data in the protected area is changed. However, if the command is a standard write command the data is allowed to remain unchanged.
In another embodiment, a protected data storage medium is disclosed. The protected data storage medium includes a storage medium that includes a protected area. In addition, the protected data storage includes a controller that is capable of controlling access to the storage medium. The controller is capable of receiving a standard write command to change data on the storage medium, and is further capable of receiving a special write command to change data on the storage medium. In operation, the controller changes data in the protected area in response to receiving the special write command. However, the controller allows data in the protected area to remain unchanged in response to receiving the standard write command.
In a further embodiment, a firewall data protection system that protects data stored on a storage medium is disclosed. The system includes a host computer, which is configured to generate a standard write command for changing data on a storage medium, and further configured to generate a special write command for changing data on the storage medium. In addition, the system includes a protected storage medium, which is in communication with the host computer. The protected storage medium includes a storage medium that has a protected area, and a controller that is capable of controlling access to the storage medium. The controller is capable of receiving the standard write command and the special write command from the host computer. In operation, the controller changes data in the protected area of the storage medium in response to receiving a special write command. However, in response to receiving a standard write command, the controller allows data in the protected area of the storage medium to remain unchanged.
Advantageously, the embodiments of the embodiments of the present invention provide data protection for historic data and internal engine data while still providing enough flexibility for use of the protected drive by normal operating systems. Moreover, because the data protection is provided at the micro-controller level, data in the protected area is protected even when the data recover engine is bypassed, such as when a user performs a boot up from an xe2x80x9cemergency recoveryxe2x80x9d floppy disk. In addition, embodiments of the present invention are compatible with existing OS disk controller infrastructures.
Finally, it will become apparent to those skilled in the art that embodiments of the present invention provide a substantial level of protection to a data recovery engine""s management of data on the disk and, can be quickly implemented in existing disk controllers. Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.