Extraordinarily large amounts of information are stored on electronic media, such as personal computer hard disk drives and other well-known data storage media. Increasingly, the information is exclusively stored on such media; no "hard" (i.e., paper) copies exist for much information. It can readily be appreciated that such so-called "paperless" information storage systems consume less space and virtually no natural resources, in contrast to systems that require information to be stored on paper. Unfortunately, it is not uncommon for electronic data storage media to "crash", i.e., to become damaged or otherwise lose its information. Such information loss can be devastating to the information owner and highly costly.
Accordingly, many computer system managers routinely make back up copies of computer files. Typically, once each day (or at some other specified periodicity) a system manager will cause the computer system to copy files that are resident on the hard disk drives of the system onto storage media such as other hard disk drives or magnetic tape. Should a file or entire hard disk drive in the system be damaged, lost, or otherwise rendered inaccessible, the back up copy of the file that is stored on, e.g., the storage tape can be copied back into the system.
Such back up systems suffer from several drawbacks. First, they usually require user interaction to initiate the back up process, and consequently occupy the time of a person who must undertake the tedious chore. Further, systems which back up computer files and store the files in the same premises as the system being backed up are of little value in the event of a catastrophe such as a fire or flood. This is because the backed up file copies can be expected to perish along with the files that are resident in the system, thereby rendering the back up system a failure.
An example of an alternate back up system is disclosed in U.S. Pat. No. 5,479,654, which teaches sending changed portions of computer files via modem to an off-site electronic storage facility. As taught in the '654 patent, segments of computer files are checked for changes that have been made since the previous back up. This check first consists of comparing a so-called "exclusive-OR" ("XOR") product of the file against an XOR value that was calculated previously for the stored back up version of the file. If the XORs do not agree, a file change is indicated, and the changed portion of the file is sent via modem, LAN, WAN, or other network device to the off-site facility.
On the other hand, if the XORs do agree, a second, more rigorous check is made to determine whether the segment has been changed since the last back up. The second check consists of comparing a cyclic redundancy check (CRC) product of the segment against a previously recorded CRC value. If the CRCs do not match, a file change is indicated, and the changed portion of the file is sent via modem, LAN, WAN, or other network device to the off-site facility. Otherwise, the segment is assumed to have not been changed since the last back up.
Unfortunately, the system disclosed in the '654 patent can require two calculations per check. Each calculation consumes computing time, and as recognized by the present invention, it is consequently desirable to minimize the number of calculations undertaken to determine whether a change has been made to a computer file. As further recognized herein, it is nevertheless desirable to undertake an initial "quick and dirty" check to reduce the number of computationally rigorous checks that must be made.
Moreover, as recognized by the present invention it is necessary to manage the transmission of data to the off-site storage facility, to avoid one user interfering with the back up operations of another user. Still further, the present invention recognizes that some files need not initially be backed up at all. And, the present invention recognizes that file restoration can be provided for in more than one way to reduce the time required to restore lost files to a computer system.
In addition to the above considerations, the present invention recognizes that data backup undertaken at predetermined intervals might risk failing to backup data that is generated and lost between the intervals. Fortunately, the present invention recognizes that data backup via wide area networks can be undertaken as a user is actively using a computer, thereby providing real time and, hence, almost completely up to date data backup.
Moreover, when data is to be transmitted via wide area networks, the data is preferably first encrypted for security reasons. The present invention recognizes that the longer a user employs a single key for encrypting data, the greater the risk that the key will be broken. For this reason, it is preferably to use more than one key to encrypt data. In the context of data backup over time, the present invention understands that the use of more than one key over a period of time unfortunately is rendered somewhat difficult because it is difficult during subsequent decryption to associate the correct encryption key with the blocks that were originally encrypted with the key. As recognized herein, however, it is possible to facilitate the use of more than one encryption key to thereby reduce the risk of encryption system compromise. The present invention still further recognizes that in addition, it is desirable and possible to provide a session-unique key for each transmission session that cannot be broken unless every bit of data to be transmitted is known a priori.
A further consideration of the present invention is the growing use of laptop or other portable computers, which many people carry with them to and from work and as they travel. Frequently, a user of a laptop computer will seek to connect the laptop computer to a computer network. The network might be a simple home network having, e.g., a single printer, or the network might be a local area network (LAN) at a place of business, or wide area network (WAN) having many devices connected thereto, including printers, server computers, and so on. In any case, the present invention understands that the user of the laptop computer typically must reconfigure the computer each time the laptop is connected to a network, for example, to reconfigure the laptop computer to print to the particular printer or communicate with the particular server in the network to which the laptop computer happens to be connected. The present invention recognizes that requiring a user of a portable computer to reconfigure the computer each time it is connected to a network is annoyingly time consuming, and that such reconfiguration need not require user intervention to accomplish. It is an object of the present invention to address one or more of the above issues.