With FFE, as the data in a computer file is being written to disk, for example in a computer file backup application, (1) the data is encrypted on disk and (2) additional encryption metadata is stored on disk as an invisible part of the filename of the computer file. The additional encryption metadata for the computer file can also be called an encryption seed for the computer file. Also, with FFE, as the data in a computer file is being read from disk, for example when the data is accessed by a typical user application (e.g. a word processing application or an electronic mail application), the data is decrypted from disk.
Backing Up Encrypted Files
Need for Backing Up Encrypted Files in their Encrypted State
However, FFE presents a problem for computer file backup applications or processes. In a computer file backup application, it is desirable for the backup application to be able to backup encrypted files in their encrypted state such that the data in the encrypted files is not compromised. In other words, it is desirable for a computer file backup system to be able to retrieve, for each encrypted computer file, (1) the encrypted data in the encrypted computer file and (2) the encryption metadata for the encrypted computer file, for a computer file backup application.
Prior Art Backup System
Unfortunately, as shown in prior art FIG. 1A, in a typical prior art computer file backup system, the encryption filter driver does not have a provision for disabling itself just for a computer file backup application or process. In other words, as a default, the encryption filter driver is always enabled. As a result, the prior art computer file backup system is unable to backup encrypted files in their encrypted state.
As shown in prior art FIG. 1B, another type of prior art computer file backup system requires the use of a full set of Application Programming Interface (API) routines that are specific to the operating system to get the encrypted data and the metadata from the computer system. For example, Microsoft's Encrypting File System (hereinafter “EFS”) requires the use of the following operating system-specific APIs:
1. OpenEncryptedFileRaw;
2. ReadEncryptedFileRaw; and
3. CloseEncryptedFileRaw.
Restoring Encrypted Files
Need for Restoring Encrypted Files in their Encrypted State
In addition, FFE presents a problem for computer file restore applications or processes. In a computer file restore application, it is desirable for the restore application to be able to restore encrypted files in their encrypted state such that the data in the encrypted files is not compromised. In other words, it is desirable for a computer file restore system to be able to retrieve, for each encrypted computer file, (1) the encrypted data in the encrypted computer file and (2) the encryption metadata for the encrypted computer file, for a computer file restore application.
Prior Art Restore System
Unfortunately, as shown in prior art FIG. 1C, in a typical prior art computer file restore system, the encryption filter driver does not have a provision for disabling itself just for a computer file restore application or process. In other words, as a default, the encryption filter driver is always enabled. As a result, the prior art computer file restore system is unable to restore encrypted files in their encrypted state.
As shown in prior art FIG. 1D, another type of prior art computer file restore system requires the use of a full set of Application Programming Interface (API) routines that are specific to the operating system to place the encrypted data and the metadata back into the computer system. For example, Microsoft's Encrypting File System (hereinafter “EFS”) requires the use of the following operating system-specific APIs:
1. OpenEncryptedFileRaw;
2. ReadEncryptedFileRaw; and
3. CloseEncryptedFileRaw.
Therefore, an improved method and system of backing up at least one encrypted computer file encrypted by an encryption filter driver running on an operating system of a computer system and restoring at least one encrypted computer file encrypted by an encryption filter driver running on an operating system of a computer system is needed.