Operating system and data protection

US 7,313,726 B2
Filed: 08/18/2004
Issued: 12/25/2007
Est. Priority Date: 10/19/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of accessing data in locations of a memory in a computer system, the method comprising:

receiving a write access command addressed to a first location;

determining whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;

if said first location is identified as protected, determining a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;

directing the write access command to said second location;

receiving a subsequent write access command addressed to said first location; and

directing said subsequent write access command to a third location that is identified as not protected.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed systems and methods provide for the protection of protected memory, for example, a hard disk, in a computer system. The systems and methods are configured to re-direct read and write access commands from locations in the protected memory to alternative storage locations. The systems and methods provide the ability for the user to accept or reject any BIOS changes that are to be made to the computing system. In addition, the systems and methods protect against operating system crash due to missing or corrupted files. The systems and methods are additionally operable to recover mistakenly deleted or damaged application data from a hard disk level, as well as to protect the operating system and data of the computing system against virus penetration. In other embodiments, the systems and methods are operable to provide for a security lock to the computing system and its associated data.

20 Citations

View as Search Results

58 Claims

1. A method of accessing data in locations of a memory in a computer system, the method comprising:
- receiving a write access command addressed to a first location;
  
  determining whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determining a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  directing the write access command to said second location;
  
  receiving a subsequent write access command addressed to said first location; and
  
  directing said subsequent write access command to a third location that is identified as not protected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - receiving at least one read access command directed to said first location; and
      
      directing said at least one read access command to said third location.
  - 3. The method of claim 2, wherein determining a second location that is identified as not protected further comprises determining a second location that is identified as available.
  - 4. The method of claim 3, wherein said third location is identified as available.
  - 5. The method of claim 2, wherein said memory is a disk drive.
  - 6. The method of claim 5, wherein said first, second, and third locations are sectors.
  - 7. The method of claim 1, wherein determining a second location that is identified as not protected further comprises determining a second location that is identified as available.
  - 8. The method of claim 7, wherein said third location is identified as available.
  - 9. The method of claim 1, wherein said memory is a disk drive and said first, second, and third locations are sectors.
  - 10. The method of claim 1, further comprising protecting said second location.
  - 11. The method of claim 10, further comprising protecting said third location.
  - 12. The method of claim 1, wherein determining whether said first, second, and third locations are protected or non-protected is performed by a device driver configured to intercept accesses to a memory subsystem of said computer system.
  - 13. The method of claim 12, wherein said memory subsystem includes at least one disk drive.
  - 14. The method of claim 1, wherein said directing the write access command to said second location and said directing said subsequent write access command to said third location is performed by a device driver configured to intercept accesses to a memory subsystem of said computer system.
  - 15. The method of claim 1, further comprising creating a virtual file allocation table corresponding to at least a portion of a memory subsystem of said computer system, wherein said table includes information indicating memory locations that are protected and memory locations that are not protected.
  - 16. The method of claim 1, wherein prior to said receiving said write access command:
    - said first location was not protected, was written to, and, after being written to, was specified as being protected.
  - 17. The method of claim 1, wherein said first location was initially configured within said computer system as a protected memory location.

18. A computer system for accessing data in locations of a memory in a computer system, the computer system comprising:
- a driver configured to;
  
  receive a write access command addressed to a first location;
  
  determine whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determine a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  direct the write access command to said second location;
  
  receive a subsequent write access command addressed to said first location; and
  
  direct said subsequent write access command to a third location that is identified as not protected.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The computer system of claim 18, wherein the driver being configured to determine a second location that is identified as not protected further comprises the driver being configured to determine a second location that is identified as available.
  - 20. The computer system of claim 19, wherein the driver being configured to determine a third location that is identified as not protected further comprises the driver being configured to determine a third location that is identified as available.
  - 21. The computer system of claim 18, wherein said memory is a disk drive.
  - 22. The computer system of claim 21, wherein said first, second, and third locations are sectors.
  - 23. The computer system of claim 18, wherein said driver is further configured to protect said second location.
  - 24. The computer system of claim 23, wherein said driver is further configured to protect said third location.
  - 25. The computer system of claim 18, wherein said driver is configured to intercept accesses to a memory subsystem of said computer system.
  - 26. The computer system of claim 18, wherein said driver is configured to create a virtual file allocation table corresponding to at least a portion of a memory subsystem of said computer system, wherein said table includes information indicating memory locations that are protected and memory locations that are not protected.

27. A method of accessing and recovering data in locations of a memory in a computer system, the method comprising:
- receiving a write access command addressed to a first location;
  
  determining whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determining a new location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  directing the write access command to said new location;
  
  receiving a read access command addressed to said first location;
  
  directing the read access command to said new location; and
  
  recovering to a restore point that includes said first location;
  
  after said recovering, directing read access commands addressed to said first location to said first location.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The method of claim 27, further comprising:
    - receiving a second read access command directed to said first location; and
      
      re-directing said second read access command to said first location.
  - 29. The method of claim 27, wherein determining a new location that is identified as not protected further comprises determining a new location that is identified as available.
  - 30. The method of claim 27, wherein said memory is a disk drive.
  - 31. The method of claim 30, wherein said first, second, and third locations are sectors.
  - 32. The method of claim 27, wherein prior to said receiving said write access command:
    - said first location was not protected, was written to, and, after being written to, was specified as being protected.
  - 33. The method of claim 27, wherein said first location was initially configured within said computer system as a protected memory location.

34. A method of accessing data in memory locations in a computer system, the method comprising:
- receiving a password from a user of said computer system;
  
  if said password is validated, enabling said computer system to access said memory locations, including;
  
  receiving a write access command addressed to a first location;
  
  determining whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determining a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  directing the write access command to said second location;
  
  receiving a subsequent write access command addressed to said first location; and
  
  directing said subsequent write access command to a third location that is identified as not protected.
- View Dependent Claims (35, 36, 37)
- - 35. The method of claim 34, wherein if said password is not validated, disabling said computer system from accessing said memory locations.
  - 36. The method of claim 34, wherein prior to said receiving said write access command:
    - said first location was not protected, was written to, and, after being written to, was specified as being protected.
  - 37. The method of claim 34, wherein said first location was initially configured within said computer system as a protected memory location.

38. A computer system, comprising:
- at least one disk drive, wherein said at least one disk drive includes protected and non-protected memory locations, wherein protected memory locations cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory locations, and wherein non-protected memory locations can be overwritten by said computer system;
  
  a device driver configured to intercept accesses to said memory subsystem, determine whether said accesses are write access to protected memory locations, and direct said write accesses to protected memory locations to non-protected memory locations.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 39. The computer system of claim 38, wherein said computer system is configured to change non-protected memory locations to protected memory locations.
  - 40. The computer system of claim 39, wherein said device driver is configured to access a table including information indicative of whether memory locations are protected or non-protected, and wherein said computer system changing non-protected memory locations to protected memory locations includes said device driver updating said table.
  - 41. The computer system of claim 38, wherein said computer system includes an operating system, wherein said device driver is transparent to said operating system.
  - 42. The computer system of claim 38, wherein said computer system is configured to prevent accesses to said memory subsystem unless a user of said computer system enters a password and said computer system validates said password.
  - 43. The computer system of claim 38, wherein said computer system is initialized with a base configuration, wherein said base configuration specifies memory locations that are protected.
  - 44. The computer system of claim 43, wherein said base configuration corresponds to a state of the BIOS of said computer system.
  - 45. The computer system of claim 43, wherein said computer system is not configured to change said base configuration.
  - 46. The computer system of claim 43, wherein said computer system is configured to change said base configuration to a new configuration.
  - 47. The computer system of claim 46, wherein said computer system is configured to check that said new configuration is operable.
  - 48. The computer system of claim 43, wherein said computer system is configured to specify information indicative of a second configuration in addition to said base configuration.
  - 49. The computer system of claim 38, wherein said device driver is configured to direct read accesses to memory locations for which previous write accesses have been directed.

50. A computer-readable medium configured to store instructions executable by a processor to:
- receive a write access command addressed to a first memory location of a computer system;
  
  determine whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determine a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  direct the write access command to said second location;
  
  receive a subsequent write access command addressed to said first location; and
  
  direct said subsequent write access command to a third location that is identified as not protected.

51. A method for performing data protection in a computer system, comprising:
- scanning one or more disk drives of said computer system, wherein said one or more disk drives include protected and non-protected memory locations, wherein protected memory locations cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory locations, and wherein non-protected memory locations can be overwritten by said computer system;
  
  using information about said one or more disk drives obtained from said scanning to create a data structure including information regarding whether memory locations in said one or more disk drives are protected or non-protected;
  
  receiving a write access to said one or more disk drives, wherein said write access is received by a device driver that is transparent to an operating system of said computer system;
  
  said device driver determining whether said received write access is to a protected memory location, wherein said determining includes referencing said data structure;
  
  if said received write access is to a protected memory location, directing said write access to a non-protected memory location.
- View Dependent Claims (52, 53, 54, 55)
- - 52. The method of claim 51, wherein said scanning includes determining information regarding sectors on said one or more disk drives.
  - 53. The method of claim 51, wherein said scanning includes reading file allocation tables corresponding to said one or more disk drives.
  - 54. The method of claim 51, wherein information obtained through said scanning is usable to determine a specific identification of at least one of said one or more disk drives.
  - 55. The method of claim 54, wherein said information obtained through scanning includes information regarding corrupted and/or damaged portions of at least one of said one or more disk drives.

56. A computer system comprising:
- a processor; and
  
  a memory including program instructions executable to;
  
  receive a write access command addressed to a first location;
  
  determine whether said first location is identified as protected, wherein a memory location that is protected cannot be overwritten by said computer system without intervention by a user of the computer system to unprotect the memory location;
  
  if said first location is identified as protected, determine a second location that is identified as not protected, wherein a memory location that is not protected can be overwritten by said computer system;
  
  direct the write access command to said second location;
  
  receive a subsequent write access command addressed to said first location; and
  
  direct said subsequent write access command to a third location that is identified as not protected.
- View Dependent Claims (57, 58)
- - 57. The computer system of claim 56, wherein prior to said receiving said write access command:
    - said first location was not protected, was written to, and, after being written to, was specified as being protected.
  - 58. The computer system of claim 56, wherein said first location was initially configured within said computer system as a protected memory location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Inasoft, Inc., Xylon LLC (Intellectual Ventures LLC)
Original Assignee
Idocrase Investments LLC (Intellectual Ventures LLC)
Inventors
Shen, Andrew W., Sun, Hanxiang, Jian, Zhang
Primary Examiner(s)
CHU, GABRIEL L

Application Number

US10/920,824
Publication Number

US 20050015559A1
Time in Patent Office

1,224 Days
Field of Search

711/163
US Class Current

714/15
CPC Class Codes

G06F 11/1435   using file system or storag...

G06F 21/56   Computer malware detection ...

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

G06F 21/80   in storage media based on m...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99953   Recoverability

Operating system and data protection

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Operating system and data protection

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links