Apparatus and method for protecting data recording on a storage medium

US 7,370,165 B2
Filed: 12/27/2001
Issued: 05/06/2008
Est. Priority Date: 12/29/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system to protect data, comprising:

a processor;

at least one data storage device;

a data protection controller, the data protection controller connectable to the processor for receiving read and write requests from the processor and for transmitting a result to the processor, and the data protection controller connectable to the at least one data storage device for controlling the use of the at least one data storage device; and

computer logic embodied in the data protection controller, the computer logic and data protection controller to;

divide a data space provided by the at least one data storage device into a protected data space, a virtual data space associated with the protected data space and an unprotected data space;

present, to the processor only the protected and unprotected data spaces, so that the processor is unaware of the virtual data space during one mode of operation;

accept read requests from the processor;

determine if the read request is for data that is either in the protected data space or the unprotected data space; and

if the read request is for data in the protected data space, processing the read request such that;

only if requested data is not yet in the virtual data space, reading said requested data from the protected data space and writing said requested data into the virtual data space for future use; and

if the requested data is in the virtual data space, reading the requested data from the virtual data space.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller for protecting data on a data storage medium is disclosed. A single physical data storage device is divided into a protected data space, a virtual data space and an unprotected data space in an installation mode. Subsequently, the protected and unprotected data space are presented as two separate physical data storage devices and the existence of virtual data space is concealed. The two data storage devices are respectively represented as having capacity equal to that of the protected and unprotected data space only. A set of protected data (which may include software and data) is initially installed in the protected data space. During use, data transmitted to the controller for recording in the data storage space is recorded only in the virtual data space. Data may be read from either the protected data space or the virtual data space, depending on whether the virtual data space contains newer data. In one embodiment, the contents of the virtual data space are discarded at the beginning of each session of the computing system in which the controller is installed. In another embodiment, the virtual data space is discarded only when the controller is instructed to do so and the contents of the virtual data space may be made permanent by copying them to the protected data space. The protected data space and virtual data space may be located on different data storage devices. The controller may also receive read data and write data requests for an unprotected data space, which may be used to record data permanently, independent of the protected and virtual data spaces.

38 Citations

View as Search Results

9 Claims

1. A system to protect data, comprising:
- a processor;
  
  at least one data storage device;
  
  a data protection controller, the data protection controller connectable to the processor for receiving read and write requests from the processor and for transmitting a result to the processor, and the data protection controller connectable to the at least one data storage device for controlling the use of the at least one data storage device; and
  
  computer logic embodied in the data protection controller, the computer logic and data protection controller to;
  
  divide a data space provided by the at least one data storage device into a protected data space, a virtual data space associated with the protected data space and an unprotected data space;
  
  present, to the processor only the protected and unprotected data spaces, so that the processor is unaware of the virtual data space during one mode of operation;
  
  accept read requests from the processor;
  
  determine if the read request is for data that is either in the protected data space or the unprotected data space; and
  
  if the read request is for data in the protected data space, processing the read request such that;
  
  only if requested data is not yet in the virtual data space, reading said requested data from the protected data space and writing said requested data into the virtual data space for future use; and
  
  if the requested data is in the virtual data space, reading the requested data from the virtual data space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system according to claim 1, wherein if the read request is for data in the unprotected data space, reading the requested data from the unprotected data space.
  - 3. The system according to claim 1, wherein the computer logic and data protection controller further:
    - accept write requests from the processor;
      
      determine if the write request is for a location in the protected data space or the unprotected data space; and
      
      if the write request is for data in the protected data space, processing the write request such that data is written to the virtual data space and not the protected data space;
      
      if the write request is for data in the unprotected data space, processing the write request such that data is written to the unprotected data space.
  - 4. The system according to claim 1, wherein the data protection controller is configured to mimic the operation of the interface of the at least one data storage device, thereby making the controlling interface transparent to the processor.
  - 5. The system according to claim 1, further comprising memory for storing a record of each portion of the protected data space that is used to record whether each portion of the protected data space is in use, and if it is in use, the specific data recorded in that portion of the protected data space and the relationship of that portion to other portions within the protected data space.
  - 6. The system according to claim 1, further comprising memory for providing a buffer space for storing data during read or write requests.
  - 7. The system according to claim 1, further comprising memory for storing a record of each portion of the virtual data space that is used to record whether each portion of the virtual data space contains valid data and is in use, and if it is in use, the specific data recorded in that portion of the virtual data space and the relationship of that portion to other portions within the virtual data space.
  - 8. The system according to claim 1, wherein the computer logic further includes instructions for a configuration mode, the configuration mode instructions comprising:
    - dividing the data space provided by the data storage device into the protected data space, the virtual data space associated with the protected data space and the unprotected data space;
      
      providing a virtual data space usage table for storing a record of which portions of the virtual data space contain valid data; and
      
      invalidating the data in the virtual data space after a session is over or a new session is started.
  - 9. The system according to claim 1, wherein the computer logic further includes instructions for an installation mode, the installation mode instructions comprising:
    - presenting, to the processor only the protected and unprotected data spaces, such that the processor is unaware of the virtual data space during normal operation and forcing the processor to treat the protected and unprotected data spaces as separate devices; and
      
      preventing the processor from directly accessing a data storage device that is connected to the data device interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VALT X Technologies Incorporated
Original Assignee
VALT X Technologies Incorporated
Inventors
Leung, Tony Kwok, Meharchand, Dennis
Primary Examiner(s)
BATAILLE, PIERRE MICHE

Application Number

US10/450,849
Publication Number

US 20040186971A1
Time in Patent Office

2,322 Days
Field of Search

711/111, 711/114, 711/152, 711/153, 711/163, 711/203, 711/207, 711/164, 714/6, 714/15, 709/203
US Class Current

711/163
CPC Class Codes

G06F 12/145 the protection being virtua...

G06F 21/78 to assure secure storage of...

Apparatus and method for protecting data recording on a storage medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for protecting data recording on a storage medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links