Threat event-driven backup

US 7,636,872 B2
Filed: 03/23/2005
Issued: 12/22/2009
Est. Priority Date: 03/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method of preserving integrity of data stored on a computing device, comprising:

obtaining at least one event that indicates an imminent threat to the integrity of the data stored on a hard drive of the computing device, the imminent threat comprising a malware threat;

in response to the at least one event, determining whether data on the hard drive has been corrupted by the malware threat;

upon determining that the data on the hard drive has been corrupted, identifying a snapshot of the data that is not infected by the malware threat; and

creating a backup of the data on the hard drive using the uninfected snapshot, the backup being created on a primary computer-readable storage medium other than the hard drive.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for backing up data in response to detection of an imminent threat to the integrity of the data stored on the storage component a computing device is disclosed. The storage component may be a hard drive and the imminent threat may be a hard drive failure or a malware threat. In response to the receipt of an imminent threat, data stored on the storage component is copied to a computer-readable media either automatically or in response to user input. The backup procedure is configured by selecting data to backup and a media of storage on which to store the backup. Various sources of threat events are described.

Citations

16 Claims

1. A method of preserving integrity of data stored on a computing device, comprising:
- obtaining at least one event that indicates an imminent threat to the integrity of the data stored on a hard drive of the computing device, the imminent threat comprising a malware threat;
  
  in response to the at least one event, determining whether data on the hard drive has been corrupted by the malware threat;
  
  upon determining that the data on the hard drive has been corrupted, identifying a snapshot of the data that is not infected by the malware threat; and
  
  creating a backup of the data on the hard drive using the uninfected snapshot, the backup being created on a primary computer-readable storage medium other than the hard drive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - obtaining another event that indicates an imminent threat to the integrity of the data stored on the hard drive due to an imminent hard drive failure; and
      
      creating a backup of the data on the hard drive, the backup being created on the primary computer-readable storage medium.
  - 3. The method of claim 2, wherein the imminent hard drive failure is detected based on at least one of elevated file seek errors, corrupted sectors, or high disk times.
  - 4. The method of claim 2, the malware threat includes at least one of a denial of service attack, a rogue program, a computer virus, a worm or a Trojan horse.
  - 5. The method of claim 2, wherein the at least one event that indicates the malware threat includes a warning event issued from security threat detection software.
  - 6. The method of claim 1, wherein the at least one event is generated by a trusted source, the trusted source including at least one of an operating system of the computing device, an anti-virus application of the computing device, or an anti-virus application on a remote system communicatively coupled to the computing device.
  - 7. The method of claim 1, further comprising:
    - determining whether the computing device is configured to perform the backup.
  - 8. The method of claim 7, further comprisingobtaining configuration information from a user to configure the computing device to perform the backup.
  - 9. The method of claim 8, wherein the configuration information specifies the primary computer-readable storage medium on which to backup to the data.
  - 10. The method of claim 9, wherein the configuration information further specifies a secondary computer-readable storage medium on which to create the backup when the primary computer-readable storage medium is unavailable.
  - 11. The method of claim 8, further comprising configuring the computing device to perform the backup at least in part on the obtained configuration information.
  - 12. The method of claim 1, wherein the backup is automatically initiated in response to the at least one event that indicates the imminent threat.

13. A computer-readable storage medium having stored thereon computer-executable instructions which when executed by a processor of a computing device perform a method, comprising:
- obtaining at least one event that indicates an imminent threat to the integrity of data stored on a hard drive of the computing device, the imminent threat comprising a malware threat;
  
  in response to the at least one event, determining whether data on the hard drive has been corrupted by the malware threat;
  
  upon determining that the data on the hard drive has been corrupted, identifying a snapshot of the data that is not infected by the malware threat; and
  
  creating a backup of the data on the hard drive using the uninfected snapshot, the backup being created on a primary computer-readable storage medium other than the hard drive.
- View Dependent Claims (14, 15, 16)
- - 14. The computer-readable storage medium of claim 13, further comprising notifying a user of the imminent threat.
  - 15. The computer-readable storage medium of claim 14, further comprising:
    - prompting the user to indicate if a backup is desired; and
      
      initiating the backup in response to an affirmative indication.
  - 16. The computer-readable storage medium of claim 13, further comprising:
    - obtaining another event that indicates an imminent threat to the integrity of the data stored on the hard drive due to an imminent hard drive failure; and
      
      creating a backup of the data on the hard drive, the backup being created on the primary computer-readable storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carter-Schwendler, Carl M, Kramer, Michael
Primary Examiner(s)
Baderman; Scott T
Assistant Examiner(s)
PATEL, KAMINI B

Application Number

US11/089,475
Publication Number

US 20060218439A1
Time in Patent Office

1,735 Days
Field of Search

714/13, 714/21, 714/54, 714/47
US Class Current

714/47.2
CPC Class Codes

G06F 11/1461   Backup scheduling policy

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 21/80   in storage media based on m...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2153   Using hardware token as a s...

Threat event-driven backup

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Threat event-driven backup

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links