Hardware data protection device

US 8,612,708 B2
Filed: 05/29/2009
Issued: 12/17/2013
Est. Priority Date: 06/02/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus for preventing modification and protecting of data stored in a data storage device present on a computer system in such a manner that presents an illusion/false impression that the data can be modified or be copied, the apparatus being adapted to function as a switch between an existing data storage device and a secondary data storage device, the apparatus comprising:

a local memory;

connecting data storage device controller to connect to the existing data storage device and the secondary data storage device;

a data protection logic configured to connect to the computer system such that the apparatus appears to the computer system as the existing data storage device, the data protection logic connecting to the computer system through a data storage device bus and using an internal table in the local memory, the local memory having flags indicating whether requested data of the computer system is to be retrieved from the existing data storage device or the secondary data storage device;

whereinthe apparatus is configured to determine which storage device from which to retrieve the requested data using the internal table,the local memory is configured to store the data to be written in the secondary data storage device,the apparatus is configured to transfer data from the existing data storage device or the secondary data storage device in response to a request by the computer system, andthe apparatus is configured to function as a bridge between the computer system and the existing data storage device to pass all data through its connection without modification.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device is connected between an storage device controller and a storage device, providing data storage device protection in a manner transparent to the computing system and to the user of the computing system independent of operating system. The device protects the user from malicious code by preventing its execution and the unauthorized or unwanted user data modification by making the contents of one of the storage device read only. All the operations of the device are invisible to the computing system and to the user independent of installed operating system. The device can be disabled by a switch or by other means. When this happens the effect is the same as if the device were physically removed of the computing system.

Citations

11 Claims

1. An apparatus for preventing modification and protecting of data stored in a data storage device present on a computer system in such a manner that presents an illusion/false impression that the data can be modified or be copied, the apparatus being adapted to function as a switch between an existing data storage device and a secondary data storage device, the apparatus comprising:
- a local memory;
  
  connecting data storage device controller to connect to the existing data storage device and the secondary data storage device;
  
  a data protection logic configured to connect to the computer system such that the apparatus appears to the computer system as the existing data storage device, the data protection logic connecting to the computer system through a data storage device bus and using an internal table in the local memory, the local memory having flags indicating whether requested data of the computer system is to be retrieved from the existing data storage device or the secondary data storage device;
  
  whereinthe apparatus is configured to determine which storage device from which to retrieve the requested data using the internal table,the local memory is configured to store the data to be written in the secondary data storage device,the apparatus is configured to transfer data from the existing data storage device or the secondary data storage device in response to a request by the computer system, andthe apparatus is configured to function as a bridge between the computer system and the existing data storage device to pass all data through its connection without modification.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus according to claim 1, wherein the connection to the computer system is a data storage device interface.
  - 3. The apparatus according to claim 2, wherein the connection to the existing data storage device and to the secondary data storage device is a data storage device interface.
  - 4. The apparatus according to claim 3, wherein the only data storage device connected to the apparatus is the existing data storage device.
  - 5. The apparatus according to claim 1, wherein the local memory is configured to be erased.
  - 6. The apparatus according to claim 1, wherein the apparatus is configured to prevent modification of data by examining data retrieved from the secondary data storage device and replacing retrieved data for an arbitrary pattern, given that a pattern which is not allowed is found.

7. A method of operating an apparatus for preventing modification and protecting of data stored in a data storage device present on a computer system in such a manner that presents an illusion/false impression that the data can be modified or copied, the apparatus including a local memory, a data storage device controller and a data protection logic, and the apparatus being adapted to function as a switch between an existing data storage device and a secondary data storage device, the method comprising:
- connecting the existing data storage device and the secondary data storage device;
  
  connecting the data protection logic to the computer system through a data storage device bus and using an internal table in the local memory such that the apparatus appears to the computer system as the existing data storage device, the local memory having flags indicating whether requested data of the computer system is to be retrieved from the existing data storage device or the secondary data storage device;
  
  receiving retrieving requests from the computer system to retrieve data;
  
  determining which storage device from which to retrieve the requested data using the internal table,transferring data from the existing data storage device or the secondary data storage device in response to the retrieving request from the computer system;
  
  whereinthe apparatus functions as a bridge between the computer system and the existing data storage device such that all data transmitted between the computer system and the existing storage device is transmitted without modification.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method according to claim 7, further comprising:
    - writing received data to a second half of the existing data storage device; and
      
      retrieving data from the first half of the existing data storage device if a requested address is not in local memory, or from the second half otherwise.
  - 9. The method according to claim 8, further comprising:
    - clearing contents of the local memory.
  - 10. The method according to claim 8, further comprising:
    - writing received data to the existing data storage device and reading requested data from the existing data storage device, in a manner indistinguishable from the operation of a same computer system connected directly to the existing data storage device.
  - 11. The method according to claim 8, further comprising:
    - storing the internal table in the local memory, the internal table including a list of patterns that are not allowed;
      
      searching for a byte pattern in data that is retrieved from the secondary data storage device; and
      
      changing a found pattern on retrieved data to an arbitrary pattern before being transferred to the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Klaus Drosch
Original Assignee
Klaus Drosch
Inventors
Drosch, Klaus
Primary Examiner(s)
Padmanabhan, Manorama
Assistant Examiner(s)
Ahmed, Hamdy S

Application Number

US12/737,010
Publication Number

US 20110082993A1
Time in Patent Office

1,663 Days
Field of Search

711/163
US Class Current

711/163
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 21/85   interconnection devices, e....

Hardware data protection device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware data protection device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links