CN1387192A - Device and method for protection of data record on storage medium - Google Patents
Device and method for protection of data record on storage medium Download PDFInfo
- Publication number
- CN1387192A CN1387192A CN 01118207 CN01118207A CN1387192A CN 1387192 A CN1387192 A CN 1387192A CN 01118207 CN01118207 CN 01118207 CN 01118207 A CN01118207 A CN 01118207A CN 1387192 A CN1387192 A CN 1387192A
- Authority
- CN
- China
- Prior art keywords
- data storage
- data
- protection
- virtual
- zone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 230000004224 protection Effects 0.000 title claims description 337
- 238000013500 data storage Methods 0.000 claims description 307
- 230000005540 biological transmission Effects 0.000 claims description 7
- 239000000463 material Substances 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims 2
- 230000001681 protective effect Effects 0.000 abstract description 7
- 230000009183 running Effects 0.000 description 29
- 230000008859 change Effects 0.000 description 18
- 230000008569 process Effects 0.000 description 14
- 238000012217 deletion Methods 0.000 description 12
- 230000037430 deletion Effects 0.000 description 12
- 241000700605 Viruses Species 0.000 description 8
- 230000009471 action Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000005055 memory storage Effects 0.000 description 5
- 238000007792 addition Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 3
- 235000012364 Peperomia pellucida Nutrition 0.000 description 2
- 240000007711 Peperomia pellucida Species 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000006073 displacement reaction Methods 0.000 description 2
- 239000012467 final product Substances 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000010076 replication Effects 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 238000004804 winding Methods 0.000 description 2
- 206010044565 Tremor Diseases 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000005138 cryopreservation Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000009931 harmful effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a protecting control unit and method for data recording to protect the data recording on the storage media. In a system configuration mode, a single entity data storing unit is devided into a protective data storing zone, a virtual data storing zone and a nonprotective data storing zone. A group of protective data including software and data is loaded into protective data storing zone. In a normal operation course, the data to be stored in the data storing zone is transmitted to the data control unit and the data can be read from the virtual data storing zone or the protective data storing zone.
Description
The invention relates to a kind of method of protecting data logging, be stored in data logging in this Storage Media, make that this data logging is unlikely to suffer to revise improperly, delete or damage in order to protection.
Nearly all computer and e-machine all is to utilize electronic memory apparatus to come record material at present, general common data logging comprises operating system software, application software and various data news etc., in case of the present invention, will contain these different types of data loggings with data one speech.The electricity consumption submode comes the modal problem of memory document to be that data logging suffers improper modification or deletion.The change of these data loggings, the conduct that sometimes is not to use the person to have a mind to is for example changed the setting of software program or is deposited new data content etc. in.
In this case,, also often cause unexpected adverse consequences, and must recover the original start state before data logging changes even the user is not from malevolence.These data so that the electronics mode is remembered more may suffer people's malicious sabotage, and data logging may because of computer virus or the user be altered or deletes without permission, and causes serious loss.
If computer system may cause individual or the enterprise customer loss on yield-power, business revenue and profit through undelegated change.In the enterprise in the shared computer system of many people, each computer machine has identical setting to be beneficial to safeguard and uses.If each computer user at random changes the setting of each use side, will cause: the problems such as instability of the inconsistent and computer of incompatible, different use side man-computer interface running between intrasystem each use side, not only increase the weight of system maintenance personnel's work load, more may undermine enterprise or individual yield-power.
Though the improper change of data logging may cause computer and user's loss, allow legal user's data for updating to be still necessary.Therefore, for the stability of taking into account computer system and the variability of data, computer system must be able to provide up-to-date correct data of each user and computer system preset value, and the needs that allow legal user to comply with separately come the data for updating content, simultaneously during by improper changes, can recover to be changed preceding correct record state in data.
At present, existing on the market many in the instrument of these data loggings protections, some is to be means with software in order to prevent data logging on the hard disk by the instrument of improper change, and some then combines software and hardware.
The software of above-mentioned protection data logging, great majority is utilize to stop the user to read or write data in the hard disk, reaches the purpose of protection data.Write data when instruction when the envoy assigns, data is loaded in the specific memory space, and can not be written in the hard disk, therefore can not change the data logging content in the hard disk.When the user desires to read this pen and writes data, be by reading in this certain memory space, and can be written in the hard disk, therefore can not change the data logging content in the hard disk.When the user desires to read this pen and writes data, be by reading in this certain memory space, and can't help to read in the hard disk.When the user shutdown or the machine of reopening, be stored in aforementioned particular profile space and be not written into the data record of hard disk, all can disappear.And the information protection means that these software provided are easy to be cracked, so can not take precautions against the malicious intrusions program of computer virus and so on.Because this class software can't as long as make the malicious intrusions program may utilize the input and output instruction of low order, just can be read and write the data in this memory space with aforementioned certain memory spatial concealment, and further revises the data logging in the hard disk.In addition, the software of protection data logging normally designs on particular platform and operates, so the easy consistency problem of generation and operating system and processor.
In conjunction with the information protection means of software and hardware, comprise a software program and a cassette element usually, utilize peripheral part connection interface (PCI) or other extending slots that this cassette element and computer are linked.This software section system is in order to set the cassette element, and the interception data access instructs, and it processor that is sent in the cassette element is dealt with.This information protection means also can't be hidden the memory region that it uses in hard disk, therefore as above-mentioned software means, easily also cracked by rogue program control.
Therefore in view of this inventor so that a data logging protective device to be provided, makes it possible to not be subjected to the compatibility of operating system or processor to limit, and is not easy simultaneously to be cracked by the personnel of malicious intrusions or software.
The data logging protection control device that provides of the present invention; it is linked between the processor and a storage device of a computer system; in order in this storage device, to make and to safeguard a protection data storage zone and a virtual data storage zone; and this processor is hidden this virtual data store up the zone; under the effect of this information protection control device, it is all free spaces of this storage device that this processor can be used as the space in this protection data storage zone.
At first, system configuration pattern and system that the supvr of this computer system or other authorized users carry out this method to be provided are written into pattern, and the data that desire is protected is written in the protection data storage zone.Wherein, this data can be operating system software, application software or physical data etc.Wherein, the storage address of this document in protection data storage zone is to be recorded in the protection data storage table.
Thereafter, this information protection control device enters an information protection pattern, and it is to use so that the data that is write down in this protection data storage zone only can be read, and can not be rewritten.By the data that reads in this protection data storage zone, and the data of desiring to write protection data storage zone, all can be written in this virtual data storage zone.In a running paragraph of this computer system, all data access actions all are that this virtual data storage zone is carried out, and this virtual data logging can be read or rewrite by the user.When this computer system begins a new running paragraph; this data logging protection control device can be written into the content of this protection data storage table in the one inside information storage table; data logging in this virtual data storage zone then is regarded as not existing; the virtual data that before had been written into this virtual data storage zone in difference running paragraph will be removed, and make unauthorized user or rogue program cause harmful effect for the improper change of data logging is unlikely.
In the second enforcement state, when this computer system began a new running paragraph, the virtual data that before had been written into this virtual data storage zone in difference running paragraph can not be removed.The data logging address of this data logging protection control device in will this virtual data storage zone is stored in the virtual data storage table, and when each new running paragraph begins, reads the content of this virtual data storage table.This information protection control device can store table and this virtual data content according to its inside information of instruction deletion, only reads the data logging in this protection data storage zone.
In another enforcement state, this information protection control device can arrive in the protection data storage zone according to the virtual document copying that instruction will be written in this virtual data storage zone, and this virtual data of making is preserved.
This information protection control device can also keep a unshielded data storage zone; make the computer user access need not protect data logging; and this unshielded data logging can operate in the paragraph in difference and be retained, and can be the same with virtual data not deleted.In this enforcement state,, all will be considered as independently two data storage devices by this information protection control device no matter whether protection data storage zone and unshielded data storage zone are positioned at same entity storage device.
Information protection control device among the present invention is with similar compatible as data fault-tolerance approaches such as RAID, and further information protection is provided.
Fig. 1 shows an e-machine structural representation that has data logging protection control device according to of the present invention.
Fig. 2 shows the system configuration model process figure according to data logging protection control device of the present invention.
Fig. 2 A shows the system format model process figure according to data logging protection control device of the present invention.
Fig. 3 shows that the system according to data logging protective device of the present invention is written into model process figure.
Fig. 4 A and Fig. 4 B show the information protection model process figure according to the data logging protection control device of first embodiment of the invention.
Fig. 5 shows the e-machine structural representation with data logging protection control device according to second embodiment of the invention.
Among the figure:
20 data loggings protection control device, 22 computer systems
24 processors, 26 data storage devices
28 processor interfaces, 30 processor data bus
32 data storage device interfaces, 34 data loggings protection control device interface
The storage of 36 data storage bus-bars, 38 data storage districts
39 data storage blocks, 40 protection data storage zones
43 unshielded data storage zones, 42 virtual data storage zones
44 protection data storage zones, 46 virtual data storage blocks
Table is used in 47 unshielded data storage block 48 protection data zones
Table 50 protection data storage table is used in 49 virtual data zones
The virtual data blocks of 51 virtual data storage tables 52 uses table
53 unshielded data storage table 54 near-end memory bodys
100 system configuration model process
102 data loggings protection control device enters the step of system configuration pattern
The step that is slit into zones of different distinguished data storage by 104 data loggings protection control device
The storage area segmentation result that 106 data loggings protection control device is finished step 104 sends the step of processor to
110 system format model process
112 data loggings protection control device enters the step of system format pattern
The step in 114 format protection data storage zones and unshielded data storage zone
200 systems are written into model process
202 data loggings protection control device enters the step that system is written into pattern
The step that 204 data loggings protection control device changes data logging in protection data storage zone
300 information protection model process
302 data loggings protection control device enters the step of information protection pattern
303 data loggings protection control device is with the initialized step in virtual data storage zone
304 data loggings protection control device initialization protection data zone uses table and unshielded data zone to use the step of table
306 reception data read or data writes the step of instruction
308 judge the step of the kind that receives instruction
310 judge the step of specifying the type of protection of data in the data reading command
312 judge whether the data of appointment in the data reading command is stored in the step in virtual data storage zone
314 are written into the near-end memory with the protection data of desiring to read distinguishes interior step
306 are sent to the step of processor in the near-end memory district with the data desiring to read
318 data that appointment is read are written into the step of virtual data storage block
320 will desire the step that the data that reads is written into processor from virtual data storage block
330 data loggings protection control device receives the step that reads unshielded data instruction
332 data loggings protection control device reads the unshielded data of appointment and is sent to the step of processor
The judgement of 340 data loggings protection control device writes the step that the data instruction relates to the protection kind of data
342 write the step that data is written into virtual data storage block with appointment
350 write the step that data is written into unshielded data storage block with appointment
420 data loggings protection control device, 422 computer systems
424 processors, 426 data storage devices
436 data storage bus-bars, 438 data storage zones
442 virtual data storage zones, 440 protection data storage zones
443 unshielded data storage zones, 450 protection data storage tables
453 unshielded data storage table 460 data storage devices
462 data loggings protection control interface, 464 data storage zones
Fig. 1 shows a computer system 22, and it protects control device 20 in conjunction with one according to data logging of the present invention.Wherein this computer system 22 comprises a processor 24 and a data storage device 26.
Computer system 22 can for any need be with software or data storage in the device of a storage device.For example computer system 22 is general PC, and processor 24 is the microprocessor of this computer of control, and data storage device 26 can be a Winchester disk drive or other storage devices.Perhaps computer system 22 can be a game control operator's console, and processor 24 is the microprocessor of this control operation platform of running, and data storage device 26 can be similar memory storage as memory card (memory stick).
Processor 24 is to link via a processor data bus 30 and processor interface 28 on the data logging protection control device 20, makes data reading command that processor 24 sends and data write instruction and can be sent to data logging protection control device 20 via processor data bus 30.Data storage device 26 comprises a control device interface 34; it is to protect the data storage device interface 32 on the control device 20 to link in order to one via a storage device data bus-bar 36 and data logging; make data logging protection control device 20 to read and write instruction according to the data that processor 24 sends; via cryopreservation device data bus 36, will specify the access in data storage device 26 of access data.
Under a comparatively ideal situation, processor interface 28 is identical with control device interface 24, makes data logging protection control device 20 can place between processor 24 and the data storage device 26.
Data storage device 26 comprises a data storage zone 38, and it is to be divided into a plurality of data storage blocks 39.Wherein these a plurality of data storage blocks 39 can further be set to protection data storage block 44, virtual data storage block 46 or unshielded data storage block 47.Data storage zone 38 is to be divided into three data storage zones: 42 and one unshielded data storage zone 43,40, one virtual data storage zone, a protection data storage zone.Wherein protect data storage district 40 and comprise a plurality of protection data storage blocks 44, virtual data storage zone 42 comprises a plurality of virtual data storage blocks 46, and unshielded data storage zone 43 comprises a plurality of unshielded data storage blocks 47.Under a more satisfactory situation, protection data storage block 44 is identical with the number of blocks of virtual data storage block 46, and each protection data storage block 44 can be corresponding with a virtual data storage block 46.
Protection data storage zone 40 comprises a protection data storage table 50, it comprises in order to the use information of record about each protection data storage block: the content, a protection data storage block whether protection data storage block has a data logging in data logging, the protection data storage block has block related etc. of related data with other.The data that is stored in the protection data storage zone 40 is referred to as " protection data ".
Virtual data storage zone 42 comprises a virtual data storage table 51, and its effect is similar with protection data storage table 50.In addition, virtual data storage zone 42 also comprises a virtual data blocks use table 52, and it has the virtual data storage block of live data in order to show (indicate).The validity of data logging in each virtual data storage block 46, be with the expression of bit record in virtual data blocks use table 52, when bit is recorded as 1, represent that the data logging in this virtual data storage block is effectively, when bit is recorded as 0, represent that this virtual data storage block does not contain live data.The data that is stored in the virtual data logging zone 42 is referred to as " virtual data ".
Unshielded data storage zone 43 comprises a unshielded data storage table 53, and its effect is similar with aforementioned protection data storage table 50 and virtual data storage table 51.The data that is stored in the unshielded data storage zone 43 is referred to as " unshielded data ".
Data logging protection control device 20 comprises protection data zone use table 48, and it possesses a in this control device and the identical record of protection data storage table 50 content in order to when data logging protection control device 20 operates.Data logging protection control device 20 also comprises a virtual data zone use table 49; it possesses a and virtual data storage table 51 and the identical record of virtual data blocks use table 52 content in order to when data logging protection control device 20 operates in this control device.In most preferred embodiment of the present invention; data logging protection control device 20 does not write down the data address that is stored in the unshielded data storage zone; but when the invention process, data logging protection control device 20 can also be with the data address record in addition that is stored in the unshielded data storage zone.
Data logging protection control device 20 comprises near-end memory zone 54, its in order in data when protecting in data storage zone 40 or the virtual data storage zone 42 access, specify the buffer memory zone of access data as this.The memory capacity in near-end memory zone 54 will equate with a data storage block at least, if it is better to be equal to the capacity of a plurality of data storage blocks, so that a transmission that occupies the archives of a plurality of data storage blocks can be more efficient.
Below narrate a practical embodiments of computer system 22.This embodiment comprises a computer system that can be used for general office environment, and it uses Microsoft Windows
TMOperating system.The processor 24 of this computer system is a microprocessor, and it is in order to executive software and control peripheral device.The data storage device 26 of this computer system is the Winchester disk drive of an IDE type, and it is controlled by an IDE controller that is linked between this Winchester disk drive and this processor.
In this embodiment; data logging protection control device 20 is to be linked between this IDE controller and this Winchester disk drive; and this data logging protection control device is logical (transparent) to this IDE controller; situation between this IDE controller and this Winchester disk drive; directly link as both, exist the same and there is not this data logging protection control device.This data logging protection control device 20 can this a part of at least Winchester disk drive be hidden this IDE controller, and the single hardware machine is modeled to two independent community's Winchester disk drive, presents to this IDE controller yet actually.
In the computer system in the previous embodiment, only comprise single IDE Winchester disk drive, it is noted that at this, one computer system may comprise a plurality of IDE Winchester disk drive of being controlled by single IDE controller, wherein, each disk drive is to be differentiation with its appointed " disk sequence number " (drive number), and this disk sequence number is the beginning with 0 usually, if a computer system only has single Winchester disk drive, then the disk sequence number of this Winchester disk drive is 0.One IDE controller can link via two IDE Winchester disk drive that single winding displacement (ribboncable) and its are controlled, wherein this winding displacement comprises a plurality of control lines, it is in order in the data access process, according to the disk sequence number of these two Winchester disk drive, respectively it is done the action of access.
In fact data storage zone 38 in the one IDE Winchester disk drive is positioned at one or a plurality of magnetic disk surface, and wherein a magnetic disk surface can be divided into a plurality of tracks and a plurality of magnetic region.Data storage zone 38 may be partitioned into a plurality of data storage blocks 39, and it is that a logical blocks is cut apart, and may not cut apart corresponding with the magnetic region in the entity disk.In Windows operating system, an IDE disk drive can be divided into a plurality of logical division, and it is designated respectively distinguishes with different English alphabets, makes this processor can operate these a plurality of logical division respectively.If an IDE disk drive without logical division, then is regarded as only tool one disk logical division, its also designated letter is as its code name.
In the present embodiment, this computer system has single IDE Winchester disk drive, and it is divided into three different logical division, comprises 42 and one unshielded data storage zone 43,40, one virtual data storage zone, a protection data storage zone.Each logical division comprises a plurality of logical blocks 39 in this IDE disk drive, wherein is contained in the block in the protection data storage zone 40, is protection data storage block 44; Be contained in the block in the virtual data storage zone 42, be virtual data storage block 46; Be contained in the block in the unshielded data storage zone 43, be unshielded data storage block 47.Aforementioned three data storage zones 40,42,43 can be arranged in the data storage zone of Winchester disk drive, may intermesh on spatial configuration.As mentioned above, the number of protection data storage block 44 and virtual data storage block 46 is preferably identical, promptly preferably has man-to-man corresponding relation between these two kinds of data blocks.
One IDE Winchester disk drive comprises a FAT, and (file allocation table, FAT), it is in order to write down in this Winchester disk drive each disk logical division by the behaviour in service of each logical blocks 39.If this logical blocks has data, then this FAT is further put down in writing the file name that occupies data blocks, and the relevant information that belongs to other data blocks of these archives together.In the present embodiment, FAT in protection data storage zone 40 is called protection data storage table 50, FAT in virtual data storage zone 42 is referred to as virtual data storage table 51, and the FAT in unshielded data storage zone 43 is referred to as unshielded data storage table 53.
The function mode of following interpretation data record protection control device 20.
Record system operator in the protection data storage zone 40 and desire the protection data protected, it is not modified or deletes.The storage address of each protection data is to be recorded in protection data storage table 50.Usually the protection data is to be written in the protection data storage zone 40 by a system operator, provides the user of this computer system to use.After holding, the method that is written into the protection data chats again, shown in the accompanying drawing 100 and 200.
When computer system 22 newly begins each running paragraph; data logging protection control device 20 all is considered as virtual data storage zone 42 not use; this moment, virtual data storage table 52 was set at 0 with the effective value of each virtual data blocks 42, represented that this virtual data blocks does not contain live data.
When the protection data in the protection data storage block 44 is read, can will protect the content replication of data blocks 44 in the virtual data storage zone 42 with these protection data blocks 44 corresponding virtual data storage blocks 46 in, simultaneously the effective value of this virtual data storage block 46 in virtual data storage table 51 is recorded as 1, to represent that the data content in this virtual data storage block 46 serves as effective.
When processor 24 passes on a data write command with additions and deletions or when repairing data logging in the protection data zone 40, this appointment writes data and can not be recorded in this protection data storage zone 40, and can be written in the virtual data storage zone 46 with these protection data storage block 44 corresponding virtual data storage blocks 46 in, and upgrade the record of virtual data storage table 52, be effective with the data logging of this virtual data storage block 46.
Promptly when processor 24 is assigned reading order to a certain protection profile, data logging protection control device 20 reads this protection data from one or a plurality of protection data storage block 44, and sends this processor 24 to.Simultaneously, data logging protection control device 20 reads data with this appointment and is written in the virtual data storage block 46 in the virtual data storage zone 42, and upgrades the record of virtual data storage table 52, is effective with the data logging of this virtual data storage block 46.
The data logging that was modified will send data logging protection control device 20 to, and is stored in the data storage device 26, and wherein this data logging of more correcting one's mistakes is taken as virtual data, is recorded in the virtual data storage zone 42.
Because when computer system 22 begins at each running paragraph, virtual data storage zone 42 can be considered as vacant not usefulness, therefore all data are changed content before this running paragraph begins, and can not be retained.Source book record in protection data storage zone 40 then is considered to be up-to-date data record content.
For the data access instruction at unshielded data storage zone 43, data logging protection control device 20 only is transferred to data storage device 26 with this instruction.When reading unshielded data, data logging protective device 20 receives the data that this appointment is read, and it is sent to processor 24.That is for the access of unshielded data, data logging protection control device 20 only instructs and should specify the buffer zone of access data as this data access.Suppose this data storage device 26 as the IDE Winchester disk drive at this, can finish the data access instruction voluntarily.If data storage device 26 can not independently be finished data access instruction, then data logging protection control device 20 can also be through suitably setting, and the access action that makes it possible to directly to control this data storage device carries out.The function mode of above-mentioned data logging protection control device 20 is shown in method in the accompanying drawing 300.
Fig. 2 shows according to the method 100 of the present invention's one set data storage device 26 system configuration, makes it possible to access data in data storage zone 38.Method 100 is implemented by a system operator, makes computer system 22 after suitably disposing, and provides the user to use.
The step 102 of Fig. 2 is protected control device 20 for data logging and is entered the system configuration pattern according to the order of system operator.The system configuration software that this system operator utilizes data logging protection control device 20 to be provided usually; order this data logging protection control device 20 to enter the system configuration pattern; and, in the method 100 preferably all be under the control of this system configuration software, to carry out in steps.This system configuration software preferably provides a cipher mechanism, makes data logging protection control device 20 only have the user and imports under the situation of proper password, can allow this data logging protection control device 20 enter the system configuration pattern.Data logging protection control device 20 preferably only has when starting this system configuration software under computer system 22 start situations, can enter the system configuration pattern.
Follow the step 104 of access method 100.Any storage device 26 is all represented maximum storage space in its data storage zone 38 with the bit number.Step 104 is that data storage space 38 is divided into the step that data storage zone 42 and unshielded data storage zone 43 are protected in protection data storage zone 40, void.
Data logging protection control device 20 can show a dialogue square; allow this system operator set the storage area size in unshielded data zone 43; data logging protection control device 20 specifies a storage area as unshielded data storage zone 43 in data storage zone 38 further according to this setting value.
Protection data storage zone 40 and virtual data storage zone 42 are then divided in still unspecified storage area in the data storage zone 38.
Because the size in protection data storage zone 40 and virtual data storage zone 42 preferably equates; and protection data storage block 44 wherein can be corresponding in man-to-man mode with virtual data storage block 46; so data logging protection control device 20 preferably can be divided the storage area that does not belong to unshielded data zone 43 in the data storage zone 38 equally to protection data storage zone 40 and virtual data storage zone 42, makes protection data storage block 44 and virtual data storage block 46 that equal number can be arranged.
In this embodiment, step 104 is divided into data storage zone 38 as three above-mentioned storage areas.
Step 106 in the method 100 is to protect control device 20 that the single data storage device 26 of computer system 22 is modeled as two independently data storage devices with data logging; present to processor 24, wherein these two data storage devices are referred to as " virtual data storage device ".And the virtual dividing character of these two data storage devices does not convey to processor 24.Wherein, the storage area of a data storage device and protection data storage zone 40 equate that the storage area of another data storage device then equates with unshielded data storage zone 43.Data logging protection control device 20 does not send any relevant information in virtual data storage zone 42 to processor 24.According to the data input output agreement that computer system 22 is adopted, data logging protection control device 20 must send some particular profile of above-mentioned two data storage devices to processor.For example each self-contained track number of these two data storage devices, magnetic region number and magnetic region size.Data logging protection control device can calculate the relevant information of these two virtual data storage devices according to the storage area (promptly protecting data storage zone and unshielded data storage zone) of these two virtual data storage devices, sends processor 24 to.All these information all do not comprise the part about virtual data storage zone 42.Data record protection control device 20 does not need to provide above-mentioned relevant information sometimes, and unique information that must provide is the storage area size in protection data storage zone 40 and unshielded data storage zone 43.
Two virtual data storage devices that data logging protection control device 20 is simulated can be corresponding with the logical division in the data storage device 26 respectively.According to computer system 22 employed data input output agreements, processor 24 can be set different virtual data storage devices by different parameter values.In the computer system 22 in the present embodiment, these two virtual data storage devices are to represent with different disk sequence number and letter.The data access order that data logging protection control device 20 receives at different disk sequence number storage device, and should specify the access target to be converted in the IDE hard disk corresponding disk to cut apart.
Because processor 24 is looked virtual data storage zone 42 for not existing, so the effective storage area amount in the data storage device 26 is that numerical value behind the virtual data storage space is deducted in all storage areas in this memory storage.For example, if data storage zone 38 has the 10Mb space, and protection data storage zone 40 be 4Mb, then protects the space that data storage zone 40 and virtual data storage zone 42 respectively contain 4Mb, belongs to unshielded data storage zone 43 and remain 2Mb.For processor 24, wherein, virtual data storage zone 42 is not for existing, and there is 4Mb in protection data storage space, and there is 2Mb in unshielded data storage space.
Method 100 so far finishes.
After method 100 is finished, processor 24 will be looked computer system 22 and operate for the e-machine with two independent entity data storage devices.In the present embodiment, computer system 22 has single IDE Winchester disk drive, and this disk drive is split into three logical division, and wherein two disk logical division are sent out not designated with the disk code name.Another logical division then is set to be hidden processor 24, so processor 24 can not directly operate this hiding disk logical division.
Method 100 can repeat to implement to protect with change the storage area size in data storage zone 40, virtual data storage zone 42 and unshielded data storage zone 43.When method 100 has been loaded with when implementing on the hard disk of data one first, if storage area permission, then can set this data is written into protection data storage zone 40 or unshielded data storage zone 43, if the storage area deficiency then can be written into them on other Storage Medias.When method 100 is executed on this hard disk once more, and the storage area of protection data storage zone 40 and unshielded storage area 43 all reduces, make the data that has had in this hard disk can't completely be present in this protection data storage zone 40 or this unshielded data storage zone 43, then this data logging may have the part loss, perhaps is copied to different storage locations.
Fig. 2 A shows a method 110, and it is will protecting 43 formats of data storage zone 40 and unshielded data storage zone, and the data that makes can be stored in these two data storage zones.Method 110 is implemented by a system operator, makes computer system 22 after suitably disposing, and provides the user to use.
The step 112 of method 110 is to protect control device 20 for data logging to enter the system format pattern according to the order of system operator.The system format software that this system operator normally utilizes data logging protection control device 20 to be provided orders this data logging protection control device 20 to enter the system format pattern.
Follow the step 114 of access method 110, it is in order to will protect data storage zone 40 and 43 formats of unshielded data storage zone.Under many situations, the format in data storage zone 40 and 43 needs to adjust according to the characteristic of computer system under it 22.This formatting step has produced protection data storage table 50, protection data storage block 44, unshielded data storage table 53 and unshielded data storage block 47.
In the computer system of present embodiment, comprise the implementing procedure that to implement above-mentioned format work in the Windows system program.Fdisk among the Windows and Format implementing procedure can be in order to produce protection data storage table 50, protection data storage block 44, unshielded data storage table 53 and unshielded data storage block 47.
Fig. 3 shows one method 200 according to the present invention, makes it possible to protect data storage zone 40 and be written into data in data storage device 26, and it is normally implemented by a system operator.
The step 202 of Fig. 3 is written into pattern for data logging protection control device 20 enters system according to the order of system operator; the system that this system operator normally utilizes data logging protection control device 20 to be provided is written into software, orders this data logging protection control device 20 to enter system and is written into pattern.This system is written into software and preferably provides a cipher mechanism to make data logging protection control device 20 only have the user to import under the situation of proper password, can allow this data logging protection control device 20 enter system and be written into pattern.Data logging protection control device 20 preferably only has when this system of startup is written into software under computer system 22 start situations, and the system that can enter is written into pattern.
The then step 204 of access method 200, it is with so that system operator can be written into data protects in the data storage zone 40.For example, system operator can be written into operating system software, the application software as copy editor and so on, Games Software, bitcom or the profile of a processor controls or other parts of system.The actual data content that is written into protection data storage zone 40 is then decided according to the character of the system 22 of computer and purposes.When system operator in additions and deletions or when revising data logging in the protection data storage zone 40, data storage device 26 can upgrade the content of protection data storage table 50 at any time, makes table 50 can have in the storage area 40 all data note down relevant informations such as address.
In the step 204, system operator is not written into any data in the virtual data storage zone 42.
In the computer system of present embodiment, step 204 may relate to operating system software such as Microsoft Windows, application software such as Microsoft Word, other softwares or data installation or the record on the IDE hard disk.Processor 24 is cut apart called after C or other code names with this disk, and the IDE hard disk will cut apart at this disk and possess FAT table, its in order to write down this magnetic disc cut apart in loaded all data the position and by the specified profile title of system operator.When system operator was finished data and is written into employing of protection data storage zone 40, method 200 promptly came to an end.At this moment, the data of record promptly is referred to as the protection data in the protection data storage zone 40.
Computer system 22 can be carried out general operation after the protection data being written into protection data storage zone 40.Usually, computer system 22 can offer general user's use at this moment.System operator can repeat enforcement method 200, in order to the data content in the change protection data storage zone 40.When the data content in protection data storage zone 40 was changed, data storage device 26 or data logging protection control device 20 can upgrade the content of protection data storage table 50 thereupon.System operator can not be written into the data of the permanent protection of any need in the virtual data storage zone 42.
Fig. 4 A and Fig. 4 B display packing 300, it is the mode of data logging protection control device 20 general normal operations.In the instruction of being sent by processor 24, desire will before deposit the data logging of material storage device 26 in and be read taker, be referred to as reading command, and this reads the target data and is referred to as to specify the data that reads; Desire is referred to as to write instruction with the data loader, and this writes target and is referred to as to specify the data that writes.
The step 302 of method 300 enters the information protection pattern for data logging protection control device 20.When the new running paragraph of computer system 22 beginning one; unless data logging protection control device 20 is entered system configuration pattern (method 100) by order or system is written into pattern (method 200), otherwise data logging protection control device 20 can enter the information protection pattern automatically.The new running paragraph of computer system is beginning with booting computer or reopening machine normally.
Method 300 then enters step 303, and it is that data logging protection control device 20 is with virtual data storage zone 42 initialization.Data logging protection control device 20 is recorded as 0 with each bit of virtual data blocks use table 52, represents that all virtual data storage blocks 46 do not contain live data.Data logging protection control device 20 all is in untapped state also with the deletion of the record in the virtual data storage table 51 to represent all virtual data storage blocks 46.Step 303 is in order to the virtual data of computer system 22 in the loaded virtual data storage of last running paragraph zone 42, is all removed.For avoiding initiating process to expend the too many time, in fact, data logging protection control device 20 is not by the data logging in each virtual data storage block 46 of pen deletion.And this action of deleting by pen also is unnecessary.Because it all is not effective using the record of every data blocks in the table 52 in virtual data; and virtual data storage table 51 shows that each block is all as yet use, so the virtual data that has had before data logging protection control device 20 can begin this running paragraph is turned a blind eye to.
The processor 24 of some computer system can utilize the ad-hoc location that guides in data storage device 26 accessing zones 38, passes on a low order data input output order.For example, a processor 24 can guide an IDE hard disk to read a particular profile and store some track in the block 39 or the record content of magnetic region.24 of processors can guide the track and the position, magnetic region of access in the one IDE hard disk, can be subjected to the specified protection data storage zone 40 of step 106 and the restriction in unshielded data storage zone 43.
When processor 24 attempts to come the data in the virtual data storage of access zone 42 with the low order input and output instruction, the data logging protection control device 20 that is linked between processor 24 and the data storage device will receive this access instruction.If the target of this instruction appointment access is arranged in when being denoted as not use or effective data storage block, data logging protection control device 20 is finished this instruction with refusal.So, even certain malice user knows the existence in this data logging protection control device 20 and this virtual data storage zone 42, unless this appointment access target deposits virtual data storage zone 42 in this running paragraph, otherwise can not be by access.
Method 300 then enters step 304, and it is to be written in the regional use table 48 of its internal Protection data for content that data logging protection control device 20 will protect data storage table 50.Data logging protection control device 20 uses table 49 initialization with the virtual data zone of its inside, so that it uses table 52 as virtual data storage table 51 and virtual data blocks, each virtual data storage block 46 is not denoted as effectively and not uses.
Protection data zone use table 48 is in order in the process of implementing in method 300, and the content of protection data storage table 50 can be read more quickly.Virtual data zone uses table 49 in order in the process of implementing in method 300, and the content of virtual data blocks use table 52 can be read more quickly.Because the data that is write down in protection data zone use table 48 and the virtual data zone use table 49 can both be by obtaining in its base table (i.e. table 50 and table 52), so the use of table 48 and 49 is selectively.
Method 300 is then got back to step 306, waits the next instruction that processor is assigned.
Method 300 then carry out step 308, if receive the data reading command in step 306, then carry out step 310, otherwise carry out step 340.
This data reading command that step 310 is received for close examination if its appointment is read target and is arranged in unshielded data storage zone 43, then carry out step 330, otherwise carry out step 312.
Step 312 is that data logging protection control device 20 is checked virtual data use table 49, specifies the data that reads whether to be arranged in virtual data storage zone 42 to determine processor 24, if then carry out step 320, otherwise carry out step 314.
Step 314 is that data logging protection control device 20 is checked protection data use table 48, to determine the storing protection data storage block 44 that data is read in this appointment, reads this appointment data and is sent to near-end and remember in the zone 54.The data that is read in this step is in step 204, is written in the protection data storage zone 40 by system operator.
Method 300 then carry out step 316, its with in the step 314 by the data that reads in the protection data storage zone 40, be sent to processor 24.
Method 300 then carry out step 318, its with in the step 314 by the data that reads in the protection data storage zone 40, be written in the virtual data storage zone 42.Data logging protection control device 20 protects control device 20 according to the protection data storage block 44 that reads the data place in the step 314 according to the protection data logging that reads the data place in the step 314; determine corresponding virtual data storage block 46 with it, and this appointment is read document copying in this virtual data storage block 46.Data storage device 26 also upgrades virtual data storage table 51 thereupon, this virtual data storage block 46 is denoted as uses and write down the data content that it is written into.Data logging protection control device 20 also upgrades virtual block use table 52, should virtual data storage block 46 be denoted as and contains live data.
Data logging protection control device 20 is contents of upgrading virtual data zone use table 49 along with the content update of virtual data storage table 51 and virtual data blocks use table 52.
Method 300 is then got back to step 306, waits the next instruction that processor is assigned.
Step 320 is that data logging protection control device 20 is handled a reading command, it is one to be stored in the data logging in the virtual data storage zone 42 that target is read in its appointment, it may deposit in the following step: (i) in the step 318, when from protection data storage zone 40, reading the appointment data, copy to the data in virtual data storage zone 42; In the (ii) following step 342, the data of being passed on according to processor 24 writes instruction, appointment is write data write in the virtual data storage zone 42.
Data logging protection control device 20 definite appointments are read the virtual data storage block at data place, it are read and is sent to processor.
Step 306 is then got back to by side 300, waits the next instruction that processor is assigned.
Step 330 is that data logging protection control device 20 is handled reading command, and it is one to be stored in the data logging in the unshielded data storage zone 43 that target is read in its appointment.This reading command that data logging protection control device 20 will receive directly transfers to data storage device 26.
Method 300 then enters step 332, and it is the unshielded data that data logging protection control device 20 receives from the unshielded data storage zone 43 of data storage device 26, and it is transferred to processor 24.
Method 300 is then got back to step 306, waits the next instruction that processor is assigned.
Step 340 is that data logging protection control device 20 processors one write instruction, if this target that writes that writes instruction is a unshielded data, then enters step 350, will be written in the virtual data storage zone 42 otherwise this appointment writes data, and enter step 342.
Step 342 is that data logging protection control device 20 definite appointments are read the virtual data storage block 46 that data should be written into.If it is about one before by the protection data that reads in the protection data storage zone 40 that this appointment writes data, the data that then this appointment write be written into this protection data logging block 44 corresponding virtual data storage blocks 46 in.If this appointment writes the data of data for this computer system user new system; then data logging protection control device 20 will be denoted as the block of " using " from virtual data storage table 52 and virtual data zone use table 49, and selection one or plurality of blocks write down this appointment and write data.Data logging protection control device 20 also upgrades the content of virtual data storage table 52, and this virtual storage area piece 46 that writes data is denoted as effective data blocks.
Data logging protection control device 20 is contents of upgrading virtual data zone use table 49 along with the content update of virtual data storage table 51 and virtual data blocks use table 52.
If one before had been loaded with a certain virtual data storage block 46 of virtual data, when this profile is deleted and made this block 46 when vacant, it is untapped state that data storage device 26 can upgrade virtual data storage table 51 to indicate this block 46, and virtual data blocks use table 52 is denoted as effective block with this block.Thus, a virtual data blocks 46 that once was loaded with virtual data can be regarded as vacant block after the data deletion, be used for writing down other virtual data.Using in the virtual data storage table 51/ use the summation meaning of the effective/non-effective sign in sign and the virtual data blocks use table 52 to be summarized as follows table:
| The sign of virtual data storage table 51 | Virtual data blocks uses the sign of table 52 | |
| Effectively | Non-effective | |
| Use | There is virtual data blocks at present | This kind combination should not appear |
| Do not use | 1. before be loaded with the block of virtual data, this profile deleted and made that this block is vacant, can be in order to store new virtual data.2. the virtual block that never has virtual data, processor 24 guides controller 20 deletions and the corresponding protection data blocks of this virtual block data, make that this block is vacant, can be in order to store new virtual data. | Never in order to store the block of virtual data. |
In the middle of a running paragraph of computer system, one virtual data storage block 46 is in case be denoted as in virtual data blocks use table 52 effectively, then its effect state can be maintained to this running paragraph end, promptly in step 303, all virtual data storage blocks 46 all be denoted as non-effectively in.
In the computer system of present embodiment, the IDE hard disk can be kept FAT table at protection data storage zone 40 and virtual data storage zone 42 respectively, and when the execution data writes instruction, keeps the correct of this two tables content.Because in the step 304, the content of virtual data storage table 51 is not written into the data storage table 48 of data logging protection control device 20, so the time protection data storage table 48 and virtual data storage table 51 content independent mutually.
Method 300 is then got back to step 306, waits the next instruction that processor is assigned.
Step 350 is that 20 processing one of data logging protection control device write instruction, and it is to desire to be stored in the unshielded data logging in unshielded data zone 43 that its appointment writes target.Data logging protection control device 20 will receive this write instruction and directly transfer to data storage device 26.Information is finished in an instruction or instruction is the error message of successful execution if data storage device 26 is passed back, and then data logging protection control device 20 directly transfers to processor 24 with the information that receives.
Method 300 is then got back to step 306, waits the next instruction that processor is assigned.
Under the information protection pattern of method 300, data logging protection control device 20 can not write any data in the protection data storage zone 40.Therefore, method 200 finishes or upgrades for the last time in it behind sky in the protection data storage zone 40, can possess same data content always.In a running paragraph of computer system 22, be written in the virtual data storage zone 42 with the form of virtual data.With regard to processor 24, it can pass on general data access instruction, and this instruction can also be finished with general fashion.But, when computer system 22 newly begins a running paragraph, utilize the carrying out of step 303, all data of being done under the information protection pattern are changed and all will not existed.
In step 318, data logging protection control device 20 is answered the requirement of a data reading command, and when reading a protection data first, the protection document copying that this appointment can be read is in virtual data storage zone 42.Because this data is written in the virtual data storage 42; make data logging protection control device 20 to proceed to step 320 by step 312; further make data logging protection control device 20 to proceed to step 320, further make data logging protection control device 20 can read this data more quickly after a while by step 312.This copy step can be set up one and comprise the virtual data storage zone 42 of protection data duplicate, and progressively makes it comprise change contents such as more protection data content and any data access of doing, modification in this running paragraph.In the long running paragraph of computer system 22 1, have increasing data reading command and can utilize reading of virtual data zone 42 to finish, and need not read protection data zone 40.
Step 318 alternative is carried out, and all data reading command can also be utilized and directly read protection data zone and finish.Virtual data in this moment virtual data storage zone 42, only comprising the protection data has and carries out the part that additions and deletions are revised.
The one enforcement state of the invention described above is applicable to a computer system 22, and it is to utilize method 100 and method 200 precomposes to set by a system operator, makes the computer user operate all required data of this computer system and all is written in advance in this computer system.This enforcement state is common in general Office PC system, and the user mainly utilizes application tool existing in this computer system to carry out the operation of computer.
General user can't do permanent change to data and software in the protection data storage zone 40, only can utilize virtual data storage zone to reach temporary transient change, perhaps data is deposited in the unshielded data storage zone, so that this data can forever exist, also can go through different running paragraphs and still can exist.As long as utilize computer system boot-strap or restart data logging protection control device 20 is reseted, just all changes that the user does this computer system protection data can be eliminated.Same, owing to the protection data can not changed under the information protection pattern, so any intention will be changed the virus or the malicious act of protection data, all with invalid.In general office environment, the utilization of data logging protection control device 20 can make system operator receive user's quantity and complexity that requires of seeking help greatly to reduce.
In the computer system of present embodiment, for processor 24, method 100 has been set two virtual data storage devices, and it is respectively disk C and disk D in this example.In method 200, the data that desire is protected is written among the disk C.In method 300, all changes that data among the disk C is done will disappear when this operate the paragraph end, and the data additions and deletions modification that disk D is made then still can keep after this running paragraph finishes.The existence in virtual data storage zone 42 and all runnings in order to protect the protection data to be carried out, then hiding fully loseing.
Data logging protection control device 20 provides a strong protection for the protection data in the protection data storage zone 40.In the information protection pattern, data logging protection control device 20 provides a hardware means, makes processor 24 need not carry out any software program and protects the protection data.Therefore, whether virus or other rogue programs can not only utilize the BIOS that confirms the data access instruction to call out and be blocked, and learn the existence of data logging protection control device 20.And data logging protection control device 20 can not influence the running of processor and data storage device fully except the part that equals virtual data storage zone in the data storage device is hidden processor.
Because 20 pairs of processors of data logging protection control device are saturating fully logical (transparent), so the operating system independent that it uses and computer system adopts.And every processor or other hardware that has same controller interface 34 and adopt same agreement, can use same data logging protection control device 20.At present many different e-machines use the memory storage and the interface of standard, make above-mentioned characteristic more preponderate.For example, but electronic game machine, handheld electronic machine Internet-enabled cell phone and other e-machines can shared same data storage device and agreements.
Because the data access action in the data logging protection control device 20 meeting ACTIVE CONTROL data storage devices 26; can exchange information with the data storage device that uses suitable input and output agreement so this control device 20 is set to, and control device and the signal that matches with this agreement is provided.In the computer system of present embodiment, data logging protection control device 20 may need to possess the ability of some or all general IDE hard disk controller, to control this IDE Winchester disk drive.Previously described data logging protection control device 20 all is to be linked between an IDE hard disk controller and the IDE hard disk, and in fact, data logging protection control device 20 can integrate with an IDE Winchester disk drive.This integrating apparatus will receive the data access instruction, and handle the data access instruction in three logical division in this IDE hard disk, but when exchanging information with processor, only it be presented two logical division, and it is shown as two independent entity storage devices.
The data content of possessing a repetition in data storage device solves the problem of information protection, lower-cost at last a kind of method.With respect to the equipment in past, present any hard disk or other data storage devices all have sizable storage volume, and take do not have many.Therefore, it is feasible purchasing a data storage device with 40Mb, and it is also rather reasonable to dispose the protection data of protecting equivalent in a virtual storage area territory therein.
The present invention can provide multiple enforcement state, is exemplified below now:
Fig. 5 shows e-machine 422 structural representations comprise the present invention's one enforcement state 420, wherein identical or suitable element with Fig. 1, behind its label two identical, only before the element numbers of Fig. 5 titled with hundred figure places 4.
Computer system 422 comprises two data storage devices 426 and 460.Data storage device 426 contains a data storage zone 438, it comprises a protection data storage zone 440, a protection data storage table 450, a unshielded data storage zone 443, one unshielded data storage table 453, and the function mode of said elements is all identical with suitable element among Fig. 1.
Data storage device 460 comprises a controller interface 462 and a data storage zone 464.Data storage device 460 utilizes a storage device data bus-bar 436 and control device 420 to link.Virtual data storage zone 44 and virtual data storage table 451 thereof are arranged in data storage zone 464.Be able to do in time in 451 function mode and the data storage device 426 suitable element of virtual data storage zone 442 and virtual data storage is identical.
Data logging protection control device 420 is set at can operating information storage device 426 and 460.Data logging protection control device 420 is safeguarded the data logging in virtual data storage zone 442, and is identical in its mode and the aforementioned electronic machine 22.Because data storage zones 464 whole in the data storage device 460 are as virtual data storage zone 442, control device 420 is hidden 460 pairs of processors of whole data storage device 424.4209 pairs of processors 424 of control device present two entity storage devices, and one is corresponding to protection data storage zone 440, and it is two corresponding to unshielded data storage zone 443, and both all are positioned at data storage device 426.
The advantage of computer system 422 is: not as the part in virtual data storage zone 442, therefore processor 424 can be done actions such as access to whole data storage zone 438 in the data storage zone 438.
When the invention process during in an existing electronic installation, this enforcement state can be so that the storage area that processor 424 can use can not reduce.
Because some is as unshielded data storage zone 443 in the data storage zone 438, so data storage zone 464 only needs to get final product with data storage zone 440 equal sizes, therefore, the storage volume of data storage device 460 may be littler than data storage device 426.If data storage device 460 is identical with the storage volume of data storage device 426, then unnecessary sky can be used as the second unshielded data storage zone in the data storage device 460.This second unshielded data storage zone can not be hidden, and with a kenel that indicates the 3rd data storage device of different disk sequence number, presents to processor 424.
As shown in Figure 1; computer system 22 and data logging protection control device 20 are under protected mode; all changes that the user is done the protection data all are written in the virtual data storage zone 42; and when newly beginning a running paragraph; utilize the peace beginningization of virtual data storage table 51 and virtual block use table 52; in last running paragraph, the user eliminates the change that the protection data is made, to reach the purpose of protection protection data.In other enforcement state of the present invention, under some situation, the change that the user is made the protection data may need to operate in difference and keep in the paragraph, can remove this data simultaneously according to need and change.Desire to reach this purpose, as long as when step 304 is carried out, read virtual data storage table 51 and virtual data blocks use table 52, and contents of this two tables is written in the virtual data zone use table 49 in the control device 20 get final product, read the content of protecting data storage table 50 simultaneously.At this moment, control device 20 provides one " deleting virtual data zone " instrument, makes system operator control device 20 can be reseted, with the data storage list deletion in the control device 20, only by reading protection data storage table 50 in the data storage device 26." deleting virtual data zone " instrument of being somebody's turn to do makes system operator control device 20 can be reseted, with the data storage list deletion in the control device 20, only by reading protection data storage table 50 in the data storage device 26.Should preferably be stored in the information protection pattern and use by " deleting virtual data zone " instrument; and the startup of this instrument preferably possesses a cryptoguard mechanism, in order to avoid rogue program such as virus or other users use this instrument to cause the damage of data logging in the virtual data storage zone 42.
Should " deleting virtual data zone " instrument preferably only when beginning a new running paragraph, a computer system uses.This enforcement state is particularly useful at teaching occasions, and wherein a certain student uses certain computer between a learning period, after finishing between this learning period, this computer can be reseted so that other staff use.
Be recorded in the data content in the virtual data storage zone 42, may need to utilize to be written in the protection data storage zone 40, and it can forever be preserved.Can provide an instrument this moment, and it is in order to virtual document copying is arrived in the protection data storage zone.These Replication Tools make system operator the data logging in the virtual data storage district can be copied to corresponding block in the protection data storage zone, upgrade the content that table 48 is used in protection data storage table 50 and protection data zone simultaneously.This instrument should possess a cryptoguard mechanism, in order to avoid it is being activated without under the situation.Necessary, can also on this control device 20, install a physical key, can not cause permanent improperly data change to guarantee a unwarranted user.
In conjunction with the data in the virtual data storage of above-mentioned (i) reservation zone; (ii) one delete virtual data instrument; A (iii) utilization of duplicating virtual data instrument is very useful under the situation that the configuration settings of computer system may be changed.If the change of a computer system setting value, when causing system's shakiness or other reasons to remove, can utilize the data logging of deleting virtual data storage zone 42 with it removal.If when the change of a computer system setting value needs permanent the reservation, then it can be copied to protection data storage zone 40.
Computer system 22 comprises a unshielded data storage zone 43.When computer apparatus is when using under independent situation, this design is not only appropriate but also be necessary.Suppose that computer system 22 is to use in a networking environment, then the user of network computer may be required data storage in a network server in this networking, at this moment, unshielded data storage zone 43 in the data storage device 26 may be removed, and specifies a zone as unshielded data storage zone 43 in this network server.
Above-mentioned enforcement state is at an IDE Winchester disk drive.The present invention can also be used with its storage device, for example ISA, ATA, EIDE, SCSI and other kind Winchester disk drive.In addition, the present invention also is applicable to other data storage devices, comprising: solid-state memory storage such as magnetic memory storage, flash memory, PC card.
The present invention also can be used with other information protection instruments, as disk tolerance (RAID, redundant array of independent disks) technology etc.In a RAID system, similar data logging protection control device as control device 20 or 420 can place the RAID controller and one or a plurality of backup diskette between.This Winchester disk drive of this data logging protection control device and its binding can be set as above-mentioned method, and it is the standby control that comes reinforcement RAID to provide with information protection technology of the present invention.Note RAID technology and the guaranteed data logging that can protect in the disk, only can guarantee to utilize the backup diskette data, repair the mistake of data logging.If a virus intrusion one has the system of RAID mechanism, then this virus will be written in all standby Winchester disk drive.The mechanism that removes virus that provides is provided the RAID technology.
Though the present invention with several preferred embodiments openly as above; yet it is not in order to limit the present invention; anyly be familiar with this operator; without departing from the spirit and scope of the present invention; when can being used for a variety of modifications and variations, so protection scope of the present invention is as the criterion when looking the accompanying Claim person of defining.
Claims (15)
1. the method for a protection data logging on Storage Media comprises the following steps:
(A) under the system configuration pattern, an entity storage device is divided into a protection data storage zone, a virtual data storage zone and a unshielded data storage zone;
(B) under system is written into pattern:
(i) should protect data storage zone and this unshielded data storage regional simulation is two independent entity storage devices;
(ii) should hide in virtual data storage zone;
(iii) the data storage that will desire to be protected is in this protection data storage zone;
(C) under the information protection pattern:
(i) should be virtual data storage zone and protection data storage zone and this unshielded data storage regional simulation be two independent entity storage devices;
(ii) should protect the data storage zone hides;
(iii) receive the data reading command of passing on by this processor, and carry out the following step and handle this instruction;
(1) if this virtual data storage region memory have this appointment to read data, then in this virtual data storage zone, read this data, and with this data transmission to this processor;
(2) if do not have this appointment and do not read data in this virtual data storage zone, then read it from this data physical holding of the stock, and with this data transmission to this processor.
2. the method for claim 1, wherein step (C) (ii) is included in and is written into this appointment in this virtual data storage zone and reads this step of document copying.
3. the method for claim 1 further comprises the steps: under this information protection pattern, and the instruction of passing on when this processor is a data when writing instruction, and the data that then this appointment write writes in this virtual data storage zone.
4. the method for a protection data logging on Storage Media comprises the following steps:
(A) under the system configuration pattern, an entity storage device is divided into an at least one protection data storage zone and a virtual data storage zone;
(B) under system is written into pattern, with the data storage desiring to be protected in this protection data storage zone;
(C) under the information protection pattern, receive the data reading command of passing on by this processor, and carry out the following step and handle this instruction:
(i) if this virtual data storage region memory have this appointment to read data, then in this virtual data storage zone, read this data, and with this data transmission to this processor;
(ii) if do not have this appointment and do not read data in this virtual data storage zone, then read from this protection data storage zone, also with this data transmission to this processor.
5. method as claimed in claim 4, wherein step (C) (ii) is included in this virtual data storage zone and is written into the step that document copying is read in this appointment.
6. method as claimed in claim 4 further comprises the following step: under this information protection pattern, the instruction of passing on when this processor is a data when writing instruction, and the data that then this appointment write writes in this virtual data storage zone.
7. method as claimed in claim 4, wherein this data logging protection controller links to each other with this processor, and wherein in step (b) with (c), this data logging protection controller should be hidden this processor in virtual data storage zone.
8. method as claimed in claim 4, wherein comprise a plurality of protection data storage blocks in this protection data storage zone, wherein comprise a plurality of virtual data storage blocks in this virtual data storage zone, and each block all can be corresponding with the particular block in these a plurality of virtual data storage blocks in these a plurality of protection data storage blocks.
9. method as claimed in claim 4, wherein step (c) (ii) in, this appointment read data can by one or a plurality of protection data storage block in read, and this step further reads this appointment document copying in this virtual data storage zone in the corresponding virtual data storage block.
10. method as claimed in claim 4; wherein this data logging protection controller comprises a virtual data use table; it makes it possible to distinguish the validity of institute's record material in these a plurality of virtual data storage blocks in order to write down the read-write record of each block in aforementioned a plurality of virtual data storage block.
11. a data logging guard method comprises the following steps:
(A) provide a protection data storage zone, wherein comprise a plurality of protection data storage blocks;
(B) provide a virtual data storage zone, wherein comprise a plurality of virtual data storage blocks, and these a plurality of virtual data storage blocks are corresponding with these a plurality of protection data storage blocks respectively;
(C) data that stores the desire protection in this protection data storage zone one or a plurality of protection data storage block in;
(D) in this virtual data storage zone of identification, there is not the virtual data storage block of live data;
(E) receive the data reading command that this processor is passed on, and carry out the following step and handle this instruction:
(i) confirm one or a plurality ofly have a protection data storage block of desiring the data that reads;
(ii) confirm one or a plurality of virtual data storage block corresponding to aforementioned protection data storage block;
(iii) confirm the validity that stores data in the aforementioned virtual data storage block,,, then carry out step (E) (v) if this data is not had validity if this data is effectively then carried out step (E) (iv);
(iv) from this virtual data storage zone, read this appointment and read data, and this appointment is read data transmission to this processor;
(v) from protection data storage zone, read this appointment and read data, and this appointment is read data transmission to this processor;
(F) receive the data that this processor passes on and write instruction, and carry out the following step and handle this instruction:
(i) choose one or a plurality of virtual data storage block;
The data that (ii) this appointment write writes aforementioned selected virtual data storage block;
The virtual data storage block that (iii) this is written into is denoted as has live data.
12. as method as described in the claim 11, wherein this protection data storage zone and this virtual data storage zone are provided by an entity data storage device.
13. method as claimed in claim 11, wherein this protection data storage zone and this virtual data storage zone are provided by a disk drive.
14. method as claimed in claim 13, wherein this protection data storage zone and this virtual data storage zone are that the difference that is present in the disk drive is cut apart in the magnetic disc.
15. method as claimed in claim 11, wherein this disk drive belongs to the Winchester disk drive of IDE type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011182075A CN1277215C (en) | 2001-05-22 | 2001-05-22 | Device and method for protection of data record on storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011182075A CN1277215C (en) | 2001-05-22 | 2001-05-22 | Device and method for protection of data record on storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1387192A true CN1387192A (en) | 2002-12-25 |
| CN1277215C CN1277215C (en) | 2006-09-27 |
Family
ID=4663037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB011182075A Expired - Fee Related CN1277215C (en) | 2001-05-22 | 2001-05-22 | Device and method for protection of data record on storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1277215C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100371915C (en) * | 2004-09-29 | 2008-02-27 | 安国国际科技股份有限公司 | Portable storage apparatus and data access method thereof |
| CN100407322C (en) * | 2004-12-28 | 2008-07-30 | 万国电脑股份有限公司 | Storage device with independent storing section, and cryptoguard method |
| TWI551977B (en) * | 2015-08-18 | 2016-10-01 | 英業達股份有限公司 | Setting restoring system |
-
2001
- 2001-05-22 CN CNB011182075A patent/CN1277215C/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100371915C (en) * | 2004-09-29 | 2008-02-27 | 安国国际科技股份有限公司 | Portable storage apparatus and data access method thereof |
| CN100407322C (en) * | 2004-12-28 | 2008-07-30 | 万国电脑股份有限公司 | Storage device with independent storing section, and cryptoguard method |
| TWI551977B (en) * | 2015-08-18 | 2016-10-01 | 英業達股份有限公司 | Setting restoring system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1277215C (en) | 2006-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1149479C (en) | Data management system for a real-time system | |
| CN1158604C (en) | Object reconstruction on object oriented data storage device | |
| CN1104684C (en) | Method and equipment for restoring hard disc driver of computer system | |
| CN1577236A (en) | Storage system | |
| US8782089B2 (en) | Selective file erasure using metadata modifications and apparatus | |
| CN1188785C (en) | Security administive system, data distributing equipment and portable terminal device | |
| CN1296835C (en) | Apparatus and method for controlling booting operation of computer system | |
| CN1795439A (en) | Security system and method for computer operating systems | |
| CN1536485A (en) | Data maintenance, backup and recovery system and its method | |
| CN101046759A (en) | Remote copying system and method of controlling remote copying | |
| CN1524223A (en) | Systems and methods of information backup | |
| CN1313938C (en) | Storage system, computer system and a method of establishing volume attribute | |
| US6961833B2 (en) | Method and apparatus for protecting data in computer system in the event of unauthorized data modification | |
| CN1285038C (en) | System and method for handling device accesses to a memory providing increased memory access security | |
| US20040186971A1 (en) | Apparatus and method for protecting data recorded on a storage medium | |
| CN1555557A (en) | Writing device, semiconductor memory card, program, and method | |
| CN101996109A (en) | Computer system, control method thereof and recording medium storing computer program thereof | |
| CN1864127A (en) | System, apparatus and method for controlling a storage device | |
| CN1277215C (en) | Device and method for protection of data record on storage medium | |
| CN101788913B (en) | Computer system with double operating devices and monitoring method thereof | |
| CN1875354A (en) | Recording medium, data processing apparatus, and data processing method | |
| CN112995094A (en) | Dynamic management method and system for account number authority of network equipment | |
| CN1303530C (en) | Security device for a mass storage | |
| CN102135926A (en) | Data storing method capable of protecting hard disc from clearing or low level | |
| CN1645485A (en) | Method for rapid copying hard disk with protective subareas |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170607 Address after: No. 3, No. 10, development avenue, new industrial park, hi tech Zone, Shaanxi, Xi'an Patentee after: XI'AN MOREBECK SEMICONDUCTOR TECHNOLOGY CO., LTD. Address before: Ontario, Canada Patentee before: Liang Guoen |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060927 Termination date: 20190522 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |