WO2003025760A1 - Data protection and retrival - Google Patents

Data protection and retrival Download PDF

Info

Publication number
WO2003025760A1
WO2003025760A1 PCT/AU2002/000924 AU0200924W WO03025760A1 WO 2003025760 A1 WO2003025760 A1 WO 2003025760A1 AU 0200924 W AU0200924 W AU 0200924W WO 03025760 A1 WO03025760 A1 WO 03025760A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
location
recording
offsite
recording location
Prior art date
Application number
PCT/AU2002/000924
Other languages
French (fr)
Inventor
Cary Lockwood
Original Assignee
Cebridge Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cebridge Pty. Ltd. filed Critical Cebridge Pty. Ltd.
Priority to GB0406543A priority Critical patent/GB2396723A/en
Publication of WO2003025760A1 publication Critical patent/WO2003025760A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Definitions

  • This invention concerns an apparatus and process for electronic data storage and retrieval.
  • Disks may be appropriated by departing employees and boxes of disks are easily destroyed by fire or disturbed by magnetic fields generated by other equipment.
  • the method aspect of the invention provides a method of preserving electronic data which is created in a generating location, comprising recording the data in an offsite location in a form which is capable of recreating the data in the event of loss or corruption of the original, and storing the recorded data in a safe location.
  • the incoming stream of data is separated by a unique encryption key and remains separated from all other streams in order to preserve security of each source of data. It is this encryption key that wraps the data at all stages and secures and protects the data in all three locations - generating, recording and safe deposit.
  • the recording is made in a safe location, which is offsite.
  • safe location we mean a secure location such as a security premises from which access is barred to non-authorised personnel.
  • the safe location may contain a storage facility for the recordings, eg. a vault, cell or safe.
  • the recordings may be tapes, disks or equivalents. More usually the recordings are also duplicated and transferred to a locked location elsewhere. It is from either the safe deposit or the recording location that recordings could be transported to the generating location if a restart was necessary. Alternatively, the recording of data could be sourced from the intermediate source (box) or recorder if a restart was necessary.
  • the generating location may have an intermediate device which stores the generated data temporarily and releases it to the recorder at a different rate.
  • the link between the intermediate device may be a telephone line or an equivalent for the purpose of data transmission.
  • the apparatus aspect of the invention may comprise an intermediate device for storing data as it is generated and releasing the stored data at a rate compatible with the line connection between the generating location and the recording location.
  • the intermediate device may have a control for actuating the recorder to repeat the recorded data. More usually initially the tapes or disks will also be physically taken to the generating location and loaded into the computer disk from which the data was taken originally and thus a complete snapshot of data is achieved.
  • the intermediate device may be capable of recovering input from multiple sources, eg. via a LAN.
  • the intermediate device preferably contains disk capacity to store the generated data and therefore always having a complete snapshot of data, a modem or equivalent for transferring data to the offsite location and a means to test whether a users generated data has been incorporated into the disk capacity.
  • the intermediate device may also have means to test whether the data is successfully transferring to the offsite location.
  • the device may be capable of testing whether the offsite location is in communication with the generating location. It is useful if the device has means to monitor the connection between the data generating operation and the recording operation by continual intermittent interrogation.
  • the device may be mains powered and with an uninterruptable power source for extra protection and security.
  • the device monitors the recording and transfer operation by sending a data batch which imposes a close to zero load on the network and if the batch fails to arrive within a specified period, an alarm is activated. The alarm may be sent to the network or to persons.
  • the device may monitor if a service starts or stops.
  • the device may also monitor whether the performance falls above or below a predetermined threshold.
  • the device preferably uses encryption and compression to transfer data to the offsite location.
  • the offsite location may use standard recording equipment and decompress transferred data upon receipt. The data may always be protected by the encryption key.
  • Actuation of the functions of the device may be protected by a key in lock, user name and password protection and encryption key.
  • the device may allow recovery of data transferred to the device for a specified period, say a working week. At all times a complete current snapshot of data would be present in the recording location and the safe deposit as well as incrementals in the device.
  • Figure 1 is a schematic diagram of the locations.
  • Figure 2 is a diagram of the parts of the intermediate device.
  • the customer has an office with a single PC and/or file server; a single PC and file server; a group of networked PC's; or a group of networked PC's and file server.
  • the office is the generating location.
  • the customer connects each individual PC and/or file server to a LAN and/or switch/hub or to a common intermediate device directly or indirectly to, namely a box containing components to which there is no access.
  • the components are shown in Figure 2.
  • the customer connection is made via the data point.
  • the switch accepts up to 8 PC outputs via an integration card in the case of a customer network/switch/hub failure.
  • a key operated switch allows a power supply to energise a motherboard and a hard disk drive. One LED indicates the power supply is ON. Another LED indicates the hard disk drive is working.
  • This device can also act as a file server in the event there is not one present by using the device as it stands.
  • interface control point gives access to keyboard, mouse or video card which permits the box installer to adapt the box to the customer's network.
  • Commands to the intermediate device, namely the box are given from the customer's keyboard that is in turn connected directly or indirectly via a LAN to the data point for instant data retrieval.
  • the disk drive allows stored data to be transferred by a modem to a telephone line and/or equivalent device such as ISDN, DSL or dedicated cable marked “encrypted connection" which connects at the communication point.
  • the software encrypts and compresses and then transfers the day's stored data at close of business to the offsite location, usually a building close enough to the office to cost only a local phone call in its base configuration.
  • the building may be the HQ of a company providing security services, eg. ARMAGUARD security services.
  • the premises have a recording installation with SONY DDS4 tape recorders and multiple CD writers and/or hot swappable hard disk drives. These are removed manually on a daily basis and/or as they fill and are put in a customers collection at a safe location, such as fireproof safe deposit. Access to the recording installation is further guarded by a key in lock.
  • the offsite recording location services customers in a metropolitan area or in a rural area and has multiple incoming telephone and/or equivalent telecommunication lines.
  • the same location has an outgoing telephone and/or equivalent telecommunication line to a customer so that the service provider can inform the customer but the telephone numbers and/or equivalent telecommunication of the lines entering the offsite recording location are secret.
  • the device is instructed by the keyboard or mouse to restore the file, just as an operator restores a file from a backup tape in the prior art procedure. If telephone and/or equivalent telecommunication line drops out during backup the associated software establishes a new line and continues the required service from the point of drop out. Thus the customer's records roll over daily until day 56 when they pass beyond instant electronic recall via the intermediate box. The customer's records are merged on a daily basis to give a complete current snapshot of the customer's data at the recording location (operations centre) and permanent tape record and/or CD record and/or hot swappable hard disk in the safe deposit (see Figure 1).
  • the permanent tape record and/or CD record and/or hot swappable hard disks available from IBM and SEAGATE are returned from the safe deposit and re-installed on new PCs after the data is decrypted using the customers unique encryption key.
  • the system is independent of Internet.

Abstract

Electronic data generated in a generating location such as a workplace is sent by line connection to an offsite recording location from which it is retrievable in the event of loss of corruption of the material. An intermediate recorder at workplace collects data during working hours, encrypts the data and sends it offline to a local safe location by a telephone line. The data may be stored as discs or tapes in a vault. The system is not Internet dependent.

Description

TITLE : DATA PROTECTION AND RETRIEVAL
FIELD OF THE INVENTION
This invention concerns an apparatus and process for electronic data storage and retrieval.
BACKGROUND OF THE INVENTION
All businesses and operations which use computers generate data which they need to keep and use. Manufacturers supply computers with tapes which record data day by day.
Alternatively, much work is batched on storage disks and staff working in the business select and retrieve according to the needs of the business. Most operators have experienced failures in these back up procedures. If a personal (PC or fileserver) is stolen, the in situ backing tape is stolen at the same time. Disks may be appropriated by departing employees and boxes of disks are easily destroyed by fire or disturbed by magnetic fields generated by other equipment.
SUMMARY OF THE INVENTION
The method aspect of the invention provides a method of preserving electronic data which is created in a generating location, comprising recording the data in an offsite location in a form which is capable of recreating the data in the event of loss or corruption of the original, and storing the recorded data in a safe location.
Preferably multiple sources are recorded simultaneously, each recorded by a recorder dedicated to an incoming stream of data. The incoming stream of data is separated by a unique encryption key and remains separated from all other streams in order to preserve security of each source of data. It is this encryption key that wraps the data at all stages and secures and protects the data in all three locations - generating, recording and safe deposit.
Preferably the recording is made in a safe location, which is offsite. By "safe location" we mean a secure location such as a security premises from which access is barred to non-authorised personnel. The safe location may contain a storage facility for the recordings, eg. a vault, cell or safe. The recordings may be tapes, disks or equivalents. More usually the recordings are also duplicated and transferred to a locked location elsewhere. It is from either the safe deposit or the recording location that recordings could be transported to the generating location if a restart was necessary. Alternatively, the recording of data could be sourced from the intermediate source (box) or recorder if a restart was necessary.
The generating location may have an intermediate device which stores the generated data temporarily and releases it to the recorder at a different rate. The link between the intermediate device may be a telephone line or an equivalent for the purpose of data transmission.
The apparatus aspect of the invention may comprise an intermediate device for storing data as it is generated and releasing the stored data at a rate compatible with the line connection between the generating location and the recording location.
The intermediate device may have a control for actuating the recorder to repeat the recorded data. More usually initially the tapes or disks will also be physically taken to the generating location and loaded into the computer disk from which the data was taken originally and thus a complete snapshot of data is achieved. The intermediate device may be capable of recovering input from multiple sources, eg. via a LAN.
The intermediate device preferably contains disk capacity to store the generated data and therefore always having a complete snapshot of data, a modem or equivalent for transferring data to the offsite location and a means to test whether a users generated data has been incorporated into the disk capacity.
The intermediate device may also have means to test whether the data is successfully transferring to the offsite location. The device may be capable of testing whether the offsite location is in communication with the generating location. It is useful if the device has means to monitor the connection between the data generating operation and the recording operation by continual intermittent interrogation. The device may be mains powered and with an uninterruptable power source for extra protection and security. The device monitors the recording and transfer operation by sending a data batch which imposes a close to zero load on the network and if the batch fails to arrive within a specified period, an alarm is activated. The alarm may be sent to the network or to persons. The device may monitor if a service starts or stops. The device may also monitor whether the performance falls above or below a predetermined threshold. The device preferably uses encryption and compression to transfer data to the offsite location. The offsite location may use standard recording equipment and decompress transferred data upon receipt. The data may always be protected by the encryption key.
Actuation of the functions of the device may be protected by a key in lock, user name and password protection and encryption key. The device may allow recovery of data transferred to the device for a specified period, say a working week. At all times a complete current snapshot of data would be present in the recording location and the safe deposit as well as incrementals in the device.
BRIEF DESCRIPTION OF THE DRAWINGS
One embodiment of the invention is now described with reference to the accompanying drawings in which: -
Figure 1 is a schematic diagram of the locations.
Figure 2 is a diagram of the parts of the intermediate device.
DETAILED DESCRIPTION WITH RESPECT TO THE DRAWINGS
Referring now to the drawings, the customer has an office with a single PC and/or file server; a single PC and file server; a group of networked PC's; or a group of networked PC's and file server. The office is the generating location. The customer connects each individual PC and/or file server to a LAN and/or switch/hub or to a common intermediate device directly or indirectly to, namely a box containing components to which there is no access. The components are shown in Figure 2. The customer connection is made via the data point. The switch accepts up to 8 PC outputs via an integration card in the case of a customer network/switch/hub failure. A key operated switch allows a power supply to energise a motherboard and a hard disk drive. One LED indicates the power supply is ON. Another LED indicates the hard disk drive is working. This device can also act as a file server in the event there is not one present by using the device as it stands.
Referring to Figure 2, interface control point gives access to keyboard, mouse or video card which permits the box installer to adapt the box to the customer's network. Commands to the intermediate device, namely the box are given from the customer's keyboard that is in turn connected directly or indirectly via a LAN to the data point for instant data retrieval. The disk drive allows stored data to be transferred by a modem to a telephone line and/or equivalent device such as ISDN, DSL or dedicated cable marked "encrypted connection" which connects at the communication point. The software encrypts and compresses and then transfers the day's stored data at close of business to the offsite location, usually a building close enough to the office to cost only a local phone call in its base configuration. This is a standard triple des 128 public private key connection which is guarded by a password. The building may be the HQ of a company providing security services, eg. ARMAGUARD security services. The premises have a recording installation with SONY DDS4 tape recorders and multiple CD writers and/or hot swappable hard disk drives. These are removed manually on a daily basis and/or as they fill and are put in a customers collection at a safe location, such as fireproof safe deposit. Access to the recording installation is further guarded by a key in lock.
The offsite recording location services customers in a metropolitan area or in a rural area and has multiple incoming telephone and/or equivalent telecommunication lines. The same location has an outgoing telephone and/or equivalent telecommunication line to a customer so that the service provider can inform the customer but the telephone numbers and/or equivalent telecommunication of the lines entering the offsite recording location are secret.
If a file is accidentally deleted and the deletion is discovered within 56 days, the device is instructed by the keyboard or mouse to restore the file, just as an operator restores a file from a backup tape in the prior art procedure. If telephone and/or equivalent telecommunication line drops out during backup the associated software establishes a new line and continues the required service from the point of drop out. Thus the customer's records roll over daily until day 56 when they pass beyond instant electronic recall via the intermediate box. The customer's records are merged on a daily basis to give a complete current snapshot of the customer's data at the recording location (operations centre) and permanent tape record and/or CD record and/or hot swappable hard disk in the safe deposit (see Figure 1).
In the event of a catastrophic failure, such as fire or theft of the PCs and/or the box, the permanent tape record and/or CD record and/or hot swappable hard disks available from IBM and SEAGATE are returned from the safe deposit and re-installed on new PCs after the data is decrypted using the customers unique encryption key.
Initially when the service is introduced, an electronic record is made of the customers existing data and then the box is installed.
We have found the advantages of the above embodiments to be:-
1. The system works with all Windows, UNLX and NOVELL MACINTOSH based systems and does not require specialised software.
2. Uses standard parts and does not require significant resources in terms of people or technology.
3. The system is independent of Internet.

Claims

1. A method of preserving electronic data which is created in a generating location, such location having a line connection to an offsite recording location comprising recording the data in an offsite recording location in a form which is capable of recreating the data in the event of loss or corruption of the original.
2. A method as claimed in Claim 1, wherein the offsite recording location is accessible only to authorised personnel.
3. A method as claimed in Claim 2, wherein the offsite recording location lies within the local telephone call radius of the generating location.
4. A method as claimed in Claim 1, wherein the recorded data is stored in a secure location which is different from the offsite location, thereby having at all times three different secure locations of customers complete current snapshot of data.
5. A method as claimed in any one of Claims 1 to 4, wherein the generated data is stored online in an intermediate device at the generating location and is released offline to a recorder at the offsite recording location via the line connection at a suitable rate.
6. A method as claimed in Claim 5, wherein multiple sources are recorded simultaneously at the recording location, each telephone line or incoming data stream being dedicated to an incoming stream of data.
7. A method as claimed in Claim 6, wherein the generated data is stored at the generating location during the current working day and sent as a batch to the recording location.
8. A method as claimed in Claim 7, wherein the recorded data remains recoverable from the recording location by the line connection for up to 56 days.
9. A method as claimed in any one of Claims 4 to 8, wherein the recorded data is merged to create current snapshot of customers data, this snapshot is then copied and removed daily to the secure location.
10. Apparatus for carrying out the method of Claim 1 , comprising means for storing and means for releasing data as it is generated at a generating location and releasing the stored data at a rate compatible with the line connection between the generating location and the recording location.
11. Apparatus as claimed in Claim 10, wherein there is means to compress the generated data via to transferring the data as a batch.
12. Apparatus as claimed in Claim 11, wherein there is means to encrypt the generated data prior to transferring the data as a batch.
13. Apparatus as claimed in any one of Claims 10, 11 or 12, wherein there is means to open and close the line connection with the recording location.
14. Apparatus as claimed in any one of Claims 10 to 13, wherein there is means to reconnect the line if the line drops out during the transfer of data to the recording location.
15. Apparatus as claimed in any one of Claims 10 to 14, wherein there is means to test whether the offsite location is in communication with the generating location.
16. Apparatus as claimed in Claim 15, wherein there is means to monitor the data transfer operation by sending a data batch which imposes a close to zero load on the system and causes an alarm signal if the batch fails to arrive after a predetermined period.
17. Apparatus as claimed in any one of Claims 9 to 16, when powered by an uninterruptable power supply.
18. Apparatus as claimed in any one of Claims 10 to 17, when located in a secure container to which access is denied.
19. Apparatus as claimed in Claim 18, wherein the functions are controlled by a switch protected by a key in lock.
PCT/AU2002/000924 2001-09-20 2002-07-02 Data protection and retrival WO2003025760A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0406543A GB2396723A (en) 2001-09-20 2002-07-02 Data protection and retrival

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPR7837 2001-09-20
AUPR7837A AUPR783701A0 (en) 2001-09-20 2001-09-20 Data protection and retrieval

Publications (1)

Publication Number Publication Date
WO2003025760A1 true WO2003025760A1 (en) 2003-03-27

Family

ID=3831677

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2002/000924 WO2003025760A1 (en) 2001-09-20 2002-07-02 Data protection and retrival

Country Status (3)

Country Link
AU (1) AUPR783701A0 (en)
GB (1) GB2396723A (en)
WO (1) WO2003025760A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993019420A1 (en) * 1992-03-17 1993-09-30 Nomadic Systems, Inc. Remote file access system
US5742792A (en) * 1993-04-23 1998-04-21 Emc Corporation Remote data mirroring
US6044444A (en) * 1996-05-28 2000-03-28 Emc Corporation Remote data mirroring having preselection of automatic recovery or intervention required when a disruption is detected
US6052797A (en) * 1996-05-28 2000-04-18 Emc Corporation Remotely mirrored data storage system with a count indicative of data consistency
US6105042A (en) * 1998-02-13 2000-08-15 Cylex Systems, Inc. Multi-user information management system adapted for efficient, remote, on-demand document management, storage and retrieval
US6145088A (en) * 1996-06-18 2000-11-07 Ontrack Data International, Inc. Apparatus and method for remote data recovery
WO2001035244A1 (en) * 1999-11-11 2001-05-17 Miralink Corporation Flexible remote data mirroring

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993019420A1 (en) * 1992-03-17 1993-09-30 Nomadic Systems, Inc. Remote file access system
US5742792A (en) * 1993-04-23 1998-04-21 Emc Corporation Remote data mirroring
US6044444A (en) * 1996-05-28 2000-03-28 Emc Corporation Remote data mirroring having preselection of automatic recovery or intervention required when a disruption is detected
US6052797A (en) * 1996-05-28 2000-04-18 Emc Corporation Remotely mirrored data storage system with a count indicative of data consistency
US6145088A (en) * 1996-06-18 2000-11-07 Ontrack Data International, Inc. Apparatus and method for remote data recovery
US6105042A (en) * 1998-02-13 2000-08-15 Cylex Systems, Inc. Multi-user information management system adapted for efficient, remote, on-demand document management, storage and retrieval
WO2001035244A1 (en) * 1999-11-11 2001-05-17 Miralink Corporation Flexible remote data mirroring

Also Published As

Publication number Publication date
GB2396723A (en) 2004-06-30
GB0406543D0 (en) 2004-04-28
AUPR783701A0 (en) 2001-10-18

Similar Documents

Publication Publication Date Title
JP5210376B2 (en) Data confidentiality preservation method in fixed content distributed data storage system
JP4107370B2 (en) Distributed data archiving system
US7165154B2 (en) System and method for data backup
US6847982B2 (en) Intelligent data inventory and asset management system method and apparatus
US8098819B2 (en) Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys
US9158467B2 (en) Optional data encryption by partition for a partitionable data storage library
WO2007074431A2 (en) Method and apparatus for securing access to applications
JP4464340B2 (en) Distributed data archiving system
US20100095077A1 (en) Method System and Apparatus for Handling Information Related Applications
US20090183002A1 (en) Method and device for automatically creating backup copies
JP2009506405A (en) Data archiving system
CN101326498A (en) Emergency data preservation services
CN101326824A (en) Method and apparatus for key distribution for secure digital cinema presentations
JP2006301849A (en) Electronic information storage system
US20070106713A1 (en) Hazard protected file backup system
US20040250288A1 (en) Method and apparatus for storing surveillance films
US7805563B2 (en) Tape drive apparatus
WO2003025760A1 (en) Data protection and retrival
AU2002318977A1 (en) Data protection and retrival
JP2002351747A (en) Backup managing method for in-storage data of storage system and storage system equipped with means for implementing the same managing method
EP0650122B1 (en) Remote back-up device and method for numerical data
JP5053748B2 (en) Terminal device usage time management program
JPH09507324A (en) Method for backing up or restoring data or information processing file, and apparatus for implementing the method
WO2007143882A1 (en) N^n data management, access, storage, transfer, exchange and retrieval system (data master)
CN113132691A (en) Video centralized monitoring device and method for cash self-service terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

ENP Entry into the national phase

Ref document number: 0406543

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20020702

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002318977

Country of ref document: AU

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP