WO2003021466A1 - Computer black box - Google Patents

Computer black box Download PDF

Info

Publication number
WO2003021466A1
WO2003021466A1 PCT/US2002/026316 US0226316W WO03021466A1 WO 2003021466 A1 WO2003021466 A1 WO 2003021466A1 US 0226316 W US0226316 W US 0226316W WO 03021466 A1 WO03021466 A1 WO 03021466A1
Authority
WO
WIPO (PCT)
Prior art keywords
outputs
computer
storage medium
microprocessor
computer system
Prior art date
Application number
PCT/US2002/026316
Other languages
French (fr)
Inventor
Yariv Ben-Yehuda
Lupo Wittner
Original Assignee
Friedman, Mark, M.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Friedman, Mark, M. filed Critical Friedman, Mark, M.
Publication of WO2003021466A1 publication Critical patent/WO2003021466A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/038Control and interface arrangements therefor, e.g. drivers or device-embedded control circuitry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Definitions

  • the present invention relates to a computer backup system and, in particular, it concerns a computer backup system and method that works similarly to a "black-box" on board an aircraft.
  • RAM volatile, read-and-write, Random Access Memory
  • work in the RAM can also be lost or corrupted through equipment malfunction, power failure, operator error, and other misadventure. Once work is lost from the RAM for any reason, it normally cannot be recovered.
  • non-volatile memory of which a diskette or hard disk or tape are common examples, may be irrecoverable after a failure of the non- volatile memory, unless the data stored on the non- volatile memory has been backed up to another non- volatile storage medium.
  • Macintosh computers and has no general application. It saves only text and retains no positional information or formatting or manipulating instructions as, for example, from cursor keystrokes or mouse movements.
  • Such non-text information is important in word processing applications, and it is essential, not merely important, to most non- word-processing applications such as spreadsheets, data bases, personal productivity, accounting, graphics, publishing, presentations, and the like.
  • keystrokes saved by GHOSTWRITER are read from disk, they appear arbitrarily in the order in which they were entered, rather than in the places where they belong. For example, all keystrokes inserted to edit a document appear all together, not in the places in the document in which they were originally inserted, and without any information to guide the operator in properly reinserting them manually.
  • the saved text keystrokes are interspersed with numerous square symbols, which represent formatting commands that are not implemented in the GHOSTWRITER system.
  • Such extraneous symbols greatly obfuscate any information content of the saved keystrokes. Therefore, if recovery of work based on a GHOSTWRITER file is possible at all, the process will require a significant amount of time and labor by the operator.
  • a shortcoming of the aforementioned system is that the system relies on the processor of the computer system, thereby taking away valuable processing resources from the computer system.
  • a further shortcoming of the aforementioned system is that the system stores the temporary record on the permanent storage of the computer system. Therefore, if the permanent storage fails the temporary record is lost. Moreover, any work performed after the last backup ofthe permanent storage will also be lost.
  • a further shortcoming of the aforementioned system is that the temporary record is purged from the hard disk once the file associated with the non-command keystrokes and mouse movements has successfully been saved to the hard disk. Therefore, a permanent record ofthe keystrokes and mouse movements is not retained for future reference or retrieval.
  • the present invention is a computer backup system and method of operation thereof.
  • a computer black-box for recording a plurality of outputs of at least one input device of a computer system, the computer system having a storage device for storing at least one file associated with the outputs, the computer system also having a processor, the black-box comprising: (a) a non-volatile storage medium, separate from the storage device of the computer system; and (b) a microprocessor configured to store, in the storage medium, the outputs received from the input device.
  • the microprocessor is separate from the processor ofthe computer system.
  • the microprocessor and the storage medium form an autonomous unit.
  • the microprocessor is configured to transmit the outputs from the input device to the processor of the computer system. According to a further feature of the present invention, there is also provided:
  • an input port configured for operationally connecting the input device to the microprocessor.
  • the input device and the computer system are configured to be operationally connected only via the microprocessor.
  • the microprocessor is configured to store each ofthe outputs in the storage medium with a time tag.
  • the microprocessor is configured to store the outputs in the storage medium such that the outputs are retrievable in a chronological order. According to a further feature of the present invention, the microprocessor is configured to purge the storage medium of data on a first-in first-out basis.
  • a computer system comprising: (a) a processor; (b) at least one input device configured to produce a plurality of outputs for processing by the processor; (c) a storage device configured for storing at least one file associated with the outputs; (d) a black-box having a non-volatile storage medium and a microprocessor, wherein the microprocessor is configured to store, in the storage medium, the outputs received from the at least one input device, and wherein the storage medium is separate from the storage device.
  • the microprocessor is separate from the processor.
  • the at least one input device, the processor and the black box are configured so that the processor receives the outputs from the input device only via the black box.
  • a plurality ofthe input devices including at least a keyboard and a pointing device.
  • a method for recording outputs of a plurality of computer input devices comprising the steps of: (a) creating a record of a plurality of outputs, each of the outputs being produced by one of the plurality of computer input devices, wherein the record is sufficiently permanent that the record is maintained after a computer file associated with the outputs is successfully saved; and (b) retrieving at least part ofthe record.
  • the outputs are stored in the record such that the outputs are retrievable in a chronological order.
  • the deleting is contingent on permission of a user.
  • a method of recording at least one input to a computer system comprising the steps of: (a) operationally connecting the at least one input device to a black box, the black box having a non-volatile storage medium and a microprocessor; and (b) recording a plurality of outputs of the at least one input device, in the non-volatile storage medium, by the microprocessor.
  • Fig. 1 is a schematic diagram of a microprocessor and storage medium of a computer black-box that is constructed and operable in accordance with a preferred embodiment ofthe invention
  • Fig. 2 is a schematic plan view of the exterior of the computer black box of
  • the present invention is a computer backup system and method of operation thereof.
  • the principles and operation of the computer backup system according to the present invention may be better understood with reference to the drawings and the accompanying description.
  • Fig. 1 is a schematic diagram of a microprocessor 10 and a storage medium 12 of a computer black-box 14 that is constructed and operable in accordance with a preferred embodiment ofthe invention.
  • Computer black-box 14 is configured for recording outputs of one or more input devices of a computer system.
  • the input devices are typically a computer keyboard or a pointing device such as a mouse or a trackball.
  • Input devices also include, but are not limited to, modems, scanners and bar code readers.
  • Computer black-box 14 is configured to record all the outputs of the input devices including, but not limited to, keyboard keystrokes, location of a mouse icon and mouse clicks, modem inputs, scanner inputs and barcode inputs.
  • the backup of the present invention is automatic, therefore every command entered into the computer from the keyboard and mouse, or any other form of input, is recorded by computer black-box 14.
  • Microprocessor 10 is configured to store, in storage medium 12, the outputs received from the input devices.
  • Microprocessor 10 is a separate unit from the processor ofthe computer system being monitored, thereby not using up valuable resources of the computer system to record the outputs of the input devices.
  • Storage medium 12 is a non-volatile storage medium.
  • Storage medium 12 is a separate unit from the storage devices of the computer system being monitored.
  • the storage device of the computer system stores files "associated" with the outputs in the form of a final product. In other words, keystrokes and mouse movements and other outputs ofthe input devices are stored in storage medium 12.
  • the files "associated" with the outputs of the input devices are not simply a set of keystrokes but form a complete document
  • the record stored in storage medium 12 is a set of keystrokes and mouse movements and clicks
  • the file stored in the storage device of the computer system is a word processed document ready for editing or printing. Therefore, if the storage devices of the computer system fail the data stored in storage medium 12 is still retained.
  • microprocessor 10 and storage medium 12 are independent ofthe computer system, forming an autonomous unit, the user of the computer system cannot easily override the recording activity of computer black-box 14.
  • microprocessor 10 does not record, in storage medium 12, outputs from the input devices unless the computer system is activated and is ready to receive output from the input devices.
  • Microprocessor 10 and storage medium 12 are typically available as a microprocessor chip with a built in storage medium, such as Cop ⁇ flash Microcontroller (COP8CBR9LNA8) which is commercially available from National Semiconductor Corporation of 2900
  • Storage medium 12 is typically a flash memory with a 10 MB storage capacity. 10
  • MB of -memory is typically capable of recording approximately one month of a skilled typist's work. For example, touch typing at 100 words per minute, with an average of 7 characters per word, requires a memory capacity of 10 MB (100 words per minute x 7 characters per word x 60 minutes per hour x 8 working hours per day x 30 days per month). Therefore, storage medium 12 is capable of storing a large quantity of steps, commands or data.
  • Microprocessor 10 and storage medium 12 are powered by a power supply 15. Power supply 15 is typically a 5N DC power supply.
  • the typical configuration of microprocessor 10 and storage medium 12 is known to those skilled in the art and is shown in Fig. 1.
  • Microprocessor 10 has associated system software. This system software is loaded upon startup of computer black-box 14.
  • This system software runs in the background on microprocessor 10 and records, in storage medium 12, data from the input devices.
  • Programming of microprocessor 10 is known to a skilled system software programmer.
  • Computer black-box 14 includes input ports and output ports for each input device being monitored. Each input port is configured for operationally connecting the relevant input device to microprocessor 10. Each output port is configured for operationally connecting the computer system to microprocessor 10 with respect to one of the input devices. Therefore, the input devices, computer black-box 14 and the computer system are connected in series and not in parallel. In other words, the input devices and the computer system are only operationally connected via microprocessor 10, thereby requiring the user to work with the backup system, in order to ensure constant backup ofthe computer when in use.
  • computer black-box 14 has an input port 20 and an output port 22 for a computer keyboard. Computer black-box 14 also has an input port 24 and an output port 26 for a mouse. It should be noted that computer black-box 14 can be configured to include input and output ports for other input devices as will be apparent to those skilled in the art.
  • computer black-box 14 is installed externally to the CPU box of the computer system.
  • computer black-box 14 has a casing 28 for storing microprocessor 10 and storage medium 12 therein as well as mounting input ports 20, 24 and output ports 22, 26 on casing 28.
  • a computer black box includes a microprocessor and a storage medium, which are installed inside the CPU box of the computer system being monitored.
  • the computer black box does not include input and output ports.
  • the system software which runs on the microprocessor is loaded upon startup of the computer system. This system software runs in the background on the microprocessor and interacts with the BUS of the computer system to record data, in the storage medium, from the input devices.
  • Computer black-box 14 creates a record of the outputs of the input devices.
  • the record of the outputs is sufficiently permanent that the record is maintained after a computer file associated with the outputs is successfully saved. In other words, the data stored in storage medium 12 is not purged after files are saved or closed nor after applications are closed. It should be noted that a record of keystrokes and mouse movements and other outputs of input devices is described by Billings, et al.
  • the temporary record of the outputs ofthe input devices is purged of the relevant data when the user successfully saves the file the user is working on. Therefore, in Billings et al. no long-term record of the outputs is maintained.
  • applications like GHOSTWRITER record simple keystrokes as a long-term record, these applications do not record the outputs of other input devices.
  • the data stored in storage medium 12 includes the outputs of all input devices and is available for future use, such as restoring work performed after a computer failure, such as hard disk or RAM failure or simply a deletion error by a user.
  • a network supervisor is able to search the long-term record for unauthorized computer access or usage.
  • the storage of the outputs in storage medium 12 is performed on a chronological basis to enable simpler recovery of the data if needed.
  • the outputs are also stored in storage medium 12 with a time tag, including the date and time of the storage, to enable recovery of data by storage date and time.
  • the current date and time are retrieved from the computer system at the start up of the computer system.
  • Microprocessor 10 then keeps track of this time using an internal timer.
  • Fig. 2 is a schematic plan view ofthe exterior of computer black-box 14 of Fig. 1.
  • the current date and time are inputted by the user through a user interface 30.
  • User interface 30 includes a display device 32, which is configured to display messages from microprocessor 10 to the user.
  • User interface 30 also includes a keypad 34, which is configured to allow the user to communicate to microprocessor 10.
  • the display device is the monitor of the computer system and the keypad is the keyboard ofthe computer system.
  • the required part of the record stored on storage medium 12 is retrieved.
  • Retrieval of the record stored on storage medium 12 is typically managed by system software which is installed on the computer system.
  • the computer system displays the data available in storage medium 12 for retrieval.
  • the user is then prompted for the start date and time for the data retrieval.
  • microprocessor 10 reconstructs the outputs of the input devices, by simulating the outputs which were originally produced. For example, all the keystrokes of the keyboard and movement and clicks of the mouse are reconstructed by microprocessor 10 simulating the stored outputs ofthe mouse and keyboard.
  • the retrieval is automatic, whereby all outputs are reconstructed, including print commands and sending emails.
  • the retrieval process is semiautomatic, whereby the user is prompted before performing certain procedures, such as printing and sending emails, which can be overridden.
  • Programming ofthe system software to perform the above steps is known to a skilled system software programmer.
  • the system software running on microprocessor 10 when storage medium 12 is full, the system software running on microprocessor 10 is configured to purge the data which is stored in storage medium 12 on a first-in first- out basis.
  • the system software, which is running on microprocessor 10 informs the user that storage medium 12 is full by displaying a message on display device 32. Then, the system software, which is running on microprocessor 10, requests of the user, via display device 32, to backup the files on the hard disk of the computer system. Confirmation of the successful backup of the files on the hard drive is typically confirmed by a systems supervisor who enters a required password via keypad 34 or by using a key or similar security device.
  • Confirmation of the backup of the files can also be configured to be automatic by programming the systems software, which is running on microprocessor 10 to check for successful backup of files on the computer system.
  • the system software asks the user, via display device 32, for permission to purge part or all of the data which is stored in storage medium 12. Permission to purge the data of storage medium 12 is restricted and is typically performed by a systems supervisor or the equivalent by entering a password via keypad 34 or by using a key or similar security device. If the backup of the hard disk is not performed or if supervisor override is not invoked to bypass the backup, then the input devices of the computer system, for example the mouse and keyboard, are locked to prevent unauthorized use ofthe computer system.

Abstract

A computer black box (28), for recording outputs of at least one input device of a computer system, includes a non-volatile storage medium and a microprocessor. The black box (28) has a keyboard (34), a display (32), input lines (22, 26), and output lines (20, 24).

Description

COMPUTER BLACK BOX
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to a computer backup system and, in particular, it concerns a computer backup system and method that works similarly to a "black-box" on board an aircraft.
Loss of work in information processing devices has long been a serious problem, and many attempts have been made to solve it. Such work resides in volatile, read-and-write, Random Access Memory ("RAM") which is automatically erased if power fails. Work in the RAM can also be lost or corrupted through equipment malfunction, power failure, operator error, and other misadventure. Once work is lost from the RAM for any reason, it normally cannot be recovered. Moreover, even work which has been saved to non-volatile memory, of which a diskette or hard disk or tape are common examples, may be irrecoverable after a failure of the non- volatile memory, unless the data stored on the non- volatile memory has been backed up to another non- volatile storage medium. Traditional methods of dealing with this problem involve auto-save techniques as well as enforcing frequent backups of a computer hard disk. However, work performed between saves of a file to the hard disk or between backups of the hard disk may be irrecoverable if a failure occurs. In addition, in many environments, it is desirable to track the use of a computer to tell whether or not "unauthorized" processes are being carried out on the computer. An interactive spelling, thesaurus, and shorthand glossary software product from Baseline Publishing, Inc., sold under the trademark THUNDER 1, includes a module, trademarked GHOSTWRITER, which can save text keystrokes to disk files as they are entered, and such files can assist in partially recovering lost work. This product has several drawbacks. It is dependent upon the specific attributes of Apple
Macintosh computers and has no general application. It saves only text and retains no positional information or formatting or manipulating instructions as, for example, from cursor keystrokes or mouse movements. Such non-text information is important in word processing applications, and it is essential, not merely important, to most non- word-processing applications such as spreadsheets, data bases, personal productivity, accounting, graphics, publishing, presentations, and the like. Thus, when keystrokes saved by GHOSTWRITER are read from disk, they appear arbitrarily in the order in which they were entered, rather than in the places where they belong. For example, all keystrokes inserted to edit a document appear all together, not in the places in the document in which they were originally inserted, and without any information to guide the operator in properly reinserting them manually. Also, when displayed, the saved text keystrokes are interspersed with numerous square symbols, which represent formatting commands that are not implemented in the GHOSTWRITER system. Such extraneous symbols greatly obfuscate any information content of the saved keystrokes. Therefore, if recovery of work based on a GHOSTWRITER file is possible at all, the process will require a significant amount of time and labor by the operator.
Of most relevance to the present invention is United States Patent no. 5,682,471 to Billings, et al. This invention teaches a system for preventing permanent loss of work from a volatile memory by creating a temporary record, on the hard disk of the computer, of substantially all keystrokes and mouse movements. If the computer system crashes and the work that was stored in the RAM is lost, the lost work is recreated by applying the keystrokes and mouse movements which are stored in the temporary record. It should be noted that keystrokes are not enough to recreate the work as the position of the cursor as well as other commands and steps are activated by movement and clicks ofthe mouse. This temporary record is purged from the hard disk once the file associated with the non-command keystrokes and mouse movements has successfully been saved to the hard disk. The system of Billings, et al. is a software based system and utilizes the processor and permanent storage facilities of the computer system itself.
A shortcoming of the aforementioned system is that the system relies on the processor of the computer system, thereby taking away valuable processing resources from the computer system.
A further shortcoming of the aforementioned system is that the system stores the temporary record on the permanent storage of the computer system. Therefore, if the permanent storage fails the temporary record is lost. Moreover, any work performed after the last backup ofthe permanent storage will also be lost.
Another shortcoming of the aforementioned system is that the system relies on software running on the processor of the computer system to create and build the temporary record. This system software slows down other processes, as well as enabling the user of the computer system to override the software to prevent the system from recording the user's keystrokes and mouse movements.
A further shortcoming of the aforementioned system is that the temporary record is purged from the hard disk once the file associated with the non-command keystrokes and mouse movements has successfully been saved to the hard disk. Therefore, a permanent record ofthe keystrokes and mouse movements is not retained for future reference or retrieval.
There is therefore a need for a system to create and maintain a long-term record ofthe outputs of computer input devices.
SUMMARY OF THE INVENTION
The present invention is a computer backup system and method of operation thereof.
According to the Teachings of the present invention there is provided, a computer black-box for recording a plurality of outputs of at least one input device of a computer system, the computer system having a storage device for storing at least one file associated with the outputs, the computer system also having a processor, the black-box comprising: (a) a non-volatile storage medium, separate from the storage device of the computer system; and (b) a microprocessor configured to store, in the storage medium, the outputs received from the input device. According to a further feature of the present invention, the microprocessor is separate from the processor ofthe computer system.
According to a further feature ofthe present invention, the microprocessor and the storage medium form an autonomous unit.
According to a further feature of the present invention, the microprocessor is configured to transmit the outputs from the input device to the processor of the computer system. According to a further feature of the present invention, there is also provided:
(c) an output port configured for operationally connecting the computer system to the microprocessor.
According to a further feature of the present invention, there is also provided: (c) an input port configured for operationally connecting the input device to the microprocessor.
According to a further feature of the present invention, the input device and the computer system are configured to be operationally connected only via the microprocessor. According to a further feature of the present invention, the microprocessor is configured to store each ofthe outputs in the storage medium with a time tag.
According to a further feature of the present invention, the microprocessor is configured to store the outputs in the storage medium such that the outputs are retrievable in a chronological order. According to a further feature of the present invention, the microprocessor is configured to purge the storage medium of data on a first-in first-out basis.
According to a further feature of the present invention, there is also provided:
(c) a software program configured to request that a user back up at least one file associated with the outputs when the storage medium is substantially full. According to a further feature of the present invention, there is also provided:
(c) a software program configured to ask a user for permission to purge at least part of a data set stored in the storage medium when the storage medium is substantially full.
According to the teachings of the present invention there is also provided, a computer system, comprising: (a) a processor; (b) at least one input device configured to produce a plurality of outputs for processing by the processor; (c) a storage device configured for storing at least one file associated with the outputs; (d) a black-box having a non-volatile storage medium and a microprocessor, wherein the microprocessor is configured to store, in the storage medium, the outputs received from the at least one input device, and wherein the storage medium is separate from the storage device.
According to a further feature of the present invention, the microprocessor is separate from the processor.
-According to a further feature of the present invention, the at least one input device, the processor and the black box are configured so that the processor receives the outputs from the input device only via the black box.
According to a further feature ofthe present invention, there is also provided a plurality ofthe input devices including at least a keyboard and a pointing device.
According to the teachings of the present invention there is also provided, a method for recording outputs of a plurality of computer input devices, comprising the steps of: (a) creating a record of a plurality of outputs, each of the outputs being produced by one of the plurality of computer input devices, wherein the record is sufficiently permanent that the record is maintained after a computer file associated with the outputs is successfully saved; and (b) retrieving at least part ofthe record.
According to a further feature of the present invention, there is also provided the step of: (c) transmitting at least one ofthe outputs to a computer system only after the at least one output has been written to the record.
According to a further feature of the present invention, there is also provided the step of: (c) creating a time tag for each of the outputs which is created in the record. According to a further feature of the present invention, the outputs are stored in the record such that the outputs are retrievable in a chronological order.
According to a further feature of the present invention, there is also provided the step of: (c) purging the record on a first-in first-out basis. According to a further feature of the present invention, there is also provided the step of: (c) backing up at least one file associated with the outputs when a storage medium which is storing the record is substantially full.
-According to a further feature of the present invention, there is also provided the step of: (c) deleting at least part of the record when a storage medium which is storing the record is substantially full.
According to a further feature of the present invention the deleting is contingent on permission of a user.
According to a further feature ofthe present invention, there is also provided a method of recording at least one input to a computer system, the computer system having at least one input device and a processor, the method comprising the steps of: (a) operationally connecting the at least one input device to a black box, the black box having a non-volatile storage medium and a microprocessor; and (b) recording a plurality of outputs of the at least one input device, in the non-volatile storage medium, by the microprocessor. According to a further feature of the present invention, there is also provided the step of: (c) prior to the recording, operationally connecting the black box to the processor, such that the at least one input device and the processor are operationally connected only via the microprocessor. According to a further feature of the present invention, there is also provided the step of:(c) transmitting at least one ofthe outputs to the processor only after the at least one output has been written to the storage medium.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
Fig. 1 is a schematic diagram of a microprocessor and storage medium of a computer black-box that is constructed and operable in accordance with a preferred embodiment ofthe invention; and Fig. 2 is a schematic plan view of the exterior of the computer black box of
Fig. 1.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention is a computer backup system and method of operation thereof. The principles and operation of the computer backup system according to the present invention may be better understood with reference to the drawings and the accompanying description.
Reference is now made to Fig. 1, which is a schematic diagram of a microprocessor 10 and a storage medium 12 of a computer black-box 14 that is constructed and operable in accordance with a preferred embodiment ofthe invention. Computer black-box 14 is configured for recording outputs of one or more input devices of a computer system. The input devices are typically a computer keyboard or a pointing device such as a mouse or a trackball. Input devices also include, but are not limited to, modems, scanners and bar code readers. Computer black-box 14 is configured to record all the outputs of the input devices including, but not limited to, keyboard keystrokes, location of a mouse icon and mouse clicks, modem inputs, scanner inputs and barcode inputs. In addition, the backup of the present invention is automatic, therefore every command entered into the computer from the keyboard and mouse, or any other form of input, is recorded by computer black-box 14.
Microprocessor 10 is configured to store, in storage medium 12, the outputs received from the input devices. Microprocessor 10 is a separate unit from the processor ofthe computer system being monitored, thereby not using up valuable resources of the computer system to record the outputs of the input devices. Storage medium 12 is a non-volatile storage medium. Storage medium 12 is a separate unit from the storage devices of the computer system being monitored. The storage device of the computer system stores files "associated" with the outputs in the form of a final product. In other words, keystrokes and mouse movements and other outputs ofthe input devices are stored in storage medium 12. However, the files "associated" with the outputs of the input devices are not simply a set of keystrokes but form a complete document For example, if a user is producing a word-processed document, the record stored in storage medium 12 is a set of keystrokes and mouse movements and clicks, whereas the file stored in the storage device of the computer system is a word processed document ready for editing or printing. Therefore, if the storage devices of the computer system fail the data stored in storage medium 12 is still retained. Moreover, as microprocessor 10 and storage medium 12 are independent ofthe computer system, forming an autonomous unit, the user of the computer system cannot easily override the recording activity of computer black-box 14. It should be noted that although computer black-box 14 is an autonomous unit, microprocessor 10 does not record, in storage medium 12, outputs from the input devices unless the computer system is activated and is ready to receive output from the input devices. Microprocessor 10 and storage medium 12 are typically available as a microprocessor chip with a built in storage medium, such as Copδflash Microcontroller (COP8CBR9LNA8) which is commercially available from National Semiconductor Corporation of 2900
Semiconductor Drive, P.O. Box 58090, Santa Clara, California, USA 95052-8090.
Storage medium 12 is typically a flash memory with a 10 MB storage capacity. 10
MB of -memory is typically capable of recording approximately one month of a skilled typist's work. For example, touch typing at 100 words per minute, with an average of 7 characters per word, requires a memory capacity of 10 MB (100 words per minute x 7 characters per word x 60 minutes per hour x 8 working hours per day x 30 days per month). Therefore, storage medium 12 is capable of storing a large quantity of steps, commands or data. Microprocessor 10 and storage medium 12 are powered by a power supply 15. Power supply 15 is typically a 5N DC power supply. The typical configuration of microprocessor 10 and storage medium 12 is known to those skilled in the art and is shown in Fig. 1. Microprocessor 10 has associated system software. This system software is loaded upon startup of computer black-box 14. This system software runs in the background on microprocessor 10 and records, in storage medium 12, data from the input devices. Programming of microprocessor 10 is known to a skilled system software programmer. Computer black-box 14 includes input ports and output ports for each input device being monitored. Each input port is configured for operationally connecting the relevant input device to microprocessor 10. Each output port is configured for operationally connecting the computer system to microprocessor 10 with respect to one of the input devices. Therefore, the input devices, computer black-box 14 and the computer system are connected in series and not in parallel. In other words, the input devices and the computer system are only operationally connected via microprocessor 10, thereby requiring the user to work with the backup system, in order to ensure constant backup ofthe computer when in use. Therefore, outputs received from the input devices are received by microprocessor 10 and are stored by microprocessor 10 in storage medium 12. Then, microprocessor 10 transmits the outputs which were received from the input devices to the processor of the computer system. However, the delay caused by the transfer of data via microprocessor 10 is negligible and is not noticeable to the user. By way of example, computer black-box 14 has an input port 20 and an output port 22 for a computer keyboard. Computer black-box 14 also has an input port 24 and an output port 26 for a mouse. It should be noted that computer black-box 14 can be configured to include input and output ports for other input devices as will be apparent to those skilled in the art. In accordance with a most preferred embodiment of the present invention computer black-box 14 is installed externally to the CPU box of the computer system. In this most preferred embodiment, computer black-box 14 has a casing 28 for storing microprocessor 10 and storage medium 12 therein as well as mounting input ports 20, 24 and output ports 22, 26 on casing 28. In accordance with an alternate embodiment of the present invention, a computer black box includes a microprocessor and a storage medium, which are installed inside the CPU box of the computer system being monitored. In this alternate embodiment, the computer black box does not include input and output ports. In this alternate embodiment, the system software which runs on the microprocessor is loaded upon startup of the computer system. This system software runs in the background on the microprocessor and interacts with the BUS of the computer system to record data, in the storage medium, from the input devices.
Computer black-box 14 creates a record of the outputs of the input devices.
The record of the outputs is sufficiently permanent that the record is maintained after a computer file associated with the outputs is successfully saved. In other words, the data stored in storage medium 12 is not purged after files are saved or closed nor after applications are closed. It should be noted that a record of keystrokes and mouse movements and other outputs of input devices is described by Billings, et al.
However, in Billings et al. the temporary record of the outputs ofthe input devices is purged of the relevant data when the user successfully saves the file the user is working on. Therefore, in Billings et al. no long-term record of the outputs is maintained. It should also be noted that although applications like GHOSTWRITER record simple keystrokes as a long-term record, these applications do not record the outputs of other input devices. However, according to the present invention, the data stored in storage medium 12 includes the outputs of all input devices and is available for future use, such as restoring work performed after a computer failure, such as hard disk or RAM failure or simply a deletion error by a user. Moreover, a network supervisor is able to search the long-term record for unauthorized computer access or usage. The storage of the outputs in storage medium 12 is performed on a chronological basis to enable simpler recovery of the data if needed. The outputs are also stored in storage medium 12 with a time tag, including the date and time of the storage, to enable recovery of data by storage date and time. In accordance with a preferred embodiment of the present invention, the current date and time are retrieved from the computer system at the start up of the computer system. Microprocessor 10 then keeps track of this time using an internal timer. Reference is additionally made to Fig. 2, which is a schematic plan view ofthe exterior of computer black-box 14 of Fig. 1. In accordance with a preferred embodiment of the present invention, the current date and time are inputted by the user through a user interface 30. User interface 30 includes a display device 32, which is configured to display messages from microprocessor 10 to the user. User interface 30 also includes a keypad 34, which is configured to allow the user to communicate to microprocessor 10. In the preferred alternate embodiment of the invention where the microprocessor and the storage medium are installed within the
CPU box of the computer system, the display device is the monitor of the computer system and the keypad is the keyboard ofthe computer system.
When needed, the required part of the record stored on storage medium 12 is retrieved. Retrieval of the record stored on storage medium 12 is typically managed by system software which is installed on the computer system. The computer system displays the data available in storage medium 12 for retrieval. The user is then prompted for the start date and time for the data retrieval. Then microprocessor 10 reconstructs the outputs of the input devices, by simulating the outputs which were originally produced. For example, all the keystrokes of the keyboard and movement and clicks of the mouse are reconstructed by microprocessor 10 simulating the stored outputs ofthe mouse and keyboard. In accordance with a preferred embodiment ofthe present invention, the retrieval is automatic, whereby all outputs are reconstructed, including print commands and sending emails. However, in accordance with a most preferred embodiment of the present invention, the retrieval process is semiautomatic, whereby the user is prompted before performing certain procedures, such as printing and sending emails, which can be overridden. Programming ofthe system software to perform the above steps is known to a skilled system software programmer.
In accordance with a preferred embodiment of the present invention, when storage medium 12 is full, the system software running on microprocessor 10 is configured to purge the data which is stored in storage medium 12 on a first-in first- out basis. In accordance with a most preferred embodiment of the present invention, when storage medium 12 is full, the system software, which is running on microprocessor 10, informs the user that storage medium 12 is full by displaying a message on display device 32. Then, the system software, which is running on microprocessor 10, requests of the user, via display device 32, to backup the files on the hard disk of the computer system. Confirmation of the successful backup of the files on the hard drive is typically confirmed by a systems supervisor who enters a required password via keypad 34 or by using a key or similar security device. Confirmation of the backup of the files can also be configured to be automatic by programming the systems software, which is running on microprocessor 10 to check for successful backup of files on the computer system. After backup of the hard disk is successfully performed, the system software asks the user, via display device 32, for permission to purge part or all of the data which is stored in storage medium 12. Permission to purge the data of storage medium 12 is restricted and is typically performed by a systems supervisor or the equivalent by entering a password via keypad 34 or by using a key or similar security device. If the backup of the hard disk is not performed or if supervisor override is not invoked to bypass the backup, then the input devices of the computer system, for example the mouse and keyboard, are locked to prevent unauthorized use ofthe computer system. It will be appreciated by persons skilled in the art that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and sub-combinations of the various features described hereinabove, as well as variations and modifications thereof that are not in the prior art which would occur to persons skilled in the art upon reading the foregoing description.

Claims

WHAT IS CLAIMED IS:
1. A computer black-box for recording a plurality of outputs of at least one input device of a computer system, the computer system having a storage device for storing at least one file associated with the outputs, the computer system also having a processor, the black-box comprising:
(a) a non-volatile storage medium, separate from the storage device of the computer system; and
(b) a microprocessor configured to store, in said storage medium, the outputs received from the input device.
2. The computer black box of claim 1, wherein said microprocessor is separate from the processor ofthe computer system.
3. The computer black box of claim 1, wherein said microprocessor and said storage medium form an autonomous unit.
4. The computer black box of claim 1, wherein said microprocessor is configured to transmit the outputs from the input device to said processor of the computer system.
5. The computer black-box of claim 4, further comprising:
(c) an output port configured for operationally connecting the computer system to said microprocessor.
6. The computer black-box of claim 1, further comprising:
(c) an input port configured for operationally connecting the input device to said microprocessor.
7. The computer black box of claim 1 , wherein the input device and the computer system are configured to be operationally connected only via said microprocessor.
8. The computer black box of claim 1, wherein said microprocessor is configured to store each ofthe outputs in said storage medium with a time tag.
9. The computer black-box of claim 1, wherein said microprocessor is configured to store the outputs in said storage medium such that the outputs are retrievable in a chronological order.
10. The computer black box of claim 1, wherein said microprocessor is configured to purge said storage medium of data on a first-in first-out basis.
11. The computer black-box of claim 1 , further comprising:
(c) a software program configured to request that a user back up at least one file associated with said outputs when said storage medium is substantially full.
12. The computer black-box of claim 1 , further comprising:
(c) a software program configured to ask a user for permission to purge at least part of a data set stored in said storage medium when said storage medium is substantially full.
13. A computer system, comprising:
(a) a processor;
(b) at least one input device configured to produce a plurality of outputs for processing by said processor;
(c) a storage device configured for storing at least one file associated with said outputs; and
(d) a black-box having a non-volatile storage medium and a microprocessor, .wherein said microprocessor is configured to store, in said storage medium, said outputs received from said at least one input device, and wherein said storage medium is separate from said storage device.
14. The computer system of claim 13, wherein said microprocessor is separate from said processor.
15. The computer system of claim 13, wherein said at least one input device, said processor and said black box are configured so that said processor receives said outputs from said input device only via said black box.
16. The computer system of claim 13, comprising a plurality of said input devices including at least a keyboard and a pointing device.
17. A method for recording outputs of a plurality of computer input devices, comprising the steps of:
(a) creating a record of a plurality of outputs, each of said outputs being produced by one of the plurality of computer input devices, wherein said record is sufficiently permanent that said record is maintained after a computer file associated with said outputs is successfully saved; and
(b) retrieving at least part of said record.
18. The method of claim 17, further comprising the step of:
(c) transmitting at least one of said outputs to a computer system only after said at least one output has been written to said record.
19. The method of claim 11, further comprising the step of:
(c) creating a time tag for each of said outputs which is created in said record.
20. The method of claim 17, wherein said outputs are stored in said record such that said outputs are retrievable in a chronological order.
21. The method of claim 17, further comprising the step of: (c) purging said record on a first-in first-out basis.
22. The method of claim 17, further comprising the step of:
(c) backing up at least one file associated with said outputs when a storage medium which is storing said record is substantially full.
23. The method of claim 22, further comprising the step of:
(c) deleting at least part of said record when a storage medium which is storing said record is substantially full.
24. The method of claim 23, wherein said deleting is contingent on permission of a user.
25. A method of recording at least one input to a computer system, the computer system having at least one input device and a processor, the method comprising the steps of:
(a) operationally connecting the at least one input device to a black box, said black box having a non- volatile storage medium and a microprocessor; and
(b) recording a plurality of outputs of the at least one input device, in said nonvolatile storage medium, by said microprocessor.
26. The method of claim 25, further comprising the step of:
(c) prior to said recording, operationally connecting said black box to the processor, such that the at least one input device and the processor are operationally connected only via said microprocessor.
27. The method of claim 25, further comprising the step of:
(c) transmitting at least one of said outputs to the processor only after said at least one output has been written to said storage medium.
PCT/US2002/026316 2001-08-28 2002-08-19 Computer black box WO2003021466A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US31504001P 2001-08-28 2001-08-28
US60/315,040 2001-08-28

Publications (1)

Publication Number Publication Date
WO2003021466A1 true WO2003021466A1 (en) 2003-03-13

Family

ID=23222603

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/026316 WO2003021466A1 (en) 2001-08-28 2002-08-19 Computer black box

Country Status (1)

Country Link
WO (1) WO2003021466A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2184697A1 (en) * 2008-10-23 2010-05-12 Hung-Chien Chou Real-time data protection method and data protection device for implementing the same

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4604711A (en) * 1982-07-23 1986-08-05 Sundstrand Data Control, Inc. Aircraft flight data display system
US4729102A (en) * 1984-10-24 1988-03-01 Sundstrand Data Control, Inc. Aircraft data acquisition and recording system
US5798458A (en) * 1996-10-11 1998-08-25 Raytheon Ti Systems, Inc. Acoustic catastrophic event detection and data capture and retrieval system for aircraft

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4604711A (en) * 1982-07-23 1986-08-05 Sundstrand Data Control, Inc. Aircraft flight data display system
US4729102A (en) * 1984-10-24 1988-03-01 Sundstrand Data Control, Inc. Aircraft data acquisition and recording system
US5798458A (en) * 1996-10-11 1998-08-25 Raytheon Ti Systems, Inc. Acoustic catastrophic event detection and data capture and retrieval system for aircraft
US6009356A (en) * 1996-10-11 1999-12-28 Raytheon Ti Systems Wireless transducer data capture and retrieval system for aircraft

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2184697A1 (en) * 2008-10-23 2010-05-12 Hung-Chien Chou Real-time data protection method and data protection device for implementing the same

Similar Documents

Publication Publication Date Title
AU700681B2 (en) A method of operating a computer system
US7069466B2 (en) Method and system for copying backup data
EP2788876B1 (en) System and method for restoring application data
US5638509A (en) Data storage and protection system
EP2102750B1 (en) System and method for creating copies of data, such as archive copies
US7237075B2 (en) Persistent snapshot methods
US20040193953A1 (en) Method, system, and program for maintaining application program configuration settings
US20060107006A1 (en) Persistent snapshot management system
CA2444685A1 (en) System and method for improving the efficiency, comfort, and/or reliability in operating systems, such as for example windows
US8721738B1 (en) System and method for ensuring security of data stored on data storage devices
US7620785B1 (en) Using roll-forward and roll-backward logs to restore a data volume
US7739464B1 (en) Consistent backups of data using a roll-back log
US8528105B1 (en) System and method for ensuring security of data stored on electronic computing devices
US7567993B2 (en) Method and system for creating and using removable disk based copies of backup data
US20100138932A1 (en) Data protecting method and computing apparatus
US7441153B1 (en) Method and system for secure and reliable event logging
CN102073554A (en) Method and device for recovering files closed abnormally
US7437387B2 (en) Method and system for providing a file system overlay
WO2003021466A1 (en) Computer black box
US7865472B1 (en) Methods and systems for restoring file systems
CN111858185B (en) Computer information backup and restoration system
US8725970B2 (en) System and method for backing up data
Baharudin et al. NPC-WIPER: File Wiper Tool using Non Printable Characters
JPH11212845A (en) Device and method for backup data management and recording medium
Walters et al. Database Backup Strategies

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP