Patent Application
20110268265
This disclosure relates generally to data security, and more particularly to system and method for data security when writing data to a removable media such as a disk or other media.
When a compact disk (CD), digital video disk (DVD) or other disk media is “burned”, (i.e. files are copied to the disk), it is possible to burn more files to the same disk at a later time, hiding the original data. For convenience and simplicity, disk media of any type is hereinafter referred to as a “CD”. If a CD is burned more than once, only the new, recently burned files should be accessible when a representation of the contents of the disk is displayed by a computer. However, some or all of the original files may still be intact on the CD and can be retrieved by numerous file retrieval programs.
In general, this document discloses a system and method for burning data to a CD so that unused space of the CD cannot be written onto later to hide the earlier burned data. This system and method ensures that a CD can only be burned once, thereby providing a robust measure of security, reliability and integrity of the data burned on the CD.
In one aspect, a method for secure writing to a disk is presented. The method includes the steps of providing live data for being written to the disk, determining a free space of the disk after the live data is written to the disk, and generating random bits to fill the free space. The method further includes writing at least some of the random bits to fill the free space of the disk in a first part of a write process, and writing the live data to the disk in a second part of the write process adapted to begin at a terminus of the free space on the disk and continue until all of the live data is written to the disk.
In another aspect, a system for secure writing to a disk is presented. The system includes a memory that stores live data for being written to the disk, a processor that determines a free space of the disk after the live data is written to the disk, and a random bit generator that generates random bits in a quantity sufficient to fill the free space. The system further includes a data writer under control of the processor for accessing the live data from the memory, for writing at least some of the random bits to fill the free space of the disk in a first part of a write process, and for writing the live data to the disk in a second part of the write process adapted to begin at a terminus of the free space on the disk and continue until all of the live data is written to the disk.
The details of one or more embodiments are set forth in the accompanying drawings and the description below. Other features and advantages will be apparent from the description and drawings, and from the claims.
These and other aspects will now be described in detail with reference to the following drawings.
Like reference symbols in the various drawings indicate like elements.
This document describes a system and method for writing data to a disk, so that unused space of the disk cannot be written onto later to hide yet not eliminate the earlier burned data, and ensuring that a disk can only be burned once. Accordingly, the system and method described herein provides a robust measure of security, reliability and integrity of the data burned on the disk.
As used herein, the term “bit” represents the smallest unit of digital computer information, i.e. a single “1” or a “0”. Data is referred to as an arrangement of bits on computer-readable media to form information, such as documents, programs. One form of data used herein is “live data,” which is a term used in this document to describe information that is intentionally generated for a specific purpose, and is the important data to be securely written to a disk. Another form of data is referred to herein as “dummy data,” which term refers to a collection of randomly-generated bits that provide no intentional information.
Arrows such as 142 represent a system communication bus architecture of the computer system 100. However, these arrows are merely illustrative of an interconnection or communication scheme serving to link the subsystems. Computer system 100 shown in
Whether in a computer network 200 as illustrated in
Additionally, the disk writer 210 may include various hardware modules, or combination of hardware and software, for physically writing live data from the data store 212 to the disk 214, including a disk writer 216. The disk writer 216 is under control of an administration control panel 220 that provides controls in a customizable user interface for a user, such as, for example, to display 105 of monitor 103, and which translates user inputs to the user interface into commands.
Exemplary controls include: settings for available disk media to use (i.e. CD-R vs. CD-RW, DVD, etc.); options for which users are allowed writing capabilities, such as by account (local, Network or network group, etc.); and an option to save data that has been written to a network drive, whether at the time the disk is being written to or at another time. If data is stored to a network drive, then the entire live data or just the file name(s) and size(s) of the live data can be selected to be saved. If a “network copy” function is turned on and there is no network conductivity, then the secure disk writer 210 will be inoperable.
The disk media security system 250 further includes a random bit generator 218, also under control of the administrative control panel 220. To write the live data onto the disk 214 securely, i.e., where it is impossible for any user to burn more files to the same disk at later time to hide the original data, the live data is placed at the end of the available sectors of the disk so that the writing process cannot be stopped early. Random bits from the random bit generator 218 are then written to the disk to fill all the unused space or sectors of the disk. Data written to the disk 214 can be encrypted according to any number of policies, whether on a standalone computer system or on a network.
At 308, random bits are generated, in an amount necessary to fill a remaining free space of the disk after the desired live data has been completely written to a live space the disk. At 310, live data is written to the disk, beginning at the end of the available space or sectors of the disk to not overwrite any data already written to the disk, and any unused space on the disk after the live data has been written, as computed at 306, is filled with dummy data until the entire disk is filled with data, either live data or random bits of dummy data, at 312. Accordingly, all available space on the disk is used so that it does not have any space available to write new data that would hide original data. In various alternative implementations, the dummy data can be written before, after, or any combination of before and after the live data.
At 404, the control panel provides a selection of the disk media on which live data is to be securely written to not allow data to be hidden on the disk. The selection of disk media can include CD-R, CD-RW, DVD, etc. At 406, the control panel provides selections of data burning and encryption capabilities, so that a user can select, among other options, whether the disk writing is to be done locally or over a network, the level of security related to an allowable user, which encryption protocol may be used, etc.
Use of a network to burn data to a disk, or to save a copy of the data to another memory device, requires additional security measures. At 408, the control panel provides an option for the live data to be copied or saved to another memory or network storage. If the user does not want to generate a network copy, at 412, the disk media security system burns the disk according to the security protocol described above with reference to
Some or all of the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of them. If implemented in part as software, installation of the software can include a simple script or document with administrative settings for easy installation and standardized configuration.
Variations of the disk media security system and method can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium, e.g., a machine readable storage device, a machine readable storage medium, a memory device, or a machine-readable propagated signal, for execution by, or to control the operation of, data processing apparatus.
The term “data processing apparatus” encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. The apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of them. A propagated signal is an artificially generated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus.
A computer program (also referred to as a program, software, an application, a software application, a script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.
The processes and logic flows described in this specification can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).
Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to, a communication interface to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio player, a Global Positioning System (GPS) receiver, to name just a few. Information carriers suitable for embodying computer program instructions and data include all forms of non volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
To provide for interaction with a user, embodiments of the invention can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
Embodiments of the invention can be implemented in a computing system that includes a back end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the invention, or any combination of such back end, middleware, or front end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
Certain features which, for clarity, are described in this specification in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features which, for brevity, are described in the context of a single embodiment, may also be provided in multiple embodiments separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Particular embodiments of the invention have been described. Other embodiments are within the scope of the following claims. For example, the steps recited in the claims can be performed in a different order and still achieve desirable results. In addition, embodiments of the invention are not limited to database architectures that are relational; for example, the invention can be implemented to provide indexing and archiving methods and systems for databases built on models other than the relational model, e.g., navigational databases or object oriented databases, and for databases having records with complex attribute structures, e.g., object oriented programming objects or markup language documents. The processes described may be implemented by applications specifically performing archiving and retrieval functions or embedded within other applications.
