PatentDe  


Dokumentenidentifikation EP0813150 02.10.2003
EP-Veröffentlichungsnummer 0813150
Titel Verfahren und System zur Datensicherung bei einem Drittanbieter von Internet-Netzseiten, die bei einem Netzserviceanbieter gespeichert sind
Anmelder Sun Microsystems, Inc., Mountain View, Calif., US
Erfinder Nielsen, Jakob, Atherton, California 94027, US
Vertreter derzeit kein Vertreter bestellt
DE-Aktenzeichen 69724338
Vertragsstaaten DE, FR, GB, NL, SE
Sprache des Dokument EN
EP-Anmeldetag 09.06.1997
EP-Aktenzeichen 973039647
EP-Offenlegungsdatum 17.12.1997
EP date of grant 27.08.2003
Veröffentlichungstag im Patentblatt 02.10.2003
IPC-Hauptklasse G06F 11/14
IPC-Nebenklasse G06F 17/30   

Beschreibung[en]

The present invention relates to an improved method and system for storing a backup copy of data.

Current methods and systems for backing up a client company's data are unable to adequately backup data from a client company's "web hotel". A web hotel is a website which is outsourced to a third party vendor. For example, assume a company wants to have a web site to promote its products. If the company is not technically oriented, they typically will not have the expertise to maintain their own web site. Therefore, they often outsource the responsibility for maintenance of their web site to a third party vendor.

Unfortunately, the servers at the third party vendor which store the data for the web site are sometimes inaccessible. The third party vendor may have its servers shut down for various reasons, including, financial trouble, technical breakdowns, or problems with the authorities in countries where approval is needed to be on the Internet.

When the server at the third party vendor is inaccessible a number of problems arise. First, the client company's customers are unable to access the client company's website and, therefore, the client's customers may think that the client company is unreliable. In other words, since it is transparent to the customer that the client company's website is hosted by a third party vendor, the customer will associate any technical problem with the website with the client company and not with the third party vendor. Second, the client company is losing potential sales to its customers because those customers are unable to place orders from the web site. In addition, the client company itself may not have any way to gain access to its own data as long as the server is inaccessible, and, therefore, may not be able to take measures to overcome the problems being experienced by the third party vendor. Since many less-technically oriented client companies choose to have their websites hosted on servers owned and operated by third party vendors, this problem is becoming increasingly important.

To overcome these deficiencies some client company's have instructed their third party vendors to backup their website data for safekeeping. There are many "backup" products available that can be used to generate extra copies of a website for safekeeping. Standard backup software makes copies directly from a server to a storage device attached to the server (e.g., a floppy disk for small backups or a magnetic tape for large backups). However, the third party vendors are only able to use these backup products to generate backup copies onto storage devices attached to the vendor's server. Obviously, such a backup copy is inaccessible to the client company anytime the vendor's server is also inaccessible to the client company. This type of backup system is inadequate because it fails to provide the client company with access to its data.

Another potential solution to the problem uses backup systems which make backups over a network (e.g., the product "Retrospect Remote" from Dantz). Performing the backup over the network allows a system administrator to set up an unattended backup of one computer from another computer on the same network. Unfortunately, client company's are unable to use such systems to provide themselves with access to a backup copy of their website data since most client companies have security measures in place (e.g., through a firewall product) which prevent such backup systems from storing backup data onto the client's computer system.

Embodiments of the present invention overcome the deficiencies of the prior art by providing an improved method and system for generating an escrowed backup of a client's data.

B. Francis: "Net becomes Backup Medium", COMPUTERWORLD, 4 March 1996, XP002156361, discloses a method executed in a computer system for facilitating storage of a backup copy of data for a client company, the computer system including a host computer system which stores a native copy of data and an escrow computer system, the escrow system including a security mechanism for preventing unauthorized access to the escrow computer system from the host computer system, the method comprising the steps of using the host computer system, and storing the native copy of the data in a file.

The present invention is characterised by converting the file into a format that can be emailed, and sending the converted file to the escrow computer as an email message.

The present invention also provides an apparatus as claimed in claim 13.

Embodiments of the present invention provide an improved method and system for storing a backup copy of a client company's data. In the preferred embodiment, the backup of data occurs within a computer system having a host company's computer system and an escrow company's computer system. Through the teachings and suggestions of the present invention, native data stored on a host computer is backed-up onto an escrow computer. even though the escrow company's computer system includes a security mechanism, such as a firewall, to prevent unauthorized access from computers outside the escrow company's computer system.

In a first embodiment, the host computer stores a native copy of the data in a file. The host computer then processes the file, for example, using a computer program named "uuencode" which is found on many Unix-based computers, so as to convert the file into a format which can be emailed. Once converted, the host computer emails the file to the escrow computer. By emailing the file, the host computer is able to get the information in the file past the escrow company's firewall. The escrow computer receives the email, extracts the file from the email, and stores the file as a backup copy of the client company's data.

A second embodiment of the invention extends the functionality of the first embodiment by enhancing the client company's ability to safeguard its privacy interest in the data. In this embodiment the host computer encrypts the file, for example using a public key/private key encryption method, before emailing the file to the escrow computer. In this way, the escrow company is able to store the file for safekeeping but is not able to decrypt the file without first obtaining the "private key" for the data from the client company.

A third embodiment of the invention provides an improved method and system for storing multiple backup copies of data. The escrow computer system preferably stores the last three backups of the data. Backups that are more than three backup periods old are treated as follows : if the backup period for the file is a power of two (e.g, 4, 8, 16, etc.), then it continues to be stored by the escrow computer system. If the backup period is not a power of two then the file is kept if there are no other files stored with a period number greater than the file in question but smaller than the next higher power of two. Thus, if the file being considered is 6 backup periods old, it will be deleted if there is a file that is 7 periods old and kept if there is no such file. This approach ensures that there are always backup files available to restore past system states, though progressively fewer files are kept for older states (that are less likely to need to be restored exactly).

This method for maintaining backup copies of data is especially useful in an environment where a client company's web site is being maintained by an outside agency and where the outside agency uses an embodiment of the present invention for maintaining backup copies of the data. This is true because the host company may begin to forward inaccurate or corrupt backup copies of the web site to the escrow company before the host company's computers become completely inaccessible, for example, due to the host company's bankruptcy. Therefore, it is important to maintain multiple backup copies of data to ensure that an accurate copy of the website may eventually be restored.

Notations and Nomenclature

The detailed descriptions which follow are presented largely in terms of methods and symbolic representations of operations on data bits within a computer. These method descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art

A method is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps require physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. It should be bourne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.

Useful machines for performing the operations of the present invention include general purpose digital computers or similar devices. The general purpose computer may be selectively activated or reconfigured by a computer program stored in the computer. A special purpose computer may also be used to perform the operations of the present invention. In short, use of the methods described and suggested herein is not limited to a particular computer configuration.

For a better understanding of the invention, embodiments will now be described by way of example with reference to the accompanying drawings, in which:

It should be noted that like reference numerals refer to corresponding parts throughout the several views of the drawings.

Figure 1 is a block diagram which is illustrative of a computer network for executing various embodiments of the present invention.

Figure 2 is an overview flow diagram of the preferred steps for storing a backup copy of the client's data into a converted meta-file which can be emailed to the escrow computer system for storage.

Figure 3a depicts client data used with various embodiments of the present invention.

Figure 3b depicts an encrypted version of the client data for used with various embodiments of the present invention.

Figure 3c depicts a meta-file for use with various embodiments of the present invention.

Figure 3d depicts an encrypted version of the meta-file for use with various embodiments of the present invention.

Figure 4 is a flow diagram of the preferred steps of the method for processing the converted meta-file to ensure adequate storage of the client company's data.

Figure 5 is a flow diagram that illustrates the preferred steps of a method to ensure that the host computer is sending backup copies of the client's data to the escrow computer on a timely basis.

Figure 6 illustrates the preferred steps of a method to save multiple backup copies of the client's data.

Overview Of The Preferred Method

Embodiments of the present invention provide an improved method and system for storing a backup copy of a client's data. In the preferred embodiment, the backup of data occurs within a computer system having a host company's computer system and an escrow company's computer system. Through the teachings and suggestions of the present invention, data stored on a host computer is backed-up onto an escrow computer, even though the escrow company's computer system includes a security mechanism, such as a firewall, to prevent unauthorized access from computers outside the escrow company's computer system.

In one embodiment, the host computer stores a copy of the data in a file. The host computer then encrypts the file, for example using a public key/private key encryption method. The host computer then processes the encrypted file, for example, using a computer program named "uuencode" which is found on many Unix-based computers, so as to convert the file into a format which can be emailed. Once converted and encrypted, the host computer emails the file to the escrow computer. By emailing the file, the host computer is able to get the information in the file past the escrow company's firewall. The escrow computer receives the email, extracts the file from the email, and stores the file as a backup copy of the client's data. Because the file is encrypted, the escrow company is able to store the file for safekeeping but is not able to decrypt the file without first obtaining the "private key" for the data from the client company. In this way, the client company's privacy rights in the data are further safeguarded.

Overview Of The Preferred System

Figure 1 is a block diagram which is illustrative of a computer network for executing various embodiments of the present invention. Most computer systems in use today are generally of the structure shown in Figure 1. Host computer system 100 includes a processor 102 which fetches computer instructions from a primary storage 104 through an interface 105, such as an input/output subsystem, connected to bus 106. Processor 102 executes the fetched computer instructions. In executing computer instructions fetched from primary storage 104, processor 102 can retrieve data from or write data to primary storage 104, display information on one or more computer display devices 120, receive command signals from one or more user-input devices 130, or transfer data to secondary storage 107 or even other computer systems which collectively form the computer network 10 (such as escrow computer system 150). Processor 102 can be, for example, any of the SPARC processors available form Sun Microsystems, Inc. of Mountain View, California or any processors compatible therewith. Primary storage 104 can include any type of computer primary storage including, without limitation, randomly accessible memory (RAM), read-only memory (ROM), and storage devices which include magnetic and optical storage media such as magnetic or optical disks. Computer display devices 120 can include, for example, printers and computer display screens such as cathode-ray tubes (CRTs), light-emitting diode (LED) displays, and liquid crystal displays (LCDs). User-input devices 130 can include without limitation electronic keyboards and pointing devices such as electronic mice, trackballs, lightpens, thumbwheels, digitizing tablets, and touch sensitive pads.

Computer system 100 can be, e.g., any of the SPARCstation workstation computer systems available form Sun Microsystems, Inc. of Mountain View, California, any other Macintosh computer systems based on the PowerPC processor and available from Apple Computers, Inc. of Cuptertino, California, or any computer system compatible with the IBM PC computer systems available form International Business Machines, Corp of Somers, New York, which are based on the X86 series of processors available from Intel Corporation or compatible processors. Sun, Sun Microsystems, and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

Also executing within processor 102 from primary storage 104 is a runtime environment 112. Runtime environment 112 is generally a set of computer programs which enable computer system 100 to understand and process commands, control input and output of computers system 100 through user-input devices 130 and computer display devices 120, schedule computer processes for execution, manage data stored in various storage devices of primary storage 104 of computer system 100, and control the operation of other peripheral devices (not shown) coupled to computer system 100. In some embodiments of the invention, the runtime environment 112 is embodied as an operating system or an operating system with a kernel. The kernel of an operating system is that portion of the operating system which manages the interface between computer processes (e.g., email process 108, encryption process 110, conversion process 114, and backup process 116) and user-input devices 130 and computer display devices 120, manages primary storage 104, schedules computer process for execution, and maintains a file system 118 which in turn manages storage of data 120 on various storage devices of primary storage 104. In some embodiments, the kernel is the only part of the operating system which interacts with the hardware components of computer system 100.

Computer network 10 also includes a network connection 140 for facilitating communication between host computer system 100 and escrow computer system 150. Network connection 140 can be any well know mechanism for facilitating communication between computers, such as, without limitation, a local area network, a wide area network, the Internet, or any of the well known wireless communication systems. In the preferred embodiment, a firewall 145 sits between the network connection 140 and the escrow computer system 150. The firewall 145 prohibits unauthorized access to the escrow computer system from the computer network 10.

Escrow computer system 150 is typically of similar structure to host computer system 100. Escrow computer system 150 includes a processor 152 which fetches computer instructions from a primary storage 154 through an interface 156, such as an input/output subsystem, connected to bus 158. Processor 152 executes the fetched computer instructions. In executing computer instructions fetched from primary storage 154, processor 152 can retrieve data from or write data to primary storage 154, display information on one or more computer display devices 180, receive command signals from one or more user-input devices 190, or transfer data to secondary storage 160 or even other computer systems which collectively form the computer network 10 (such as escrow computer system 100). Processor 152 can be, for example, any of the SPARC processors available form Sun Microsystems, Inc. of Mountain View, California or any processors compatible therewith. Primary storage 154 can include any type of computer primary storage including, without limitation, randomly accessible memory (RAM), read-only memory (ROM), and storage devices which include magnetic and optical storage media such as magnetic or optical disks. Computer display devices 180 can include, for example, printers and computer display screens such as cathode-ray tubes (CRTs80 can include without limitation electronic keyboards and pointing devices such as electronic mice, trackballs, lightpens, thumbwheels, digitizing tablets, and touch sensitive pads.

Computer system 150 can be, e.g., any of the SPARCstation workstation computer systems available form Sun Microsystems, Inc. of Mountain View, California, any other Macintosh computer systems based on the PowerPC processor and available from Apple Computers, Inc. of Cuptertino, California, or any computer system compatible with the IBM PC computer systems available form International Business Machines, Corp of Somers, New York, which are based on the X86 series of processors available from Intel Corporation or compatible processors. Sun, Sun Microsystems, and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

Also executing within processor 152 from primary storage 154 is a runtime environment 162. Runtime environment 162 is generally a set of computer programs which enable computer system 150 to understand and process commands, control input and output of computers system 150 through user-input devices 190 and computer display devices 180, schedule computer processes for execution, manage data stored in various storage devices of primary storage 154 of computer system 150, and control the operation of other peripheral devices (not shown) coupled to computer system 150. In some embodiments of the invention, the runtime environment 162 is embodied as an operating system or an operating system with a kernel. The kernel of an operating system is that portion of the operating system which manages the interface between computer processes (e.g., email process 164, decryption process 166, de-conversion process 168, and database 170) and user-input devices 190 and computer display devices 180, manages primary storage 154, schedules computer process for execution, and maintains a file system 172 which in turn manages storage of data in database 170. In some embodiments, the kernel is the only part of the operating system which interacts with the hardware components of computer system 150.

It should be noted that client computer system 195 is not operatively connected to either host computer system 100 or escrow computer system 150.

Preferred Steps Of A Specific Embodiment

Figures 2-6 illustrate the preferred steps to be performed in one illustrative embodiment of the present invention for providing an improved method for storing a backup copy of a client's data. The flowcharts described herein are illustrative of merely the broad logical flow of steps to achieve a method of the present invention and that steps to achieve a method of the present invention and that steps may be added to, or taken away from the flowchart without departing from the scope of the invention. Further, the order of execution of steps in the flowcharts may be changed without departing from the scope of the invention. Additional considerations in implementing the method described by the flow chart may dictate changes in the selection and order of steps.

In general, the flowcharts in this specification include one or more steps performed by software routines executing in a computer system. The routines may be implemented by any means as is known in the art. For example, any number of computer programming languages, such as Java, C, C++, Pascal, FORTRAN, assembly language, etc., may be used. Further, various programming approaches such as procedural, object oriented or artificial intelligence techniques may be employed.

Figure 2 is an overview flow diagram of the preferred steps for storing a backup copy of the client's data into a converted meta-file which can be emailed to the escrow computer system for storage. The steps of Figure 2 are typically initiated by a background process which accesses a "cron" file on a periodic basis and executes a backup routine indicated in the cron file. A cron file maintains a list of routines that should be run by the computer maintaining the cron file. Typically, the cron file also contains an indication of when each routine should be run by the computer. So, for example, the cron file maintained by the file system 118 of the host computer system 100 may contain an entry which indicates that the backup routine should be run at specified intervals. The preferred time to run the backup routine is once per week during a period of low-load for the system. The best time to run the routine, however, will vary from organization to organization. For example, highly time sensitive information should most likely be backed-up more than once per week.

In step 201 the backup process stores the client's data into a file. In the preferred embodiment, the data to be stored is a set of data which collectively comprises a client company's web site. The client's web site is often a collection of hypertext documents and scripts (e.g., CGI scripts). The preferred routine used to store the set of data into one file is the "tar" routine. Those of ordinary skill will understand that other routines could be used to serve the same purpose as the tar routine. Table 1 sets forth more information on the tar routine.

In step 203 the backup routine encrypts the file containing the client's data (see, Figures 3a and 3b). In step 205 the backup routine obtains an identifier for the source of the encrypted file (e.g., a digital signature for the host computer system) and performs a checksum operation on the encrypted file. In step 207 the routine then stores the source identifier and the result from the checksum operation with the encrypted file to create a meta-file (see, Figure 3c). Finally, the routine encrypts the meta-file (step 209). By encrypting the client data and the meta-file using the preferred steps discussed below, user's of this method can adequately assure that the escrow computer can 1) verify that the host computer has sent it the client's data, 2) that the client's data was not tampered with enroute to the escrow computer, while 3) still being unable to decrypt the client's data, thus providing added security to the client.

As discussed above, the method and system of the present invention involves the encryption and decryption of certain information. In the preferred embodiment of the present invention, two public key encryption schemes are used to carry out steps 203 and 209 of Figure 2. With a public-key system, two different keys are used for encrypting and decrypting information. In this system, one key is public and the other key is private. Information that is encrypted with one key can be decrypted with the other key. A public-key system is sometimes referred to as an asymmetric-key or a two-key system. As used herein, a public-key and a private-key refer to the two keys in a public-key system. In the preferred embodiment of the present invention, the public-key systems are based on the well-known RSA algorithm. A discussion of the RSA algorithm is found in U.S. Patent No. 4,405,829 to Rivest et al.. However, one of ordinary skill in the art will appreciate that other public-key systems could be used.

Using the public-key schemes, one computer (e.g., the host computer) encrypts information (e.g., the client data) using the other computer's (e.g., the client computer's) public-key and only the other computer (e.g., the client computer) can decrypt the information using that computer's (e.g., the client computer's) private-key.

In addition, one computer (e.g., the host computer) also encrypts additional information (such as a source identifier or a digital signature) using the computer's (e.g., the host computer's) private -key and another computer (e.g., the escrow computer) decrypts the information using the first computer's (e.g., the host computer's) public-key. In this situation, the source of the information is ensured because only the first computer (e.g., the host computer) should be able to encrypt information that can be decrypted using that computer's (e.g., the host computer's) public-key.

While the discussion above has focused exclusively on public key and private key encryption schemes, those of ordinary skill in this area of computer science will understand that other encryption schemes may be substituted therefore. For example, a secret key encryption scheme can be used to provide for secure transmission of the backup data. With a secret-key system, a single key is used for both encrypting and decrypting information. A secret-key system is sometimes referred to as a private-key, a symmetric-key or a single-key system. The secret-key system can be used by the host computer to encrypt certain information so that no one but the client computer can understand it.

Although this discussion has stated that the secrecy and the source of the information are ensured through the above steps, encryption schemes are never completely secure. The security of encryption schemes can be compromised if the secret-key (in a secret-key system) or the private-key (in a public-key system) becomes known to a computer that is not the owner of the key.

Returning to the discussion of Figure 2, in step 211, the backup routine converts the meta-file into a format which can be emailed across the network connection 140 to the escrow computer system 150. In the preferred embodiment the backup routine executes the "uuencode" command to accomplish this task. Table 2, below, provides more information on the uuencode command. Those of ordinary skill in this area of computer science will understand that other commands could be executed to accomplish the desired results.

In step 213, the backup routine emails the converted meta-file to the escrow computer system. Using this technique, the host computer is able to get the client's backup data past the escrow computer system's firewall 145. In step 215, the host computer system deletes the meta-file from the host computer system.

Figure 4 is a flow diagram of the preferred steps of the method for processing the converted meta-file to ensure adequate storage of the client company's data. In step 401 the method converts the meta-file from its "email-enabled" format into its binary format, preferably using the uuencode command. In step 402 the method retrieves from the email, a unique identifier, such as a number, for the client company. In the preferred embodiment a customer number is stored in the "Subject" line of the email. The escrow computer uses the retrieved customer number as a key into database 170 to determine the host company and the client company that sent the email. The escrow computer also updates the database accordingly, to indicate that an email has been received.

In step 405 the method retrieves the digital signature and the checksum from the meta-file and, using the host company's public key stored in the escrow company's database, verifies the digital signature. The method also performs a checksum operation on the encrypted client data and compares the result with the checksum result retrieved from the meta-file. If the digital signature and checksum are not verified then appropriate security measures are initiated in step 407. If the digital signature and checksum are verified then, in step 409, the digital signature and the checksum are removed from the meta-file. In step 411 the method stores the encoded client data at the escrow computer system. In the preferred embodiment, the escrow computer is unable to decrypt the client's data because the escrow computer does not have access to the client computer's private key. Thus, the client company is ensured of an added level of security because only the client company has access to the client company's private key. Upon completion of step 411, processing ends in the method of Figure 4.

Figure 5 is a flow diagram that illustrates the preferred steps of a method to ensure that the host computer is sending backup copies of the client's data to the escrow computer on a timely basis. In step 501 the method examines data, preferably stored in the cron file on the host computer, to determine whether it is time for the email of the client's data from the host computer. If it is not yet time, the method cycles back to step 501. If it is time for the email to arrive then in step 503 the method checks to determine whether the email has arrived. If the email has not arrived then in step 505, the method initiates notification to the client company. In this way, the escrow company is able to notify the client company that its procedures are not being followed by the host company, which may indicate that events are occurring at the host company that may make the client's web site inaccessible to users. If the client company experiences problems with the host company, it contacts the escrow company to retrieve the latest copy of its stored data. At this point, the client company decodes the backup using its private key. Thus, until a problem occurs, the only thing the client company needs to know is that it has an encryption key which it needs to keep in a safe place. Returning to the discussion of step 503, if the email has arrived from the host computer the escrow company stores it as a backup copy of the client's data, preferably using the steps discussed above with respect to Figure 4.

Figure 6 illustrates the preferred steps of a method to save multiple backup copies of the client's data. The escrow computer saves multiple backup copies of the client's data because the host computer company may begin to send corrupted copies of the client's data before it reaches a situation (e.g., through bankruptcy) where the client's data is completely inaccessible to the client company and its users.

In step 601, the method determines whether all the backup copies of data which it currently stores on its system have been processed by this method. If backup copies remain which have not been processed then in step 603 the method retrieves the next unprocessed backup copy. The method preferably keeps the last three backup copies of data (steps 605 and 607). Backups that are more than three backup periods old are preferably treated as follows: if the backup period for the file is a power of two (e.g, 4, 8, 16, etc.), then it is kept (steps 609 and 611). If the backup period is not a power of two then the file is kept if there are no other files stored with a period number greater than the file in question but smaller than the next higher power of two (steps 613 and 615), else it is discarded (step 617). Thus, if the file being considered is 6 backup periods old, it will be deleted if there is a file that is 7 periods old and kept if there is no such file. This approach ensures that there are always backup files available to restore past system states, though progressively fewer files are kept for older states (that are less likely to need to be restored exactly). Steps 603, 605, 607, 609, 611, 613, 615, and 617, are performed until all backup copies have been processed, at which point processing ends in the method of Figure 6.

While specific embodiments have been described herein for purposes of illustration, various modifications may be made without departing from the scope of the invention. For example, while the escrow computer described above has been associated with an "escrow" company independent of the host company and the client company, those of ordinary skill will understand that the functions of the escrow company could be performed by the client company instead.

Accordingly, the invention is not limited to the above described embodiments. but instead is defined by the appended claims in light of their full scope of equivalents.

The processes described above may be performed by a computer program running on a computer in the embodiment described. Such a computer program can be recorded on a recording medium (for example a magnetic disc or tape, an optical disc or an electronic memory device, such as a ROM) in a way well known to those skilled in the art. When the recording medium is read by a suitable reading device, such as a magnetic or optical disc drive, a signal is produced which causes a computer to perform the processes described.

The processes may also be performed by electronic means.


Anspruch[de]
  1. Verfahren, das in einem Computersystem ausgeführt wird, zur Vereinfachung der Speicherung einer Sicherungskopie von Daten für eine Auftraggeberfirma, wobei das Computersystem ein Host-Computersystem (100), das eine Ursprungskopie der Daten speichert, und ein Treuhand-(Escrow)Computersystem (150) aufweist, wobei das Treuhandsystem einen Sicherheitsmechanismus (145) aufweist, zur Verhinderung eines unberechtigten Zugriffs auf das Treuhand-Computersystem (150) vom Host-Computersystem (100), wobei das Verfahren die folgenden Schritte umfaßt:
    • Verwenden des Host-Computersystems (100),
    • Speichern der Ursprungskopie der Daten in einer Datei; gekennzeichnet durch Konvertierung der Datei in ein Format, das per E-Mail übermittelt werden kann; und
    • Senden der konvertierten Datei als E-Mail-Nachricht an den Treuhandcomputer (150).
  2. Verfahren nach Anspruch 1, ferner mit dem folgenden Schritt: Verschlüsseln der Datei, so daß der Treuhandcomputer (150) nicht in der Lage ist, die Datei ohne die Hilfe der Auftraggeberfirma zu entschlüsseln.
  3. Verfahren nach Anspruch 2, wobei der Verschlüsselungsschritt den folgenden Schritt aufweist: Verschlüsseln der Datei unter Verwendung eines Verschlüsselungsverfahrens mit öffentlichem/privatem Schlüssel.
  4. Verfahren nach Anspruch 3, wobei der Treuhandcomputer (150) nicht in der Lage ist, die verschlüsselte Datei zu entschlüsseln, da der Treuhandcomputer keinen Zugriff auf einen privaten Schlüssel für die Auftraggeberfirma hat.
  5. Verfahren nach Anspruch 2, ferner mit den folgenden Schritten:
    • Speichern einer Anzeige einer Quelle für die Datei mit der Datei, wodurch eine Metadatei erzeugt wird; und
    • Verschlüsseln der Metadatei derartig, daß der Treuhandcomputer (150) in der Lage ist, die Metadatei ohne Hilfe der Auftraggeberfirma zu entschlüsseln.
  6. Verfahren nach Anspruch 5, wobei der Schritt des Speicherns einer Anzeige der Quelle der verschlüsselten Datei den folgenden Schritt aufweist: Speichern einer digitalen Signatur, die der Auftraggeberfirma zugeordnet ist, mit der verschlüsselten Datei.
  7. Verfahren nach Anspruch 5, ferner mit den folgenden Schritten:
    • Verwenden des Treuhand-Computersystems (150),
    • Empfangen der E-Mail-Nachricht mit der verschlüsselten Datei;
    • Überprüfen der Quelle der verschlüsselten Datei; und
    • Speichern der verschlüsselten Datei auf dem Treuhandcomputer (150) derartig, daß die verschlüsselte Datei Daten für die Auftraggeberfirma zugeordnet wird.
  8. Verfahren nach Anspruch 7, wobei der Schritt des Sendens eine Kundennummer für die Auftraggeberfirma an einer vorbestimmten Stelle in der E-Mail aufweist und wobei der Überprüfungsschritt die folgenden Schritte aufweist: Verwenden der Kundennummer, um die Auftraggeberfirma zu bestimmen, die der E-Mail zugeordnet ist, und Vergleichen der Auftraggeberfirma, die unter Verwendung der Kundennummer bestimmt wird, mit der Auftraggeberfirma, die der digitalen Signatur zugeordnet ist.
  9. Verfahren nach Anspruch 1, wobei die Daten eine oder mehrere Dateien von Web-Seiten für den Klientencomputer (195) sind.
  10. Verfahren nach Anspruch 1, wobei der Speicherungsschritt den folgenden Schritt aufweist: Aufrufen eines TAR-Befehls, um Daten in eine Datei zu packen, wobei ein TAR-Befehl ein Befehl zum Erzeugen von Bandarchiven ist, und um Dateien hinzuzufügen oder zu extrahieren.
  11. Verfahren nach Anspruch 1, wobei der Schritt des Konvertierens der Datei den folgenden Schritt aufweist: Aufrufen eines UUEncode-Programms, wobei ein UUEncode-Programm ein Programm zum Konvertieren einer Datei in ein Format ist, das per E-Mail übermittelt werden kann.
  12. Computerprogrammerzeugnis zur Ausführung des Verfahrens nach einem der Ansprüche 1 bis 10.
  13. Vorrichtung zur Vereinfachung der Speicherung einer Sicherungskopie von Daten von einem Hostcomputer (100) mit einer Ursprungskopie von Daten in einem Treuhand-Computersystem (150), wobei der Treuhandcomputer (150) einen Sicherheitsmechanismus aufweist, zur Verhinderung eines unerlaubten Zugriffs vom Hostcomputer (100) auf den Treuhandcomputer (150), wobei die Vorrichtung umfaßt:
    • einen Mechanismus (118), der so konfiguriert ist, daß die Ursprungskopie der Daten in einer Datei gespeichert wird;
    • gekennzeichnet durch einen Mechanismus (114), der so konfiguriert ist, daß die Datei in ein Format konvertiert wird, das per E-Mail übermittelt werden kann; und
    • einen Mechanismus (108), der so konfiguriert ist, daß die konvertierte Datei als E-Mail-Nachricht an den Treuhandcomputer gesendet werden kann.
  14. Vorrichtung nach Anspruch 13, ferner mit einem Mechanismus (110), der so konfiguriert ist, daß die Datei verschlüsselt, wird, so daß der Treuhandcomputer (150) nicht in der Lage ist, die Datei ohne die Hilfe der Auftraggeberfirma zu entschlüsseln.
  15. Vorrichtung nach Anspruch 14, wobei der Mechanismus (110), der zur Verschlüsselung konfiguriert ist, einen Mechanismus aufweist, der so konfiguriert ist, daß die Datei unter Verwendung eines Verschlüsselungsverfahrens mit öffentlichem Schlüssel/privatem Schlüssel verschlüsselt wird.
  16. Vorrichtung nach Anspruch 15, wobei der Treuhandcomputer (150) nicht in der Lage ist, die verschlüsselte Datei zu entschlüsseln, da der Treuhandcomputer keinen Zugriff auf einen privaten Schlüssel für die Auftraggeberfirma hat.
  17. Vorrichtung nach Anspruch 15, ferner mit:
    • einem Mechanismus, der so konfiguriert ist, daß eine Anzeige einer Quelle für die Datei mit der Datei gespeichert wird, wobei eine Metadatei erzeugt wird; und
    • einem Mechanismus, der so konfiguriert ist, daß die Metadatei so verschlüsselt wird, daß der Treuhandcomputer in der Lage ist, die Metadatei ohne Hilfe der Auftraggeberfirma zu entschlüsseln.
  18. Vorrichtung nach Anspruch 17, wobei der Mechanismus, der so konfiguriert ist, daß eine Anzeige der Quelle der verschlüsselten Datei gespeichert wird, einen Mechanismus aufweist, der so konfiguriert ist, daß eine digitale Signatur, die der Auftraggeberfirma zugeordnet ist, mit der verschlüsselten Datei gespeichert wird.
  19. Vorrichtung nach Anspruch 17, ferner mit:
    • einem Mechanismus (156), der so konfiguriert ist, daß die E-Mail-Nachricht mit der verschlüsselten Datei empfangen wird;
    • einem Mechanismus, der so konfiguriert ist, daß die Quelle der verschlüsselten Datei überprüft wird; und
    • einem Mechanismus (170), der so konfiguriert ist, daß die verschlüsselte Datei im Treuhandcomputer derartig gespeichert wird, daß die verschlüsselte Datei Daten für die Auftraggeberfirma zugeordnet wird.
  20. Vorrichtung nach Anspruch 19, wobei der Mechanismus (108), der zum Senden konfiguriert ist, den folgenden Schritt aufweist: Speichern einer Kundennummer für die Auftraggeberfirma an einer vorbestimmten Stelle in der E-Mail, und wobei der Mechanismus, der zum Überprüfen konfiguriert ist, aufweist: einen Mechanismus, der so konfiguriert ist, daß die Kundennummer verwendet wird, um die Auftraggeberfirma zu bestimmen, die der E-Mail zugeordnet ist, und einen Mechanismus, der so konfiguriert ist, daß die Auftraggeberfirma, die unter Verwendung der Kundennummer bestimmt wird, mit der Auftraggeberfirma, die der digitalen Signatur zugeordnet ist, verglichen wird.
  21. Vorrichtung nach Anspruch 13, wobei die Daten eine oder mehrere Dateien von Web-Seiten für den Auftraggeber-Computer (195) sind.
  22. Vorrichtung nach Anspruch 13, wobei der Mechanismus, der zum Speichern konfiguriert ist, den folgenden Schritt aufweist: Aufrufen eines TAR-Befehls, um Daten in eine Datei zu packen, wobei ein TAR-Befehl ein Befehl zum Erzeugen von Bandarchiven ist, und um Dateien hinzuzufügen oder zu extrahieren.
  23. Vorrichtung nach Anspruch 13, wobei der Mechanismus (114), der so konfiguriert ist, daß die Datei konvertiert wird, einen Mechanismus umfaßt, der so konfiguriert ist, daß ein UUEncode-Programm aufgerufen wird, wobei ein UUEncode-Programm ein Programm zum Konvertieren einer Datei in ein Format ist, das per E-Mail übermittelt werden kann.
Anspruch[en]
  1. A method executed in a computer system for facilitating storage of a backup copy of data for a client company, the computer system including a host computer system (100) which stores a native copy of data and an escrow computer system (150), the escrow system including a security mechanism (145) for preventing unauthorized access to the escrow computer system (150) from the host computer system (100), the method comprising the steps of:
    • using the host computer system (100),
    • storing the native copy of the data in a file; characterised by converting the file into a format that can be emailed; and
    • sending the converted file to the escrow computer (150) as an email message.
  2. The method of claim 1, further comprising the step of encrypting the file so that the escrow computer (150) is unable to decrypt the file without the assistance of the client company.
  3. The method of claim 2 wherein the step of encrypting includes the step of encrypting the file using a public key/private key encryption method.
  4. The method of claim 3 wherein the escrow computer (150) is unable to decrypt the encrypted file because the escrow computer does not have access to a private key for the client company.
  5. The method or signal of claim 2 further comprising the steps of:
    • storing an indication of a source for the file with the file, thereby generating a meta-file; and
    • encrypting the meta-file such that the escrow computer (150) is able to decrypt the meta-file without assistance from the client company.
  6. The method of claim 5 wherein the step of storing an indication of the source of the encrypted file includes storing a digital signature associated with the client company with the encrypted file.
  7. The method of claim 5 further comprising the steps of:
    • using the escrow computer system (150),
    • receiving the email message including the encrypted file;
    • verifying the source of the encrypted file; and
    • storing the encrypted file on the escrow computer (150) in a manner which associates the encrypted file with data for the client company.
  8. The method of claim 7 wherein the step of sending includes a customer number for the client company in a predetermined location in the email, and wherein the step of verifying includes the steps of using the customer number to determine the client company associated with the email, and comparing the client company determined from using the customer number with the client company associated with the digital signature.
  9. The method of claim 1, wherein the data is one or more files of web pages for the client computer (195).
  10. The method of claim 1, wherein the step of storing includes the step of invoking a tar command to package the data into one file, a tar command being a command for creating tape archives and add or extract files.
  11. The method of claim 1, wherein the step of converting the file includes the step of invoking a uuencode program, an uuencode program being a program for converting a file into a format which can be emailed.
  12. A computer program product for executing the method of one of claims 1 to 10.
  13. Apparatus for facilitating storage of a backup copy of data from a host computer (100) having native copy of data at an escrow computer system(150), the escrow computer (150) including a security mechanism for preventing unauthorized access to the escrow computer (150) from the host computer (100), the apparatus comprising:
    • a mechanism (118) configured to store the native copy of the data in a file; characterised by a mechanism (114) configured to convert the file into a format that can be emailed; and
    • a mechanism (108) configured to send the converted file to the escrow computer as an email message.
  14. Apparatus as claimed in claim 13 further comprising a mechanism (110) configured to encrypt the file so that the escrow computer (150) is unable to decrypt the file without the assistance of the client company.
  15. Apparatus of claim 14 wherein the mechanism (110) configured to encrypt includes a mechanism configured to encrypt the file using a public key/private key encryption method.
  16. Apparatus of claim 15 wherein the escrow computer (150) is unable to decrypt the encrypted file because the escrow computer does not have access to a private key for the client company.
  17. Apparatus of claim 15 further comprising:
    • a mechanism configured to store an indication of a source for the file with the file, thereby generating a meta-file; and
    • a mechanism configured to encrypt the meta-file such that the escrow computer is able to decrypt the meta-file without assistance from the client company.
  18. Apparatus of claim 17 wherein the mechanism configured to store an indication of the source of the encrypted file includes a mechanism configured to store a digital signature associated with the client company with the encrypted file.
  19. Apparatus of claim 17 further comprising:
    • a mechanism (156) configured to receive the email message including the encrypted file;
    • a mechanism configured to verify the source of the encrypted file; and
    • a mechanism (170) configured to store the encrypted file on the escrow computer in a manner which associates the encrypted file with data for the client company.
  20. Apparatus of claim 19 wherein the mechanism (108) configured to send includes storing a customer number for the client company in a predetermined location in the email, and wherein the mechanism configured to verify includes a mechanism configured to use the customer number to determine the client company associated with the email, and a mechanism configured to compare the client company determined from using the customer number with the client company associated with the digital signature.
  21. Apparatus of claim 13 wherein the data is one or more files of web pages for the client computer (195).
  22. Apparatus of claim 13 wherein the mechanism configured to store includes the step of invoking a tar command to package the data into one file, a tar command being a command for creating tape archives and add or extract files.
  23. Apparatus of claim 13 wherein the mechanism (114) configured to convert the file includes a mechanism configured to invoke an uuencode program, an uuencode program being a program for converting a file into a format which can be emailed.
Anspruch[fr]
  1. Procédé exécuté dans un système d'ordinateur pour faciliter le stockage d'une copie de secours de données pour une entreprise client, le système d'ordinateur incluant un système d'ordinateur hôte (100) qui stocke une copie native de données et un système d'ordinateur tiers (escrow) (150), le système tiers incluant un mécanisme de sécurité (145) pour empêcher un accès non autorisé au système d'ordinateur tiers (150) depuis le système d'ordinateur hôte (100), le procédé comprenant les étapes de:
    • utilisation du système d'ordinateur hôte (100);
    • stockage de la copie native des données dans un fichier,
       caractérisé par la conversion du fichier selon un format qui peut être envoyé par courriel; et

       envoi du fichier converti à l'ordinateur tiers (150) en tant que message de courriel.
  2. Procédé selon la revendication 1, comprenant en outre l'étape de cryptage du fichier de telle sorte que l'ordinateur tiers (150) ne puisse pas décrypter le fichier sans l'assistance de l'entreprise client.
  3. Procédé selon la revendication 2, dans lequel l'étape de cryptage inclut l'étape de cryptage du fichier en utilisant un procédé de cryptage par clé publique/clé privée.
  4. Procédé selon la revendication 3, dans lequel l'ordinateur tiers (150) ne peut pas décrypter le fichier crypté du fait que l'ordinateur tiers n'a pas accès à une clé privée pour l'entreprise client.
  5. Procédé selon la revendication 2, comprenant en outre les étapes de:
    • stockage d'une indication d'une source pour le fichier avec le fichier, d'où ainsi la génération d'un métafichier; et
    • cryptage du métafichier de telle sorte que l'ordinateur tiers (150) puisse décrypter le métafichier sans l'assistance de l'entreprise client.
  6. Procédé selon la revendication 5, dans lequel l'étape de stockage d'une indication de la source du fichier crypté inclut le stockage d'une signature numérique qui est associée à l'entreprise client avec le fichier crypté.
  7. Procédé selon la revendication 5, comprenant en outre l'étape de:
    • utilisation du système d'ordinateur tiers (150);
    • réception du message de courriel incluant le fichier crypté;
    • vérification de la source du fichier crypté; et
    • stockage du fichier crypté sur l'ordinateur tiers (150) d'une manière qui associe le fichier crypté à des données pour l'entreprise client.
  8. Procédé selon la revendication 7, dans lequel l'étape d'envoi inclut un numéro de consommateur pour l'entreprise client en une localisation prédéterminée dans le courriel et dans lequel l'étape de vérification inclut l'étape d'utilisation du numéro de consommateur pour déterminer l'entreprise client associée au courriel et l'étape de comparaison de l'entreprise client déterminée à partir de l'utilisation du numéro de consommateur avec l'entreprise client associée à la signature numérique.
  9. Procédé selon la revendication 1, dans lequel les données sont un ou plusieurs fichiers de page WEB pour l'ordinateur client (195).
  10. Procédé selon la revendication 1, dans lequel l'étape de stockage inclut l'étape d'invocation d'une commande "tar" pour conditionner les données selon un fichier, une commande "tar" étant une commande pour créer des archives sur bande et pour ajouter ou extraire des fichiers.
  11. Procédé selon la revendication 1, dans lequel l'étape de conversion du fichier inclut l'étape d'invocation d'un programme de "codage uu", un programme de "codage uu" étant un programme pour convertir un fichier selon un format qui peut être envoyé par courriel.
  12. Produit de programme d'ordinateur pour exécuter le procédé selon l'une quelconque des revendications 1 à 10.
  13. Appareil pour faciliter le stockage d'une copie de secours de données en provenance d'un ordinateur hôte (100) comportant une copie native de données au niveau d'un système d'ordinateur tiers (150), l'ordinateur tiers (150) incluant un mécanisme de sécurité pour empêcher un accès non autorisé à l'ordinateur tiers (150) depuis l'ordinateur hôte (100), l'appareil comprenant:
    • un mécanisme (118) qui est configuré pour stocker la copie native des données dans un fichier,
       caractérisé par:
    • un mécanisme (114) qui est configuré pour convertir le fichier selon un format qui peut être envoyé par courriel; et
    • un mécanisme (108) qui est configuré pour envoyer le fichier converti sur l'ordinateur tiers en tant que message de courriel.
  14. Appareil selon la revendication 13, comprenant en outre un mécanisme (110) qui est configuré pour crypter le fichier de telle sorte que l'ordinateur tiers (150) ne puisse pas décrypter le fichier sans l'assistance de l'entreprise client.
  15. Appareil selon la revendication 14, dans lequel le mécanisme (110) qui est configuré pour le cryptage inclut un mécanisme qui est configuré pour crypter le fichier en utilisant un procédé de cryptage par clé publique/clé privée.
  16. Appareil selon la revendication 15, dans lequel l'ordinateur tiers (150) ne peut pas décrypter le fichier crypté du fait que l'ordinateur tiers n'a pas accès à une clé privée pour l'entreprise client.
  17. Appareil selon la revendication 15, comprenant en outre:
    • un mécanisme qui est configuré pour stocker une indication d'une source pour le fichier avec le fichier, d'où ainsi la génération d'un métafichier; et
    • un mécanisme qui est configuré pour crypter le métafichier de telle sorte que l'ordinateur tiers puisse décrypter le métafichier sans l'assistance de l'entreprise client.
  18. Appareil selon la revendication 17, dans lequel le mécanisme qui est configuré pour stocker une indication de la source du fichier crypté inclut un mécanisme qui est configuré pour stocker une signature numérique qui est associée à l'entreprise client avec le fichier crypté.
  19. Appareil selon la revendication 17, comprenant en outre:
    • un mécanisme (156) qui est configuré pour recevoir le message de courriel incluant le fichier crypté;
    • un mécanisme qui est configuré pour vérifier la source du fichier crypté; et
    • un mécanisme (170) qui est configuré pour stocker le fichier crypté sur l'ordinateur tiers d'une manière qui associe le fichier crypté avec des données pour l'entreprise client.
  20. Appareil selon la revendication 19, dans lequel le mécanisme (108) qui est configuré pour l'envoi inclut le stockage d'un numéro de consommateur pour l'entreprise client en une localisation prédéterminée dans le courriel et dans lequel le mécanisme qui est configuré pour la vérification inclut un mécanisme qui est configuré pour utiliser le numéro de consommateur pour déterminer l'entreprise client associée au courriel, et un mécanisme qui est configuré pour comparer l'entreprise client déterminée à partir de l'utilisation du numéro de consommateur avec l'entreprise client qui est associée à la signature numérique.
  21. Appareil selon la revendication 13, dans lequel les données sont un ou plusieurs fichiers de page WEB pour l'ordinateur client (195).
  22. Appareil selon la revendication 13, dans lequel le mécanisme qui est configuré pour le stockage inclut l'étape d'invocation d'une commande "tar" pour conditionner les données selon un fichier, une commande "tar" étant une commande pour créer des archives sur bande et pour ajouter ou extraire des fichiers.
  23. Appareil selon la revendication 13, dans lequel le mécanisme (114) qui est configuré pour convertir le fichier inclut un mécanisme qui est configuré pour invoquer un programme de "codage uu", un programme de "codage uu" étant un programme pour convertir un fichier selon un format qui peut être envoyé par courriel.






IPC
A Täglicher Lebensbedarf
B Arbeitsverfahren; Transportieren
C Chemie; Hüttenwesen
D Textilien; Papier
E Bauwesen; Erdbohren; Bergbau
F Maschinenbau; Beleuchtung; Heizung; Waffen; Sprengen
G Physik
H Elektrotechnik

Anmelder
Datum

Patentrecherche

Patent Zeichnungen (PDF)

Copyright © 2008 Patent-De Alle Rechte vorbehalten. eMail: info@patent-de.com