382 results about "Filter driver" patented technology

Systems and methods for replicating database data and generating read-only copies of the replicated data in a clean shutdown state. For example, systems can include a tracking module (e.g., a filter driver) that monitors transactions from a database application to a source storage device to generate log entries having at least one marker indicating a known good state of the application. The systems further include a computer coupled to a target storage device comprising a database and log files. The computer processes the transactions, based on the log entries, to replicate data to the target storage device; performs a first snapshot on data stored in the database and log files; replays into the database data stored in the log files; performs another snapshot on the database; and reverts the database back to a state in which the database existed at the time of the first snapshot.

The present invention relates to the information protection of digital content transferred by streaming and download service through wire or wireless Internet network. The information protection system in this invention suggests a drastic prevention method of copyrights infringement such as illegal copy and unauthorized distribution of digital content, by using of the encryption, decryption, distribution, and authentication technologies. This invention suggests the control technology of general viewer program, not the specific viewer program for information protection, using a network filter driver for streaming and file system filter driver for download service. The main function of network and file system filter driver is the filtering operation such as a hooking, changing, decrypting, and restoring of message and data packet, and transferring to the viewer program. The main idea and technology of this invention suggest higher secure and efficient digital information protection system for live/VOD/HTTP streaming and download service.

A Virtual-Memory Device (VMD) driver and application execute on a host to increase endurance of flash memory attached to a Super Enhanced Endurance Device (SEED) or Solid-State Drive (SSD). Host accesses to flash are intercepted by the VMD driver using upper and lower-level filter drivers and categorized as data types of paging files, temporary files, meta-data, and user data files, using address ranges and file extensions read from meta-data tables. Paging files and temporary files are optionally written to flash. Full-page and partial-page data are grouped into multi-page meta-pages by data type before storage by the SSD. ramdisks and caches for storing each data type in the host DRAM are managed and flushed to the SSD by the VMD driver. Write dates are stored for pages or blocks for management functions. A spare/swap area in DRAM reduces flash wear. Reference voltages are adjusted when error correction fails.

A method and apparatus for dynamically distributing data to an appropriate storage device based on the significance of the data. In one embodiment the method determines the significance of a data file using the format of the data file. The method also includes identifying a storage device and memory location of the storage device to write the data. In a software implementation, a computer system employs a filter driver and/or a device driver to identify and store data files. In another embodiment, a storage controller includes a state machine that initiates and executes firmware to determine the data file format and also the storage device location.

A method is provided of protecting a computer against malware affection. The computer has a data storage and an operating system for managing the data storage. The method comprises providing a filter module in the operating system which operates to detect an attempt to store data in the data storage, to determine a data format of the data to be stored in the data storage, and to prevent storage of the data if the data format is determined to relate to a predefined type. The filter module may be provided as a file system filter driver in a kernel of the operating system. The filter module may be arranged to operate between an input/output manager of the operating system and a driver associated with the data storage. The input/output manager and driver associated with the data storage may form part of the kernel of the operating system.

Systems and methods are provided for maintaining data integrity in the event of device write failures during a non-disruptive migration. In one embodiment, a computer-implemented method is provided. According to the method, a filter driver in a kernel may clone an application write to both a source storage device and a target storage device. The method may detect whether the cloned application write to the source storage device or the cloned application write to target storage device failed. When the cloned application write to the source storage device or the cloned application write to target storage device failed, the method may allow application reads from only one of the source storage device and the target storage device thereafter.

Checksum values are used to detect low-level data corruption. I/O operations, such as, for example, read operations and write operations, cause data blocks to pass through a number of low-level drivers when the data blocks are transferred between an operating system and mass storage location. A checksum filter driver intercepts a data block as the data block passes between low-level drivers as a result of the performance of an I/O operation. The checksum filter driver calculates a first checksum value for the data block. The checksum filter subsequently intercepts the data block as the data block passes between low-level drivers as a result of the performance of a subsequent I/O operation. The checksum filter driver calculates a second checksum value for the data block. The first checksum value and the second checksum value are compared. Data corruption is detected when a checksum mismatch occurs.

A Green NAND SSD Driver (GNSD) driver executes on a host to increase data-retention of flash memory attached to a Super Enhanced Endurance Device (SEED) or Solid-State Drive (SSD). Host accesses to flash are intercepted by the GNSD driver using upper and lower-level filter drivers. A retention-check timer causes a retention routine to be periodically executed. The routine sends high-level commands to the SEED that causes the SEED to refresh either all data or just data blocks with older write dates. Data is refreshed by moving to a new physical block. The retention routine can track write dates of logical blocks and command a SSD to move logical blocks with older write dates. A retention card has a controller that performs the retention routine when not connected to a host, while a SEED power card allows the SEED to refresh data when no host is attached to the SEED.

The invention provides a VMD (Virtual-Memory Device) executed on a host and application thereof for enhancing flash memory endurance of an SEED (Super Enhanced Endurance Device) or an SSD (Solid-State Drive). The VMD driver utilizes a high-level or a low-level filtering driver to intercept and capture access to flash memory of the host and to sort access to the flash memory of the host into paging file data type, temporary files, meta data and user data files by using address range and file extensions read by the meta data. Optionally, the paging files and the temporary files are written in the flash memory. Full pages and local pages are grouped into multi-page metapage according to data type before SSD storage data passes. A virtual RAM disk and cache storing the data type in the host DRAM are managed and refreshed to SSD through the VMD driver. Write data is stored for blocks or pages managing functions. Flash memory abrasion is reduced in a backup/exchange area in the DRAM. The reference voltage is adjusted when error correction fails.

A system for accessing, by a resource, a setting in a virtualized user profile includes an isolation environment, a resource, and a filter driver. The resource executes outside an isolation environment on a local machine and requests access to a setting in a user profile. The filter driver intercepts the request for access and identifies one of the isolation environment and a remote machine, responsive to an application of a rule to the request. The filter driver redirects the request to the one of the isolation environment and the remote machine. A method includes intercepting an instruction from a resource to modify a setting on a local machine, the resource provided by a local machine and executing outside of an isolation environment. The method includes identifying the isolation environment, responsive to an application of a rule to the instruction. The method includes redirecting the instruction to the isolation environment.

A method and system for modifying, in a combined computing environment, a machine base image having a personalized desktop environment includes executing an operating system associated with a base disk; intercepting, by a filter driver, an instruction from at least one of a plurality of resources to modify a setting stored in at least one of a file system and a registry, the plurality of resources executing inside an isolation environment; storing, in a delta disk, a copy of the modified setting; restarting the operating system; replacing the setting stored in the at least one of the file system and the registry with the copy of the modified setting stored on the delta disk; and restarting at least one operating system process incorporating the modified setting.

The present application is directed to methods and systems for redirecting write requests issued by trusted applications to a secure storage. Upon redirecting the write requests, the data included in those requests can be stored in the secure storage area of a client computer. In some embodiments, the methods and systems can include determining whether an application issuing the request is a trusted application that requires data to be stored in a secure storage repository. Upon making this determination, a filter driver can identify a secure storage area on a client computer and can redirect the write request to this secure storage. In other embodiments, the filter driver may deny requests of trusted applications to write to unsecure storage areas.

Access by multiple hosts, such as computers, to a data storage device by way of a network while maintaining data integrity. In one embodiment, a method for accessing the storage device includes acquiring a resource “lock” that provides exclusive access to one of the hosts at a time. In another embodiment, the file systems of a first and second host provide file system attributes stored in a storage device to provide mutually exclusive access for each host to free blocks of the device. In another embodiment, a networked system contains a first host having exclusive direct access to a storage device over a digital network. A second host requiring access to the storage device communicates with the first host by way of the digital network. File access requests generated by the second host are transferred by a redirection filter driver within the second host to the first host.

A method of controlling presentation of content on a media storage device is described. The method is comprised of verifying the presence of a media presentation mechanism and a usage compliance mechanism on a computer system operated by a recipient to whom the media storage device is distributed. The usage compliance mechanism includes a file system filter driver for controlling data reads associated with the computer readable media. The media presentation mechanism is communicatively coupled with the usage compliance mechanism. The present method further includes the file system driver performing a first decryption of the computer readable media. The present method further includes the media presentation mechanism performing a second decrypting of the computer readable media concurrent with presenting the computer readable media to the recipient.

A Virtual-Memory Device (VMD) driver and application execute on a host to increase endurance of flash memory attached to a Super Enhanced Endurance Device (SEED) or Solid-State Drive (SSD). Host accesses to flash are intercepted by the VMD driver using upper and lower-level filter drivers and categorized as data types of paging files, temporary files, meta-data, and user data files, using address ranges and file extensions read from meta-data tables. Paging files and temporary files are optionally written to flash. Full-page and partial-page data are grouped into multi-page meta-pages by data type before storage by the SSD. Ramdisks and caches for storing each data type in the host DRAM are managed and flushed to the SSD by the VMD driver. Write dates are stored for pages or blocks for management functions. A spare/swap area in DRAM reduces flash wear. Reference voltages are adjusted when error correction fails.

A software security application for a Windows® OS based electronic computer system provides an isolated User environment which protects a User from unauthorized access to and manipulation of data on the system. The security software implements an isolated User file system and provides process/IPC isolation, Windows® registry isolation, network interface isolation, and isolated administrative control on the computer system. Interactive components of the system include an execution hook component that traps system calls, a job object component that creates/destructs, manages and manipulates job objects, a system call hook component for trapping and filtering all Windows registry I/O requests, a file system block device driver for mounting/unmounting the isolated User file system, a file system/filter driver, a network interface/NDIS hook component, and an environment handler. The environment handler provides the overall management interface for other system components, allowing definition of rules, managing authentication and other control/management functions.

A system provides file aware block level deduplication in a system having multiple clients connected to a storage subsystem over a network such as an Internet Protocol (IP) network. The system includes client components and storage subsystem components. Client components include a walker that traverses the namespace looking for files that meet the criteria for optimization, a file system daemon that rehydrates the files, and a filter driver that watches all operations going to the file system. Storage subsystem components include an optimizer resident on the nodes of the storage subsystem. The optimizer can use idle processor cycles to perform optimization. Sub-file compression can be performed at the storage subsystem.

Described are techniques used in detection of a data corruption in a computer system in connection with read and write operations. For a write operation, a host issues a write request that includes a checksum value determined in accordance with data associated with the write request. The write request is received by a data storage system that performs data validation using the checksum. The host issues a vendor-defined write request operation that includes the checksum as a data field in the request packet sent to the data storage system. For a read operation, a host issues a read request and the data storage system determines a checksum value before servicing the read request. The checksum is validated at the top of the I/O stack on the host by the file system filter driver.

In a malware auto-analysis method using a kernel callback mechanism, a function, present in a kernel driver within a PsSetCreateProcessNotifyRoutine function, is registered by a process monitor driver as a callback function when a computer boot. A function present in a registry monitor driver is registered by the registry monitor driver as a callback function in a CmRegisterCallback function when the driver is loaded. A kernel driver is registered by a file monitor driver as a mini-filter driver in a Filter Manager present in a Windows system. At least one of a process event, a registry event, or an Input/Output (I/O) event is received by a behavior event collector from the process monitor driver, the registry monitor driver, or the file monitor driver, respectively.

A storage device is coupled to a computing system comprising an operating system and application software. Access to the storage device is blocked by a kernel filter driver, except exclusive access is granted to a first anti-virus engine. The first anti-virus engine is directed to scan the storage device for malicious software and report results. Exclusive access may be granted to one or more other anti-virus engines and they may be directed to scan the storage device and report results. Approval of all or a portion of the information on the storage device is based on the results from the first anti-virus engine and the other anti-virus engines. The storage device is presented to the operating system and access is granted to the approved information. The operating system may be a Microsoft Windows operating system. The kernel filter driver and usage of anti-virus engines may be configurable by a user.

A system and method for preventing tampering and unauthorized access to digital data stored on a device. The system can include 1) a data store for containing digital data to be protected and a listing of processes permitted to access the digital data, 2) a filter driver for intercepting a request issued from a process to access the digital data, 3) a central processor, in communication with the data store, upon receipt of a notification of the intercepted request from the filter driver, deciding to grant or deny the request by determining whether the process issuing the request is on the listing of processes permitted to access the digital data, and 4) a monitor process for monitoring one or more software components of the system including the central processor, filter driver, and data store, and for identifying and preventing any unauthorized processes from accessing and tampering with the software components of the system.