Digitally sealing equipment for authentication of components

US 10,311,224 B1
Filed: 03/23/2017
Issued: 06/04/2019
Est. Priority Date: 03/23/2017
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating rack components, comprising:

reading device identifiers for hardware components within a rack;

generating a digital seal representing a configuration of the rack using the device identifiers, wherein the digital seal includes a unique identifier that is a combination of the device identifiers;

storing the digital seal in non-volatile storage within the rack during shipment of the rack;

after shipment of the rack, re-reading the device identifiers and generating a current measurement; and

authenticating the components within the rack by verifying that the digital seal matches the current measurement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital seal of a current configuration of a rack can be generated to authenticate that rack components within the rack remain unchanged during transport. At a manufacturing site, an agent can be executed so as to capture a plurality of device identifiers, which indicate what hardware or software components are present in the rack. A digital seal representing a current configuration of the rack can be generated using the device identifiers and stored at a secure location within the rack. When the rack is transported from one location to another, the digital seal of the rack travels with the rack. At a data center, the rack can be re-tested and a new measurement can be captured. The stored digital seal can be compared to the new measurement to ensure that the rack components have not been compromised during shipping.

75 Citations

View as Search Results

18 Claims

1. A method of authenticating rack components, comprising:
- reading device identifiers for hardware components within a rack;
  
  generating a digital seal representing a configuration of the rack using the device identifiers, wherein the digital seal includes a unique identifier that is a combination of the device identifiers;
  
  storing the digital seal in non-volatile storage within the rack during shipment of the rack;
  
  after shipment of the rack, re-reading the device identifiers and generating a current measurement; and
  
  authenticating the components within the rack by verifying that the digital seal matches the current measurement.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the unique identifier is a concatenation of the device identifiers and wherein the device identifiers include serial numbers of the plurality of the components, or wherein the device identifiers are cryptographic values associated with the serial numbers of the plurality of components.
  - 3. The method of claim 1, wherein the plurality of components include:
    - a processor, memory, storage devices, network devices, management cards, bus adapters, add-in cards, or power supplies.
  - 4. The method of claim 1, further including interrogating the plurality of components in the rack to determine the device identifiers including:
    - a type of component, a vendor of the component, a model number of the component or a version number of the component.

5. A method, comprising:
- interrogating rack hardware components within a rack to obtain identifiers associated therewith;
  
  generating, using a processor coupled to or in the rack, a digital seal of a current configuration of the rack using the obtained identifiers;
  
  storing the digital seal using the processor within a Trusted Platform Module (TPM), the processor and the TPM being separate components within the rack; and
  
  validating the rack by generating a digital measurement using the identifiers and comparing the digital measurement to the digital seal.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The method of claim 5, further including validating the rack at a later time by generating a digital measurement by using the identifiers and comparing the digital measurement to the digital seal.
  - 7. The method of claim 6, wherein the digital seal matches the digital measurement if a configuration of the rack is unaltered between the generating of the digital seal and the generating of the digital measurement.
  - 8. The method of claim 5, wherein rack components are electronic devices and include:
    - server computers, switches, power units, PCI devices or networking devices.
  - 9. The method of claim 5, wherein the interrogating of the rack components includes obtaining a vendor, a model, a serial number of the rack components, or a release version of software.
  - 10. The method of claim 5, further including reading a policy document that controls a frequency to authenticate the rack and to control actions to be taken if the authentication is invalid.
  - 11. The method of claim 5, wherein storing the digital seal includes storing a value within non-volatile memory within one of the rack components.
  - 12. The method of claim 5, further including detecting that a rack component was added, removed, or swapped for another rack component by determining that the digital seal does not match a re-calculated digital measurement.
  - 13. The method of claim 5, wherein the digital seal is generated using:
    - a cryptographic function or a checksum.

14. A system, comprising:
- a rack of components including a server computer, the server computers including a motherboard having a processor; and
  
  an agent for execution on the rack of components to determine hardware components included in the rack of components after shipment of the rack of components, the agent for generating a first unique identifier for the determined components and for storing the unique identifier within the rack of components, wherein the first unique identifier is a concatenation of identifiers of the hardware components, and is configured to re-determine the hardware components included in the rack of components to generate a second unique identifier and to authenticate the rack of components by determining whether the second unique identifier and the first unique identifier match.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the first unique identifier is associated with a configuration of the rack of components.
  - 16. The system of claim 14, wherein the first unique identifier is obtained by reading identifiers of the components and using the identifiers of the components in a hash algorithm.
  - 17. The system of claim 14, wherein the components include processors, network components, storage components, memory, add-in cards, or versions of software.
  - 18. The system of claim 14, wherein the first unique identifier is stored with the rack of components in a trusted platform module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Farhan, Munif M., Rangel Martinez, Jaime Ismael
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/467,896
Time in Patent Office

803 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 9/0866   involving user or device id...

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Digitally sealing equipment for authentication of components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Digitally sealing equipment for authentication of components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others