Methods and apparatus for verifying modules from approved vendors

US 7,845,016 B2
Filed: 11/28/2005
Issued: 11/30/2010
Est. Priority Date: 11/28/2005
Status: Active Grant

First Claim

Patent Images

1. In a system having a plurality of network communications devices, each network communications device including a plurality of hardware modules, a method for verifying that the hardware modules are from an approved vendor, comprising:

i) at each network communications device, determining whether respective vendor data obtained from each hardware module of the network communications device is valid vendor data according to a vendor data checking procedure, wherein valid vendor data includes a valid vendor identifier and a valid module serial number; and

ii) engaging in a counterfeit module detection process among the network communications devices, the counterfeit module detection process including (a) comparing respective valid module serial numbers from respective hardware modules of different ones of the network communications devices to identify duplicate valid module serial numbers among the network communications devices, each duplicate valid module serial number indicating that corresponding hardware modules from the different network communications devices are potentially counterfeit hardware modules not from an approved vendor, and (b) disabling operation of the potentially counterfeit hardware modules on each of the different network communications devices,wherein;

(a) each of the network communications devices maintains a respective device module database containing vendor data obtained from hardware modules of the network communications device;

(b) the system includes a service provider maintaining a central database containing vendor data for hardware modules of the network communications devices of the system, the network module database being populated with vendor data received from the device module databases of the network communications devices;

(c) comparing respective valid module serial numbers from respective hardware modules of different ones of the network communications devices includes comparing valid module serial numbers stored in the central database;

(d) the service provider is operative to generate alert messages to the network communications devices upon identifying duplicate valid module serial numbers, the alert messages inducing the disabling of the potentially counterfeit hardware modules; and

(e) each network communications device is operative in response to each alert message from the service provider to;

include a module serial number from the alert message in a list of module serial numbers maintained by the network communications device;

compare the serial numbers of hardware modules in the network communications device with the module serial numbers in the list; and

upon finding a match between a serial number of a hardware module in the network communications device with a module serial number in the list, take an action with respect to the hardware module having the matching serial number, the action selected from (i) shutting down the hardware module and (ii) notifying a local system administrator.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique verifies a that a module is from an approved vendor. The technique involves obtaining vendor data and a first magic code from a module (e.g., a small form factor pluggable component), and generating a second magic code based on the vendor data. The technique further involves outputting (i) a magic code valid signal when the second magic code matches the first magic code, and (ii) a magic code invalid signal when the second magic code does not match the first magic code. Operation of a computerized device having the module can be based on the valid and invalid signals (e.g., a voltage level, a bit that is set or cleared, a value in a register, etc.). For example, a supplier of the electronic device can configure software running on the computerized device to disable the module if the first and second magic codes do not match.

52 Citations

View as Search Results

21 Claims

1. In a system having a plurality of network communications devices, each network communications device including a plurality of hardware modules, a method for verifying that the hardware modules are from an approved vendor, comprising:
- i) at each network communications device, determining whether respective vendor data obtained from each hardware module of the network communications device is valid vendor data according to a vendor data checking procedure, wherein valid vendor data includes a valid vendor identifier and a valid module serial number; and
  
  ii) engaging in a counterfeit module detection process among the network communications devices, the counterfeit module detection process including (a) comparing respective valid module serial numbers from respective hardware modules of different ones of the network communications devices to identify duplicate valid module serial numbers among the network communications devices, each duplicate valid module serial number indicating that corresponding hardware modules from the different network communications devices are potentially counterfeit hardware modules not from an approved vendor, and (b) disabling operation of the potentially counterfeit hardware modules on each of the different network communications devices,wherein;
  
  (a) each of the network communications devices maintains a respective device module database containing vendor data obtained from hardware modules of the network communications device;
  
  (b) the system includes a service provider maintaining a central database containing vendor data for hardware modules of the network communications devices of the system, the network module database being populated with vendor data received from the device module databases of the network communications devices;
  
  (c) comparing respective valid module serial numbers from respective hardware modules of different ones of the network communications devices includes comparing valid module serial numbers stored in the central database;
  
  (d) the service provider is operative to generate alert messages to the network communications devices upon identifying duplicate valid module serial numbers, the alert messages inducing the disabling of the potentially counterfeit hardware modules; and
  
  (e) each network communications device is operative in response to each alert message from the service provider to;
  
  include a module serial number from the alert message in a list of module serial numbers maintained by the network communications device;
  
  compare the serial numbers of hardware modules in the network communications device with the module serial numbers in the list; and
  
  upon finding a match between a serial number of a hardware module in the network communications device with a module serial number in the list, take an action with respect to the hardware module having the matching serial number, the action selected from (i) shutting down the hardware module and (ii) notifying a local system administrator.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the vendor data from the device module databases is communicated to the service provider via a call-in type of communications session initiated by the network computerized devices.
  - 3. A method according to claim 2, wherein the service provider is a manufacturer of the network communications devices.
  - 4. A method according to claim 1, wherein the vendor data from the device module databases is stored in non-volatile memory on the respective network communications devices and transferred to the service provider as part of respective maintenance operations performed on the network communications devices by the service provider.
  - 5. A method according to claim 1, wherein the vendor data checking procedure comprises:
    - obtaining vendor data and a first magic code from a hardware module;
      
      generating a second magic code based on the vendor data; and
      
      comparing the first and second magic codes.
  - 6. A method according to claim 5, wherein the step of generating the second magic code comprises performing a message-digest algorithm operation on the vendor data.
  - 7. A method according to claim 6, wherein the hardware module is one of a small form pluggable module and a gigabit interface converter (GBIC) module having a non-volatile memory in which the vendor data is stored.

8. A system, comprising:
- a plurality of network communications devices, each network communications device including a plurality of hardware modules that may or may not be from an approved vendor, each network communications device being operative to determine whether respective vendor data obtained from each hardware module of the network communications device is valid vendor data according to a vendor data checking procedure, wherein valid vendor data includes a valid vendor identifier and a valid module serial number; and
  
  a system component operative to engage in a counterfeit module detection process among the network communications devices, the counterfeit module detection process including (a) comparing respective valid module serial numbers from respective hardware modules of different ones of the network communications devices to identify duplicate valid module serial numbers among the network communications devices, each duplicate valid module serial number indicating that the corresponding hardware modules from the different network communications devices are potentially counterfeit hardware modules not from an approved vendor, and (b) disabling operation of the potentially counterfeit hardware modules on each of the different network communications devices,wherein;
  
  (a) each of the network communications devices maintains a respective device module database containing vendor data obtained from hardware modules of the network communications device;
  
  (b) the system component includes a service provider maintaining a central database containing vendor data for hardware modules of the network communications devices of the system, the network module database being populated with vendor data received from the device module databases of the network communications devices;
  
  (c) the comparing of respective valid module serial numbers from respective hardware modules of different ones of the network communications devices includes comparing valid module serial numbers stored in the central database;
  
  (d) the service provider is operative to generate alert messages to the network communications devices upon identifying duplicate valid module serial numbers, the alert messages inducing the disabling of the potentially counterfeit hardware modules; and
  
  (e) each network communications device is operative in response to each alert message from the service provider to;
  
  include a module serial number from the alert message in a list of module serial numbers maintained by the network communications device;
  
  compare the serial numbers of hardware modules in the network communications device with the module serial numbers in the list; and
  
  upon finding a match between a serial number of a hardware module in the network communications device with a module serial number in the list, take an action with respect to the hardware module having the matching serial number, the action selected from (i) shutting down the hardware module and (ii) notifying a local system administrator.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system according to claim 8, wherein the vendor data from the device module databases is communicated to the service provider via a call-in type of communications session initiated by the network computerized devices.
  - 10. A system according to claim 9, wherein the service provider is a manufacturer of the network communications devices.
  - 11. A system according to claim 8, wherein the vendor data from the device module databases is stored in non-volatile memory on the respective network communications devices and transferred to the service provider as part of respective maintenance operations performed on the network communications devices by the service provider.
  - 12. A system according to claim 8, wherein the network communications device is operative when performing the vendor data checking procedure to:
    - obtain vendor data and a first magic code from a hardware module;
      
      generate a second magic code based on the vendor data; and
      
      compare the first and second magic codes.
  - 13. A system according to claim 12, wherein the network communications device is operative when generating the second magic code to perform a message-digest algorithm operation on the vendor data.
  - 14. A system according to claim 13, wherein the hardware module is one of a small form pluggable module and a gigabit interface converter (GBIC) module having a non-volatile memory in which the vendor data is stored.

15. A network communications device, comprising:
- a plurality of hardware modules that each may or may not be from an approved vendor; and
  
  a controller operative to;
  
  i) determine whether respective vendor data obtained from each hardware module of the network communications device is valid vendor data according to a vendor data checking procedure, wherein valid vendor data includes a valid vendor identifier and a valid module serial number; and
  
  ii) engage in a counterfeit module detection process among the network communications devices, the counterfeit module detection process including (a) providing the valid module serial number to a system component that is operative to compare the valid module serial number with respective valid module serial numbers of other network communications devices to identify duplicate valid module serial numbers, each duplicate valid module serial number indicating that the hardware modules from the different network communications devices are potentially counterfeit hardware modules not from an approved vendor, and (b) disable operation of the potentially counterfeit hardware modules on the network communications device,wherein;
  
  (a) the network communications device maintains a device module database containing vendor data obtained from hardware modules of the network communications device;
  
  (b) the system component includes a service provider maintaining a central database containing vendor data for hardware modules of the network communications devices, the network module database being populated with vendor data received from the device module databases of the network communications devices;
  
  (c) the service provider is operative to compare respective valid module serial numbers from respective hardware modules of different ones of the network communications devices includes comparing valid module serial numbers stored in the central database;
  
  (d) the service provider is operative to generate alert messages to the network communications device upon identifying duplicate valid module serial numbers, the alert messages inducing the disabling of the potentially counterfeit hardware modules by the network communications device; and
  
  (e) the network communications device is operative in response to each alert message from the service provider to;
  
  include a module serial number from the alert message in a list of module serial numbers maintained by the network communications device;
  
  compare the serial numbers of hardware modules in the network communications device with the module serial numbers in the list; and
  
  upon finding a match between a serial number of a hardware module in the network communications device with a module serial number in the list, take an action with respect to the hardware module having the matching serial number, the action selected from (i) shutting down the hardware module and (ii) notifying a local system administrator.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A network communications device according to claim 15, wherein the vendor data from the device module databases is communicated to the service provider via a call-in type of communications session initiated by the network computerized device.
  - 17. A network communications device according to claim 16, wherein the service provider is a manufacturer of the network communications devices.
  - 18. A network communications device according to claim 15, wherein the vendor data from the device module databases is stored in non-volatile memory on the respective network communications devices and transferred to the service provider as part of respective maintenance operations performed on the network communications devices by the service provider.
  - 19. A network communications device according to claim 15, wherein the network communications device is operative when performing the vendor data checking procedure to:
    - obtain vendor data and a first magic code from a hardware module;
      
      generate a second magic code based on the vendor data; and
      
      compare the first and second magic codes.
  - 20. A network communications device according to claim 19, wherein the network communications device is operative when generating the second magic code to perform a message-digest algorithm operation on the vendor data.
  - 21. A network communications device according to claim 20, wherein the hardware module is one of a small form pluggable module and a gigabit interface converter (GBIC) module having a non-volatile memory in which the vendor data is stored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sadana, Anshul, Diab, Wael William
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US11/287,783
Publication Number

US 20070124413A1
Time in Patent Office

1,828 Days
Field of Search

713/176, 726/34
US Class Current

726/34
CPC Class Codes

H04L 2209/56 Financial cryptography, e.g...

H04L 9/3236 using cryptographic hash fu...

Methods and apparatus for verifying modules from approved vendors

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for verifying modules from approved vendors

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links