Storage device tampering detection

US 9,984,256 B2
Filed: 05/15/2014
Issued: 05/29/2018
Est. Priority Date: 05/15/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of detecting a counterfeit storage device, the method comprising:

printing a first identifier value associated with a first characteristic of the storage device on an external surface of a housing of the storage device;

electronically storing a second identifier value associated with a second characteristic of the storage device in a memory of the storage device supported by the housing;

storing one or more dummy identifier values on one or more of the external surface of the housing or the memory, each of the dummy identifier values associated with an additional characteristic of the storage device;

combining the first and second identifier values in a predetermined order to form a combined identifier value;

generating a digital signature of the combined identifier value using a private key of a public/private key pair;

storing the digital signature on the storage device by performing at least a selected one of printing the digital signature to the external surface of the housing or electronically storing the digital signature in the memory;

subsequently retrieving from the storage device and storing, in a verification device memory, the first identifier value, the second identifier value, the digital signature and each of the one or more dummy identifier values;

using a verification device processor circuit to combine the first and second identifier values from the verification device memory in the predetermined order to form a retrieved combined identifier value; and

authenticating the storage device using the retrieved combined identifier value, the retrieved digital signature and a public key of the public/private key pair.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for detecting unauthorized tampering with a data storage device having a housing and a memory. A first identifier value is stored on an external surface of the housing and a second identifier value is stored within the memory. The first and second identifier values are combined in a predetermined order to form a combined identifier value for which a digital signature is generated using a private key, and the digital signature is stored on the storage device. The digital signature, the first and second identifier values, and one or more dummy identification values are retrieved from the storage device and stored in a memory of a verification device, which combines the retrieved first and second identifier values in the predetermined order to generate a retrieved combined identifier value. The storage device is authenticated using the retrieved combined identifier value, the digital signature and a public key.

50 Citations

View as Search Results

20 Claims

1. A computer-implemented method of detecting a counterfeit storage device, the method comprising:
- printing a first identifier value associated with a first characteristic of the storage device on an external surface of a housing of the storage device;
  
  electronically storing a second identifier value associated with a second characteristic of the storage device in a memory of the storage device supported by the housing;
  
  storing one or more dummy identifier values on one or more of the external surface of the housing or the memory, each of the dummy identifier values associated with an additional characteristic of the storage device;
  
  combining the first and second identifier values in a predetermined order to form a combined identifier value;
  
  generating a digital signature of the combined identifier value using a private key of a public/private key pair;
  
  storing the digital signature on the storage device by performing at least a selected one of printing the digital signature to the external surface of the housing or electronically storing the digital signature in the memory;
  
  subsequently retrieving from the storage device and storing, in a verification device memory, the first identifier value, the second identifier value, the digital signature and each of the one or more dummy identifier values;
  
  using a verification device processor circuit to combine the first and second identifier values from the verification device memory in the predetermined order to form a retrieved combined identifier value; and
  
  authenticating the storage device using the retrieved combined identifier value, the retrieved digital signature and a public key of the public/private key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the digital signature is generated using a signing algorithm on the combined identifier value.
  - 3. The method of claim 2, further comprising encrypting the combined identifier value to form an encrypted combined identifier value, and applying the signing algorithm to the encrypted combined identifier value.
  - 4. The method of claim 3, wherein the encrypted combined identifier value is formed using an encryption algorithm based on a symmetric secret encryption key.
  - 5. The method of claim 1, wherein the device comprises a primary interface port to facilitate electronic communications with a host in accordance with a first interface protocol and a secondary interface port to facilitate electronic communications with a host in accordance with a different, second interface protocol, and wherein the second identifier value is retrieved from the memory via the secondary interface port.
  - 6. The method of claim 1, wherein the storage device is authenticated using a verification algorithm which generates a pass or fail indication responsive to the retrieved combined identifier value, the digital signature and the public key.
  - 7. The method of claim 6, further comprising encrypting the combined identifier value to generate an encrypted identifier value, wherein the verification algorithm uses the encrypted identifier value as an input.
  - 8. The method of claim 1, wherein the subsequently retrieving step further comprises displaying the digital signature and each of the first, second and each of the one or more dummy identifier values on a graphical user interface display associated with the verification device processor to mask a format of the retrieved combined identifier value.
  - 9. The method of claim 1, wherein the first characteristic of the storage device associated with the first identifier value is a selected one of a unique serial number assigned to the storage device, a model number associated with the storage device or an overall data storage capacity of the memory of the storage device.
  - 10. The method of claim 1, wherein the second characteristic of the storage device associated with the second identifier value is a selected one of a unique serial number of an internal component of the storage device within the housing or a parametric value measured by the storage device.
  - 11. The method of claim 1, wherein the additional characteristic of a selected one of the dummy identifier values is a selected one of a unique serial number assigned to the storage device, a model number associated with the storage device or an overall data storage capacity of the memory of the storage device.

12. A computer-implemented method comprising:
- providing a storage device having a housing and a memory supported within the housing;
  
  printing a first identifier value associated with the storage device onto a label affixed to an external surface of the housing;
  
  storing a second identifier value associated with the storage device in the memory;
  
  providing a third identifier value in a selected one of the label or the memory, each of the first, second and third identifier values associated with a different characteristic of the storage device;
  
  combining at least the first identifier value and the second identifier value but not the third identifier value into a first combined identifier value having a predetermined order;
  
  generating a cryptographic digital signature using a cryptographic signing algorithm based on the first combined identifier value and a private cryptographic key of a private/public key pair;
  
  storing the digital signature;
  
  subsequently determining whether the storage device is an authentic device or a counterfeit device by steps comprising;
  
  retrieving, from the storage device to a verification device memory, the first identifier value from the label, the second identifier value from the memory of the storage device, and the third identifier value from the label or the memory of the storage device, and displaying each of the first, second and third identifier values on a user display;
  
  combining at least the retrieved first and second identifier values into a second combined identifier value; and
  
  using a verification algorithm stored in a verification device memory and executed by a verification device processor operable at least upon the digital signature, the second combined identifier value and a public cryptographic key of the private/public key pair to generate a pass/fail indication signal indicative of the authenticity of the storage device.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising encrypting the first combined identifier value using a product key to generate an encrypted combined identifier value, wherein the generating step generates the digital signature using the encrypted combined identifier value and the private key, and wherein the subsequently determining step further comprises encrypting the second combined identifier value using the product key to generate a second encrypted combined identifier value.
  - 14. The method of claim 12, further comprising encrypting the digital signature using a product key to generate an encrypted digital signature, wherein the step of storing the digital signature comprises storing the encrypted digital signature to at least a selected one of the external surface of the housing or the memory.
  - 15. The method of claim 12, wherein the digital signature is printed onto the external surface of the housing by incorporating a human readable representation of the digital signature onto an adhesive label attached to the external surface of the housing.

16. A computer-based apparatus for detecting a counterfeit data storage device, comprising:
- a verification module comprising a processor having associated programming in memory to execute a verification algorithm that provides a pass/fail indication responsive to a public key of a private/public key pair, a digital signature generated using a private key of the private/public key pair, a first identifier value stored on an external surface of a housing of the storage device associated with a first characteristic of the storage device, and a second identifier value stored in a memory within said housing associated with a second characteristic of the storage device; and
  
  a data collection module which supplies the first identifier value, the second identifier value, at least one or more dummy identifier values associated with additional characteristics of the storage device and the digital signature to the memory of the verification module, the data collection module comprising a human user interface and a storage device interface, the human user interface configured to receive and display input data entered by a human user of the apparatus corresponding to the first identifier value and the at least one or more dummy identifier values from the external surface of the housing, the storage device interface configured to electronically retrieve input data corresponding to the second identifier value stored in the memory.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, the data collection module comprising a graphical user interface display that displays each of the first, second and one or more dummy identifier values in a human readable format.
  - 18. The apparatus of claim 17, wherein the apparatus authenticates the storage device by combining the first and second identifier values supplied by the data collection module in a predetermined order to form a combined identifier value and operating the verification algorithm using the combined identifier value, the digital signature and the public key.
  - 19. The apparatus of claim 16, the processor of the verification module further having associated programming to execute an encryption algorithm using a product key associated with the storage device to encrypt a combined identifier value obtained using the first and second identifier values from the data collection module, the verification algorithm operative upon the encrypted combined identifier value.
  - 20. The apparatus of claim 16, the processor of the verification module further having associated programming to execute a decryption algorithm using a product key associated with the storage device to decrypt the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Liu, Hong, Kataria, Abhay, Chen, Chao, Feng, WeiWei, Forehand, Monty A., Anderson, William Erik
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US14/900,962
Publication Number

US 20170323121A1
Time in Patent Office

1,475 Days
Field of Search

726 84
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

G06F 21/78   to assure secure storage of...

G06F 21/79   in semiconductor storage me...

G06F 21/80   in storage media based on m...

G06F 21/86   Secure or tamper-resistant ...

Storage device tampering detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Storage device tampering detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links