Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for authenticating a storage device to a storage controller

IP.com Disclosure Number: IPCOM000030590D
Original Publication Date: 2004-Aug-18
Included in the Prior Art Database: 2004-Aug-18
Document File: 2 page(s) / 55K

Publishing Venue

IBM

Abstract

Disclosed is a secure method for authenticating a storage controller to an attached storage device, such that the device will only accept requests from an authenticated controller. A typical request would update functional characteristics of the device (such as device model number or serial number, customized firmware, support for vendor-unique commands, etc.). The authentication process uses nontrivial pseudo-random numbers and polynomial equations communicated in a series of commands between the controller and device.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 49% of the total text.

Page 1 of 2

Method for authenticating a storage device to a storage controller

It is desirable in the storage industry to be able to produce one hardware footprint for a given storage device, but be able to customize the device for each manufacturing customer (i.e., different operating systems or hardware platforms) in order to provide unique functionality for that customer. These unique functional characteristics allow various end-user price points for a single hardware footprint -- one manufacturer may have a low-end device with no added functionality and offer the device for a low price. Another manufacturer may add substantial functionality to the same device and thus offer it for a premium price.

     Thus, it is necessary to avoid allowing the general consumer to buy an inexpensive device and update it (typically by downloading new firmware) to emulate a premium device. To circumvent this, some manufacturers make the process painful, by requiring a proprietary "intermediate" level of firmware to be placed on the device before switching platforms, or by issuing a vendor-unique command with a proprietary but fixed password. The first option is unproductive at the manufacturing and assembly level, and both are risky should the firmware and/or password ever reach the general consumer.

     Likewise, in some storage solutions, it is desirable to prevent unauthorized read and write access to devices containing critical data. Historically some manufacturers have implemented complicated but unreliable methods of authenticating such devices and controllers, such as requiring support for vendor-unique commands, returning certain values in the device inquiry data, and so on. These partial solutions usually have the drawback of being easily observed and emulated by third parties, thereby circumventing the authentication process.

     The disclosed invention provides a secure method for only allowing authenticated storage controllers to update functional characteristics on an attached device and/or read/write this same device.

     The embodied solution discloses a secure method for authenticating a storage controller to an attached storage device, such that the device will only accept requests from an authenticated controller. A typical request would update functional characteristics of the device (such as device model number or serial number, customerized firmware, support for vendor-unique commands, etc.). The authentication process uses nontrivial pseudo-random numbers and polynomial equations communicated in a series of commands between the controller and device.

     During product development for the device and controller, the authentication polynomial equation must be established and a "Change Definition" command must be defined. The device will only accept Change Definition commands which contain the correct key. The key is a pseudo-random number which results from a particular polynomial equation with inputs which are nontrivial and unique to this device and/or co...