CN116305319A - Method for checking the integrity of a computer using a blockchain - Google Patents

Method for checking the integrity of a computer using a blockchain Download PDF

Info

Publication number
CN116305319A
CN116305319A CN202310165259.0A CN202310165259A CN116305319A CN 116305319 A CN116305319 A CN 116305319A CN 202310165259 A CN202310165259 A CN 202310165259A CN 116305319 A CN116305319 A CN 116305319A
Authority
CN
China
Prior art keywords
block
information processing
location
master
processing apparatus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310165259.0A
Other languages
Chinese (zh)
Inventor
张彩红
陈江
阿加·多拉克亚
F·A·鲍尔三世
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202310165259.0A priority Critical patent/CN116305319A/en
Publication of CN116305319A publication Critical patent/CN116305319A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method of checking the integrity of an information processing apparatus as it is transported from a first location to a second location. The method includes generating a first master block, wherein the first master block indicates an integrity of the information processing apparatus when at a first location; initializing a first ledger based on the first master block; broadcasting a first ledger to a blockchain network; generating a second master block, the second master block indicating the integrity of the information processing apparatus when at a second location; updating the first ledger according to a second master tile added to the first master tile; and determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second master block with the first master block. This method ensures the hardware security of the information processing apparatus.

Description

Method for checking the integrity of a computer using a blockchain
Technical Field
The present invention relates to checking and verifying the integrity of information handling devices, such integrity including, for example, hardware components, software components, configurations, etc.
Background
Servers are widely used by businesses to provide users with durable, reliable data processing capabilities. Typically, servers are assembled into bare metal (barebone) at the factory by installing critical hardware components such as a CPU (central processing unit), hard disk drive, and memory unit. In this process, software components such as the operating system and other pre-installed software applications are also installed in the hard disk drive. At this stage, the server may already be used and after packaging the server completes the final manufacture and may be distributed to its users (e.g., companies and enterprises).
After the server is manufactured, the vendor wants to ensure that no hardware is changed or swapped during shipment from the manufacturer to the customer. When a customer receives a server, they need to check whether the hardware configuration of the server matches the customer's original order, and whether any hardware has been changed or swapped. For this reason, solutions have conventionally been proposed to check and verify the integrity of hardware components, such as attaching a warranty decal to the server enclosure to seal the enclosure to ensure that the components in the server are not altered or swapped. Clearly, the decal is easily counterfeited and can be recovered even after the server has been tampered with. Another option is to build a database by the vendor for the customer to access so that the customer can verify the hardware inventory based on the serial number or order number or simply check the hardware inventory information based on the contents of the order/contract. This requires the customer to authenticate not only the manufacturer but also other parties on the supply chain. Electronic billboards are used that are digitally signed to track delivery from a supplier to a customer, but they require a large number of keys on a key chain (keychain) to establish a full trust relationship.
Disclosure of Invention
Accordingly, the present invention provides, in one aspect, a method of checking the integrity of an information processing apparatus as it is transported from a first location to a second location. The method includes generating a first master block, wherein the first master block indicates an integrity of the information processing apparatus when at a first location; initializing a first ledger based on the first master block; broadcasting a first ledger to a blockchain network; generating a second master block, the second master block indicating the integrity of the information processing apparatus when at a second location; updating the first ledger according to a second master tile added to the first master tile; and determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second master block with the first master block.
In some embodiments, the step of generating the first master tile further comprises creating a snapshot of the component configuration of the information processing device at the first location.
In some embodiments, the step of generating the second master tile further comprises creating a snapshot of the component configuration of the information processing device at the second location.
In some embodiments, the step of generating the second master block further comprises copying the content of the first master block to the content of the second master block.
In certain embodiments, the component configuration includes one or more of the following: a list of hardware components, a list of software components, and a software configuration.
In certain embodiments, the above method further comprises: generating a first secondary block, the first secondary block indicating the integrity of the information processing apparatus at a first location, the first secondary block being different from the first primary block; initializing a second ledger based on the first secondary block; broadcasting a second ledger to the blockchain network; generating a second secondary block, the second secondary block indicating the integrity of the information processing apparatus at a second location, the second secondary block being different from the second primary block; updating the second ledger according to the second secondary block added after the first secondary block; and determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second secondary block with the first secondary block.
In some embodiments, the first secondary block is a hash digest of the first primary block and the second secondary block is a hash digest of the second primary block.
In some embodiments, the step of determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second secondary block with the first secondary block is performed before the step of determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second primary block with the first primary block.
In some embodiments, the first master tile is generated by software residing in the information processing device.
In some embodiments, the software resides in an operating system of the information processing device or in a service processor of the information processing device.
In some embodiments, the first location is located at a manufacturer of the information processing device; when the information processing apparatus is received by a party who purchases the information processing apparatus, a step of determining whether the integrity of the information processing apparatus is compromised is performed.
In some embodiments, the second master tile is generated by software when the information processing device reaching the second location is powered on.
In some embodiments, the second master tile is generated by a data processing apparatus associated with the second location. The data processing apparatus is configured to access a blockchain network.
In another aspect of the present invention, a system for checking the integrity of an information processing apparatus when the information processing apparatus is transported from a first location to a second location is provided. The system comprises: means for generating a first master block indicating the integrity of the information processing apparatus when at the first location. Means for initializing a first ledger based on the first master tile. Means for broadcasting a first ledger to a blockchain network. Means for generating a second master block, the second master block indicating the integrity of the information processing apparatus when at a second location; means for updating the first ledger based on a second master tile added to the first master tile; and means for determining whether the integrity of the information processing apparatus has been compromised after it reaches the second location by comparing the second master block with the first master block.
In another aspect of the present invention, a computer readable medium having a computer program stored thereon is provided. The program when executed by a processor implements the method of: generating a first master block, wherein the first master block indicates the integrity of the information processing apparatus when at a first location; initializing a first ledger based on the first master block; broadcasting a first ledger to a blockchain network; generating a second master block, the second master block indicating the integrity of the information processing apparatus when at a second location; updating the first ledger according to a second master tile added to the first master tile; and determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second master block with the first master block.
In another aspect of the invention, a method of tracking the integrity of an information processing device as it is transported from a first location to a second location is provided. The method comprises the following steps: generating a first master block; the first master block indicating the integrity of the information processing apparatus when at the first location; initializing a first ledger based on the first master block; broadcasting a first ledger to a blockchain network; generating a second master block indicating said integrity of the information processing apparatus at the second location; and updating the first ledger according to a second master tile added after the first master tile.
Accordingly, the present invention provides a method for applying blockchain techniques to facilitate tracking delivery processes and verification component configurations of an information handling device (e.g., a computer server) to ensure hardware security of the information handling device. These methods simplify component inventory comparisons of information handling devices through the use of software automation, and thus do not require human intervention, such as manually querying a vendor's online database by personnel, and comparing the hardware inventory received therefrom with the actual inventory on the delivered information handling device.
By using the blockchain, a hardware inventory of the information processing device, such as hardware components, software components, and software configurations, can be securely inventoried without risk of the inventory being counterfeited or hijacked due to the trustworthiness of the blockchain. Furthermore, the decentralized structure of the blockchain means that there is no need to provide a central database that all parties need to access during a delivery process, and maintenance of such a central database can be expensive and complex. Instead, only the chain (or chains) broadcast to the blockchain network need be accessed.
Drawings
A further understanding of the nature and advantages of the present invention may be realized by reference to the remaining portions of the specification and the attached drawings; the same components in these figures are numbered identically. In some cases, a sub-label is placed after a reference number and hyphen to represent one of many similar components. When reference is made to a reference numeral without specification to an existing sub-label, it is intended to refer to all such similar components.
Fig. 1 is a system and method for checking the integrity of a computer server delivered from a manufacturer to a client in accordance with a first embodiment of the present invention.
Fig. 2-3 illustrate a flow chart showing the steps of the method of fig. 1.
In the drawings, like numerals refer to like parts throughout the several embodiments described herein.
Detailed Description
Certain terms are used throughout the description and claims to refer to particular components. Those of skill in the art will appreciate that a hardware manufacturer may refer to the same component by different names. The description and claims do not take the form of an element differentiated by name, but rather by functionality. As used throughout the specification and claims, the word "comprise" is an open-ended term, and thus should be interpreted to mean "include, but not limited to. By "substantially" is meant that within an acceptable error range, a person skilled in the art is able to solve the technical problem within a certain error range, substantially achieving the technical effect.
The present invention may be a system, a method and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to perform various aspects of the invention.
A computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: portable computer floppy disks, hard disks, dynamic Random Access Memories (DRAMs), read-only memories (ROMs), erasable programmable read-only memories (EPROMs or flash memories), static Random Access Memories (SRAMs), portable compact disk read-only memories (CD-ROMs), DVDs, memory sticks, floppy disks, mechanical coding devices, such as punch cards or raised structures in grooves, having instructions recorded thereon, and any suitable combination of the above. Computer-readable storage media, as used herein, should not be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.
The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or over a network to an external computer or external storage device, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, optical transmission fibers, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
Computer readable program instructions for performing operations of the present invention can be assembler instructions, instruction Set Architecture (ISA) instructions, machine dependent instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or the like. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer, partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, electronic circuitry, including, for example, programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), may perform aspects of the invention by utilizing state information of computer-readable program instructions to execute the computer-readable program instructions to personalize the electronic circuitry.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer readable program instructions may be provided to a processor of a general purpose computer, data processing apparatus, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative embodiments, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As used herein, a list with "and/or" conjunctions includes any single item in the list or a combination of items in the list. For example, the list of A, B and/or C includes a alone, B alone, a combination of C, A and B alone, a combination of B and C, a combination of a and C, or a combination of A, B and C. As used herein, a list using the term "one or more" includes any single item in the list or a combination of items in the list. For example, one or more of A, B and C include a alone, B alone, a combination of C, A and B alone, a combination of B and C, a combination of a and C, or a combination of A, B and C. For example, "one of A, B and C" includes only a, only B, or only C, and does not include a combination of A, B and C. As used herein, "a member selected from the group consisting of A, B and C," includes one and only one of A, B or C, excluding the combination of A, B and C. "as used herein," a member selected from the group consisting of A, B and C and combinations thereof "includes only a, only B, only C, a combination of a and B, a combination of B and C, a combination of a and C, or a combination of A, B and C.
Turning now to FIG. 1, a scenario of a computer server 40 manufactured at a factory and delivered to a client 26 is generally shown along with a method for tracking and verifying the integrity of the hardware components of the server 40 in connection with the delivery process. The server 40 is an information processing apparatus, and it should be noted that there is no limitation on the type of information processing apparatus to which the present invention is applicable. Instead, as long as the information processing device contains one or more hardware components, a manifest (inventory) of those hardware components of the server may be tracked and verified using the methods described herein. Examples of other information processing devices include, but are not limited to, personal computers, kiosks, workstations, and/or data center devices other than servers. In the description of the present embodiment, the term "data processing apparatus" is used interchangeably with "information processing device".
Referring to fig. 1, a method of tracking and verifying the integrity of a hardware component of a server involves various parties on a logistics chain delivering to a server 40, including a manufacturer 20, distributor 22, retailer 24, and customer 26. These parties may be geographically close (e.g., in the same city) or geographically distant (e.g., across different provinces, countries). As will be appreciated by the skilled artisan, the manufacturer 20, distributor 22, retailer 24, and customer 26 may be separate entities or individuals that do not belong to each other, for example, the manufacturer 20 may be a server provider that is not affiliated with either the distributor 22 or the retailer 24. In one possible scenario, the distributor 22 and/or retailer 24 may be associated with the manufacturer 20. Manufacturer 20, distributor 22, retailer 24, and customer 26 may be considered locations on the logistics chain.
Access to a blockchain network (generally represented by detail chain 32 and summary chain 34 in fig. 1) is provided at respective locations of manufacturer 20, distributor 22, retailer 24, and customer 26. For example, where the Internet is provided, a data processing device (e.g., server 40) may access the blockchain network via the Internet. Alternatively, a private network may be provided at these sites that has access to the blockchain network. When the server 40 is located at any one of the manufacturer 20, distributor 22, retailer 24, and customer 26, its access to the blockchain network is implemented by special software (e.g., an "agent"), which will be described in detail below, and which can run and access the blockchain network. In addition, the distributor 22 and the retailer 24 each have their own data processing devices (not shown) that can access the blockchain network, which are separate from the server 40.
The blockchain network depicted in fig. 1 may be any type of licensed blockchain network, such as a private blockchain network, a federated blockchain network, or a hybrid blockchain network comprised of public and private parts. Technically, public blockchain networks may also be used for the purposes of the present invention, but there is a concern that the inventory information of the server 40 may be kept secret and should not be accessed by the public. In addition, creating blocks for addition to the link chain 32 and the summary chain 34 may need to be restricted by the manufacturer 20 to only authorized parties in order to minimize the chance of the blockchain network being attacked maliciously. In one example, the blockchain network is a private blockchain network established and maintained by the manufacturer 20. In addition, as will be appreciated by those skilled in the art, the blockchain network in FIG. 1 includes a plurality of nodes, each running a copy of the entire blockchain (e.g., the detail chain 32 and the summary chain 34) and competing with each other to mine the next block or to validate the transaction. Every time a new block joins, the blockchain (also called a ledger) is updated and propagated throughout the blockchain network so that each node is in sync. In fig. 1, one or more data processing devices (not shown) located in manufacturer 20, distributor 22, and retailer 24, respectively, may be nodes adapted to calculate new blocks. Furthermore, wherever server 40 is geographically located, the agent residing in server 40 (when server 40 is powered on) also acts as a node in the blockchain network. As will be described in detail below, when the server 40 is located at a first location (i.e., the manufacturer 20), the agent will be responsible for computing the initial block of a chain. When the server 40 reaches the distributor 22 or the retailer 24, if the server 40 is powered on, the corresponding block may be generated by the agent or by a data processing device associated with the distributor 22 or the retailer 24.
The server 40 is installed with a special piece of software (not shown), which in this embodiment is called agent. The agent, when executed, gathers inventory information 36 for the hardware components of the server 40, where the inventory information 36 represents the component configuration of the server 40. The agent is also able to calculate a hash digest 38 of the manifest information 36, which is a unique value calculated by a hash function representing the particular manifest information 36. As will be appreciated by the skilled artisan, the hash digest 38 will vary widely as long as there is any variation in the original data (even one bit). In addition, when the server 40 is connected to a blockchain network, the proxy is adapted to access the blockchains in the blockchain network and retrieve any particular block on the chain. In this way, the proxy is adapted to store or search details or summaries of the hardware inventory of the server. The agent may be software resident in the operating system of the server 40 or may be resident in a memory readable by a separate processor, such as a BMC (baseboard management controller) on the motherboard, as well as an FPGA expansion card.
As shown in fig. 1, the inventory information 36 represents a component configuration of the server 40, and may include MT/SN (machine type/serial number), a hardware inventory, including CPU, memory, and the like. The MT/SN is unique to the server 40, for example, stored on a motherboard (not shown) of the server 40. However, each individual hardware component of the server 40 may also have its own SN, which may be captured by the proxy and added to the manifest information 36. Furthermore, although not shown in FIG. 1, manifest information 36 may also include software components and software configurations of server 40. Examples of software components include an operating system, pre-installed software, etc., while examples of software configurations include BIOS (basic input/output System), UEFI (unified extensible firmware interface), operating system (e.g., linux) TM Or Windows Server TM ) And/or other software applications. In a specific example, the inventory information 36 includes information such as a CPU model, CPU frequency, disk drive, RAM (random access memory), NIC (network interface card), VRAM (video RAM), VLAN (virtual local area network) version, UEFI configuration, BIOS configuration, and the like.
The block generation order of detail chain 32 and summary chain 34 is also shown in FIG. 1. The method of hardware integrity tracking and verification process for server 40 begins at manufacturer 20 and continues as server 40 is transported from manufacturer 20 to distributor 22, retailer 24, and finally to customer 26. Details of the hardware integrity tracking and verification process of fig. 1 will be described below with reference to the flowchart of fig. 2.
First, in step 50, the server 40 is manufactured by the manufacturer 20 in its factory 31 according to any existing method. In other words, the present invention is not limited to any particular method of manufacturing the server 40. One example of manufacturing the server 40 is to ship all individual hardware components of the server 40, such as the CPU(s), memory units(s), hard drives(s), solid state drives(s), motherboards, cards, chassis, bare metal, etc., to the factory 31 and then assemble the hardware components together. These hardware components may be manufactured by the manufacturer 20 or its suppliers and shipped to the factory 31 from different geographic locations. At factory 31, server 40 is then assembled into a usable state by manufacturer 20. It should be noted that after the hardware components are assembled, the software components (not shown in fig. 1) may be preloaded onto the storage devices of the server 40, such as hard disk drives, solid state drives, and the software components may include the operating system of the server 40, as well as other preloaded software applications that implement the functionality of the server 40.
Concurrent with step 50, or after step 50 (which is the case in FIG. 2), the agent is installed as a software application to server 40, such as a hard disk drive (not shown) that is installed to server 40 in step 52. In one example, the agent is an ODM (original design manufacturer) commissioned by the manufacturer 20 to be installed in the server 40. Once the agent is executed (whether by the host processor or its service processor) at power-up of the server 40, the agent is also configured with the ability to communicate with a blockchain network that includes a link chain 32 and a digest chain 34. When the server 40 is manufactured in the factory 31, the server 40 is powered on, and the agent utilizes blockchain technology to create the link chain 32 and the digest chain 34 for the server 40. Blockchain technology, or Distributed Ledger Technology (DLT), is known per se to those skilled in the internet industry. In step 54, one or more nodes (not shown) in the blockchain network initialize two ledgers, which become the detail chain 32 and the summary chain 34, respectively. Ledgers are a digital file, represented as an encrypted code, or hash value, that records all transactions of a blockchain and consists of the blockchain (although there is only one block initially on the chain). The agent in server 40 does not calculate the initial chunks of each of detail chain 32 and digest chain 34, but the agent is responsible for populating the data into the initial chunks of each of detail chain 32 and digest chain 34.
The data stored by each of their blocks is different in comparison to both the link chain 32 and the digest chain 34. The link chain 32, as its name indicates, contains complete information about the integrity of the component configuration of the server 40, which, as described above, includes hardware inventory information, software inventory information, and software configuration. In contrast, each block in the digest chain 34 contains a hash digest 38 of the manifest information 36 described above. Thus, the size of each block in the digest chain 34 is approximate due to the nature of the hash function. In contrast, the size of each block in detail chain 32 may be different, for example, when a component configuration of server 40 changes resulting in a change in manifest information 36. Thus, for the digest chain 34, only the hash value of the hardware inventory is placed into the blockchain transaction, which reduces the size of the storage and communication costs, speeds up verification and improves performance. On the other hand, when the hash digests do not match, the detail chain 32 may satisfy the requirement for detail information. For ease of reference, the blocks in the detail chain 32 are described herein as "primary blocks", while the blocks in the summary chain 32 are described herein as "secondary blocks".
As an initial block, the first block B1 in the detail chain 32 contains a component configuration snapshot of the server 40 automatically captured by the agent, which snapshot is substantially equivalent to the manifest information 36. When the server 40 is located at the manufacturer 20, the proxy fills the snapshot into the first block. The first block B1 in the link chain 32 represents the integrity of the server 40 at the manufacturer 20, which is the first place. As an initial block, a first block B1 in the digest chain 34 contains a hash digest 38 of manifest information 36 that is filled into the first block by the data processing apparatus of the manufacturer 20. Although the first block B1 in the digest chain 34 contains only the hash digest, it ultimately also indicates the integrity of the server 40 at the manufacturer 20.
After the initial chunks of each of detail chain 32 and summary chain 34 are created, the proxy broadcasts a ledger (each ledger now containing only the initial chunks) to the blockchain network in step 56. At the same time or at a different time, the server 40 leaves the factory 31 and is transported (e.g., packaged in the package 30) to the next station or site of the logistics chain in step 58. The method flow then proceeds to step 60 where it is determined whether the station reached by server 40 is the last station (i.e., client 26 in fig. 1). So far, the server 40 has left only the first station, the manufacturer 20, while the next station shown in fig. 1 is the distributor 22, which is not the last station. Thus, the method after step 60 proceeds to step 62.
When server 40 reaches distributor 22, detail chain 32 and summary chain 34 will be updated to include the new blocks of each of the two chains. In step 62, there are two alternative ways to add a second chunk to each of the two chains. As a first option, when the server 40 reaches the distributor 22, the server 40 powers on and the agent assists in generating a second block B2 in each of the detail chain 32 and the summary chain 34 in step 62. For both the link chain 32 and the digest chain 34, a total of two second blocks B2 are created, as shown in fig. 1. The first block B1 in the detail chain 32 is the first master block, the second block B2 in the detail chain 32 is the second master block, and so on. The first block B1 in the digest chain 34 is the first secondary block, the second block B2 in the digest chain 34 is the second secondary block, and so on. Then, when the server 40 is located at the distributor 22, the calculated second block B2 will be filled with the data of the agent. In particular, the agent automatically captures the current manifest information 36 as when the data for the first block B1 was created. In so doing, the proxy takes a snapshot of the component configuration of the server 40 when the server 40 is at the location of the distributor 22. The manifest information 36 in the snapshot is used to fill the second chunk B2 in the link chain 32, and the hash digest of the manifest information 36 is calculated by the proxy and used to fill the second chunk B2 in the digest chain 34.
It may happen that server 40 is not tampered with when it reaches distributor 22, nor is its component configuration changed, so that the snapshot taken at this time will be the same as the snapshot taken by the data processing device of manufacturer 20 at the time, which is used to create first block B1 in link chain 32. Thus, the content of the second block B2 in the detail chain 32 is the same as the first block B1 in the detail chain 32. The content of the second chunk B2 in the digest chain 34 will also be the same as the first chunk B1 in the digest chain 32, because the same content (i.e., the first two chunks in the detail chain 32) is used to compute the hash digest 38. However, if the server 40 has been tampered with after reaching the distributor 22, its component configuration is changed because the integrity of the server 40 is compromised, then both the second block B2 in the link chain 32 and the second block B2 in the summary chain 34 will be changed, which are different from the first block B1 in the respective chain. In either case, the agent then updates by adding a second chunk B2 after the respective first chunk B1 of each chain, and closes the second chunk B2 in both the link chain 32 and the digest chain 34, making it impossible to further change the second chunk B2. Thereafter, the agent broadcasts the updated ledger to the blockchain network in step 64. At the same time as the ledger is updated or at a different time, the server 40 also leaves the distributor 22 and is transported to the next station in the logistic chain, at which point the method returns to step 58.
As a second option, when the server 40 reaches the distributor 22, it is not powered on (e.g., if the server 40 is still in the packaging and intact), so the agent is not run. Instead, the data processing apparatus associated with the distributor 22 will generate a second block B2 in each of the detail chain 32 and the summary chain 34. The data processing apparatus may be physically located at the same location as the server 40 at the distributor 22, or the data processing apparatus may be located remotely from the server 40. Since the proxy in the server 40 is not executed at this time, the component configuration of the server 40 is not captured at the distributor 22 at this time, but the data processing apparatus at the distributor 22 directly uses the data in the first block B1 (i.e., the first master block) to generate the second block B2, and the data in the first block B1 is copied to be filled into the second block B2. The data processing device then signs on the second block B2. This option is applicable, for example, when the distributor 22 or its data processing apparatus can confirm that the server 40 has not been tampered with when transported from the manufacturer 20 to the distributor 22. The data processing apparatus then updates the detail chain 32 and the digest chain 34 by adding a second block B2 after the respective first blocks B1 of the chains and closes the second blocks B2 in the detail chain 32 and the digest chain 34 to prevent further changes to the second blocks B2. Thereafter, the data processing apparatus broadcasts an updated ledger to the blockchain network in step 64. At the same time as the ledger is updated or at a different time, the server 40 also leaves the distributor 22 and is transported to the next station in the logistic chain, at which point the method returns to step 58.
Steps 58-64 described above are performed for each intermediate station (location) in the logistics chain, but are not performed for the initial station (i.e., manufacturer 20 in fig. 1) and the last station (i.e., customer 26). For retailer 24, steps 58-64 are performed again when server 40 is in its location, as described above for distributor 22. When the server 40 reaches the location of the retailer 24, a third block B3 will be created for each of the detail chain 32 and the summary chain 34 and appended to the chain. For brevity, details of the method steps at retailer 24 will not be described again herein. The third block B3, like the second block B2, may be generated by an agent if the server 40 is powered up at the retailer 24, or by a data processing device associated with the retailer 24.
After the server 40 leaves the third station, i.e., retailer 24, it is eventually transported to the last station of the logistics chain, i.e., customer 26. This is shown in fig. 2 because it can be seen that after step 64 for retailer 24, the method returns to step 58 where server 40 is shipped to customer 26. The method then proceeds to step 60, but this time since the client 26 is the last leg of the shipping server 40, the method then proceeds to step 66 instead of step 62.
In step 66, the server 40 that reaches the client 26 is removed from the opened package 30 and powered on. When the server 40 is powered on, the agents in the server 40 begin to run and automatically obtain current inventory information 36 representing the configuration of the components of the server 40 at the client 26. The agent then calculates a hash digest of the bill information in step 68. The agency then obtains at least the initial block in the digest chain 34 and compares the hash digest of the initial block to the hash digest calculated in step 68, step 70. If they are identical, this means that the server 40 has not been tampered with during its delivery, and all component configurations remain unchanged. Accordingly, the integrity of the server 40 is confirmed in step 74 and there is no security problem. However, if the hash digest 38 calculated at the last leg is found to be different from the original one in step 70, this indicates that the server 40 has been tampered with during its delivery. The method then proceeds to step 72 where the agent will take a snapshot of all inventory information (i.e., data for all blocks in the chain) from the detail chain 32 and find where the inventory information was changed. Specific differences in component configuration before and after modification are also listed for further processing. For example, this discrepancy may be sent back to manufacturer 20 by the agent for further investigation.
Exemplary embodiments of the present invention are thus fully described. Although specific embodiments have been described herein, it will be apparent to those skilled in the art that the invention may be practiced in the modification of these specific details. Thus, the present invention should not be construed as limited to the embodiments set forth herein.
While the invention has been illustrated and described in detail in the drawings and foregoing description, the same is to be considered as illustrative and not restrictive in character, it being understood that only the illustrative embodiments have been shown and described and that no limitation on the scope of the invention is intended in any way. It is to be understood that any of the features described herein may be used in any of the embodiments. The illustrative examples do not exclude each other or other embodiments not described herein. Thus, the invention also provides embodiments that include a combination of one or more of the illustrative embodiments described above. Modifications and variations may be made to the invention without departing from its spirit or scope, and it is intended that only the limitations set forth in the following claims be interpreted as illustrative.
In the embodiment shown in fig. 1, there are four links (or sites) on the logistics chain, including the manufacturer (initial station), distributor (intermediate station), retailer (intermediate station) and customer (final station). However, the method according to embodiments of the present invention is obviously not limited by the number of sites or links, as there may be more intermediate stations or fewer intermediate stations on the logistics chain. Each time the server arrives at the next station, a snapshot of the component configuration is taken and used to generate a new block. In this way, the number of blocks in the link chain and the digest chain is not limited in any way.
In the above embodiments, two chains are created in the blockchain network, which are the detailed and abstract chains. With both chains, the verification process can be expedited and performance improved, e.g., a chain of links that is relatively slow when the proxy is transmitting and operating will be accessed only if the hash digests do not match. It should be noted, however, that in variations of embodiments of the present invention, there may be only one strand, which is the strand of the details of the process. Although the performance of using one strand is less than ideal, the expected verification effect can be achieved.
In the embodiment illustrated in fig. 2-3, the proxy installed in the server checks if it has been tampered with when the server arrives at the client. However, the present invention should not be limited thereto, as the agent may be selectively configured to perform the step of determining whether its integrity is compromised after the information processing apparatus reaches any location (including the last location). In other words, one possible variation of this embodiment is that the agent does not determine the integrity of the information handling device at any point or site of the logistics chain, but simply submits a new blockchain record to the chain at each site, in accordance with the spirit of the present invention. In addition, another possible variation is that the agent checks the integrity of the information processing device before it reaches the client. For example, the agent may be configured to determine whether the integrity of the information handling device has been compromised prior to step 68 in FIG. 3, or any intermediate location prior to reaching the customer. For example, the agent may compare the information integrity of the information processing device at the distributor or retailer.

Claims (16)

1. A method of checking the integrity of an information processing apparatus as it is transported from a first location to a second location, the method comprising:
generating a first master block indicating said integrity of said information processing apparatus when said information processing apparatus is at said first location;
initializing a first ledger based on the first master tile;
broadcasting the first ledger to a blockchain network;
generating a second master block indicating said integrity of said information processing apparatus when at said second location;
updating the first ledger according to the second master tile added to the first master tile; and
by comparing the second master block with the first master block, it is determined whether the integrity of the information processing apparatus is compromised after it reaches the second location.
2. The method of claim 1, wherein the step of generating the first master tile further comprises creating a snapshot of a component configuration of the information processing device at the first location.
3. The method of claim 2, wherein the step of generating the second master tile further comprises creating a snapshot of the component configuration of the information processing device at the second location.
4. The method of claim 2, wherein the step of generating the second master block further comprises copying the content of the first master block to the content of the second master block.
5. The method of claim 2, wherein the component configuration comprises one or more of: a list of hardware components, a list of software components, and a software configuration.
6. The method of claim 1, further comprising the step of:
generating a first secondary block that indicates the integrity of the information processing apparatus when at the first location; the first secondary block is different from the first primary block;
initializing a second ledger based on the first secondary block;
broadcasting the second ledger to the blockchain network;
generating a second secondary block, the second secondary block indicating the integrity of the information processing apparatus at the second location; the second secondary block is different from the second primary block;
updating the second ledger according to the second secondary block added after the first secondary block; and
by comparing the second secondary block with the first secondary block, it is determined whether the integrity of the information processing apparatus is compromised after it reaches the second location.
7. The method of claim 6, wherein the first secondary block is a hash digest of the first primary block and the second secondary block is a hash digest of the second primary block.
8. The method of claim 6, wherein the step of determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second secondary block with the first secondary block is performed before the step of determining whether the integrity of the information processing apparatus is compromised after it reaches the second location by comparing the second primary block with the first primary block.
9. The method of claim 1, wherein the first master block is generated by software residing in the information processing device.
10. The method of claim 9, wherein the software resides in an operating system of the information processing device or in a service processor of the information processing device.
11. The method of claim 1, wherein the first location is located at a manufacturer of the information processing device; the step of determining whether the integrity of the information processing apparatus is compromised is performed when the information processing apparatus is received by a party purchasing the information processing apparatus.
12. The method of claim 9, wherein the second master tile is generated by the software upon power-up of the information processing device to the second location.
13. The method of claim 4, wherein the second master tile is generated by a data processing device associated with the second location; the data processing apparatus is configured to access the blockchain network.
14. A system for checking the integrity of an information processing device when the information processing device is transported from a first location to a second location; the system comprises:
means for generating a first master block indicating the integrity of the information processing apparatus when at the first location;
means for initializing a first ledger based on the first master tile;
means for broadcasting the first ledger to a blockchain network;
means for generating a second master block indicating said integrity of said information processing apparatus when at said second location;
means for updating the first ledger according to the second master tile added to the first master tile; and
Means for determining whether the integrity of the information processing apparatus has been compromised after it reaches the second location by comparing the second master block with the first master block.
15. A computer readable medium having stored thereon a computer program, characterized in that the program when executed by a processor implements the method of:
generating a first master block indicating the integrity of the information processing apparatus when at a first location;
initializing a first ledger based on the first master tile;
broadcasting the first ledger to a blockchain network;
generating a second master block indicating said integrity of said information processing apparatus when at said second location;
updating the first ledger according to the second master tile added to the first master tile; and
by comparing the second master block with the first master block, it is determined whether the integrity of the information processing apparatus is compromised after it reaches the second location.
16. A method of tracking the integrity of an information processing apparatus as it is transported from a first location to a second location;
The method comprises the following steps:
generating a first master block; the first master block indicating the integrity of the information processing apparatus when at the first location;
initializing a first ledger based on the first master tile;
broadcasting the first ledger to a blockchain network;
generating a second master block indicating said integrity of said information processing apparatus at said second location; and
the first ledger is updated according to the second master tile added to the first master tile.
CN202310165259.0A 2023-02-15 2023-02-15 Method for checking the integrity of a computer using a blockchain Pending CN116305319A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310165259.0A CN116305319A (en) 2023-02-15 2023-02-15 Method for checking the integrity of a computer using a blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310165259.0A CN116305319A (en) 2023-02-15 2023-02-15 Method for checking the integrity of a computer using a blockchain

Publications (1)

Publication Number Publication Date
CN116305319A true CN116305319A (en) 2023-06-23

Family

ID=86821563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310165259.0A Pending CN116305319A (en) 2023-02-15 2023-02-15 Method for checking the integrity of a computer using a blockchain

Country Status (1)

Country Link
CN (1) CN116305319A (en)

Similar Documents

Publication Publication Date Title
US11914712B1 (en) Blockchain based secure naming and update verification
CN111144881B (en) Selective access to asset transfer data
US10523526B2 (en) System and method for managing services and licenses using a blockchain network
TWI716084B (en) Method for securely provisioning an asset to a target device and appliance device
US11657171B2 (en) Large network attached storage encryption
CN110620810A (en) Non-linked ownership of continuous asset transfer over blockchain
US11182403B2 (en) Systems and methods of launching new nodes in a blockchain network
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
US20200142682A1 (en) Blockchain-based secure customized catalog system
WO2020098824A2 (en) Smart logistics management using blockchain
US11520737B2 (en) Blockchain-as-a-service integrated hybrid object storage system in multi-cloud computing environment
US20060143473A1 (en) Software key implementation using system management firmware
CN112970020A (en) Monitoring device components using distributed ledger
EP1917579B1 (en) Schema packaging, distribution and availability
US11693932B2 (en) Vendor software activation using distributed ledger
CN112287034A (en) Data synchronization method, equipment and computer readable storage medium
US11481284B2 (en) Systems and methods for generating self-notarized backups
US10191729B2 (en) System and methodology for updating individualized system data to facilitate repair and/or replacement service provision
CN110968899B (en) Data blocking confirmation method, device, equipment and medium based on block chain
CN116305319A (en) Method for checking the integrity of a computer using a blockchain
US10348705B1 (en) Autonomous communication protocol for large network attached storage
US10963889B2 (en) Cross-system object tracking platform
CN109154880B (en) Consistent storage data in a decentralized storage network
US9607135B2 (en) Asset protection based on redundantly associated trusted entitlement verification
US20210334380A1 (en) Trusted firmware verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination