	US 12,147,524 B2
	Hardware system protection using verification of hardware digital identity values
Maxim Balin, Gan Yavne (IL); Tomer Shachar, Omer (IL); and Yevgeni Gehtman, Modi'in (IL)
Assigned to EMC IP Holding Company LLC, Hopkinton, MA (US)
Filed by EMC IP Holding Company LLC, Hopkinton, MA (US)
Filed on Nov. 27, 2020, as Appl. No. 17/105,749.
Prior Publication US 2022/0171840 A1, Jun. 2, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 21/44 (2013.01); G06F 21/73 (2013.01)

CPC G06F 21/44 (2013.01) [G06F 21/73 (2013.01)]

20 Claims

1. A method, comprising:

obtaining a first aggregated hardware digital identity value for a hardware system of a first entity, wherein the first aggregated hardware digital identity value is generated, by at least one processing device of at least one second entity, by applying an aggregation function to respective hardware identifiers of a plurality of hardware components of the hardware system at a first time and at a first location, wherein the aggregation function comprises applying a hash function to the respective hardware identifiers of the plurality of hardware components of the hardware system;

comparing, by the at least one processing device of the at least one second entity, wherein the at least one second entity is different than the first entity, a second aggregated hardware digital identity value to the first aggregated hardware digital identity value, wherein the second aggregated hardware digital identity value is generated by applying the aggregation function to the respective hardware identifiers of the plurality of hardware components of the hardware system at a second time that is subsequent to the first time and at a second location that is different than the first location, wherein the comparison of the first aggregated hardware digital identity value and the second aggregated hardware digital identity value detects a change in one or more of the hardware components of the hardware system between the first location and the second location, wherein the second time, for generating the second aggregated hardware digital identity value used in the comparison, corresponds to a time of the hardware system being one or more of installed, configured and activated at a location of the first entity, wherein the first aggregated hardware digital identity value is stored, by the at least one processing device of the at least one second entity, remotely from the second location, wherein the hardware system of the first entity, at the second time, sends the at least one processing device of the at least one second entity one or more of (i) the respective hardware identifiers of the plurality of hardware components of the hardware system at the second time, for computation of the second aggregated hardware digital identity value of the hardware system at the second time by the at least one processing device of the at least one second entity using the aggregation function and the respective hardware identifiers of the plurality of hardware components of the hardware system at the second time and (ii) the second aggregated hardware digital identity value of the hardware system, computed by at least one processing device of the first entity at the second time, using the aggregation function and the respective hardware identifiers of the plurality of hardware components of the hardware system at the second time, wherein the at least one processing device of the at least one second entity (a) obtains the first aggregated hardware digital identity value stored remotely from the second location and (b) performs the comparison that detects the change in the one or more hardware components of the hardware system between the first location and the second location; and

performing one or more automated actions based at least in part on a result of the comparison;

wherein the at least one processing device comprises a processor coupled to a memory.