Peripheral devices such as storage devices (whether a computer hard drive or removable storage), multimedia devices, and other devices can connect to a computing device to provide functionality for the computing device. Ideally, the computing device would be designed to verify the identity of the peripheral connected. Identification of the device can indicate whether the device is considered “safe”, and whether it is subject to a restriction policy (e.g., no cameras are allowed to be connected to a computing device of a company).
Traditional identification methods are based on the providing of an identification string to the computing device. The identification string is easily spoofed, and thus provides no guarantee that the device is what it is purported to be. In systems where functionality is provided to the peripheral depending on whether it complies with a particular standard (e.g., whether a device is vPro-compatible, where vPro is available on devices from Intel Corporation of Santa Clara, Calif.). It will be understood that all trademarks used herein are the sole property of their respective owners, and are simply used to identify the origin of the goods and services associated with the marks.
Use of access controls, such as that provided by the “BDF” interface (bus, device, function standard), can identify the peripheral device more reliably, but is typically implemented with unique device IDs, which can be tracked. Thus, privacy protections would be sacrificed for device identity verification. Additionally, unique device IDs creates a system that does not scale well, seeing the large number of IDs that would need to be managed to track the various peripheral devices. The use of key pairs (such as that employed in a public key infrastructure (PKI)) would likewise not scale, and would cause a problem where device authentication could be comparable in cost to the cost of the peripheral itself.
Thus, known systems do not provide a scalable solution that allows verification of the identity of a peripheral device while respecting privacy of the device user.
Descriptions of certain details and implementations follow, including a description of the figures, which may depict some or all of the embodiments described below, as well as discussing other potential embodiments or implementations of the inventive concepts presented herein. An overview of embodiments of the invention is provided below, followed by a more detailed description with reference to the drawings.