View All Documents & Correspondence
A System And Method To Recover Data From A Tampered Device
Abstract: The present invention provides a system and method to recover data from a tampered device. The system and method read random data without physically removing the primary boot source (102). A boot mode of the tampered device (100) is changed from a primary boot source (102) to a secondary boot source (104) upon detection of a tamper event. A first stage bootloader stored in the secondary boot source (104) is retrieved upon resetting the tampered device (100). A hot pluggable device from one or more hot pluggable devices is identified. The identified hot pluggable device is authenticated in a hot pluggable interface driver (106). An operating system kernel and one or more applications are recovered from the hot pluggable device. Random data from the primary boot source (102) is read using the one or more applications.
Notices, Deadlines & Correspondence
Patent Information
Applicants
BHARAT ELECTRONICS LIMITED
Inventors
1. Deepak Kamath
2. Prasanna Kulkarni
3. SUBRAMANIAN, Saravanan
4. SANGIAH, Umamaheswaran
Specification
DESC:TECHNICAL FIELD
[0001] The present invention relates generally to systems and methods for data recovery from a tampered device.
BACKGROUND
[0002] Security being of primary concern and it is very essential to ensure that a device is tamper enabled so that as and when the device falls into wrong hands, data stored in the device has to be immediately wiped out. There are various conventional solutions available which are disclosed below to address this requirement.
[0003] US 2014/0337642 A1 and US20050216907A1 disclose cryptographic methods to detect tamper. US 9,154,499 B2 teaches about protecting data stored on an electronic device from access by an illegitimate user. Once an access is suspected, an offline data module deletes some portion of the data after various authentication mechanisms.
[0004] However, deleting a portion of data does not always guarantee the removal of data. Also, once an algorithm wipes out the data, there is no mechanism to detect whether random data has really overwritten the data and flash invalidated or the device is still working as it is. There is no method to read the written random data since the resident software to read has been overwritten. If the data is not entirely overwritten, then it is a serious security lapse.
[0005] Therefore, there is a need of a system and method which solves the above defined problems and can provide an efficient system and method for data recovery from a tampered device.
SUMMARY
[0006] This summary is provided to introduce concepts related to systems and methods to recover data from a tampered device. This summary is neither intended to identify essential features of the present invention nor is it intended for use in determining or limiting the scope of the present invention.
[0007] For example, various embodiments herein may include one or more modules are provided. In an embodiment of the present invention, a method for recovering data from a tampered device is provided. The method includes changing, by a processor, a boot mode of the tampered device to a secondary boot source from a primary boot source upon detection of a tamper event associated with the tampered device. The tampered device comprises a hot pluggable interface driver. The processor retrieves a first stage bootloader stored in the secondary boot source upon resetting the tampered device. The processor further identifies a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device. Upon identification of the hot pluggable device, the processor authenticates the identified hot pluggable device in the hot pluggable interface driver based on comparison of a signature of secondary boot source and a signature of hot pluggable device. Further, the processor recovers an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication. The processor further reads random data from the primary boot source using the one or more applications recovered from the hot pluggable device.
[0008] In another embodiment of the present invention, a system to recover data from a tampered data is provided. The system includes a memory and a processor. The processor is coupled to the memory to execute instructions stored in the memory. The processor comprises a changing module configured to change a boot mode of the tampered device to a secondary boot source from a primary boot source upon detection of a tamper event associated with the tampered device. The tampered device comprises a hot pluggable interface driver. The processor comprises a retrieving module configured to retrieve a first stage bootloader stored in the secondary boot source upon resetting the tampered device. The processor comprises an identification module configured to identify a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device. The processor comprises an authentication module configured to authenticate the identified hot pluggable device in the hot pluggable interface driver based on comparison of a signature of secondary boot source and a signature of hot pluggable device. Further, the processor comprises a recovering module configured to recover an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication. The processor further comprises a reading module configured to read random data from the primary boot source using the one or more applications recovered from the hot pluggable device.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0009] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and modules.
[0010] Figure 1 illustrates a block diagram depicting a tampered device, according to an embodiment of the present invention.
[0011] Figure 2 illustrates a block diagram depicting a system to recover data from a tampered device of Figure 1, according to an embodiment of the present invention.
[0012] Figure 3 illustrates a flow diagram depicting a sequence of events when a tamper event is detected, according to an exemplary embodiment of the present invention.
[0013] Figure 4 illustrates a flow diagram depicting a sequence of events after detection of a tamper event, according to an exemplary embodiment of the present invention.
[0014] Figure 5 illustrates a flowchart depicting a method for recovering data from a tampered device, according to an embodiment of the present invention.
[0015] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present invention. Similarly, it will be appreciated that any flow charts, flow diagrams, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DETAILED DESCRIPTION
[0016] The various embodiments of the present invention provide a system and method to recover data from a tampered device.
[0017] In the following description, for purpose of explanation, specific details are set forth to provide an understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these details. One skilled in the art will recognize that embodiments of the present invention, some of which are described below, may be incorporated into a number of systems.
[0018] The systems and methods are not limited to the specific embodiments described herein. Further, structures and devices shown in the figures are illustrative of exemplary embodiments of the present invention and are meant to avoid obscuring of the present invention.
[0019] Furthermore, connections between components and/or modules within the figures are not intended to be limited to direct connections. Rather, these components and modules may be modified, re-formatted or otherwise changed by intermediary components and modules.
[0020] References in the present invention to “an embodiment” or “another embodiment” mean that a particular feature, structure, characteristic, or function described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in an embodiment” in various places in the specification are not necessarily all referring to the same embodiment. The phrase “embodiment of the present invention” used in the present invention may refer to various embodiments of the present invention.
[0021] The present invention provides a system and method to recover data from a tampered device and a system thereof.
[0022] In an embodiment of the present invention, a method to recover data from a tampered device is provided. The method includes changing, by a processor, a boot mode of the tampered device to a secondary boot source from a primary boot source upon detection of a tamper event associated with the tampered device. The tampered device comprises a hot pluggable interface driver. The processor retrieves a first stage bootloader stored in the secondary boot source upon resetting the tampered device. The processor further identifies a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device. Upon identification of the hot pluggable device, the processor authenticates the identified hot pluggable device in the hot pluggable interface driver based on comparison of a signature of secondary boot source and a signature of hot pluggable device. Further, the processor recovers an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication. The processor reads random data from the primary boot source using the one or more applications recovered from the hot pluggable device.
[0023] In an exemplary embodiment of the present invention, the first stage bootloader is retrieved into an internal SRAM of the tampered device.
[0024] In another exemplary embodiment of the present invention, the hot pluggable device is identified by the first stage bootloader after an initialization of the external RAM.
[0025] In yet another exemplary embodiment of the present invention, the operating system kernel and the one or more applications are recovered based on an execution of a Universal boot loader (Uboot) loaded into the external RAM from the hot pluggable device.
[0026] In yet another exemplary embodiment of the present invention, the primary boot source is one of a flash storage device, an EEPROM device, an SD card, and eMMC flash.
[0027] In yet another exemplary embodiment of the present invention, the secondary boot source is one of a flash storage device, an EEPROM device, an SD card, and eMMC flash.
[0028] In yet another exemplary embodiment of the present invention, the random data is written into the primary boot source upon detection of the tamper event.
[0029] In yet another exemplary embodiment of the present invention, the method includes writing, by the processor, the recovered data into the primary boot source upon reading the random data and changing the boot mode to the primary boot source.
[0030] In yet another exemplary embodiment of the present invention, the recovered data comprises Operating System (OS) images.
[0031] In another embodiment of the present invention, a system to recover data from a tampered device is provided. The system includes a memory and a processor. The processor is coupled to the memory to execute instructions stored in the memory. The processor comprises a changing module to change a boot mode of the tampered device to a secondary boot source from a primary boot source upon detection of a tamper event associated with the tampered device. The tampered device comprises a hot pluggable interface driver. The processor comprises a retrieving module to retrieve a first stage bootloader stored in the secondary boot source upon resetting the tampered device. The processor comprises an identification module to identify a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device. The processor comprises an authentication module to authenticate the identified hot pluggable device in the hot pluggable interface driver based on comparison of a signature of secondary boot source and a signature of hot pluggable device. Further, the processor comprises a recovering module to recover an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication. The processor further comprises a reading module to read random data from the primary boot source using the one or more applications recovered from the hot pluggable device.
[0032] In an exemplary embodiment of the present invention, the first stage bootloader is retrieved into an internal SRAM of the tampered device.
[0033] In another exemplary embodiment of the present invention, the hot pluggable device is identified by the first stage bootloader after an initialization of the external RAM.
[0034] In yet another exemplary embodiment of the present invention, the operating system kernel and the one or more applications are recovered based on an execution of a Universal bootloader (Uboot) loaded into the external RAM from the hot pluggable device.
[0035] In yet another exemplary embodiment of the present invention, the random data is written into the primary boot source upon detection of the tamper event.
[0036] In yet another exemplary embodiment of the present invention, the system is configured to write the recovered data into the primary boot source upon reading the random data and change the boot mode to the primary boot source.
[0037] Referring to Figure 1, a block diagram of a tampered device (100) is shown according to an embodiment of the present invention. Figure 1 also depicts a secure device that undergoes a tamper event. In an embodiment, the secure device is referred as the tampered device (100) upon undergoing the tamper event. The tampered device (100) consists of a primary boot source (102), a secondary boot source (104), and a hot pluggable device driver (106). The hot pluggable interface driver (106) is used to recover data from the tampered device (100).
[0038] The primary boot source (102) on deployment consists of a bootloader Operating System (OS) and a set of applications associated with the tampered device (100). The primary boot source (102) is one of, but is not limited to, a flash storage device, an Electrically Erasable Programmable Read-Only Memory (EEPROM) device, a Secure Digital (SD) card, and an embedded Multimedia Card (eMMC) flash.
[0039] The secondary boot source (104) further comprises a first stage bootloader (not shown in a figure) associated with the tampered device (100). The secondary boot source (104) is one of, but is not limited to, a flash storage device, an EEPROM device, an SD card, and eMMC flash.
[0040] In one embodiment, the tamper event associated with the tampered device (100) is detected. The tamper event is detected by a tamper detection circuit (not shown in a figure) of the tampered device (100). Upon detection of the tamper event, random data is written into the primary boot source (102). Upon writing the random data, an algorithm in the system (200) is not able to read original data of the tampered device (100). Thus, the original data in the tampered device (100) is invalidated. The tampered device (100) will be of no use.
[0041] Once the tamper event is detected, a boot mode of the tampered device (100) is changed from the primary boot source (102) to the secondary boot source (104). The first stage bootloader is retrieved from the secondary boot source (104) into an internal SRAM of the tampered device (100). The first stage bootloader is retrieved based on resetting of the tampered device (100).
[0042] Further, a hot pluggable device (not shown in a figure) from one or more hot pluggable devices is identified using a a predefined identification number of each hot pluggable device. The hot pluggable device is one of, but is not limited to, a USB or SD. Upon identification, the identified hot pluggable device is authenticated in the hot pluggable interface driver (106). The hot pluggable device is authenticated based on comparison of a signature of secondary boot source and a signature of hot pluggable device.
[0043] Once the hot pluggable device is authenticated, an operating system kernel and one or more applications are recovered from the hot pluggable device. The operating system kernel and one or more applications are recovered into an external RAM. Upon recovering, random data from the primary boot source (102) is read using the one or more applications recovered from the hot pluggable device.
[0044] Referring to Figure 2, a block diagram of a system (200) to recover data from a tampered device (100) of Figure 1 is shown, according to an embodiment of the present invention. The system (200) includes a processor (202) and a memory (216). The processor (202) is coupled to the memory (216). The processor (202) is configured to execute instructions stored in the memory (216).
[0045] The memory is configured to store pre-determined rules related to recovering data from the tampered device (100). In an embodiment, the memory (216) can include any computer-readable medium known in the art including, for example, volatile memory, such as static random-access memory (SRAM) and dynamic random-access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory (216) also includes a cache memory to work with the system (200) more effectively.
[0046] The system (200) further includes a database (218). The database (218) is configured to store a boot loader Operating System (OS), a set of applications, and the data recovered. In an embodiment, the database (218) can be implemented as, but is not limited to, an enterprise database, a remote database, a local database, and the like. In one embodiment, the database (218) may themselves be located either within the vicinity of each other or may be located at different geographic locations. In another embodiment, the database (218) can be implemented as a single database.
[0047] The processor (202) includes a changing module (204), a retrieving module (206), an identification module (208), an authentication module (210), a recovering module (212), and a reading module (214).
[0048] The processor (202) controls and monitors the functioning of the blocks (204-214). In an embodiment, the processor (202) performs a method for recovering data from the tampered device (100).
[0049] In one embodiment, the changing module (204) is configured to change a boot mode of the tampered device (100) from a primary boot source (102) to a secondary boot source (104). The changing module (204) is configured to change the boot mode upon detection of a tamper event.
[0050] In one exemplary embodiment, the tamper event is detected by a tamper detection circuit installed in the tampered device (100). The primary boot source (102) can be one of, but is not limited to, a flash storage device, an EEPROM device, an SD card, and an eMMC flash. The secondary boot source (104) can be one of, but is not limited to, a flash storage device, an EEPROM device, an SD card, and an eMMC flash. The secondary boot source (104) may be referred as a redundant boot device.
[0051] The primary boot source (102) comprises a boot loader Operating System (OS) and a set of applications associated with the tampered device (100). The secondary boot source (104) stores a copy of a first stage bootloader. In one embodiment, the tampered device (100) includes a hot pluggable device interface driver (106).
[0052] The retrieving module (206) is configured to retrieve the first stage bootloader from the secondary boot source (104). The retrieving module (206) is configured retrieve the first stage bootloader upon resetting the tampered device (100). The first stage bootloader is retrieved into an internal Static Random-Access Memory (SRAM) of the tampered device (100).
[0053] The identification module (208) is configured to identify a hot pluggable device from one or more hot pluggable devices. The identification module (208) is configured to identify the hot pluggable device based on a predefined identification number of each hot pluggable device from the one or more hot pluggable devices. The hot pluggable device is identified by the first stage bootloader after an initialization of an external Random-Access Memory (RAM). The hot pluggable device is one of, but is not limited to, a USB or SD.
[0054] In an embodiment, the predefined identification number may be a Vendor identification (VID) or a Product identification (PID). The predefined identification number may be referred as a proprietary serial number. The predefined identification number is unique to a vendor and is assigned to a category of the hot pluggable device. The identification module (208) is configured to compare the predefined identification number of the one or more hot pluggable devices. Based on the comparison, the hot pluggable device is further identified.
[0055] Upon identification of the hot pluggable device, the authentication module (210) is configured to authenticate the identified hot pluggable device in the hot pluggable interface driver (106). The authentication module (210) is configured to authenticate the hot pluggable device based on comparison of a signature of secondary boot source and a signature of hot pluggable device. The signature of secondary boot source and the signature of hot pluggable device are predefined.
[0056] The hot pluggable device is authenticated in the hot pluggable device driver (106) when the signature of secondary boot source and the signature of hot pluggable device matches. In an example, if the signature of secondary boot source and the signature of hot pluggable device mismatched, then a process of booting may be aborted by the system (200).
[0057] In other words, if the hot pluggable device is not authenticated, then the process of booting stops. If the hot pluggable device is authenticated, then the process of booting goes to the step of recovering data from the hot pluggable device.
[0058] Once the hot pluggable device is authenticated, the recovering module (212) is configured to recover an operating system kernel and one or more applications from the hot pluggable device. The operating system kernel and the one or more applications are associated with the tampered device (100). The recovering module (212) is configured to recover the operating system kernel and one or more applications into the external RAM.
[0059] In one embodiment, the hot pluggable device may comprise a Universal boot loader (Uboot). The recovering module (212) is configured to recover the Uboot into the external RAM from the hot pluggable device. Further, the recovering module (212) is configured to execute the Uboot. Based on the execution of the Uboot, the operating system kernel and the one or more applications are recovered from the hot pluggable device.
[0060] In an exemplary embodiment of the present invention, the first stage bootloader and the Uboot may be stored in the secondary boot source (104). The Uboot may have the hot pluggable interface driver (106). Once the tampered device (100) is reset, the first stage bootloader is retrieved from the secondary boot source (104) into the internal SRAM. Further, the Uboot is loaded into the external RAM from the secondary boot source (104). The Uboot is executed. Upon execution, the hot pluggable device is identified, and further authenticated based on the comparison of the signature of secondary boot source and the signature of hot pluggable device. In other words, the Uboot checks for presence of the hot pluggable device based on the execution. If the hot pluggable device is not present, the process of booting stops. This is to ensure than an unauthorised device does not have access to the random data post the tamper event.
[0061] If the hot pluggable device is present, the process of booting continues. Thereafter, the operating system kernel and the one or more applications may be recovered from the hot pluggable device.
[0062] The reading module (214) is configured to read the random data written into the primary boot source (102). The random data is read using the one or more applications recovered from the hot pluggable device. In an embodiment, the random data is read without physically removing the primary boot source (102). In one aspect, the hot pluggable device comprises at least one application that is used to read the random data.
[0063] Upon reading the random data, the reading module (214) is configured to write the recovered data into the primary boot source (102). The recovered data comprises Operating System (OS) images. In one embodiment, the OS images may include new OS images. In an embodiment, upon reading the random data, the new Operating System (OS) images from the hot pluggable device are written to the primary boot source (102) and the boot mode is changed to the primary boot source (102).
[0064] Once the recovered data is written into the primary boot source (102), the boot mode is changed to the primary boot source (102). The tampered device (100) may be further booted using the primary boot source (102).
[0065] Referring now to Figure 3, a flow diagram (300) depicting a sequence of events when a tamper event is detected is shown, according to an exemplary embodiment of the present invention.
[0066] At a step (302), a device is in a normal working condition. The device may also be referred as a tampered device (100).
[0067] At a step (304), an occurrence of a tamper event is checked. The tamper event is detected using a tamper detection circuit. The tamper event may be valid or invalid. In one aspect, if the tamper event is invalid, then the tampered device (100) will work in the normal working condition. If the tamper event is valid, then a step (306) will be executed.
[0068] At the step (306), random data is written into a primary boot source (102). The random data is written into the primary boot source (102) upon detection of the tamper event. In other words, if the tamper event is valid, then the random data is written into the primary boot source (102). The random data makes the tampered device (100) invalid, and hence the tampered device (100) will be of no use.
[0069] At a step (308), a boot mode of the tampered device (100) is changed. The boot mode is changed from the primary boot source (102) to a secondary boot source (104). The secondary boot source (104) may be referred as a redundant flash. The primary boot source (102) is one of, but is not limited to, a flash storage device, an EEPROM device, an SD card, and an eMMC flash. The secondary boot source (104) is one of, but is not limited to, a flash storage device, an EEPROM device, an SD card, and an eMMC flash.
[0070] Referring to Figure 4, a flow diagram (400) depicting a sequence of events after detection of a tamper event is shown, according to an exemplary embodiment of the present invention.
[0071] At a step (402), a tampered device (100) is reset post detection of a tamper event. In an embodiment, a boot mode is changed to from a primary boot source (102) to a secondary boot source (104) upon detection of the tamper event. Once the tampered device (100) is reset, the tampered device (100) is booted from the secondary boot source (104). At a step (404), the tampered device (100) is booted using the secondary boot source (104).
[0072] At a step (406), a first stage bootloader is retrieved into an internal SRAM. The first stage boot loader is retrieved from the secondary boot source (104). The first stage boot loader is retrieved upon resetting the tampered device (100).
[0073] At a step (408), presence of a hot pluggable device is checked. The hot pluggable device is one of, but is not limited to, a USB or SD. In an embodiment, the hot pluggable device, from one or more hot pluggable devices, is identified based on a predefined identification number of each hot pluggable device. The identified hot pluggable device is further authenticated in a hot pluggable device driver (106). The hot pluggable device is authenticated based on comparison of a signature of secondary boot source and a signature of hot pluggable device.
[0074] If the hot pluggable device is present, then a step (410) is executed. If the hot pluggable device is not present, then a step (412) is executed.
[0075] At the step (410), an operating system kernel and one or more applications are loaded. The operating system kernel and the one or more applications are loaded based on the authentication. The operating system kernel and the one or more applications are loaded into an external RAM from the hot pluggable device.
[0076] At the step (412), the recovering of data stops. In an embodiment, if the hot pluggable device is not present, then the process of booting stops after loading the first stage bootloader.
[0077] Referring to Figure 5, a flow chart (500) depicting a method for recovering data from a tampered device (100) is shown, according to an embodiment of the present invention.
[0078] At a step (502), changing a boot mode of the tampered device (100) to a secondary boot source (104) from a primary boot source (102) upon detection of a tamper event associated with the tampered device (100), wherein the tampered device (100) comprises a hot pluggable interface driver (106). In an embodiment, a processor (202) is configured to change the boot mode of the tampered device (100) to the secondary boot source (104) from the primary boot source (102) upon detection of the tamper event associated with the tampered device (100)).
[0079] In an embodiment, the tampered device (100) is invalidated by writing random data into the primary boot source (102) upon detection of the tamper event. Once the random data is written, the tampered device (100) will be of no use.
[0080] At a step (504), retrieving a first stage bootloader stored in the secondary boot source (104) upon resetting the tampered device (100). In an embodiment, the processor (202) is configured to retrieve the first stage bootloader stored in the secondary boot source (104) upon resetting the tampered device (100). The first stage bootloader is retrieved into an internal SRAM of the tampered device (100).
[0081] At a step (506), identifying a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device. In an embodiment, the processor (202) is configured to identify the hot pluggable device from the one or more hot pluggable devices based on the predefined identification number of each hot pluggable device. The hot pluggable device is identified by the first stage bootloader after an initialization of an external RAM. In an embodiment, the vendor ID or the product ID of each hot pluggable device is checked to identify the hot pluggable device.
[0082] At a step (508), authenticating the identified hot pluggable device in the hot pluggable interface driver (106) based on comparison of a signature of secondary boot source (104) and a signature of hot pluggable device. In an embodiment, the processor (202) is configured to authenticate the identified hot pluggable device in the hot pluggable interface driver (106) based on comparison of the signature of secondary boot source (104) and the signature of hot pluggable device. In an embodiment, the signature of secondary boot source and the signature of hot pluggable device are compared. If the signature of secondary boot source matches with the signature of hot pluggable device, then the hot pluggable device is authenticated.
[0083] In another embodiment, if the signature of secondary boot source mismatches with the signature of hot pluggable device, then the hot pluggable device will not be authenticated. In case of the mismatch, the process of booting will be aborted.
[0084] At a step (510), recovering an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication. In an embodiment, the processor (202) is configured to recover the operating system kernel and the one or more applications based on the authentication. The operating system kernel and the one or more applications are recovered into the external RAM from the hot pluggable device. In an embodiment, the universal boot loader (Uboot) is loaded from the hot pluggable device. The Uboot is further executed to load the operating system kernel and the one or more applications.
[0085] At a step (512), reading the random data from the primary boot source (102) using the one or more applications recovered from the hot pluggable device. In an embodiment, the processor (202) is configured to read the random data from the primary boot source (102) using the one or more applications recovered from the hot pluggable device.
[0086] Upon reading the random data, Operating System (OS) images from the hot pluggable device are written into the primary boot source (102). The boot mode is changed to the primary boot source (102). Thus, the tempered device (100) is booted from the primary boot source (102).
[0087] However, any number of steps of the above flowcharts may be implemented as a loop. Further, the steps of the above flowcharts may be implemented in any order.
[0088] It is also possible to implement the method to recover data from a tampered device of the present invention by executing the above flowchart while skipping one or more steps or while implementing one or more steps multiple times.
[0089] Therefore, the system (200) and the method to recover data from a tampered device is not limited by the order of the steps in the flowchart.
[0090] In an advantageous embodiment, the system (200) includes a secondary boot source (104) and a hot pluggable device driver (106) in addition to a primary boot source (102). The primary boot source (102) stores a boot loader OS, and other applications of the tampered device (100). The secondary boot source (104) stores a first stage bootloader, and a hot pluggable device in the hot pluggable interface driver (106) stores an OS kernel and one or more applications of the device. The system (200) is configured to recover the data from the tampered device (100) using the secondary boot source (104) and the hot pluggable device.
[0091] The system (200) is configured to read random data written into the primary boot source (102) using the one or more applications from the hot pluggable device. The random data is read without physically removing the primary boot source (102). The system (200) is configured to boot the tampered device (100) from the primary boot source (102) by writing the recovered data into the primary boot source (102).
[0092] It should be noted that the description merely illustrates the principles of the present invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described herein, embody the principles of the present invention.
[0093] Furthermore, all examples recited herein are principally intended expressly to be only for explanatory purposes to help the reader in understanding the principles of the invention and the concepts contributed by the inventor(s) to furthering the art and are to be construed as being without limitation to such specifically recited examples and conditions.
[0094] Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass equivalents thereof.
,CLAIMS:
1. A method for recovering data from a tampered device (100), the method comprising:
changing, by a processor (202), a boot mode of the tampered device (100) to a secondary boot source (104) from a primary boot source (102) upon detection of a tamper event associated with the tampered device (100), wherein the tampered device (100) comprises a hot pluggable interface driver (106);
retrieving, by the processor (202), a first stage bootloader stored in the secondary boot source (104) upon resetting the tampered device (100);
identifying, by the processor (202), a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device;
authenticating, by the processor (202), the identified hot pluggable device in the hot pluggable interface driver (106) based on comparison of a signature of secondary boot source (104) and a signature of hot pluggable device;
recovering, by the processor (202), an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication; and
reading, by the processor (202), random data from the primary boot source (102) using the one or more applications recovered from the hot pluggable device.
2. The method as claimed in claim 1, wherein the first stage bootloader is retrieved into an internal SRAM of the tampered device (100).
3. The method as claimed in claim 1, wherein the hot pluggable device is identified by the first stage bootloader after an initialization of the external RAM.
4. The method as claimed in claim 1, wherein the operating system kernel and the one or more applications are recovered based on an execution of a Universal boot loader (Uboot) loaded into the external RAM from the hot pluggable device.
5. The method as claimed in claim 1, wherein the primary boot source (102) is one of a flash storage device, an EEPROM device, an SD card, and an eMMC flash.
6. The method as claimed in claim 1, wherein the secondary boot source (104) is one of a flash storage device, an EEPROM device, an SD card, and an eMMC flash.
7. The method as claimed in claim 1, wherein the random data is written into the primary boot source (102) upon detection of the tamper event.
8. The method as claimed in claim 1, comprises writing the recovered data into the primary boot source (102) upon reading the random data, and changing the boot mode to the primary boot source (102).
9. The method as claimed in claim 8, wherein the recovered data comprises Operating System (OS) images.
10. A system (200) to recover data from a tampered device (100), the system comprising:
a memory (216); and
a processor (202) coupled to the memory (216), the processor (202) is configured to execute instructions stored in the memory (216), the processor (202) comprising:
a changing module (204) configured to change a boot mode of the tampered device (100) to a secondary boot source (104) from a primary boot source (102) upon detection of a tamper event associated with the tampered device (100), wherein the tampered device (100) comprises a hot pluggable interface driver (106);
a retrieving module (206) configured to retrieve a first stage bootloader stored in the secondary boot source (104) upon resetting the tampered device (100);
an identification module (208) configured to identify a hot pluggable device from one or more hot pluggable devices based on a predefined identification number of each hot pluggable device;
an authentication module (210) configured to authenticate the identified hot pluggable device in the hot pluggable interface driver (106) based on comparison of a signature of secondary boot source (104) and a signature of hot pluggable device;
a recovering module (212) configured to recover an operating system kernel and one or more applications from the hot pluggable device into an external RAM based on the authentication; and
a reading module (214) configured to read random data from the primary boot source (102) using the one or more applications recovered from the hot pluggable device.
11. The system (200) as claimed in claim 10, wherein the first stage bootloader is retrieved into an internal SRAM of the tampered device (100).
12. The system (200) as claimed in claim 10, wherein the hot pluggable device is identified by the first stage bootloader after an initialization of the external RAM.
13. The system (200) as claimed in claim 10, wherein the operating system kernel and the one or more applications are recovered based on an execution of a Universal boot loader (Uboot) loaded into the external RAM from the hot pluggable device.
14. The system (200) as claimed in claim 10, wherein the random data is written into the primary boot source (102) upon detection of the tamper event.
15. The system (200) as claimed in claim 10, configured to write the recovered data into the primary boot source (102) upon reading the random data, and change the boot mode to the primary boot source (102).
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202041013712-Correspondence to notify the Controller [08-11-2024(online)].pdf | 2024-11-08 |
| 1 | 202041013712-IntimationOfGrant13-12-2024.pdf | 2024-12-13 |
| 1 | 202041013712-PROVISIONAL SPECIFICATION [28-03-2020(online)].pdf | 2020-03-28 |
| 2 | 202041013712-FORM 1 [28-03-2020(online)].pdf | 2020-03-28 |
| 2 | 202041013712-PatentCertificate13-12-2024.pdf | 2024-12-13 |
| 2 | 202041013712-Response to office action [01-11-2024(online)].pdf | 2024-11-01 |
| 3 | 202041013712-DRAWINGS [28-03-2020(online)].pdf | 2020-03-28 |
| 3 | 202041013712-US(14)-HearingNotice-(HearingDate-13-11-2024).pdf | 2024-10-17 |
| 3 | 202041013712-Written submissions and relevant documents [26-11-2024(online)].pdf | 2024-11-26 |
| 4 | 202041013712-FORM-26 [21-06-2020(online)].pdf | 2020-06-21 |
| 4 | 202041013712-Correspondence to notify the Controller [08-11-2024(online)].pdf | 2024-11-08 |
| 4 | 202041013712-AMENDED DOCUMENTS [07-10-2024(online)].pdf | 2024-10-07 |
| 5 | 202041013712-Response to office action [01-11-2024(online)].pdf | 2024-11-01 |
| 5 | 202041013712-FORM-26 [25-06-2020(online)].pdf | 2020-06-25 |
| 5 | 202041013712-FORM 13 [07-10-2024(online)].pdf | 2024-10-07 |
| 6 | 202041013712-US(14)-HearingNotice-(HearingDate-13-11-2024).pdf | 2024-10-17 |
| 6 | 202041013712-Proof of Right [21-09-2020(online)].pdf | 2020-09-21 |
| 6 | 202041013712-POA [07-10-2024(online)].pdf | 2024-10-07 |
| 7 | 202041013712-Form1_After Filing_05-10-2020.pdf | 2020-10-05 |
| 7 | 202041013712-CORRESPONDENCE [10-04-2023(online)].pdf | 2023-04-10 |
| 7 | 202041013712-AMENDED DOCUMENTS [07-10-2024(online)].pdf | 2024-10-07 |
| 8 | 202041013712-DRAWING [10-04-2023(online)].pdf | 2023-04-10 |
| 8 | 202041013712-FORM 13 [07-10-2024(online)].pdf | 2024-10-07 |
| 8 | 202041013712-FORM 3 [30-10-2020(online)].pdf | 2020-10-30 |
| 9 | 202041013712-ENDORSEMENT BY INVENTORS [30-10-2020(online)].pdf | 2020-10-30 |
| 9 | 202041013712-FER_SER_REPLY [10-04-2023(online)].pdf | 2023-04-10 |
| 9 | 202041013712-POA [07-10-2024(online)].pdf | 2024-10-07 |
| 10 | 202041013712-CORRESPONDENCE [10-04-2023(online)].pdf | 2023-04-10 |
| 10 | 202041013712-DRAWING [30-10-2020(online)].pdf | 2020-10-30 |
| 10 | 202041013712-FER.pdf | 2022-10-10 |
| 11 | 202041013712-CORRESPONDENCE-OTHERS [30-10-2020(online)].pdf | 2020-10-30 |
| 11 | 202041013712-DRAWING [10-04-2023(online)].pdf | 2023-04-10 |
| 11 | 202041013712-FORM 18 [28-06-2022(online)].pdf | 2022-06-28 |
| 12 | 202041013712-COMPLETE SPECIFICATION [30-10-2020(online)].pdf | 2020-10-30 |
| 12 | 202041013712-FER_SER_REPLY [10-04-2023(online)].pdf | 2023-04-10 |
| 13 | 202041013712-FORM 18 [28-06-2022(online)].pdf | 2022-06-28 |
| 13 | 202041013712-FER.pdf | 2022-10-10 |
| 13 | 202041013712-CORRESPONDENCE-OTHERS [30-10-2020(online)].pdf | 2020-10-30 |
| 14 | 202041013712-DRAWING [30-10-2020(online)].pdf | 2020-10-30 |
| 14 | 202041013712-FER.pdf | 2022-10-10 |
| 14 | 202041013712-FORM 18 [28-06-2022(online)].pdf | 2022-06-28 |
| 15 | 202041013712-COMPLETE SPECIFICATION [30-10-2020(online)].pdf | 2020-10-30 |
| 15 | 202041013712-ENDORSEMENT BY INVENTORS [30-10-2020(online)].pdf | 2020-10-30 |
| 15 | 202041013712-FER_SER_REPLY [10-04-2023(online)].pdf | 2023-04-10 |
| 16 | 202041013712-CORRESPONDENCE-OTHERS [30-10-2020(online)].pdf | 2020-10-30 |
| 16 | 202041013712-DRAWING [10-04-2023(online)].pdf | 2023-04-10 |
| 16 | 202041013712-FORM 3 [30-10-2020(online)].pdf | 2020-10-30 |
| 17 | 202041013712-DRAWING [30-10-2020(online)].pdf | 2020-10-30 |
| 17 | 202041013712-Form1_After Filing_05-10-2020.pdf | 2020-10-05 |
| 17 | 202041013712-CORRESPONDENCE [10-04-2023(online)].pdf | 2023-04-10 |
| 18 | 202041013712-POA [07-10-2024(online)].pdf | 2024-10-07 |
| 18 | 202041013712-Proof of Right [21-09-2020(online)].pdf | 2020-09-21 |
| 18 | 202041013712-ENDORSEMENT BY INVENTORS [30-10-2020(online)].pdf | 2020-10-30 |
| 19 | 202041013712-FORM 13 [07-10-2024(online)].pdf | 2024-10-07 |
| 19 | 202041013712-FORM 3 [30-10-2020(online)].pdf | 2020-10-30 |
| 19 | 202041013712-FORM-26 [25-06-2020(online)].pdf | 2020-06-25 |
| 20 | 202041013712-AMENDED DOCUMENTS [07-10-2024(online)].pdf | 2024-10-07 |
| 20 | 202041013712-FORM-26 [21-06-2020(online)].pdf | 2020-06-21 |
| 20 | 202041013712-Form1_After Filing_05-10-2020.pdf | 2020-10-05 |
| 21 | 202041013712-DRAWINGS [28-03-2020(online)].pdf | 2020-03-28 |
| 21 | 202041013712-Proof of Right [21-09-2020(online)].pdf | 2020-09-21 |
| 21 | 202041013712-US(14)-HearingNotice-(HearingDate-13-11-2024).pdf | 2024-10-17 |
| 22 | 202041013712-FORM 1 [28-03-2020(online)].pdf | 2020-03-28 |
| 22 | 202041013712-FORM-26 [25-06-2020(online)].pdf | 2020-06-25 |
| 22 | 202041013712-Response to office action [01-11-2024(online)].pdf | 2024-11-01 |
| 23 | 202041013712-Correspondence to notify the Controller [08-11-2024(online)].pdf | 2024-11-08 |
| 23 | 202041013712-FORM-26 [21-06-2020(online)].pdf | 2020-06-21 |
| 23 | 202041013712-PROVISIONAL SPECIFICATION [28-03-2020(online)].pdf | 2020-03-28 |
| 24 | 202041013712-DRAWINGS [28-03-2020(online)].pdf | 2020-03-28 |
| 24 | 202041013712-Written submissions and relevant documents [26-11-2024(online)].pdf | 2024-11-26 |
| 25 | 202041013712-FORM 1 [28-03-2020(online)].pdf | 2020-03-28 |
| 25 | 202041013712-PatentCertificate13-12-2024.pdf | 2024-12-13 |
| 26 | 202041013712-PROVISIONAL SPECIFICATION [28-03-2020(online)].pdf | 2020-03-28 |
| 26 | 202041013712-IntimationOfGrant13-12-2024.pdf | 2024-12-13 |
Search Strategy
| 1 | SearchStrategy_202041013712AE_25-06-2024.pdf |
| 2 | searchhh3(20)E_07-10-2022.pdf |