Seagate and IBM are using IBM's blockchain tech to verify a disk drive's authenticity using its electronic fingerprint.
The blockchain drive, er, drive is apparently a way for the firm to deal with the problem of fake or counterfeit HDDs. These may be sold online and are typically relabelled old drive units with apparently higher capacities and speeds. Because they are older drives, their lifetime will be shorter than new drives as well as having lower than labelled capacity and/or speed.
The idea is that Seagate furnishes an electronic ID (eID) at the time of manufacture and registers this, with product authentication data, on IBM's blockchain platform in its public cloud. The blockchain platform is powered by the Linux Foundation's Hyperledger Fabric distributed ledger framework.
This blockchained eID can be updated during the drive's life, with, for example, a digital certificate of data purge, electronically signed by the device under a Seagate Secure public key infrastructure (PKI). This would be stored on the blockchain for compliance management with emerging global data privacy laws.
We're told the blockchained eID provides an immutable record of disk drive events. It means that, if a drive is offered for sale, its provenance could be authenticated so that you know if the 14TB 7,200rpm EXOS drive is for real and not a cheap old relabelled 8TB 5,400rpm drive.
Seagate eID and IBM blockchain scheme
The theory sounds good but the practice in the real world will depend upon the cost and practicality of access. You would need drive details from the seller in order to check them on the IBM blockchain platform, and the seller might not be forthcoming, especially with online sales.
Big Blue and Seagate quoted an International Anti-Counterfeiting Coalition statistic, saying the global trade in counterfeit and pirated electronic products has reached more than $1.7 trillion in value. We are not told what proportion of that is disk drives, and suspect it is somewhat on the low side.
Counterfeit drives are no doubt sold but we can't really see this somewhat convoluted scheme stopping that from happening. The compliance date erase checking might be useful where you absolutely need verification, but how often is that going to happen?
Basically, buy drives from authorised resellers or the original manufacturer to avoid being caught out. ®
Sponsored: Ransomware has gone nuclear