Patent Grant
10657345
This invention is related to the field of sensitive material destruction and, in particular, to an apparatus to provide a tamperproof documentation link for sanitizing of media disks.
As technology evolves, sensitive media in the form of digital data is stored on disks that can be copied, exposing the media to misuse. Electronically stored media can contain extremely confidential information. For this reason, it is critical that sensitive information stored on a disk is disposed of in a manner where the information is absolutely unrecoverable. Various mechanisms exist wherein the digital data stored on a disk or like media is electronically or physically destroyed. The goal being to assure that any sensitive material on the disk has been rendered unusable, and proof of the destroyed disk exists.
Data destroying devices are described in Applicant's prior patents, including U.S. Pat. No. 7,324,321 for a Degaussing Apparatus; U.S. Pat. No. 7,852,590 for a Solid State Memory Decommissioner; and U.S. Pat. No. 8,064,183 for a Capacitor Based Bi-Directional Degaussing Apparatus.
Applicant's U.S. Pat. No. 8,794,559 discloses an apparatus for destroying memory devices, like hard drives, by compression and electrical current to destroy the memory media inside the memory device. The apparatus includes a pair of opposed compression plates; at least one plate is grounded, while the other plate, charged with 5 to 100 volts of electricity, is movable toward the other by a linear motion force.
Applicant's U.S. Pat. No. 9,776,192 discloses a device for comminuting media materials. The device is a rotating mill core with removable flat edged blades, a set of stacked bed knives and a screen. The mill core rotates in close proximity to adjustable bed knives to shear the material being fed before passing through a screen in order to grate the material.
Applicant's U.S. Pat. No. 10,071,382 discloses a device to reduce solid state drives into particles less than 2 mm maximum edge length. A blade assembly is designed to provide multiple cutting angles while rotating at 520 rpm to maintain a low decibel rating.
Applicant's U.S. Pat. No. 10,242,699 discloses a single magnetic pulse degaussing apparatus for use in erasing information contained on magnetic recording or storage media. A degaussing chamber for receipt of magnetic forces above 2.0 Tesla is accessible by upper and lower rotary actuated doors. The internal flux of a coil is measured by the current passing through the coil during the discharge cycle to provide flux versus time measurements. The measurements are inserted into a performance verification algorithm to assure sufficient time for media destruction has taken place before releasing the media from the degaussing chamber.
In some instances, media can be placed on a planar flat material that can literally be ground to dust. A common need for all devices that render media unusable, whether or not the disks are physically destroyed, is to provide an apparatus that provides a tamperproof method of documenting the sanitization of an SSD disk.
Disclosed is a verification apparatus for documenting the sanitization process of an SSD media disk. The apparatus comprises a housing that attaches to a sanitization device to provide an automated and tamperproof link from the scanning of identification data on the media disk to the destruction of the media disk to assure that only media disks that complete the sanitization process will be logged as sanitized. The apparatus includes a scanning mechanism placed in a housing that physically receives and captures a media disk, scans barcodes on the media disk, and securely passes the media disk to the sanitizing device. A media disk will not be logged as sanitized until the apparatus has confirmed the sanitization event is complete.
An objective of the invention is to assure a secure, automated, tamperproof link between the scanning of disk label data and the sanitizing of a disk. The invention assures that only disks that are actually sanitized will be logged as sanitized.
Another objective of the invention is to provide a secure interlock between a scanner and a sanitizer, such that if a disk is “intercepted” between the scanner and the sanitizer, the “interception” will be detected and the disk will not be logged as sanitized, but rather marked as tampered with.
Still another objective of the invention is to provide hands free scanning of all barcodes on media disk to be sanitized. The scanning mechanism can read all barcodes on the drive label, regardless of the orientation of the label and the location of the barcodes. No user interaction is required other than inserting the media disk to be sanitized with the label facing the scanner camera.
Still another objective of the invention is to provide an apparatus that provides automatic handling of read failures. For instance, if the scanner mechanism fails to read a media disk label due to improper loading (i.e., disk is inserted with the label facing away from the camera), the media disk will be ejected and no logging of a sanitization event will occur.
Yet still another objective of the invention is to provide documentation of sanitization data including, but not limited to: disk numbers, time of day, sanitization method and levels, which is stored in an encrypted format which allows reading only parameters, the encrypted format cannot be altered.
Another objective of the invention is to provide an SSD media disk sanitization system that is tamperproof and captures an SSD media disk to provide evidence of destruction in such a way that the evidence cannot be forged.
Other objectives and advantages of this invention will become apparent from the following description taken in conjunction with any accompanying drawings wherein are set forth, by way of illustration and example, certain embodiments of this invention. Any drawings contained herein constitute a part of this specification, include exemplary embodiments of the present invention, and illustrate various objects and features thereof.
While the present invention is susceptible of embodiment in various forms, there is shown in the drawings and will hereinafter be described presently preferred embodiments with the understanding that the present disclosure is to be considered an exemplification of the invention and is not intended to limit the invention to the specific embodiments illustrated.
Referring to
The verification apparatus 10 is mounted to the upper surface 11 of an SSD destruction device 12. The verification apparatus 10 includes a media disk inlet 16 for receipt of an SSD to be destroyed, a media disk outlet 18 for passing a SSD that has met predefined parameters required for passage, and a media disk ejection outlet 19 for returning a SSD that has failed to meet the predefined parameters. The media disk inlet 16 is sized for receipt of an SSD for entry into a receptacle 22 formed on a carrier drum 24 supported by a frame 26. The carrier drum 24 has a first axle of rotation 28 supporting a first side surface 31 of the carrier drum 24 and a second axle of rotation 33 coupled to a drive motor 30 along a second side surface 32 of the carrier drum 24. Sidewall 36, positioned between first side surface 31 and second side surface 32, has a receptacle slot 40 strategically positioned so that an SSD placed within the media disk inlet 16 must be rotated by the drive motor 30 as held by the receptacle 22 to a first predetermined position for receipt of an SSD media disk, a second position for positioning the SSD media disk in front of a camera 50 for scanning label data from the SSD media disk, a third position for aligning the receptacle 22 to the media destruction inlet 18, and a fourth position for aligning the SSD media disk to the ejection outlet tray 20.
The receptacle 22 forms a cradle for holding the SSD media disk as the carrier drum 24 is rotated; the cradle having a support surface 52 with a side edge cam 54 and a gate 56 with a side edge cam 58 that engage a cam track 60. In the first predetermined position, the SSD media disk is captured by the support surface 52 and gate 56. When the carrier drum 24 is rotated to a second position, the support surface 52 and gate 56 move the SSD media disk away from the media disk inlet 16 to a position where the camera 50 scans the SSD media disk. If the camera is unable to scan the SSD media disk, causing a match with information provided by a micro processor based controller 62, the carrier drum 24 is rotated to a position wherein the receptacle slot 40 aligns with the media disk ejection outlet tray 20 and the SSD media disk is ejected. Ejection would occur if the camera cannot detect the SSD label in instances where the SSD is inserted upside down, or the label has been defaced or removed. The camera 50 is capable of reading SSD labels that are inverted, and an LED light 64 provides illumination of the SSD label for scanning of the material. The controller 62 provides SSD label identification with a screen display 70. The screen display 70 is preferably a touch screen, allowing operator interface with the controller 62 having a microprocessor.
The camera 50 operates with the controller 62 to form a scanner that captures disk labels and scans barcodes before securely passing the SSD media disk to the media destruction device 12. The SSD media disk will not be logged as sanitized until the sanitizing device 10 has confirmed the sanitization event. The controller 62 provides a secure interlock between the carrier drum 24 and the media destruction device 12, such that, if the SSD media disk is “intercepted” by the camera 50, the “interception” will be detected and the SSD media disk will not be logged as sanitized, but rather marked as tampered with. The camera 50 is positioned within the housing 14 to provide hands free scanning of all barcodes. The camera 50 can read all barcodes on the SSD drive label regardless of the orientation of the label and the location of the barcodes, assuming the SSD media disk is inserted with the SSD label facing the camera 50. In the preferred embodiment, a single camera is employed, although additional cameras could be added.
The controller 62 provides an automatic handling of read failures. If the camera 50 fails to read the SSD media disk label, the SSD media disk will be ejected out of the media disk ejection outlet tray 20. The controller 62 records all sanitization data, including SSD media disk numbers, time of day, sanitization method and levels, and the like, all stored in an encrypted format which can be read but not altered.
A successful scanning of the SSD label data allows the carrier drum 24 to rotate to the third position for directing the SSD media disk into the media destruction inlet 18 for sanitization. The cam track 60 is semi circular, which keeps the support surface 52 and gate 56 in position to support the SSD media disk. The cam track 60 includes a right angle bend which causes the gate cam 58 to open, wherein the support surface 52 and gate 56 will no longer support an SSD, allowing release into the media destruction device 12. The frame 26 is secured to the media destruction device 12 by a plurality of fasteners 71 located within the housing 14.
To assure the SSD documentation cannot be tampered with, an upper surface of the media destruction device 12 must be disassembled to allow for installation of the frame 26 using the fasteners 71, which makes the verification apparatus 10 impossible to access the controller electronics 62 when the media destruction device 12 is operating. The controller electronics 62 includes predetermined parameters regarding scanning of labels including the use of a random code generator. In a preferred embodiment a transmitter having a short range communication link, like a low power IR link or similar link that requires close physical proximity to transmit a pseudo random code at least every second. The media destruction device includes a transmitter, not shown, that will instantly transmit the same pseudo random code back to the electronics 62. Using this type of short range link, if the media destruction device 12 is tampered with, the communication link will be broken. If the communication is broken, even for a second, the SSD media disk 100 will not be registered as sanitized. It is noted that the verification apparatus 10 can be used in combination with any media destruction device, whether or not the media destruction device physically alters the SSD media disk. Media destruction devices can range from electronic degaussing to partial SSD destruction, to total SSD destruction.
In the preferred embodiment, the verification apparatus 10 will not operate without a flash drive present and a filename specified. Also, in the preferred embodiment, an asymmetric key pair is used for encryption, wherein a public key resides on the verification apparatus 10 and is used to encrypt the data recorded. A private key resides in custom decryption software which will run on the PC. There is no security breach if the public key is widely known. Data files can only be read using a private key. Data can be copied to a standard non-encrypted file (CVS, XLS, etc.), but the original encrypted file cannot be modified—it is the secure reference. In an alternative embodiment, key pairs can be changed via the web. This allows the private key to be changed if it has been compromised. The user will need to know which key pair was used to encrypt the files. This can be done by recording what keys were used on what days. Files will be time stamped with the time obtained from the web. In yet another embodiment, data can be immediately transferred to a cloud-based server via a secure protocol, wherein no intermediate files are required. Data is encrypted and can be transferred to a standard non-encrypted file (CVS, XLS, TXT) using a secure protocol.
The terms “comprise” (and any form of comprise, such as “comprises” and “comprising”), “have” (and any form of have, such as “has” and “having”), “include” (and any form of include, such as “includes” and “including”) and “contain” (and any form of contain, such as “contains” and “containing”) are open-ended linking verbs. As a result, a method or device that “comprises,” “has,” “includes” or “contains” one or more steps or elements, possesses those one or more steps or elements, but is not limited to possessing only those one or more elements. Likewise, a step of a method or an element of a device that “comprises,” “has,” “includes” or “contains” one or more features, possesses those one or more features, but is not limited to possessing only those one or more features. Furthermore, a device or structure that is configured in a certain way is configured in at least that way, but may also be configured in ways that are not listed.
It is to be understood that while a certain form of the invention is illustrated, it is not to be limited to the specific form or arrangement herein described and shown. It will be apparent to those skilled in the art that various changes may be made without departing from the scope of the invention and the invention is not to be considered limited to what is shown and described in the specification and any drawings/figures included herein.
One skilled in the art will readily appreciate that the present invention is well adapted to carry out the objectives and obtain the ends and advantages mentioned, as well as those inherent therein. The embodiments, methods, procedures and techniques described herein are presently representative of the preferred embodiments, are intended to be exemplary, and are not intended as limitations on the scope. Changes therein and other uses will occur to those skilled in the art which are encompassed within the spirit of the invention and are defined by the scope of the appended claims. Although the invention has been described in connection with specific preferred embodiments, it should be understood that the invention as claimed should not be unduly limited to such specific embodiments. Indeed, various modifications of the described modes for carrying out the invention which are obvious to those skilled in the art are intended to be within the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4507 | Clark | May 1846 | A |
| 2222073 | Hauge | Nov 1940 | A |
| 2292901 | Schmitz, Jr. | Aug 1942 | A |
| 2535714 | Anderson et al. | Dec 1950 | A |
| 2646726 | Fogg | Jul 1953 | A |
| 2682098 | Wilcox | Jun 1954 | A |
| 2838720 | Dostal | Jun 1958 | A |
| 2962560 | Folse | Nov 1960 | A |
| 2974695 | Pfeffer | Mar 1961 | A |
| 3169435 | Hartger | Feb 1965 | A |
| 3321586 | Krones | May 1967 | A |
| 3461497 | Geyer | Aug 1969 | A |
| 3995768 | Montalbano et al. | Dec 1976 | A |
| 4157581 | Keiichi et al. | Jun 1979 | A |
| 4161296 | Parker et al. | Jul 1979 | A |
| 4272032 | Hellberg | Jun 1981 | A |
| 4286295 | Ipolyi | Aug 1981 | A |
| 4291618 | Heiser et al. | Sep 1981 | A |
| 4423460 | Jackson et al. | Dec 1983 | A |
| 4423844 | Sours et al. | Jan 1984 | A |
| 4529134 | Williams | Jul 1985 | A |
| 4551782 | Seely et al. | Nov 1985 | A |
| 4609155 | Garnier | Sep 1986 | A |
| 4621299 | Hill | Nov 1986 | A |
| 4625925 | Goldhammer | Dec 1986 | A |
| 4639821 | Littwin et al. | Jan 1987 | A |
| 4669673 | Lodovico et al. | Jun 1987 | A |
| 4690340 | Hatanaka | Sep 1987 | A |
| 4757419 | Masaki | Jul 1988 | A |
| 4923126 | Lodovico et al. | May 1990 | A |
| 5090628 | Porter | Feb 1992 | A |
| 5110060 | Lundquist | May 1992 | A |
| 5132860 | Von Stein | Jul 1992 | A |
| 5198959 | Scholtysik et al. | Mar 1993 | A |
| 5203513 | Keller et al. | Apr 1993 | A |
| 5292078 | Lodovico et al. | Mar 1994 | A |
| 5302078 | Essick et al. | Apr 1994 | A |
| 5580009 | Kennedy | Dec 1996 | A |
| 5611495 | Williams | Mar 1997 | A |
| 5666413 | Kempf | Sep 1997 | A |
| 5691873 | Masaki | Nov 1997 | A |
| 5711492 | Cheladze | Jan 1998 | A |
| 5721665 | Schultz | Feb 1998 | A |
| 5765765 | Tamura et al. | Jun 1998 | A |
| 5884855 | Chang | Mar 1999 | A |
| 5904305 | Kaczmarek | May 1999 | A |
| 5979774 | Urushibata | Nov 1999 | A |
| 6202949 | Hayles, Jr. | Mar 2001 | B1 |
| 6439486 | Nitta et al. | Aug 2002 | B1 |
| 6523767 | Ramesohl | Feb 2003 | B1 |
| 6527209 | Dorscht | Mar 2003 | B1 |
| 6565026 | Hall | May 2003 | B1 |
| 6714398 | Schultz | Mar 2004 | B2 |
| 7267146 | Olofsson | Sep 2007 | B2 |
| 7267294 | Castronovo | Sep 2007 | B2 |
| 7270282 | Castronovo | Sep 2007 | B2 |
| 7324321 | Olliges | Jan 2008 | B2 |
| 7334747 | Castronovo | Feb 2008 | B2 |
| 7357340 | Castronovo | Apr 2008 | B2 |
| 7424981 | Castronovo | Sep 2008 | B2 |
| 7448562 | Castronovo | Nov 2008 | B2 |
| 7500625 | Castronovo | Mar 2009 | B2 |
| 7652837 | Kitamura et al. | Jan 2010 | B2 |
| 7852590 | Olliges | Dec 2010 | B1 |
| 7861956 | Hiller, Sr. | Jan 2011 | B2 |
| 7975950 | Ebadian et al. | Jul 2011 | B2 |
| 8064183 | Olliges | Nov 2011 | B2 |
| 8158043 | Gibson et al. | Apr 2012 | B2 |
| 8356764 | Aizenberg et al. | Jan 2013 | B2 |
| 8794559 | Olliges | Aug 2014 | B1 |
| 9440313 | Clark | Sep 2016 | B2 |
| 9776192 | Ebadian et al. | Oct 2017 | B2 |
| 10071382 | Ebadian | Sep 2018 | B1 |
| 10242699 | Ebadian et al. | Mar 2019 | B1 |
| 20010045478 | Recker et al. | Nov 2001 | A1 |
| 20030015818 | Magvire | Jan 2003 | A1 |
| 20030089806 | Galanty | May 2003 | A1 |
| 20040112999 | Byram et al. | Jun 2004 | A1 |
| 20050040263 | Parke | Feb 2005 | A1 |
| 20050041319 | Hasegawa et al. | Feb 2005 | A1 |
| 20060016919 | Castronovo | Jan 2006 | A1 |
| 20060018075 | Schultz | Jan 2006 | A1 |
| 20070075168 | Rodriguez et al. | Apr 2007 | A1 |
| 20070125895 | Chen | Jun 2007 | A1 |
| 20070247776 | Tamura | Oct 2007 | A1 |
| 20080257993 | Cole et al. | Oct 2008 | A1 |
| 20090140086 | Thiel | Jun 2009 | A1 |
| 20100201024 | Gibson et al. | Aug 2010 | A1 |
| 20100276524 | Ebadian et al. | Nov 2010 | A1 |
| 20100294865 | Wozny | Nov 2010 | A1 |
| 20120276331 | Orr et al. | Nov 2012 | A1 |
| 20120282436 | Coe et al. | Nov 2012 | A1 |
| 20130014965 | Barger | Jan 2013 | A1 |
| 20130320121 | Ko | Dec 2013 | A1 |
| 20140209718 | Bevins | Jul 2014 | A1 |
| 20140209723 | Ebadian et al. | Jul 2014 | A1 |
| 20140299702 | Kroell et al. | Oct 2014 | A1 |
| 20150041576 | Romanovich | Feb 2015 | A1 |
| 20150328642 | Shegerian et al. | Nov 2015 | A1 |
| 20160046040 | Dahlheimer et al. | Feb 2016 | A1 |
| 20170246640 | Wagner et al. | Aug 2017 | A1 |
| Entry |
|---|
| Anonymous, “Experience the peace of mind of high security data storage media destruction”, Marketing pamphlet, Phiston Technologies, Inc., Company marketing file: Phitech10.042.613, Miami, Florida, (2015). |
| Anonymous, “Phiston MediaDice: A patented high security optical media destroyer that disintegrates CDs, DVDs, Blu-Ray discs, and magnetic strip cards”, Marketing Pamphlet, Phiston Technologies, Inc., Miami, Florida, (2015). |
| Definition of tang, the Free Dictionary, Farlex. |
