CA1071771A - Operating system authenticator - Google Patents
Operating system authenticatorInfo
- Publication number
- CA1071771A CA1071771A CA258,910A CA258910A CA1071771A CA 1071771 A CA1071771 A CA 1071771A CA 258910 A CA258910 A CA 258910A CA 1071771 A CA1071771 A CA 1071771A
- Authority
- CA
- Canada
- Prior art keywords
- operating system
- loaded
- value
- program
- register
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/33—Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Abstract
OPERATING SYSTEM AUTHENTICATOR
Abstract of The Disclosure An operating system authenticator for determining if an operating system being loaded in a computer is valid.
A user's identification code or secret key which is unique to the operating system, and a verifier value which is a predetermined function of a valid operating system and the identification code are respectively stored. A hash function, which is a function of the operating system being loaded and the identification code, is generated by the authenticator.
After the operating system is loaded, the hash function is used as an authenticating value and compared with the verifier value for determining the authenticity of the loaded operating system.
Abstract of The Disclosure An operating system authenticator for determining if an operating system being loaded in a computer is valid.
A user's identification code or secret key which is unique to the operating system, and a verifier value which is a predetermined function of a valid operating system and the identification code are respectively stored. A hash function, which is a function of the operating system being loaded and the identification code, is generated by the authenticator.
After the operating system is loaded, the hash function is used as an authenticating value and compared with the verifier value for determining the authenticity of the loaded operating system.
Description
Background of The In~ention 16 In the past, there have been no mea~s available 17 fOr treating operating system code not resident in main 18 storage of a computer, that is operating syste~ code stored 19 on tape, disk or the like, any differently thar. data having far lower security requirements. The lack of security 21 results in two problem areas.
22 The first problem area i8 with respect to thç non-23 secured communication channel between the co~puter manu-24 facturer and the customer. For example, a typical pene.ra-tion of security is to teli~er the penetrator's code to a 26 customer, counterfeiting the computer manufacturer's pack-27 aging and delivery procedures.
., ' ~
" ., ' " ,~
, :: -, 1 The second problem area results fro~ the fact that
22 The first problem area i8 with respect to thç non-23 secured communication channel between the co~puter manu-24 facturer and the customer. For example, a typical pene.ra-tion of security is to teli~er the penetrator's code to a 26 customer, counterfeiting the computer manufacturer's pack-27 aging and delivery procedures.
., ' ~
" ., ' " ,~
, :: -, 1 The second problem area results fro~ the fact that
2 the copy ofOthe operating sys~em on auxiliary ~torage i5
3 under control of the operating system's file management
4 component, and a successful subver6ion of the file ~_ 5 management component can be used to change the copy of 6 the operating sy~tem on disk, ~hlch if the change is un-7 detected, will subsequently be loaded fn plac2 of the valid 8 operat~ng system, 9 As se~ forth above, the manufacturer's packaging and delivery techniques are easily counterfeited, so another 11 method must be devised to authenticate an cperating system.
12 It has been suggested that a parity type check be performed 13 on the operating system, but it has been found that such a 14 parity check is easily subverted.
According to the present invention, the validity 16 of a program such as an operating system being loaded in a 1~ computer ls authenticated in an operating system authenticator 18 through the use of a user's identification c-de or secret key 19 and a verifier code which are unique to a valid operating system, The operating system to be authenticated is con-21 currently loaded into main ~emory and the system authenticator.
22 A hash function 'iB generated in the authen~icator as a function 23 of the user's identification code and the operating sys~em ' 24 be$ng loaded. Afeer the complete operating system has been loaded, the hash function is compared with the verifier value.
26 If they compsre, the loaded operating system is valid, and 27 if there is a lack of comparison the loaded operating system 28 i~ invalld, and computer operation is termina~ed.
.
YOg74-022 - 2 --107177~
1 Summary of the Invention According to the present invention, method and apparatus is disclosed for determining the authenticity of a program being loaded in a computer. There is means for storing an identifica-tion code unique to the program. Also included are means for generating an authenticating value which is a function of the identification code and the program being loaded. Finally, there is means for determining the authenticity of the program being loaded in response to comparing the authenticating value and a prestored verifier value which is a predetermined function ~-~ of a valid program and the identification code. ;, , Brief Description of the Drawings ``~
Fig. 1 is a block diagram representation of a computer system including an operating system authenticator.
;~ Figs. 2A through 2C illustrate a block diagram of the opera-ting system authenticator according to the present invention.
Description of the Preferred Embodiment In Fig. 1 there is illustrated generally at 2 a computer system which includes an operating system authenticator 4 whlch determines the authenticity of a computer program such as opera-ting system code which is to be loaded into the main memory of the computer system. The authenti-~, .
' .
~ !
:.`1 .,:
.~ ~
. .
,,~
', , , ' ' '' "' ", ~ ' ' 10~1771 1 cator 4 includes a timing network 6, a user'~ identification 2 (UID) 8 orage regl~ter 8, a verifier value register 10 and 3 a hash function generator 12 which produces an authenticating 4 value. The UID regi~ter 8 stores an identification code or ~_ 5 secret key which i8 ~nique to thë valid operating syBtem which 6 i8 to be stored in the computer system 2. ~he verlfier value 7 storet in the register 10 i5 a binary value which iB a function 8 of the user~s identification code and a val~d operating system.
g The verifier value is determined by the computer manufacturer by inserting the identification code and a valid operating 11 system into a hash funct~on generator of the computer manu-12 facturer which is identical to the hash function generator 13 12 illu5trated. After the complete valid operating system - 14 has been loaded in the ~anufacturer's hash ~unction generator for being logically operated on with the identification 16 cote, the verifier value is determined. The predetermined 17 verifier value i3 then stored in a read only storage device 18 such as a magnetic card or the like which is transmitted to ~9 a Security Officer of the customer. The verifier card is then in~erted in the customer's operating system authenticator 21 under lock and key, such that there can be no access to the 22 verifier storage by unauthorized persons.
23 A hash function generator is a device which performs 24 logical operations on two or more binary words for pro-vidin& an output word having a configuration which is 26 difficult i~ not impossible to reproduce as long as the user's 27 identification code i~ not known. This is so, ~ince the hash 28 function generator includes a number of storage devices, .
107~771 .
1 exclusive 0~ blt-by-bit comparators, multi.plJ ers and the llke.
. 2 It follows that if a plurality of multiple bit words are 3 processed, the statistical probability of ~eing able to - 4 deduce a verlfler value corresponding to a change in the :, .
opersting system, is at best remote.
. 6 A disk 14 or similar type device is used to trans-7 fer the operating system code to a main memory 16 via a data 8 channel 18. The main memory 16 communicates with a central 9 'proce8sing unit (CPU) 19 ~ia fitandard data communication 10 channel~20. The CPU 19 provides a start s~ignal via a 11 line 22.to the authenticator 4 and the data channel lb. The 12 timing network 6 respond9 to the start signal and transmits 13 a'data request signal to the data channel 18 via a line 14 24. The data channel 18 then concurrently proyides the first '~ 15 word of the operating system to the hash function generator , . 16 12 and the main memory 16 via a line 26. After each word 17 i8 loaded'into the hash function generator and main memory, 18 a data valid si~nal is transmitted from the data channel 18 19 to the timing network 6.via a line 28. In response thereto, .~ 20 the timing network 6 then reque.sts another word of the '~, . 21 operating sy6tem from the data channel via the data request , . 22 line 24. This o'peration continues until the complete opera-:~`
.i 23 ting system to be authentlcsted'is loaded into the main .. :, .
' 24 memory and the hssh functlon generator.
~. 25 The ha~h function generator responds to the ,~:
... ' 26 successive words of the operating system and the user's . . .
27 .itentlfication code for generating a hash fu~lction which : 28 serves as an authenticating value. After the complete opera-'"' ;- .
" Y0974-022 - 5 -:11)71771 1 ting system has been loadet, an operating system loaded signal is transmitted from the data channel 18 to the 3 tlming network 6 via a line 30. In responsc thereto the 4 hash function generator 12 compares the authenticating value with the verifier value stored in the device 10 for 6 determining ir the loaded operating system i6 valid. If 7 the authenticating value and the verifier value compare, a 8 continue normal operation signal is transmitted from the 9 generator 12 to the CPU l9 via a line 32, such that the CPU
is infoYmed that normal computer operation ma~ continue. On 11 the other hand, if the authenticating value and the verifier 12 Yalue to not compare, the loaded operating system is not 13 authentic and a terminate CPU operation signal is transmitted 14 via a line 34 to the CPU 18 for terminating computer opera-tion and for signalling an alarm indlcation.
16 ~he present invention is set forth in digital 17 hardware form in Fig. 2~ however the present invention may 18 also be practiced thro-ugh the use of a properly programmed 19 general purpose digital computer, or by other suitable logical techniques. Figs. 2A, 2B and 2C are arranged as 21 set forth in Fig. 2, that is with Fig. 2A on the top, Fig. 2C
22 on the bottom and Fig. 2B therebetween.
23 ~th reference to Fig. 2C, the s~art signal on 24 line 22 is applied to a single shot multivibrstor 108 of the timing network 6. In response thereto, ~n AU-l pulse 26 is provided on a line 109, for setting a ~lip-flop 118 to 27 the O state; to an authenticating register 116 for setting 28 same to a reference value of O and to a gate 112 for passing ~07177~
1 the conten~s of the UID ~torage regi~ter 8 to a buffer 2 storage register 114. It ls to be appreciat d that register 3 116 may be set to any other suitable reference value. As 4 previo~sly tescribed, the UID register stores the user identification code or secret key which i8 unlque to a valid 6 operatlng ~ystem. When single shot 108 turns off, a pulse 7 ls passed from sa~e via an OR gate 120 to turn on a single 8 shot 122 which produces an AU-2 pulse on a line 111 which g samples the state o the flip-flop 118 by er.abling a gate 124. Since the gate 118 has been previously set to the O
11 state b~ the AU-l pulse, gate 124 provides a gating signal 12 on a line 126 which turns on single shot 130 for providing 13 an AU-3 pulse on the line 24. The AU-3 pulse is the previously 14 tescrlbed data request signal which requests the first word of the operating system to be loaded into an operating system 16 storage register 134 ViA the line 26 (Fig. 2A).
17 When the first word has been loaded into the 18 storage register 134 a data valid signal is applied from the 19 data channel via the line 28 (Fig. 2C) to a single shot 138, turning the single shot on for providing an AU-4 pulse on 21 a line 139. The AU-4 pulse is applied to gates 140 and 142 22 for passing the:contents of registers 134 and 114 to the 23 respective inputs of a bit-by-bit exclusive OR comparator 24 network 144. The result of the bit-by-bit exclusive OR
comparison i~ broken up into first and seeor.d portions, with 26 the first portion being appll~d to a multi~licand (~C) 27 storage register 146 and the second portion being applied to 28 a multiplier (MP) storage register 148. For example, if the Y0974-022 ~ 7 ~
~07177~
; 1 user~s ident~fication code is a 64-bit word and each word of 2 the operatin~ sy~tem is 64 bltR, the first 32 bits of the 3 co~parison can be stored in the register 14C 3nd the second 4 32 bits can be stored In the register 148. It is to be _ 5 appreciated, however, that a dif~erent number of bits may 6 be 8toret in each register. The numbers stored in the 7 respective registers are then multiplied in a multiplier 8 150 (FIC. 23), wlth the product thereof being applied to a :, 9 first input of a 8ating network 154 (FIG. 2A).
10~ When the single shot 138 turns off, a pulse is 11 provlde.d.on a line 113 for turning on a single shot 152 12 .for provlding an AU-S pulse on a line 115, which pulse $s 13 used to:enable the gate 154 to pass the product from the , 14 multiplier 150 to the input of the buffer regis.ter 114. It .,i 15 is seen, that the product now replaces the ~reviously 1 16 stored user's identification code. The product now stored :~ 17 will be s~bsequently compared with the second~word of the 18 operating system during the next cycle of operation. This 19 process repeats as each successive word of the operating system is loaded. The output of the buffer register 114 . ~ .
21 is also conn.ected to a first input of a gate 160 (Fig. 2B).
`~ 22 When t~e single shot 152 turns off, a pulse is.`, . .
23 provided on a line 117 for turning on a single shot 156 which 24 produces an AU-6 pulse on a line 119 which serves as an 3 25 enable signal for a gaee 158 and the gate 160 (FIG. 2B).
j 26 This si~nal enables the gate 158 to pass the reference `. 27 value of O from authenticating register 116 to a first input ~ . 28 of a bit-by-bit exclusive OR network 162, which has the ~' - ' ,, YO~74-027 - 8 -~071771 .
1 product stored in the buffer register 114 applied to a second 2 lnput thereo~f via the gate 160. The result of the bit-by-bit 3 excluslve OR comparlson by comparator 162 is then stored in 8 4 buffer rerister 164, the output of which i9 applied to a ~irst _ S input of a gate 168 via a line 121.
6 When the single shot 156 turns off, a pulse is 7 provlded on a line 137 for turn~ng on single shot 166 which B produces an AU-7 pulse on a line 123, which pulse i9 applied 9 to the second înput of gating network 168 for passing the contents of register 164 to authenticating register 116 to 11 be stored in place of the reference value previously stored 12 therein.
13 The output of authenticating register 116 is also 14 applied to a first input of a comparison network 172 tFIG. 2C) via a line 125 as the authenticsting value. Applied to the 16 - second input thereof i9 the verifier value from the verifier 17 register 10 via a line 127. The comparator network 172 provides :
18 a signal output on a line 129 when there is a lack of comparison 19 and provide~ a signal output on a line 131 ~hen there is comparison. At this time, in all likelihood, ~here is a lack 21 of comparison, and a signal appearing on line 129 would be 22 applied to a gating network 170. The gating cetwork 170 is 23 not enabled at this time, however, since there is no AU-8 24 pulse provided on a line 133. A descrlption of how the AU-8 pulse is provided will be described shortly.
26 When the single sho~ 166 turns off, a pulse is 27 provided on a line 135 which is passed by the OR 8ate 120 28 for turning on single fihot 122 for once again ssmpling the Yas74-022 - 9 -1 stste of flip-flop 118 to determine if the wurd ~ust processed 2 i~ the finaL word of the operating ~ystem, The flip-flop 118 3 is still in the O state, since only the first word has been 4 processed, and accordingly an operating sys~om loaded signal has not yet been provided on ehe line 30 for ~etting the 6 flip-Çlop 118 to the 1 state. As previously described, a pulse 7 output is once again provided from gate 124 on line 126 turning 8 on the single shot 130 for requesting the second word of the 9 operating system. The operation of timi~ng network 6 and authe~ticator 12 repeats as previously described, for 11 processing the second word of the operating system. This 12 process continues in a similar manner for each word until the 13 final word of the operating system is loaded.
14 Assume now that the final word oi th~ operating system has been loaded and the ~U-7 pulse has been generated 16 and in turn the single shot 166 has turned o~, now providing 17 the pulse on the line 135 which is passed by the OR gate 120 18 for turning on single shot 122, enabling the gate 124 to 19 sample flip-flop 118, as previously explained. Since the operating system has been completely loaded, the operating .i; .
21 system loaded signal has been provided on the line 30 for ` 22 setting the flip.flop 118 to the 1 statet A pulse is then 23 provided on the line 132 for turning on a sing1.e shot 134 which 24 provides an AU-8 pulse on the line 133 f or enabling the gate 170 to sample the comparator network 172 which compares the 26 verlfier value stored in the verlfier register 10 with the 27 authenticating value stored in authenticatinK register 116.
28 If the loaded operating system i9 valid, the wo values should 11~7177 , 1 compare and a signal output is provided on 8 line 131 whlch 2 19 pas9ed b~ the gate 170 to the line 32 for informing the 3 CP~ to continue normal operation. If, on the other hand, 4 the loaded operating system is invalid ths v&lues stored in the regioter 116 and register 10 should not compare and a 6 slgnal is provided on the line 129 which is passed by the 7 gate 170 to the line 34 for informing the CPU to terminate 8 operation and~to raise an alarm.
, 9 In summary, an operating system authenticator has ; 10 been disclosed which determines if an ope~ating system being '' 11 loaded in a computer is valid. A user's identification 12 code which is unique to a valid operating system and a 13 verifier value which is a predetermined function of the valit 14 operating system and the identification code are stored in ,. -, .
respective locations. A hash function, which is a function 16 of the operating system being loaded and the identification '~i 17 code, is generated by the authenticator as an authenticating 18 value. Once the operating system is loaded~ the authenti-19 cating value is compared with the stored ver'fier value for determining the authenticity of the loaded operating system.
21 WHAT IS CLAIMED IS:
JI~A/jmh
12 It has been suggested that a parity type check be performed 13 on the operating system, but it has been found that such a 14 parity check is easily subverted.
According to the present invention, the validity 16 of a program such as an operating system being loaded in a 1~ computer ls authenticated in an operating system authenticator 18 through the use of a user's identification c-de or secret key 19 and a verifier code which are unique to a valid operating system, The operating system to be authenticated is con-21 currently loaded into main ~emory and the system authenticator.
22 A hash function 'iB generated in the authen~icator as a function 23 of the user's identification code and the operating sys~em ' 24 be$ng loaded. Afeer the complete operating system has been loaded, the hash function is compared with the verifier value.
26 If they compsre, the loaded operating system is valid, and 27 if there is a lack of comparison the loaded operating system 28 i~ invalld, and computer operation is termina~ed.
.
YOg74-022 - 2 --107177~
1 Summary of the Invention According to the present invention, method and apparatus is disclosed for determining the authenticity of a program being loaded in a computer. There is means for storing an identifica-tion code unique to the program. Also included are means for generating an authenticating value which is a function of the identification code and the program being loaded. Finally, there is means for determining the authenticity of the program being loaded in response to comparing the authenticating value and a prestored verifier value which is a predetermined function ~-~ of a valid program and the identification code. ;, , Brief Description of the Drawings ``~
Fig. 1 is a block diagram representation of a computer system including an operating system authenticator.
;~ Figs. 2A through 2C illustrate a block diagram of the opera-ting system authenticator according to the present invention.
Description of the Preferred Embodiment In Fig. 1 there is illustrated generally at 2 a computer system which includes an operating system authenticator 4 whlch determines the authenticity of a computer program such as opera-ting system code which is to be loaded into the main memory of the computer system. The authenti-~, .
' .
~ !
:.`1 .,:
.~ ~
. .
,,~
', , , ' ' '' "' ", ~ ' ' 10~1771 1 cator 4 includes a timing network 6, a user'~ identification 2 (UID) 8 orage regl~ter 8, a verifier value register 10 and 3 a hash function generator 12 which produces an authenticating 4 value. The UID regi~ter 8 stores an identification code or ~_ 5 secret key which i8 ~nique to thë valid operating syBtem which 6 i8 to be stored in the computer system 2. ~he verlfier value 7 storet in the register 10 i5 a binary value which iB a function 8 of the user~s identification code and a val~d operating system.
g The verifier value is determined by the computer manufacturer by inserting the identification code and a valid operating 11 system into a hash funct~on generator of the computer manu-12 facturer which is identical to the hash function generator 13 12 illu5trated. After the complete valid operating system - 14 has been loaded in the ~anufacturer's hash ~unction generator for being logically operated on with the identification 16 cote, the verifier value is determined. The predetermined 17 verifier value i3 then stored in a read only storage device 18 such as a magnetic card or the like which is transmitted to ~9 a Security Officer of the customer. The verifier card is then in~erted in the customer's operating system authenticator 21 under lock and key, such that there can be no access to the 22 verifier storage by unauthorized persons.
23 A hash function generator is a device which performs 24 logical operations on two or more binary words for pro-vidin& an output word having a configuration which is 26 difficult i~ not impossible to reproduce as long as the user's 27 identification code i~ not known. This is so, ~ince the hash 28 function generator includes a number of storage devices, .
107~771 .
1 exclusive 0~ blt-by-bit comparators, multi.plJ ers and the llke.
. 2 It follows that if a plurality of multiple bit words are 3 processed, the statistical probability of ~eing able to - 4 deduce a verlfler value corresponding to a change in the :, .
opersting system, is at best remote.
. 6 A disk 14 or similar type device is used to trans-7 fer the operating system code to a main memory 16 via a data 8 channel 18. The main memory 16 communicates with a central 9 'proce8sing unit (CPU) 19 ~ia fitandard data communication 10 channel~20. The CPU 19 provides a start s~ignal via a 11 line 22.to the authenticator 4 and the data channel lb. The 12 timing network 6 respond9 to the start signal and transmits 13 a'data request signal to the data channel 18 via a line 14 24. The data channel 18 then concurrently proyides the first '~ 15 word of the operating system to the hash function generator , . 16 12 and the main memory 16 via a line 26. After each word 17 i8 loaded'into the hash function generator and main memory, 18 a data valid si~nal is transmitted from the data channel 18 19 to the timing network 6.via a line 28. In response thereto, .~ 20 the timing network 6 then reque.sts another word of the '~, . 21 operating sy6tem from the data channel via the data request , . 22 line 24. This o'peration continues until the complete opera-:~`
.i 23 ting system to be authentlcsted'is loaded into the main .. :, .
' 24 memory and the hssh functlon generator.
~. 25 The ha~h function generator responds to the ,~:
... ' 26 successive words of the operating system and the user's . . .
27 .itentlfication code for generating a hash fu~lction which : 28 serves as an authenticating value. After the complete opera-'"' ;- .
" Y0974-022 - 5 -:11)71771 1 ting system has been loadet, an operating system loaded signal is transmitted from the data channel 18 to the 3 tlming network 6 via a line 30. In responsc thereto the 4 hash function generator 12 compares the authenticating value with the verifier value stored in the device 10 for 6 determining ir the loaded operating system i6 valid. If 7 the authenticating value and the verifier value compare, a 8 continue normal operation signal is transmitted from the 9 generator 12 to the CPU l9 via a line 32, such that the CPU
is infoYmed that normal computer operation ma~ continue. On 11 the other hand, if the authenticating value and the verifier 12 Yalue to not compare, the loaded operating system is not 13 authentic and a terminate CPU operation signal is transmitted 14 via a line 34 to the CPU 18 for terminating computer opera-tion and for signalling an alarm indlcation.
16 ~he present invention is set forth in digital 17 hardware form in Fig. 2~ however the present invention may 18 also be practiced thro-ugh the use of a properly programmed 19 general purpose digital computer, or by other suitable logical techniques. Figs. 2A, 2B and 2C are arranged as 21 set forth in Fig. 2, that is with Fig. 2A on the top, Fig. 2C
22 on the bottom and Fig. 2B therebetween.
23 ~th reference to Fig. 2C, the s~art signal on 24 line 22 is applied to a single shot multivibrstor 108 of the timing network 6. In response thereto, ~n AU-l pulse 26 is provided on a line 109, for setting a ~lip-flop 118 to 27 the O state; to an authenticating register 116 for setting 28 same to a reference value of O and to a gate 112 for passing ~07177~
1 the conten~s of the UID ~torage regi~ter 8 to a buffer 2 storage register 114. It ls to be appreciat d that register 3 116 may be set to any other suitable reference value. As 4 previo~sly tescribed, the UID register stores the user identification code or secret key which i8 unlque to a valid 6 operatlng ~ystem. When single shot 108 turns off, a pulse 7 ls passed from sa~e via an OR gate 120 to turn on a single 8 shot 122 which produces an AU-2 pulse on a line 111 which g samples the state o the flip-flop 118 by er.abling a gate 124. Since the gate 118 has been previously set to the O
11 state b~ the AU-l pulse, gate 124 provides a gating signal 12 on a line 126 which turns on single shot 130 for providing 13 an AU-3 pulse on the line 24. The AU-3 pulse is the previously 14 tescrlbed data request signal which requests the first word of the operating system to be loaded into an operating system 16 storage register 134 ViA the line 26 (Fig. 2A).
17 When the first word has been loaded into the 18 storage register 134 a data valid signal is applied from the 19 data channel via the line 28 (Fig. 2C) to a single shot 138, turning the single shot on for providing an AU-4 pulse on 21 a line 139. The AU-4 pulse is applied to gates 140 and 142 22 for passing the:contents of registers 134 and 114 to the 23 respective inputs of a bit-by-bit exclusive OR comparator 24 network 144. The result of the bit-by-bit exclusive OR
comparison i~ broken up into first and seeor.d portions, with 26 the first portion being appll~d to a multi~licand (~C) 27 storage register 146 and the second portion being applied to 28 a multiplier (MP) storage register 148. For example, if the Y0974-022 ~ 7 ~
~07177~
; 1 user~s ident~fication code is a 64-bit word and each word of 2 the operatin~ sy~tem is 64 bltR, the first 32 bits of the 3 co~parison can be stored in the register 14C 3nd the second 4 32 bits can be stored In the register 148. It is to be _ 5 appreciated, however, that a dif~erent number of bits may 6 be 8toret in each register. The numbers stored in the 7 respective registers are then multiplied in a multiplier 8 150 (FIC. 23), wlth the product thereof being applied to a :, 9 first input of a 8ating network 154 (FIG. 2A).
10~ When the single shot 138 turns off, a pulse is 11 provlde.d.on a line 113 for turning on a single shot 152 12 .for provlding an AU-S pulse on a line 115, which pulse $s 13 used to:enable the gate 154 to pass the product from the , 14 multiplier 150 to the input of the buffer regis.ter 114. It .,i 15 is seen, that the product now replaces the ~reviously 1 16 stored user's identification code. The product now stored :~ 17 will be s~bsequently compared with the second~word of the 18 operating system during the next cycle of operation. This 19 process repeats as each successive word of the operating system is loaded. The output of the buffer register 114 . ~ .
21 is also conn.ected to a first input of a gate 160 (Fig. 2B).
`~ 22 When t~e single shot 152 turns off, a pulse is.`, . .
23 provided on a line 117 for turning on a single shot 156 which 24 produces an AU-6 pulse on a line 119 which serves as an 3 25 enable signal for a gaee 158 and the gate 160 (FIG. 2B).
j 26 This si~nal enables the gate 158 to pass the reference `. 27 value of O from authenticating register 116 to a first input ~ . 28 of a bit-by-bit exclusive OR network 162, which has the ~' - ' ,, YO~74-027 - 8 -~071771 .
1 product stored in the buffer register 114 applied to a second 2 lnput thereo~f via the gate 160. The result of the bit-by-bit 3 excluslve OR comparlson by comparator 162 is then stored in 8 4 buffer rerister 164, the output of which i9 applied to a ~irst _ S input of a gate 168 via a line 121.
6 When the single shot 156 turns off, a pulse is 7 provlded on a line 137 for turn~ng on single shot 166 which B produces an AU-7 pulse on a line 123, which pulse i9 applied 9 to the second înput of gating network 168 for passing the contents of register 164 to authenticating register 116 to 11 be stored in place of the reference value previously stored 12 therein.
13 The output of authenticating register 116 is also 14 applied to a first input of a comparison network 172 tFIG. 2C) via a line 125 as the authenticsting value. Applied to the 16 - second input thereof i9 the verifier value from the verifier 17 register 10 via a line 127. The comparator network 172 provides :
18 a signal output on a line 129 when there is a lack of comparison 19 and provide~ a signal output on a line 131 ~hen there is comparison. At this time, in all likelihood, ~here is a lack 21 of comparison, and a signal appearing on line 129 would be 22 applied to a gating network 170. The gating cetwork 170 is 23 not enabled at this time, however, since there is no AU-8 24 pulse provided on a line 133. A descrlption of how the AU-8 pulse is provided will be described shortly.
26 When the single sho~ 166 turns off, a pulse is 27 provided on a line 135 which is passed by the OR 8ate 120 28 for turning on single fihot 122 for once again ssmpling the Yas74-022 - 9 -1 stste of flip-flop 118 to determine if the wurd ~ust processed 2 i~ the finaL word of the operating ~ystem, The flip-flop 118 3 is still in the O state, since only the first word has been 4 processed, and accordingly an operating sys~om loaded signal has not yet been provided on ehe line 30 for ~etting the 6 flip-Çlop 118 to the 1 state. As previously described, a pulse 7 output is once again provided from gate 124 on line 126 turning 8 on the single shot 130 for requesting the second word of the 9 operating system. The operation of timi~ng network 6 and authe~ticator 12 repeats as previously described, for 11 processing the second word of the operating system. This 12 process continues in a similar manner for each word until the 13 final word of the operating system is loaded.
14 Assume now that the final word oi th~ operating system has been loaded and the ~U-7 pulse has been generated 16 and in turn the single shot 166 has turned o~, now providing 17 the pulse on the line 135 which is passed by the OR gate 120 18 for turning on single shot 122, enabling the gate 124 to 19 sample flip-flop 118, as previously explained. Since the operating system has been completely loaded, the operating .i; .
21 system loaded signal has been provided on the line 30 for ` 22 setting the flip.flop 118 to the 1 statet A pulse is then 23 provided on the line 132 for turning on a sing1.e shot 134 which 24 provides an AU-8 pulse on the line 133 f or enabling the gate 170 to sample the comparator network 172 which compares the 26 verlfier value stored in the verlfier register 10 with the 27 authenticating value stored in authenticatinK register 116.
28 If the loaded operating system i9 valid, the wo values should 11~7177 , 1 compare and a signal output is provided on 8 line 131 whlch 2 19 pas9ed b~ the gate 170 to the line 32 for informing the 3 CP~ to continue normal operation. If, on the other hand, 4 the loaded operating system is invalid ths v&lues stored in the regioter 116 and register 10 should not compare and a 6 slgnal is provided on the line 129 which is passed by the 7 gate 170 to the line 34 for informing the CPU to terminate 8 operation and~to raise an alarm.
, 9 In summary, an operating system authenticator has ; 10 been disclosed which determines if an ope~ating system being '' 11 loaded in a computer is valid. A user's identification 12 code which is unique to a valid operating system and a 13 verifier value which is a predetermined function of the valit 14 operating system and the identification code are stored in ,. -, .
respective locations. A hash function, which is a function 16 of the operating system being loaded and the identification '~i 17 code, is generated by the authenticator as an authenticating 18 value. Once the operating system is loaded~ the authenti-19 cating value is compared with the stored ver'fier value for determining the authenticity of the loaded operating system.
21 WHAT IS CLAIMED IS:
JI~A/jmh
Claims (8)
1. A method of authenticating that a program being loaded into a computer is valid, said method comprising the steps of:
storing an identification code unique to said program;
generating an authenticating value as a function of said identification code and at least a given portion of the program being loaded; and determining the authenticity of the program being loaded in response to comparing said authenticating value with a prestored verifier value which is a pre-determined function of a valid program and said identifica-tion code.
2. A method of authenticating that a program being loaded into a computer is valid, said method comprising the steps of:
storing a secret key unique to said program;
storing a verifier code which is unique to a valid program ant said secret key;
generating an authenticating value in response to applying said secret key to at least a given portion of the program being loaded; and
storing an identification code unique to said program;
generating an authenticating value as a function of said identification code and at least a given portion of the program being loaded; and determining the authenticity of the program being loaded in response to comparing said authenticating value with a prestored verifier value which is a pre-determined function of a valid program and said identifica-tion code.
2. A method of authenticating that a program being loaded into a computer is valid, said method comprising the steps of:
storing a secret key unique to said program;
storing a verifier code which is unique to a valid program ant said secret key;
generating an authenticating value in response to applying said secret key to at least a given portion of the program being loaded; and
Claim 2 continued:
determining the authenticity of the program being loaded in response to comparing said authenticating value with a prestored verifier value which is a predetermined function of a valid program and said secret key.
determining the authenticity of the program being loaded in response to comparing said authenticating value with a prestored verifier value which is a predetermined function of a valid program and said secret key.
3. A method of authenticating the validity of an operating system being loaded into a computer, said method comprising the steps of:
storing an identification code unique to said operating system;
storing a verifier value which is a predetermined function of said identification code and a valid operating system;
generating an authenticating value as a hash function of said identification code and the operating system being loaded; and determining the authenticity of the operating system being loaded in response to comparing said authenti-cating value with said verifier value.
storing an identification code unique to said operating system;
storing a verifier value which is a predetermined function of said identification code and a valid operating system;
generating an authenticating value as a hash function of said identification code and the operating system being loaded; and determining the authenticity of the operating system being loaded in response to comparing said authenti-cating value with said verifier value.
4. In a system for determining the authenticity of a program being loaded in a computer, the combination comprising:
means for storing an identification code unique to said program;
means for generating an authenticating value which is a function of said identification code and at least a given portion of the program being loaded; and means for determining the authenticity of the program being loaded in response to comparing said authenti-cating value and a prestored verifier value which is a predetermined function of a valid program and said identi-fication code.
means for storing an identification code unique to said program;
means for generating an authenticating value which is a function of said identification code and at least a given portion of the program being loaded; and means for determining the authenticity of the program being loaded in response to comparing said authenti-cating value and a prestored verifier value which is a predetermined function of a valid program and said identi-fication code.
5. In a system for determining the authenticity of an operating system being loaded in a computer, the combination comprising:
means for storing a secret key which is unique to said operating system;
means for storing a verifier value which is a predetermined function of said secret key and a valid operating system;
means for generating an authenticating value which is a function of the secret key and the operating system being loaded; and means for determining the authenticity of the operating system being loaded in response to comparing said authenticating value with said verifier value.
means for storing a secret key which is unique to said operating system;
means for storing a verifier value which is a predetermined function of said secret key and a valid operating system;
means for generating an authenticating value which is a function of the secret key and the operating system being loaded; and means for determining the authenticity of the operating system being loaded in response to comparing said authenticating value with said verifier value.
6. The combination claimed in claim 5, including:
means for terminating computer operation in response to the comparison not being equal.
means for terminating computer operation in response to the comparison not being equal.
7. In a system for determining, the authenticity of an operating system being loaded in a computer, the combination comprising:
means for storing in a first storage location an identification code unique to said operating system;
means for storing in a second storage location a verifier value which is a predetermined function of said identification code and a valid operating system;
means for sequentially storing said operating system a word at a time in a third storage location;
means for comparing the contents of said first and third storage locations, including means for breaking up the result of the comparison into first and second portions;
means for taking the product of said first and second portions, with the resultant product being stored in said first storage location in place of what was previously stored, for comparison with the following word of said operating system and so on until the complete operating system has been sequentially stored;
means for initially storing a reference word in a fourth storage location;
means for comparing the contents of said first and fourth storage locations after each successive word of said operating system has been stored, with the result of the comparison being stored in said fourth storage location in place of what was previously stored; and means for determining the authenticity of the operating system being loaded in response to comparing the contents of said second and fourth storage locations following the complete sequential storage of said operating system.
8. An apparatus for determining the authenticity of an operating system being loaded in a computer, the combination comprising:
a first storage register in which an identifica-tion code for said operating system is stored;
a second storage register in which a verifier value which is a predetermined function of a valid operating system and said identification code is stored;
a third storage register in which said operating system is loaded a word at a time;
a fourth storage register;
a first gating network connected between said first and fourth registers for passing the contents of said first register to said fourth register during a first timing interval;
a first bit-by-bit comparator network having first and second inputs and two outputs;
second and third gating networks connected between said third storage register and said first input and said fourth register and said second input, respectively, of said first bit-by-bit comparator for passing the contents thereof during a second timing interval;
Claim 8 continued:
a multiplier having first and second inputs and an output;
fifth and sixth storage registers connected between the first output of said first bit-by-bit comparator and the first input of said multiplier and the second output of said first bit-by-bit comparator and the second input of said multiplier, respectively, with the contents of said fifth and sixth storage register being multiplied in said multiplier;
a fourth gating network connected between the output of said multiplier and said fourth storage register for passing the contents of said multiplier to said fourth register during a third timing interval;
a seventh storage register having an input and an output and in which is initially stored a reference value;
a second bit-by-bit comparator network having first and second inputs and an output;
fifth and sixth gating networks connected between the output of said seventh register and the first input, and the output of said fourth register and the second input, respectively, of said second bit-by-bit comparator for passing the contents thereof during a fourth timing interval;
means for storing in a first storage location an identification code unique to said operating system;
means for storing in a second storage location a verifier value which is a predetermined function of said identification code and a valid operating system;
means for sequentially storing said operating system a word at a time in a third storage location;
means for comparing the contents of said first and third storage locations, including means for breaking up the result of the comparison into first and second portions;
means for taking the product of said first and second portions, with the resultant product being stored in said first storage location in place of what was previously stored, for comparison with the following word of said operating system and so on until the complete operating system has been sequentially stored;
means for initially storing a reference word in a fourth storage location;
means for comparing the contents of said first and fourth storage locations after each successive word of said operating system has been stored, with the result of the comparison being stored in said fourth storage location in place of what was previously stored; and means for determining the authenticity of the operating system being loaded in response to comparing the contents of said second and fourth storage locations following the complete sequential storage of said operating system.
8. An apparatus for determining the authenticity of an operating system being loaded in a computer, the combination comprising:
a first storage register in which an identifica-tion code for said operating system is stored;
a second storage register in which a verifier value which is a predetermined function of a valid operating system and said identification code is stored;
a third storage register in which said operating system is loaded a word at a time;
a fourth storage register;
a first gating network connected between said first and fourth registers for passing the contents of said first register to said fourth register during a first timing interval;
a first bit-by-bit comparator network having first and second inputs and two outputs;
second and third gating networks connected between said third storage register and said first input and said fourth register and said second input, respectively, of said first bit-by-bit comparator for passing the contents thereof during a second timing interval;
Claim 8 continued:
a multiplier having first and second inputs and an output;
fifth and sixth storage registers connected between the first output of said first bit-by-bit comparator and the first input of said multiplier and the second output of said first bit-by-bit comparator and the second input of said multiplier, respectively, with the contents of said fifth and sixth storage register being multiplied in said multiplier;
a fourth gating network connected between the output of said multiplier and said fourth storage register for passing the contents of said multiplier to said fourth register during a third timing interval;
a seventh storage register having an input and an output and in which is initially stored a reference value;
a second bit-by-bit comparator network having first and second inputs and an output;
fifth and sixth gating networks connected between the output of said seventh register and the first input, and the output of said fourth register and the second input, respectively, of said second bit-by-bit comparator for passing the contents thereof during a fourth timing interval;
Claim 8 continued:
an eighth storage register having an input connected to the output of said second bit-by-bit comparator, and also having an output;
a seventh gating network connected between the output of said eighth storage register and the input of said seventh storage register for passing the contents of said eighth storage register to said seventh storage register during a fifth timing interval;
a third comparator having first and second inputs and an output, with the first input being connected to the output of said second storage register and the second input being connected to the output of said seventh storage register; and an eighth gating network connected to the output of said third comparator for sampling the results of the comparison during a sixth timing interval, with a first signal being provided which is indicative that the operating system being loaded is valid if there is a comparison, and a second signal being provided which is indicative that the operating system being loaded is invalid if there is a lack of comparison.
an eighth storage register having an input connected to the output of said second bit-by-bit comparator, and also having an output;
a seventh gating network connected between the output of said eighth storage register and the input of said seventh storage register for passing the contents of said eighth storage register to said seventh storage register during a fifth timing interval;
a third comparator having first and second inputs and an output, with the first input being connected to the output of said second storage register and the second input being connected to the output of said seventh storage register; and an eighth gating network connected to the output of said third comparator for sampling the results of the comparison during a sixth timing interval, with a first signal being provided which is indicative that the operating system being loaded is valid if there is a comparison, and a second signal being provided which is indicative that the operating system being loaded is invalid if there is a lack of comparison.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US05/607,410 US3996449A (en) | 1975-08-25 | 1975-08-25 | Operating system authenticator |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1071771A true CA1071771A (en) | 1980-02-12 |
Family
ID=24432146
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA258,910A Expired CA1071771A (en) | 1975-08-25 | 1976-08-11 | Operating system authenticator |
Country Status (8)
| Country | Link |
|---|---|
| US (1) | US3996449A (en) |
| JP (1) | JPS5226133A (en) |
| BR (1) | BR7605412A (en) |
| CA (1) | CA1071771A (en) |
| DE (1) | DE2615861C3 (en) |
| FR (1) | FR2322406A1 (en) |
| GB (1) | GB1537759A (en) |
| IT (1) | IT1063693B (en) |
Families Citing this family (155)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4206315A (en) * | 1978-01-04 | 1980-06-03 | International Business Machines Corporation | Digital signature system and apparatus |
| US4310720A (en) * | 1978-03-31 | 1982-01-12 | Pitney Bowes Inc. | Computer accessing system |
| US4283710A (en) * | 1978-10-25 | 1981-08-11 | J.S. Lock Company | Security system |
| JPS5592958A (en) * | 1979-01-08 | 1980-07-14 | Hitachi Ltd | Input terminal equipment |
| US4465901A (en) * | 1979-06-04 | 1984-08-14 | Best Robert M | Crypto microprocessor that executes enciphered programs |
| US4471163A (en) * | 1981-10-05 | 1984-09-11 | Donald Thomas C | Software protection system |
| US4593353A (en) * | 1981-10-26 | 1986-06-03 | Telecommunications Associates, Inc. | Software protection method and apparatus |
| US4442486A (en) * | 1981-11-25 | 1984-04-10 | U.S. Philips Corporation | Protected programmable apparatus |
| JPS58119055A (en) * | 1982-01-05 | 1983-07-15 | Mitsui Constr Co Ltd | Preventing method for secrecy leakage of computer software |
| EP0084441A3 (en) * | 1982-01-19 | 1984-08-22 | Tabs Limited | Method and apparatus for the protection of proprietary computer software |
| NL8201847A (en) * | 1982-05-06 | 1983-12-01 | Philips Nv | DEVICE FOR PROTECTION AGAINST UNAUTHORIZED READING OF PROGRAM WORDS TO BE MEMORIZED IN A MEMORY. |
| US4525599A (en) * | 1982-05-21 | 1985-06-25 | General Computer Corporation | Software protection methods and apparatus |
| DE3320378A1 (en) * | 1982-06-07 | 1983-12-15 | Fortune Systems Corp | PROGRAM PROTECTION DEVICE FOR COMPUTER PROGRAMS |
| US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
| US4562305A (en) * | 1982-12-22 | 1985-12-31 | International Business Machines Corporation | Software cryptographic apparatus and method |
| US4652990A (en) * | 1983-10-27 | 1987-03-24 | Remote Systems, Inc. | Protected software access control apparatus and method |
| GB2149944A (en) * | 1983-11-14 | 1985-06-19 | Softnet Inc | Software distribution |
| EP0163715A1 (en) * | 1983-12-06 | 1985-12-11 | GARDINER, Alexander Battison | Computer system |
| GB2154769B (en) * | 1984-02-28 | 1987-11-18 | Gandlake Software Ltd | Computer software protection |
| US4845715A (en) * | 1984-10-29 | 1989-07-04 | Francisco Michael H | Method for maintaining data processing system securing |
| US5109413A (en) * | 1986-11-05 | 1992-04-28 | International Business Machines Corporation | Manipulating rights-to-execute in connection with a software copy protection mechanism |
| US4817140A (en) * | 1986-11-05 | 1989-03-28 | International Business Machines Corp. | Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor |
| GB2204973A (en) * | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data processing system |
| GB2205667B (en) * | 1987-06-12 | 1991-11-06 | Ncr Co | Method of controlling the operation of security modules |
| US5606754A (en) | 1989-03-09 | 1997-03-04 | Ssi Medical Services, Inc. | Vibratory patient support system |
| JPH04504794A (en) * | 1989-04-28 | 1992-08-20 | ソフテル,インコーポレイテッド | Method and apparatus for remotely controlling and monitoring the use of computer software |
| CA2053261A1 (en) * | 1989-04-28 | 1990-10-29 | Gary D. Hornbuckle | Method and apparatus for remotely controlling and monitoring the use of computer software |
| US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
| US5136713A (en) * | 1989-08-25 | 1992-08-04 | International Business Machines Corporation | Apparatus and method for decreasing the memory requirements for bios in a personal computer system |
| GB9012949D0 (en) * | 1989-08-25 | 1990-08-01 | Ibm | An apparatus and method for loading bios from a diskette in a personal computer system |
| US5210875A (en) * | 1989-08-25 | 1993-05-11 | International Business Machines Corporation | Initial bios load for a personal computer system |
| US5204966A (en) * | 1990-03-09 | 1993-04-20 | Digital Equipment Corporation | System for controlling access to a secure system by verifying acceptability of proposed password by using hashing and group of unacceptable passwords |
| US5557799A (en) * | 1990-03-22 | 1996-09-17 | International Business Machines | Computer determination of operating system or data |
| US5230052A (en) * | 1990-10-01 | 1993-07-20 | International Business Machines Corp. | Apparatus and method for loading bios into a computer system from a remote storage location |
| DE4123126C1 (en) * | 1991-07-12 | 1992-06-25 | Man Roland Druckmaschinen Ag, 6050 Offenbach, De | |
| US5491752A (en) * | 1993-03-18 | 1996-02-13 | Digital Equipment Corporation, Patent Law Group | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens |
| US5349643A (en) * | 1993-05-10 | 1994-09-20 | International Business Machines Corporation | System and method for secure initial program load for diskless workstations |
| US5543920A (en) * | 1994-08-10 | 1996-08-06 | Kollmorgen Corporation | System and method for sensing color and preventing use of unauthorized color formulation software |
| US7069451B1 (en) | 1995-02-13 | 2006-06-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| CA2683230C (en) | 1995-02-13 | 2013-08-27 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
| US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
| US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US7124302B2 (en) | 1995-02-13 | 2006-10-17 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US7095854B1 (en) | 1995-02-13 | 2006-08-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US7133845B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | System and methods for secure transaction management and electronic rights protection |
| US7165174B1 (en) | 1995-02-13 | 2007-01-16 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management |
| US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
| US7143290B1 (en) | 1995-02-13 | 2006-11-28 | Intertrust Technologies Corporation | Trusted and secure techniques, systems and methods for item delivery and execution |
| US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
| US5625693A (en) * | 1995-07-07 | 1997-04-29 | Thomson Consumer Electronics, Inc. | Apparatus and method for authenticating transmitting applications in an interactive TV system |
| WO1997025798A1 (en) * | 1996-01-11 | 1997-07-17 | Mrj, Inc. | System for controlling access and distribution of digital property |
| US7062500B1 (en) | 1997-02-25 | 2006-06-13 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
| US7092914B1 (en) | 1997-11-06 | 2006-08-15 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
| FI990461A0 (en) * | 1999-03-03 | 1999-03-03 | Nokia Mobile Phones Ltd | Procedure for loading programs from a server to a subscriber terminal |
| US6647497B1 (en) | 1999-03-31 | 2003-11-11 | International Business Machines Corporation | Method and system for secure computer system transfer |
| US6573906B1 (en) | 1999-04-26 | 2003-06-03 | International Business Machines Corporation | Method and system for delivering integrated user assistance information and traditional help from the same source |
| US6697948B1 (en) * | 1999-05-05 | 2004-02-24 | Michael O. Rabin | Methods and apparatus for protecting information |
| US7430670B1 (en) | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
| EP1132796A1 (en) * | 2000-03-08 | 2001-09-12 | Universite Catholique De Louvain | Mobile code and method for resource management for mobile code |
| US6996710B1 (en) | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
| US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
| US7082615B1 (en) | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
| US6934817B2 (en) | 2000-03-31 | 2005-08-23 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
| US7089418B1 (en) | 2000-03-31 | 2006-08-08 | Intel Corporation | Managing accesses in a processor for isolated execution |
| US7111176B1 (en) | 2000-03-31 | 2006-09-19 | Intel Corporation | Generating isolated bus cycles for isolated execution |
| US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
| US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
| US6957332B1 (en) | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
| US6976162B1 (en) | 2000-06-28 | 2005-12-13 | Intel Corporation | Platform and method for establishing provable identities while maintaining privacy |
| US7389427B1 (en) | 2000-09-28 | 2008-06-17 | Intel Corporation | Mechanism to secure computer output from software attack using isolated execution |
| US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
| US6889209B1 (en) * | 2000-11-03 | 2005-05-03 | Shieldip, Inc. | Method and apparatus for protecting information and privacy |
| US7215781B2 (en) * | 2000-12-22 | 2007-05-08 | Intel Corporation | Creation and distribution of a secret value between two devices |
| US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
| US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
| US7035963B2 (en) | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
| US7225441B2 (en) * | 2000-12-27 | 2007-05-29 | Intel Corporation | Mechanism for providing power management through virtualization |
| US7117376B2 (en) * | 2000-12-28 | 2006-10-03 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
| GB2373604B (en) * | 2001-03-23 | 2004-10-27 | Ibm | A method and system for controlling use of software programs |
| US7096497B2 (en) * | 2001-03-30 | 2006-08-22 | Intel Corporation | File checking using remote signing authority via a network |
| US20020144121A1 (en) * | 2001-03-30 | 2002-10-03 | Ellison Carl M. | Checking file integrity using signature generated in isolated execution |
| US7272831B2 (en) | 2001-03-30 | 2007-09-18 | Intel Corporation | Method and apparatus for constructing host processor soft devices independent of the host processor operating system |
| US7191440B2 (en) * | 2001-08-15 | 2007-03-13 | Intel Corporation | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
| US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
| US7103771B2 (en) * | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
| US20030126454A1 (en) * | 2001-12-28 | 2003-07-03 | Glew Andrew F. | Authenticated code method and apparatus |
| US7308576B2 (en) * | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
| US20030126453A1 (en) * | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
| US7480806B2 (en) * | 2002-02-22 | 2009-01-20 | Intel Corporation | Multi-token seal and unseal |
| US7124273B2 (en) * | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
| US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
| US7028149B2 (en) * | 2002-03-29 | 2006-04-11 | Intel Corporation | System and method for resetting a platform configuration register |
| US7069442B2 (en) * | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
| US20030191943A1 (en) * | 2002-04-05 | 2003-10-09 | Poisner David I. | Methods and arrangements to register code |
| US20030196096A1 (en) * | 2002-04-12 | 2003-10-16 | Sutton James A. | Microcode patch authentication |
| US7076669B2 (en) * | 2002-04-15 | 2006-07-11 | Intel Corporation | Method and apparatus for communicating securely with a token |
| US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
| US20030196100A1 (en) * | 2002-04-15 | 2003-10-16 | Grawrock David W. | Protection against memory attacks following reset |
| US7127548B2 (en) * | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
| US7139890B2 (en) * | 2002-04-30 | 2006-11-21 | Intel Corporation | Methods and arrangements to interface memory |
| WO2003093961A2 (en) | 2002-05-02 | 2003-11-13 | Shieldip, Inc. | Method and apparatus for protecting information and privacy |
| US20030229794A1 (en) * | 2002-06-07 | 2003-12-11 | Sutton James A. | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| US6820177B2 (en) * | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
| US7142674B2 (en) | 2002-06-18 | 2006-11-28 | Intel Corporation | Method of confirming a secure key exchange |
| US7392415B2 (en) * | 2002-06-26 | 2008-06-24 | Intel Corporation | Sleep protection |
| US20040003321A1 (en) * | 2002-06-27 | 2004-01-01 | Glew Andrew F. | Initialization of protected system |
| US7124327B2 (en) * | 2002-06-29 | 2006-10-17 | Intel Corporation | Control over faults occurring during the operation of guest software in the virtual-machine architecture |
| US6996748B2 (en) * | 2002-06-29 | 2006-02-07 | Intel Corporation | Handling faults associated with operation of guest software in the virtual-machine architecture |
| US7296267B2 (en) * | 2002-07-12 | 2007-11-13 | Intel Corporation | System and method for binding virtual machines to hardware contexts |
| US7165181B2 (en) | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
| US7073042B2 (en) | 2002-12-12 | 2006-07-04 | Intel Corporation | Reclaiming existing fields in address translation data structures to extend control over memory accesses |
| US20040117318A1 (en) * | 2002-12-16 | 2004-06-17 | Grawrock David W. | Portable token controlling trusted environment launch |
| US7318235B2 (en) | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
| US7900017B2 (en) * | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
| US7076802B2 (en) * | 2002-12-31 | 2006-07-11 | Intel Corporation | Trusted system clock |
| US20040128528A1 (en) * | 2002-12-31 | 2004-07-01 | Poisner David I. | Trusted real time clock |
| US20050010752A1 (en) * | 2003-06-23 | 2005-01-13 | Nokia, Inc. | Method and system for operating system anti-tampering |
| US7287197B2 (en) | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
| US7424709B2 (en) * | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
| US8079034B2 (en) | 2003-09-15 | 2011-12-13 | Intel Corporation | Optimizing processor-managed resources based on the behavior of a virtual machine monitor |
| US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
| US7610611B2 (en) | 2003-09-19 | 2009-10-27 | Moran Douglas R | Prioritized address decoder |
| US7237051B2 (en) * | 2003-09-30 | 2007-06-26 | Intel Corporation | Mechanism to control hardware interrupt acknowledgement in a virtual machine system |
| US7177967B2 (en) | 2003-09-30 | 2007-02-13 | Intel Corporation | Chipset support for managing hardware interrupts in a virtual machine system |
| US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
| US7366305B2 (en) * | 2003-09-30 | 2008-04-29 | Intel Corporation | Platform and method for establishing trust without revealing identity |
| US7636844B2 (en) | 2003-11-17 | 2009-12-22 | Intel Corporation | Method and system to provide a trusted channel within a computer system for a SIM device |
| US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
| US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
| US20050133582A1 (en) * | 2003-12-22 | 2005-06-23 | Bajikar Sundeep M. | Method and apparatus for providing a trusted time stamp in an open platform |
| US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
| US7356735B2 (en) | 2004-03-30 | 2008-04-08 | Intel Corporation | Providing support for single stepping a virtual machine in a virtual machine environment |
| US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
| US8024730B2 (en) | 2004-03-31 | 2011-09-20 | Intel Corporation | Switching between protected mode environments utilizing virtual machine functionality |
| US7287159B2 (en) | 2004-04-01 | 2007-10-23 | Shieldip, Inc. | Detection and identification methods for software |
| US8006100B2 (en) * | 2004-06-10 | 2011-08-23 | Oracle America, Inc. | Enhancing trusted platform module performance |
| US7490070B2 (en) * | 2004-06-10 | 2009-02-10 | Intel Corporation | Apparatus and method for proving the denial of a direct proof signature |
| US20050289350A1 (en) * | 2004-06-25 | 2005-12-29 | Markus Schmidt-Karaca | Method and system for secure synchronization between an enterprise system and a device |
| US7305592B2 (en) | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
| US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
| US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
| US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
| US8533777B2 (en) * | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
| US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
| US8554686B2 (en) * | 2005-06-30 | 2013-10-08 | Advanced Micro Devices, Inc. | Anti-hack protection to restrict installation of operating systems and other software |
| DE102005043043A1 (en) * | 2005-09-09 | 2007-03-22 | Fujitsu Siemens Computers Gmbh | A computer having at least one removable storage media attachment and a method for starting and operating a removable media computer |
| US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
| GB2447594B (en) * | 2006-02-03 | 2011-04-06 | British Telecomm | Software product authentication |
| US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
| US7716247B2 (en) * | 2006-12-18 | 2010-05-11 | Microsoft Corporation | Multi-protocol access to files and directories |
| US10032029B2 (en) * | 2014-07-14 | 2018-07-24 | Lenovo (Singapore) Pte. Ltd. | Verifying integrity of backup file in a multiple operating system environment |
| CN105184931B (en) * | 2015-09-30 | 2017-09-22 | 上海艾迅士建筑科技有限公司 | A kind of method for unlocking based on bluetooth, system, handheld terminal and electronic lock |
| US11574060B2 (en) | 2019-04-24 | 2023-02-07 | International Business Machines Corporation | Secure initial program load |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1285445A (en) * | 1968-08-30 | 1972-08-16 | Smiths Industries Ltd | Improvements in or relating to access-control equipment and item-dispensing systems including such equipment |
| FR2171767A5 (en) * | 1972-02-07 | 1973-09-21 | Basic Computing Arts Inc | |
| GB1429467A (en) * | 1972-02-28 | 1976-03-24 | Chubb Integrated Systems Ltd | Access- or transactioncontrol equipment |
| US3846622A (en) * | 1972-09-29 | 1974-11-05 | Mosler Safe Co | Access control apparatus |
-
1975
- 1975-08-25 US US05/607,410 patent/US3996449A/en not_active Expired - Lifetime
-
1976
- 1976-04-10 DE DE2615861A patent/DE2615861C3/en not_active Expired
- 1976-06-23 IT IT24610/76A patent/IT1063693B/en active
- 1976-06-30 GB GB27309/76A patent/GB1537759A/en not_active Expired
- 1976-07-01 FR FR7620693A patent/FR2322406A1/en active Granted
- 1976-07-27 JP JP51088762A patent/JPS5226133A/en active Granted
- 1976-08-11 CA CA258,910A patent/CA1071771A/en not_active Expired
- 1976-08-18 BR BR7605412A patent/BR7605412A/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| IT1063693B (en) | 1985-02-11 |
| DE2615861B2 (en) | 1977-08-18 |
| DE2615861A1 (en) | 1977-03-10 |
| JPS5320368B2 (en) | 1978-06-26 |
| DE2615861C3 (en) | 1978-04-06 |
| FR2322406B1 (en) | 1979-06-22 |
| FR2322406A1 (en) | 1977-03-25 |
| GB1537759A (en) | 1979-01-04 |
| US3996449A (en) | 1976-12-07 |
| BR7605412A (en) | 1977-08-16 |
| JPS5226133A (en) | 1977-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1071771A (en) | Operating system authenticator | |
| US5513261A (en) | Key management scheme for use with electronic cards | |
| JP2860527B2 (en) | Vehicle security device whose usage rights are encoded electronically | |
| US5832206A (en) | Apparatus and method to provide security for a keypad processor of a transaction terminal | |
| US4904851A (en) | Identification authenticating system | |
| US5875248A (en) | Method of counterfeit detection of electronic data stored on a device | |
| JP2001500685A (en) | Method for performing cryptographic authentication in a radio frequency identification system | |
| JP2004506253A (en) | Biometric identity check | |
| US7302572B2 (en) | Portable information storage medium and its authentication method | |
| MY123413A (en) | Memory unit, data processing unit, and data processing method | |
| JPS61139873A (en) | Authorization system | |
| JPS63236188A (en) | Information reading verification | |
| KR100381621B1 (en) | Safety device and method using media storing physical information | |
| US7289959B2 (en) | Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor | |
| CN105608775A (en) | Authentication method, terminal, access control card and SAM card | |
| KR100948043B1 (en) | Method and apparatus for preventing cloning of security elements | |
| US5758060A (en) | Hardware for verifying that software has not skipped a predetermined amount of code | |
| CN1430153A (en) | Method and equipment for protecting circuit numeric portion | |
| US20040225889A1 (en) | Authentication protocol with memory integrity verification | |
| CN207704520U (en) | A kind of fingerprint verification system for safe cabinet | |
| CN114978723B (en) | Safety authentication method for programmable logic controller | |
| JP3965920B2 (en) | IC card | |
| US20170295020A1 (en) | Method for automatically verifying a target computer file with respect to a reference computer file | |
| KR960005111B1 (en) | Outside admit data identification method by portable thing as memory card | |
| JP2000076402A (en) | Ic card made variable in response time |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |