Authentication system and method

US 20030221114A1
Filed: 03/03/2003
Published: 11/27/2003
Est. Priority Date: 03/08/2002
Status: Active Grant

First Claim

Patent Images

1. An authentication system comprising:

an authenticator accepting period detection means for detecting a period during which inoperativeness of unauthenticated programs is guaranteed, as an authenticator accepting period;

a program executing means for executing a predetermined program and for transmitting an authenticator only when receiving an authenticator transmittal request during said authenticator accepting period; and

an authentication means for determining whether or not said program executing means should be authenticated by computing a one-way functional value based on an authenticator received from said program executing means and by comparing said one-way functional value with a hold value being held beforehand for said program executing means.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Preventing malicious code from reading an authenticator and being falsely authenticated using the read authenticator. Authenticator accepting period detection means detects an authenticator accepting period during which inoperativeness of all unauthenticated programs is guaranteed. Program executing means transmits its authenticator only during the authenticator accepting period. After authentication means is authenticated as genuine, the authentication means computes a one-way function value of the authenticator received from the program executing means and compares the one-way function value X with a stored value Y for the program executing means. If X=Y, then the authentication means authenticates the program executing means.

156 Citations

21 Claims

1. An authentication system comprising:
- an authenticator accepting period detection means for detecting a period during which inoperativeness of unauthenticated programs is guaranteed, as an authenticator accepting period;
  
  a program executing means for executing a predetermined program and for transmitting an authenticator only when receiving an authenticator transmittal request during said authenticator accepting period; and
  
  an authentication means for determining whether or not said program executing means should be authenticated by computing a one-way functional value based on an authenticator received from said program executing means and by comparing said one-way functional value with a hold value being held beforehand for said program executing means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The authentication system according to claim 1, wherein code of the program executed by the program executing means is rewritable, and/or the authentication means cannot read the code.
  - 3. The authentication system according to claim 1, wherein the authenticator accepting period is defined in a period from a system reset to activation of an operating system of the authentication system (called a “
    - boot period”
      
      hereafter).
  - 4. The authentication system according to claim 3, wherein during the boot period, a BIOS boot block is treated as having been authenticated, and an authentication chain is set for predetermined programs including the BIOS boot block, in which each program is authenticated by the preceding authenticated program, and wherein the authentication means implements a program involved in the authentication chain to perform authentication.
  - 5. The authentication system according to claim 3, wherein the program executing means has hardware, the hardware having a function of enabling and disabling transmission of the authenticator of the program executing means from the program executing means, and the hardware further enabling the program executing means to transmit the authenticator of the program executing means from the point of initial detection of a system reset signal.
  - 6. The authentication system according to claim 5, wherein the hardware disables the program executing means from transmitting the authenticator or transmits an error signal instead of the authenticator in response to input of a predetermined external command signal.
  - 7. The authentication system according to claim 1, wherein the program executing means is a firmware element.
  - 8. The authentication system according to claim 1, wherein the authenticator of the program executing means is different for each version of the program implemented by the program executing means, each type of an electrical apparatus that incorporates the authentication system, and/or each electrical apparatus that incorporates the authentication system.

9. A firmware device that implements firmware comprising:
- an authenticator transmitter for transmitting an authenticator;
  
  a detector for detecting a period during which inoperativeness of external unauthenticated programs is guaranteed (called an “
  
  authenticator accepting period”
  
  hereafter) based on a predetermined electrical signal that is externally input; and
  
  a transmission controller for enabling the authenticator transmitter to transmit the authenticator only during the authenticator accepting period.
- View Dependent Claims (10, 11)
- - 10. The firmware device according to claim 9, wherein the transmission controller disables the authenticator transmitter from transmitting the authenticator or transmits an error signal instead of the authenticator in response to input of a predetermined external command signal.
  - 11. The firmware device according to claim 9, wherein the transmission controller disables the authenticator transmitter from transmitting the authenticator when receiving notification of having been authenticated from an authenticating apparatus.

12. An electrical apparatus comprising an authenticating component, and an authentication object component cooperating with a predetermined cooperative component after being authenticated by said authenticating component, wherein:
- said authentication object component comprises a control code at least part of which cannot be accessed from outside of said authentication object component;
  
  said authenticating component transmits an authenticator transmittal request command to said authentication object component; and
  
  said authentication object component transmits an authenticator in response to an authenticator transmittal request by said authenticating component.

13. An electrical apparatus comprising:
- an authenticating component;
  
  an authentication object component cooperating with a predetermined cooperative component after being authenticated by the authenticating component; and
  
  a supervisory control component implementing a control sequence (called an “
  
  supervisory control sequence”
  
  hereafter) for supervising and controlling a plurality of components including the authenticating component and the authentication object component, wherein the supervisory control sequence is activated in response to a signal for powering up the electrical apparatus, and the authenticating component authenticates the authentication object component before the supervisory control sequence is activated.

14. An authentication method comprising:
- an authenticator accepting period detecting step for detecting an authenticator accepting period during which inoperativeness of unauthenticated programs is guaranteed;
  
  an authenticator transmitting step in which program executing means for executing a predetermined program transmits an authenticator only when receiving an authenticator transmittal request during the authenticator accepting period; and
  
  an authentication determining step in which authentication means determines whether to authenticate the program executing means by computing a one-way function value based on the authenticator received from the program executing means and by comparing the one-way function value with a stored value for the program executing means.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The authentication method according to claim 14, wherein code of the program executed by the program executing means is rewritable and/or the authentication means cannot read the code.
  - 16. The authentication method according to claim 14, wherein the authenticator accepting period is defined in a period from a system reset to activation of an operating system of the authentication method (called a “
    - boot period”
      
      hereafter).
  - 17. The authentication method according to claim 16, wherein during the boot period, a BIOS boot block is treated as having been authenticated, and an authentication chain is set for predetermined programs including the BIOS boot block, in which each program is authenticated by the preceding authenticated program, and wherein the authentication means performs the authentication determining step by implementing a program involved in the authentication chain to perform authentication.
  - 18. The authentication method according to claim 16, wherein in order to perform the authenticator transmitting step, the program executing means has hardware, the hardware having a function of enabling and disabling transmission of the authenticator of the program executing means from the program executing means, and the hardware further enabling the program executing means to transmit the authenticator of the program executing means from the point of initial detection of a system reset signal.
  - 19. The authentication method according to claim 18, wherein in order to perform the authenticator transmitting step, the hardware disables the program executing means from transmitting the authenticator or transmits an error signal instead of the authenticator in response to input of a predetermined external command signal.
  - 20. The authentication method according to claim 14, wherein the program executing means is a firmware element.
  - 21. The authentication method according to claim 14, wherein the authenticator of the program executing means is different for each version of the program implemented by the program executing means, each type of an electrical apparatus that incorporates the authentication method, and/or each electrical apparatus that incorporates the authentication method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Kasamatsu, Eitaroh, Tanaka, Akiyoshi, Hino, Akira

Granted Patent

US 7,424,611 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 2221/2137   Time limited access, e.g. t...

Authentication system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Authentication system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others