Method of controlling the operation of security modules
First Claim
1. A method of controlling the operation of a security module which includes processing means, a program memory adapted to store controlling firmware for controlling the operation of said security module, input/output means, and a tamper-resistant housing adapted to cause the generation of a tamper-indicating signal to occur in response to an attempt to tamper with said housing, including the steps of:
- entering an authentication key into said security module via said input/output means after the tamper-resistant housing has been sealed;
encrypting the entered authentication key;
storing the encrypted authentication key securely in a first storage means in said security module, whereby the stored encrypted authentication key becomes unavailable in response to the generation of said tamperindicating signal;
computing externally of said security module a first firmware authentication value utilizing the controlling firmware to be loaded into the security module and said authentication key;
adding the first firmware authentication value to the firmware to be loaded;
entering, via said input/output means, said controlling firmware and said first firmware authentication value into a location in a second storage means in said security module;
providing a random access memory means which includes said program memory and said first and second storage means, and storing a firmware allocation block in said random access memory means to serve as a pointer to indicate the location of said controlling firmware in said second storage means;
computing in said processing means a second firmware authentication value utilizing the controlling firmware stored in said second storage means and said authentication key stored in said first storage means;
comparing said first and second firmware authentication values;
transferring the controlling firmware stored in said second storage means into said program memory if there is a valid comparison; and
erasing the controlling firmware stored in said second storage means if there is an invalid comparison.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method of controlling the operation of a security module, wherein firmware controlling the operation of the security module (10) is stored in a program memory (40), new firmware may be loaded into the module (10). An authentication key (KA) is encrypted using a key storage key (KSK) stored in a resettable shift register (54) in the security module and the encrypted authentication key is stored in a secure memory (36). A firmware authentication value FAV is calculated, using the authentication key (KA), externally of the security module (10), for the new firmware, and the new firmware, together with FAV is loaded into a data memory (38) in the security module (10). A processor (30) in the security module (10) recalculates the firmware authentication value using the stored authentication key (KA) and compares the recalculated value with the loaded value FAV. If a correct comparison is achieved, the new firmware is transferred into the program memory (40). Otherwise, a reject status signal is issued and the firmware in the data memory (38) is erased.
-
Citations
2 Claims
-
1. A method of controlling the operation of a security module which includes processing means, a program memory adapted to store controlling firmware for controlling the operation of said security module, input/output means, and a tamper-resistant housing adapted to cause the generation of a tamper-indicating signal to occur in response to an attempt to tamper with said housing, including the steps of:
-
entering an authentication key into said security module via said input/output means after the tamper-resistant housing has been sealed; encrypting the entered authentication key; storing the encrypted authentication key securely in a first storage means in said security module, whereby the stored encrypted authentication key becomes unavailable in response to the generation of said tamperindicating signal; computing externally of said security module a first firmware authentication value utilizing the controlling firmware to be loaded into the security module and said authentication key; adding the first firmware authentication value to the firmware to be loaded; entering, via said input/output means, said controlling firmware and said first firmware authentication value into a location in a second storage means in said security module; providing a random access memory means which includes said program memory and said first and second storage means, and storing a firmware allocation block in said random access memory means to serve as a pointer to indicate the location of said controlling firmware in said second storage means; computing in said processing means a second firmware authentication value utilizing the controlling firmware stored in said second storage means and said authentication key stored in said first storage means; comparing said first and second firmware authentication values; transferring the controlling firmware stored in said second storage means into said program memory if there is a valid comparison; and erasing the controlling firmware stored in said second storage means if there is an invalid comparison. - View Dependent Claims (2)
-
Specification