×

Method of controlling the operation of security modules

  • US 4,849,927 A
  • Filed: 09/22/1987
  • Issued: 07/18/1989
  • Est. Priority Date: 06/12/1987
  • Status: Expired due to Term
First Claim
Patent Images

1. A method of controlling the operation of a security module which includes processing means, a program memory adapted to store controlling firmware for controlling the operation of said security module, input/output means, and a tamper-resistant housing adapted to cause the generation of a tamper-indicating signal to occur in response to an attempt to tamper with said housing, including the steps of:

  • entering an authentication key into said security module via said input/output means after the tamper-resistant housing has been sealed;

    encrypting the entered authentication key;

    storing the encrypted authentication key securely in a first storage means in said security module, whereby the stored encrypted authentication key becomes unavailable in response to the generation of said tamperindicating signal;

    computing externally of said security module a first firmware authentication value utilizing the controlling firmware to be loaded into the security module and said authentication key;

    adding the first firmware authentication value to the firmware to be loaded;

    entering, via said input/output means, said controlling firmware and said first firmware authentication value into a location in a second storage means in said security module;

    providing a random access memory means which includes said program memory and said first and second storage means, and storing a firmware allocation block in said random access memory means to serve as a pointer to indicate the location of said controlling firmware in said second storage means;

    computing in said processing means a second firmware authentication value utilizing the controlling firmware stored in said second storage means and said authentication key stored in said first storage means;

    comparing said first and second firmware authentication values;

    transferring the controlling firmware stored in said second storage means into said program memory if there is a valid comparison; and

    erasing the controlling firmware stored in said second storage means if there is an invalid comparison.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×