Secure access to software modules
First Claim
1. A computer-implemented method for enabling a calling module to achieve secure access to a called module within a digital computer, said method comprising the steps of:
- selecting a desired size of S;
selecting a distributive invertible function f;
selecting a desired residual value r associated with the application of f;
allocating a space within the called module for storing S;
designating a portion of the called module as a test block TB;
causing the called module to apply f to a numerical representation N of the TB, to calculate a first challenge value CV1;
causing the called module to apply f to a numerical value of S and to a number n representative of the location of S within the called module, to calculate a second challenge value CV2;
causing the calling module to calculate S based upon CV1 and CV2, and using f;
having the calling module pass the calculated S to the called module;
having the called module apply f to a number representative of the contents and location of the calculated S and the contents of TB, resulting in the calculation of a test residual value R; and
when R=r, having the called module declare that the calling module has proper authority to access the called module.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and method for obtaining a security value (50) that enables a calling module (7) to achieve secure access to a called module (5) within a digital computer (1). A distributive invertible function f is selected. f may be the cyclic redundancy check function modulo p, where p is a prime number. A desired residual value r associated with the application of f and a desired size of the security value (50) are also selected. Space is allocated within the called module (5) for storing the security value (50). A portion of the called module (5) is designated as a test block (51). f is applied to a numerical representation of test block (51) to generate a first challenge value CV1. f is applied to a numerical value of the security value (50) and a number representative of the location of the security value (50) within the called module (5) to calculate a second challenge value CV2. n is the number of bits from the beginning of the security value (50) to the end of the called module (5). CV1 and CV2 are typically calculated by called module (5). Calling module (7) then calculates the security value (50) based upon CV1 and CV2, and using f. Called module (5) uses this calculated value of the security value (50) in function f. If this application of f provides the desired residual value r, then it is known that calling module (7) had proper access to called module (5). At this point, one or more functions accessible by called module (5) may be activated. Access codes may be coded within residual value r itself.
31 Citations
13 Claims
-
1. A computer-implemented method for enabling a calling module to achieve secure access to a called module within a digital computer, said method comprising the steps of:
-
selecting a desired size of S; selecting a distributive invertible function f; selecting a desired residual value r associated with the application of f; allocating a space within the called module for storing S; designating a portion of the called module as a test block TB; causing the called module to apply f to a numerical representation N of the TB, to calculate a first challenge value CV1; causing the called module to apply f to a numerical value of S and to a number n representative of the location of S within the called module, to calculate a second challenge value CV2; causing the calling module to calculate S based upon CV1 and CV2, and using f; having the calling module pass the calculated S to the called module; having the called module apply f to a number representative of the contents and location of the calculated S and the contents of TB, resulting in the calculation of a test residual value R; and when R=r, having the called module declare that the calling module has proper authority to access the called module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Apparatus for enabling a calling module to obtain secure access to a called module located within a computer, the apparatus comprising:
-
a test block TB located within the called module; a security value S located within the called module; situated within the called module, means for applying a distributive invertible function f to a numerical representation N of the TB, to calculate a first challenge value CV1; situated within the called module, means for applying f to a block within the called module representative of the contents and location of S within the called module, to calculate a second challenge value CV2; located within the calling module, means for calculating S based upon CV1 and CV2, and using f; and means for allowing the calling module to have access to the called module when the calculated S corresponds to the security value S located within the called module.
-
-
12. A computer-implemented method for enabling a calling module to obtain secure access to a called module located within a computer, the method comprising the steps of:
-
forming a test block TB located within the called module; locating a security value S within the called module; having the called module apply a distributive invertible function f to a numerical representation N of the TB, to calculate a first challenge value CV1; having the called module apply f to a block within the called module representative of the contents and location of S within the called module, to calculate a second challenge value CV2; having the calling module calculate S based upon CV1 and CV2, and using f; and granting the calling module access to the called module when the calculated S corresponds to the security value S stored within the called module. - View Dependent Claims (13)
-
Specification