Secure data processing method and system
First Claim
1. A method of determining the authenticity of an operating system in a data processing system which includes a programmable central processing unit, a memory, a security circuit having a cryptographic engine, and a cryptographic key store, the method comprising the steps of:
- a) starting up the data processing system, and entering one or more keys into the cryptographic key store;
b) operating on the contents of the cryptographic key store by means of the cryptographic engine to generate a digital signature referenced to the operating system;
c) generating a digital signature from the operating system; and
d) providing an indication of authenticity by comparing the digital signature generated by the cryptographic engine with that generated from the operating system.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention concerns a secure data processing method and system in which the user or operator of the system can trust that all of the software and hardware components of the system have been authenticated.
The invention provides a data processing system in which there is a central processor unit, memory and a security circuit in the form of an application specific integrated circuit. The security circuit has a cryptographic engine and a cryptographic key store.
The cryptographic engine operates on the contents of the cryptographic key store to generate a digital signature. Means are provided to generate a digital signature from a software or hardware component to be checked for authenticity and to compare the digital signature from the component with the generated digital signature. An indication of the authenticity of the component is generated as a result of the comparison. The components of the system that can be checked include the boot firmware for the system, the operating system and plug-in cards for the system.
125 Citations
2 Claims
-
1. A method of determining the authenticity of an operating system in a data processing system which includes a programmable central processing unit, a memory, a security circuit having a cryptographic engine, and a cryptographic key store, the method comprising the steps of:
-
a) starting up the data processing system, and entering one or more keys into the cryptographic key store;
b) operating on the contents of the cryptographic key store by means of the cryptographic engine to generate a digital signature referenced to the operating system;
c) generating a digital signature from the operating system; and
d) providing an indication of authenticity by comparing the digital signature generated by the cryptographic engine with that generated from the operating system.
-
-
2. A data processing system including an operating system to be checked for authenticity, the data processing system comprising:
-
a) an automated teller system which includes a programmable central processing unit;
b) a memory;
c) a security circuit including i) a cryptographic engine and ii) a cryptographic key store for storing one or more cryptographic keys, the cryptographic engine being adapted to operate on the contents of the cryptographic key store to generate a digital signature referenced to the operating system; and
d) means for i) generating a digital signature from the operating system, and ii) providing an indication of authenticity by comparing the digital signature generated by the cryptographic engine with that generated from the operating system.
-
Specification
-
- Resources
-
Current AssigneeNCR Corporation
-
Original AssigneeNCR Corporation
-
InventorsSaunders, Keith A.
-
Primary Examiner(s)Swann, Tod
-
Assistant Examiner(s)Callahan, Paul E.
-
Application NumberUS08/892,320Time in Patent Office1,352 DaysField of Search713/200, 713/189, 713/191-194, 395/186, 380/4, 380/23, 380/259, 380/260, 380/262, 380/277, 380/281-283US Class Current726/22CPC Class CodesG06F 21/57 Certifying or maintaining t...G06F 21/575 Secure bootG06F 21/72 in cryptographic circuitsG06F 2211/1097 Boot, Start, Initialise, PowerG06F 2221/2129 Authenticate client device ...
