System and method for authenticating software using hidden intermediate keys
First Claim
1. A computer implemented method for authenticating software, said method comprising:
- authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authenticating of the first computer file performed by hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;
generating one or more intermediate key values during the hashing of the first software program;
storing the intermediate key values in a memory of the computer system inaccessible to the user; and
authenticating a second computer file stored on the nonvolatile storage area, the authenticating of the second computer file performed by hashing the second computer file using one or more of the intermediate key values.
1 Assignment
0 Petitions
Accused Products
Abstract
A processing unit includes a read-only encryption key. Loader code image is loaded into system memory from non-volatile storage. Loader code image includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. During the hashing algorithm, intermediate key values are generated and stored in a memory area inaccessible by the user. The intermediate key values are used by the loader code after the loader has been authenticated and loaded. The loader combines one or more of the intermediate key values with prefix and suffix values that correspond to other software modules to authenticate the software, using a hashing algorithm, and load the software upon authentication.
93 Citations
33 Claims
-
1. A computer implemented method for authenticating software, said method comprising:
-
authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authenticating of the first computer file performed by hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;
generating one or more intermediate key values during the hashing of the first software program;
storing the intermediate key values in a memory of the computer system inaccessible to the user; and
authenticating a second computer file stored on the nonvolatile storage area, the authenticating of the second computer file performed by hashing the second computer file using one or more of the intermediate key values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An information handling system comprising:
-
a semiconductor package that includes one or more processors, a memory area, and a locked nonvolatile memory, wherein the locked nonvolatile memory includes a master key value and wherein the locked nonvolatile memory is inaccessible from outside the semiconductor package;
a system memory interconnected to the processors with a bus;
a software loader image comprising a loader prefix value, a software loader routine, and a loader suffix value, wherein the software loader routine is adapted to authenticate and load computer data files, wherein the software loader image is located outside of the semiconductor package; and
a micro-loader routine located within the semiconductor package which is also inaccessible from outside the semiconductor package, wherein the micro-loader is adapted to authenticate and load the software loader routine from the system memory by using the master key value and the software loader'"'"'s prefix and suffix values and generate one or more intermediate key values that are stored in the semiconductor package'"'"'s memory area. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer program product stored in a computer operable media for authenticating software, said computer program product comprising:
-
means for authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authentication of the first computer file performed by a means for hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;
means for generating one or more intermediate key values during the hashing of the first software program;
means for storing the intermediate key values in a memory of the computer system inaccessible to the user; and
means for authenticating a second computer file stored on the nonvolatile storage area, the authentication of the second computer file performed by a means for hashing the second computer file using one or more of the intermediate key values. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification