System and method for authenticating software using hidden intermediate keys

US 6,961,852 B2
Filed: 06/19/2003
Issued: 11/01/2005
Est. Priority Date: 06/19/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for authenticating software, said method comprising:

authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authenticating of the first computer file performed by hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;

generating one or more intermediate key values during the hashing of the first software program;

storing the intermediate key values in a memory of the computer system inaccessible to the user; and

authenticating a second computer file stored on the nonvolatile storage area, the authenticating of the second computer file performed by hashing the second computer file using one or more of the intermediate key values.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing unit includes a read-only encryption key. Loader code image is loaded into system memory from non-volatile storage. Loader code image includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. During the hashing algorithm, intermediate key values are generated and stored in a memory area inaccessible by the user. The intermediate key values are used by the loader code after the loader has been authenticated and loaded. The loader combines one or more of the intermediate key values with prefix and suffix values that correspond to other software modules to authenticate the software, using a hashing algorithm, and load the software upon authentication.

93 Citations

33 Claims

1. A computer implemented method for authenticating software, said method comprising:
- authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authenticating of the first computer file performed by hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;
  
  generating one or more intermediate key values during the hashing of the first software program;
  
  storing the intermediate key values in a memory of the computer system inaccessible to the user; and
  
  authenticating a second computer file stored on the nonvolatile storage area, the authenticating of the second computer file performed by hashing the second computer file using one or more of the intermediate key values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the first computer file is a loader software module, the authentication of the loader software module further comprising:
    - reading a prefix value and a suffix value from the nonvolatile storage area, the prefix and suffix values corresponding to the loader software module;
      
      generating a seed value using the loader'"'"'s prefix value and the master key value;
      
      seeding the hashing algorithm used to authenticate the loader software module with the seed value;
      
      generating an expected hash value using the loader'"'"'s suffix value and the master key value;
      
      retrieving a hash result resulting from the hashing of the loader software module; and
      
      comparing the expected hash value with the hash result.
  - 3. The method of claim 2 wherein the generation of the seed value is performed by calculating an exclusive OR value between the master key value and the prefix value.
  - 4. The method of claim 2 wherein the authentication of the loader software module is performed by a micro-loader module.
  - 5. The method of claim 4 wherein the micro-loader is stored on a read-only memory, and wherein the computer system'"'"'s processor, the read only memory, the nonvolatile memory, and the memory are all packaged within a common semiconductor package.
  - 6. The method of claim 5 wherein the loader software module, the suffix value, and the prefix value are each located on the nonvolatile storage area, wherein the nonvolatile storage area is outside of the common semiconductor package.
  - 7. The method of claim 1 wherein the nonvolatile memory is a locked nonvolatile storage area included in a semiconductor package, the semiconductor package also including one or more processors.
  - 8. The method of claim 1 further comprising:
    - erasing the intermediate key values following the authentication of the second computer file.
  - 9. The method of claim 1 wherein the first computer file is a loader software module and the second computer file is a software program, the authentication of the software program further comprising:
    - reading a prefix value and a suffix value from the nonvolatile storage area, the prefix and suffix values corresponding to the software program;
      
      generating a seed value using the software program'"'"'s prefix value and one of the intermediate key values;
      
      seeding the hashing algorithm used to authenticate the software program with the seed value;
      
      generating an expected hash value using the software program'"'"'s suffix value and the intermediate key value;
      
      retrieving a hash result resulting from the hashing of the software program; and
      
      comparing the expected hash value with the hash result.
  - 10. The method of claim 9 wherein the authentication of the software program is performed by the software loader module after the software loader module has been authenticated and loaded.
  - 11. The method of claim 9 wherein the generation of the seed value is performed by calculating an exclusive OR value between one of the intermediate key values and the software program'"'"'s prefix value.
  - 12. The method of claim 9 wherein a micro-loader is stored on a read-only memory, and wherein the computer system'"'"'s processor, the read only memory, the nonvolatile memory, and the memory are all packaged within a common semiconductor package, the method further comprising:
    - invoking the micro-loader to authenticate the loader software module using the master key value, a loader prefix value, and a loader suffix value;
      
      loading and invoking the loader software module in response to the loader software module being authenticated by the micro-loader, wherein the software program is authenticated by the loader software module using the software module'"'"'s prefix and suffix values in combination with at least one of the intermediate key values; and
      
      loading and executing the software program in response to the software program being authenticated by the loader software module.

13. An information handling system comprising:
- a semiconductor package that includes one or more processors, a memory area, and a locked nonvolatile memory, wherein the locked nonvolatile memory includes a master key value and wherein the locked nonvolatile memory is inaccessible from outside the semiconductor package;
  
  a system memory interconnected to the processors with a bus;
  
  a software loader image comprising a loader prefix value, a software loader routine, and a loader suffix value, wherein the software loader routine is adapted to authenticate and load computer data files, wherein the software loader image is located outside of the semiconductor package; and
  
  a micro-loader routine located within the semiconductor package which is also inaccessible from outside the semiconductor package, wherein the micro-loader is adapted to authenticate and load the software loader routine from the system memory by using the master key value and the software loader'"'"'s prefix and suffix values and generate one or more intermediate key values that are stored in the semiconductor package'"'"'s memory area.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The information handling system of claim 13 further comprising the system, wherein the micro-loader is enabled to:
    - read the prefix value and a suffix value from a nonvolatile storage area;
      
      generate a seed value using the software loader'"'"'s prefix value and the master key value;
      
      seed a hashing algorithm used to authenticate the loader software module with the seed value;
      
      generate an expected hash value using the loader'"'"'s suffix value and the master key value;
      
      retrieve a hash result resulting from the hashing of the loader software module; and
      
      compare the expected hash value with the hash result.
  - 15. The information handling system of claim 14 wherein, in order to generate the seed value, the micro-loader is further enabled to calculate an exclusive OR value between the master key value and the prefix value.
  - 16. The information handling system of claim 13 wherein the locked nonvolatile memory is an array of programmable fuses.
  - 17. The information handling system of claim 13 wherein the software loader routine is enabled to:
    - read a prefix value and a suffix value from the system memory, the prefix and suffix values corresponding to one of the computer data files;
      
      generate a seed value using the software program'"'"'s prefix value and one of the intermediate key values;
      
      seed a hashing algorithm used to authenticate the computer data file with the seed value;
      
      generate an expected hash value using the computer data file'"'"'s suffix value and the intermediate key value;
      
      retrieve a hash result resulting from the hashing of the computer data file; and
      
      compare the expected hash value with the hash result.
  - 18. The information handling system of claim 17 wherein the authentication of the computer data file is performed by the software loader routine after the software loader routine has been authenticated and loaded by the micro-loader.
  - 19. The information handling system of claim 17 wherein, in order to generate the seed value, the software loader routine is enabled to calculate an exclusive OR value between one of the intermediate key values and the computer data file'"'"'s prefix value.
  - 20. The information handling system of claim 17 wherein, in order to authenticate and load one of the computer data files, the micro-loader is invoked and enabled to:
    - authenticate the software loader routine using the master key value, the loader prefix value, and the loader suffix value;
      
      create and store the intermediate key values generated during the authentication of the software loader routine;
      
      invoke the software loader routine in response to the software loader routine being authenticated by the micro-loader, wherein the software loader routine, upon being invoked, is enabled to;
      
      authenticate the computer data file using the computer data file'"'"'s prefix and suffix values in combination with at least one of the intermediate key values; and
      
      load the computer data file in response to the computer data file being authenticated by the loader software module.
  - 21. The information handling system of claim 20 wherein the computer data file is a software program and the software loader routine is further enabled to execute the software program after the software program is loaded.

22. A computer program product stored in a computer operable media for authenticating software, said computer program product comprising:
- means for authenticating a first computer file stored on a nonvolatile storage area accessible by a computer system, the authentication of the first computer file performed by a means for hashing the first software program using a master key value that is located in a nonvolatile memory of the computer system inaccessible to a user;
  
  means for generating one or more intermediate key values during the hashing of the first software program;
  
  means for storing the intermediate key values in a memory of the computer system inaccessible to the user; and
  
  means for authenticating a second computer file stored on the nonvolatile storage area, the authentication of the second computer file performed by a means for hashing the second computer file using one or more of the intermediate key values.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 23. The computer program product of claim 22 wherein the first computer file is a loader software module, the authentication of the loader software module further comprising:
    - means for reading a prefix value and a suffix value from the nonvolatile storage area, the prefix and suffix values corresponding to the loader software module;
      
      means for generating a seed value using the loader'"'"'s prefix value and the master key value;
      
      means for seeding the hashing algorithm used to authenticate the loader software module with the seed value;
      
      means for generating an expected hash value using the loader'"'"'s suffix value and the master key value;
      
      means for retrieving a hash result resulting from the hashing of the loader software module; and
      
      means for comparing the expected hash value with the hash result.
  - 24. The computer program product of claim 23 wherein the generation of the seed value is performed by a means for calculating an exclusive OR value between the master key value and the prefix value.
  - 25. The computer program product of claim 23 wherein the authentication of the loader software module is performed by a micro-loader module.
  - 26. The computer program product of claim 25 wherein the micro-loader is stored on a read-only memory, and wherein the computer system'"'"'s processor, the read only memory, the nonvolatile memory, and the memory are all packaged within a common semiconductor package.
  - 27. The computer program product of claim 26 wherein the loader software module, the suffix value, and the prefix value are each located on the nonvolatile storage area, wherein the nonvolatile storage area is outside of the common semiconductor package.
  - 28. The computer program product of claim 22 wherein the nonvolatile memory is a locked nonvolatile storage area included in a semiconductor package, the semiconductor package also including one or more processors.
  - 29. The computer program product of claim 22 further comprising:
    - means for erasing the intermediate key values following the authentication of the second computer file.
  - 30. The computer program product of claim 22 wherein the first computer file is a loader software module and the second computer file is a software program, the authentication of the software program further comprising:
    - means for reading a prefix value and a suffix value from the nonvolatile storage area, the prefix and suffix values corresponding to the software program;
      
      means for generating a seed value using the software program'"'"'s prefix value and one of the intermediate key values;
      
      means for seeding the hashing algorithm used to authenticate the software program with the seed value;
      
      means for generating an expected hash value using the software program'"'"'s suffix value and the intermediate key value;
      
      means for retrieving a hash result resulting from the hashing of the software program; and
      
      means for comparing the expected hash value with the hash result.
  - 31. The computer program product of claim 30 wherein the authentication of the software program is performed by the software loader module after the software loader module has been authenticated and loaded.
  - 32. The computer program product of claim 30 wherein the generation of the seed value is performed by a means for calculating an exclusive OR value between one of the intermediate key values and the software program'"'"'s prefix value.
  - 33. The computer program product of claim 30 wherein a micro-loader is stored on a read-only memory, and wherein the computer system'"'"'s processor, the read only memory, the nonvolatile memory, and the memory are all packaged within a common semiconductor package, the computer program product further comprising:
    - means for invoking the micro-loader to authenticate the loader software module using the master key value, a loader prefix value, and a loader suffix value;
      
      means for loading and invoking the loader software module in response to the loader software module being authenticated by the micro-loader, wherein the software program is authenticated by the loader software module using the software module'"'"'s prefix and suffix values in combination with at least one of the intermediate key values; and
      
      means for loading and executing the software program in response to the software program being authenticated by the loader software module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Craft, David
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US10/464,884
Publication Number

US 20050010767A1
Time in Patent Office

866 Days
Field of Search

713168-172, 713/150, 713193-194
US Class Current

713/168
CPC Class Codes

G06F 21/123 by using dedicated hardware...

System and method for authenticating software using hidden intermediate keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

93 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

System and method for authenticating software using hidden intermediate keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others