Method for authenticating software using protected master key
First Claim
1. A method for loading a software program in a computer system, said method comprising:
- reading a software image from a first memory area, wherein the software image comprises a prefix value, a plurality of blocks of software code, and a suffix value;
reading a key value from a second memory area, wherein the second memory area is located in an area inaccessible to a user;
generating a seed value using the prefix value and the key value;
seeding a hashing algorithm with the seed value;
reading the first block of software code;
hashing the first block of software code using the seed value, the hashing resulting in an updated seed value;
processing each remaining block of software code, wherein the processing comprises;
reading a next block of software code;
hashing the next block of software code using the updated seed value, the hashing resulting in a hash value; and
setting the updated seed value equal to the hash value;
after all blocks of software code have been processed, performing the following;
generating an expected hash value using the suffix value and the key value;
authenticating the software program based upon the expected hash value and the hash value;
in response to the expected hash value being equal to the hash value, loading the software program; and
executing the loaded software program.
4 Assignments
0 Petitions
Accused Products
Abstract
A processing unit includes a read-only encryption key. Software is loaded into a system memory area from a non-volatile storage device. Software code image that resides in the system storage area includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. Finally, after the last block has been processed, a final result remains. The suffix value is combined with the master key, this hash result is compared with the result that was created using the hashing algorithm on the code. If the two results match, the code is authenticated and is executed. If the results do not match, the code is not loaded.
24 Citations
7 Claims
-
1. A method for loading a software program in a computer system, said method comprising:
-
reading a software image from a first memory area, wherein the software image comprises a prefix value, a plurality of blocks of software code, and a suffix value; reading a key value from a second memory area, wherein the second memory area is located in an area inaccessible to a user; generating a seed value using the prefix value and the key value; seeding a hashing algorithm with the seed value; reading the first block of software code; hashing the first block of software code using the seed value, the hashing resulting in an updated seed value; processing each remaining block of software code, wherein the processing comprises; reading a next block of software code; hashing the next block of software code using the updated seed value, the hashing resulting in a hash value; and setting the updated seed value equal to the hash value; after all blocks of software code have been processed, performing the following; generating an expected hash value using the suffix value and the key value; authenticating the software program based upon the expected hash value and the hash value; in response to the expected hash value being equal to the hash value, loading the software program; and executing the loaded software program. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeDropbox, Inc.
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCraft, David
-
Primary Examiner(s)Moazzami; Nasser G
-
Assistant Examiner(s)Hoffman; Brandon S
-
Application NumberUS10/464,897Publication NumberTime in Patent Office2,028 DaysField of SearchNoneUS Class Current713/187CPC Class CodesG06F 21/123 by using dedicated hardware...
