Process for securing and for checking the integrity of the secured programs

US 5,224,160 A
Filed: 03/20/1992
Issued: 06/29/1993
Est. Priority Date: 02/23/1987
Status: Expired due to Fees

First Claim

Patent Images

1. In a data processing system having a memory and at least one executable program, a method of protecting against the execution of programs altered without authorization, the method comprising the steps of:

storing in said computer system a reference checksum generated on the basis of an authorized version of the at least one program by execution of a predetermined cryptographic algorithm;

generating a program checksum on the basis of a version of the at least one program presented for execution in the computer system, by execution of the predetermined cryptographic algorithm;

comparing the generated program checksum with the stored reference checksum; and

blocking execution of the at least one program when the generated checksum differs from the reference checksum.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For securing programs contained in a system storage and for checking their integrity, the programs are in each case coded by a symmetric cryptographic algorithm with the application of a readback secured, secret key, and a check number for each program is simultaneously formed and stored in the storage of the system. For checking the integrity, the programs are then coded again in the same manner and the check number thus obtained in each case is compared with the check number stored at the first coding. It is possible to derive from the result of comparison a criteria for activation or locking the following programs.

161 Citations

13 Claims

1. In a data processing system having a memory and at least one executable program, a method of protecting against the execution of programs altered without authorization, the method comprising the steps of:
- storing in said computer system a reference checksum generated on the basis of an authorized version of the at least one program by execution of a predetermined cryptographic algorithm;
  
  generating a program checksum on the basis of a version of the at least one program presented for execution in the computer system, by execution of the predetermined cryptographic algorithm;
  
  comparing the generated program checksum with the stored reference checksum; and
  
  blocking execution of the at least one program when the generated checksum differs from the reference checksum.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method in accordance with claim 1 wherein the reference checksum is generated using a secret key.
  - 3. The method in accordance with claim 2 wherein the program checksum is generated using the same secret key.
  - 4. The method in accordance with claim 3 wherein the algorithm is the DES algorithm.
  - 5. The method in accordance with claim 1 wherein the data processing system comprises a read protected memory area and wherein the reference checksum is stored in the read protected area.
  - 6. The method in accordance with claim 1 wherein the system comprises a computer and separate, physically sealed unit electrically connected to the computer and wherein the cryptographic algorithm is stored and executed inside the physically sealed unit.
  - 7. The method in accordance with claim 1 wherein the sealed unit provides to the computer a binary result indicating whether a program checksum generate with respect to a particular program matches the corresponding stored reference checksum.
  - 8. The method in accordance with claim 6 wherein the reference check number of a first of a sequence of programs is stored in read only memory in the computer and the reference checksum for at least one other of the programs is stored in the sealed unit.
  - 9. The method in accordance with claim 1 in a system comprising a plurality of executable programs, including an original loading program which when executed loads other executable programs into the system, wherein a reference checksum is stored for the original loading program and a program checksum is generated, and wherein execution of the original loading program is blocked and no further programs are loaded in the system when the program checksum generated for the loading program differs from the reference checksum for the loading program.
  - 10. The method in accordance with claim 1 wherein an individual reference checksum is stored for each of a plurality of sequentially executable programs and wherein, upon completion of one program, a checksum is generated for a next program to be executed and execution of the next program is initiated only if the checksum generated for the next program does not differ from the reference checksum for the next program.
  - 11. The method in accordance with claim 1 wherein the reference checksum and the program checksum are generated on the basis of the total information content of the authorized version and of the version presented for execution.

12. In a data processing system comprising an administrative computer and at least one target computer and at least one target computer program to be executed on the target computer, a method of protecting against the execution of programs altered without authorization, the method comprising the steps of:
- generating a reference checksum on the basis of an authorized version of the at least one target computer program by execution of a predetermined cryptographic algorithm in the administrative computer;
  
  storing the reference checksum in a portable memory carrier;
  
  transferring the carrier to the target computer;
  
  generating a program checksum on the basis of a version of the at least one program presented for execution in the target computer, by execution of the predetermined cryptographic algorithm;
  
  comparing the generated program checksum with the reference checksum; and
  
  executing the at least one program in the target computer only when the comparison indicates that the generated checksum is equal to the corresponding reference checksum.
- View Dependent Claims (13)
- - 13. The method in accordance with claim 12 wherein the portable memory carrier comprises a physically sealed unit and wherein the cryptographic algorithm is stored in the memory carrier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Siemens Computers GmbH (Fujitsu Limited)
Original Assignee
Siemens Nixdorf Informationssysteme AG (Siemens AG)
Inventors
Paulini, Werner, Wessel, Dietmar
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US07/855,169
Time in Patent Office

466 Days
Field of Search

380/4, 380/28
US Class Current

713/187
CPC Class Codes

G06F 11/1008   in individual solid state d...

G06F 11/1076   Parity data used in redunda...

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Process for securing and for checking the integrity of the secured programs

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

161 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Process for securing and for checking the integrity of the secured programs

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

161 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others