Electrical computers and digital processing systems: support – Data processing protection using cryptography – By stored data protection
Reexamination Certificate
1998-07-08
2003-01-21
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
By stored data protection
C713S168000, C713S189000
Reexamination Certificate
active
06510521
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of computer systems. More specifically, the present invention relates to data security on computer systems.
2. Background Information
Existing methods of preventing unauthorized write access to nonvolatile storage such as FLASH memory typically rely on “secret” access methods to a write enable circuit. These “secret” access methods to the write enable circuit can be reverse-engineered through the use of standard debugging hardware. Once reverse engineered, a person will be able to produce code that can write to the “protected” non-volatile storage at will. If the code is used in a malicious manner, it can be used to introduce viruses into the “protected” non-volatile storage or even destroy the content of the non-volatile storage.
Thus, it is desirable to have a more robust approach to preventing unauthorized access to non-volatile storage, in particular, an approach that does not rely on the access method not being known. As will be described in more detail below, the present invention achieves these and other desirable results.
SUMMARY OF THE INVENTION
In accordance to the present invention, an electronic signature is generated in a predetermined manner and attached to a transferable unit of write data, to facilitate authenticating the write data before allowing the write data to be written into a protected non-volatile storage. The write data is authenticated using a collection of secured authentication functions. Additionally, the actual writing of the authenticated write data into the protected non-volatile storage is performed by a secured copy utility.
The electronic signature is functionally dependent on the content of the write data, and the predetermined manner of generating the electronic signature is reproducible during write time. In one embodiment, the electronic signature is generated by the creator of the write data, by generating a digest based on the content of the write data using a message digest function, and then encrypting the generated digest with a secret private key using an encryption function.
The collection of secured authentication functions include a secured corresponding copy of the message digest function, and a secured complementary decryption function. During operation, the secured decryption function reconstitutes the original digest by decrypting the electronic signature with a secured complementary public key, while the secured copy of the message digest function generates another digest based on the content of the write data to be authenticated. The two digests are compared using a secured comparison function. If the two digests pass the comparison, the secured copy utility is invoked to copy the authenticated write data into the protected non-volatile storage, otherwise, the write data are rejected.
In one embodiment, the authentication functions are secured by copying them into a normally unavailable system management memory during system initialization. The authentication functions are invoked using a system management interrupt (SMI), which when asserted, automatically maps the system management memory into the normal system memory space. A non-volatile memory write security circuitry is provided to qualify a memory write signal provided to the protected non-volatile storage, and to generate the SM whenever a write to the protected non-volatile storage is requested.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 5050212 (1991-09-01), Dyson
patent: 5287519 (1994-02-01), Dayan et al.
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5454000 (1995-09-01), Dorfman
patent: 5568552 (1996-10-01), Davis
patent: 5680547 (1997-10-01), Chang
patent: 5713009 (1998-01-01), DeRosa, Jr. et al.
patent: 5822565 (1998-10-01), DeRosa, Jr. et al.
patent: 5844986 (1998-12-01), Davis
patent: 5848231 (1998-12-01), Teitelbaum et al.
patent: 5881287 (1999-03-01), Mast
patent: 5919257 (1999-07-01), Trostle
patent: 5999711 (1999-12-01), Misra et al.
patent: 6009524 (1999-12-01), Olarig
patent: 6034832 (2000-03-01), Ichimura et al.
patent: 6061794 (2000-05-01), Angelo et al.
patent: 6067640 (2000-05-01), Akiyama et al.
patent: 6189100 (2001-02-01), Barr et al.
R. Droms, “Dynamic Host Configuration Protocol”, Networking Group, Bucknell University, Oct. 1993, pp. 1-39.
Albrecht Mark
Wildgrube Frank
Blakely , Sokoloff, Taylor & Zafman LLP
Intel Corporation
Peeso Thomas R.
LandOfFree
Methods and apparatus for preventing unauthorized write... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for preventing unauthorized write..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for preventing unauthorized write... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3063442