Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-07-14
2001-03-27
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S282000, C380S283000, C380S259000, C705S051000, C705S057000, C713S189000, C713S193000
Reexamination Certificate
active
06209099
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention concerns a secure data processing method and system and is of particular application to a financial terminal.
In a data processing system it is usual to provide a programmable central processor unit, memory and other software and hardware components. It is desirable to provide a software and hardware environment where the user or operator of the system can trust all of the software and hardware components of the system. To achieve this objective some means has to be provided to decide whether the components of the system have been compromised either at initial installation of the components or at a later stage when new or upgraded components are introduced to the system.
For a data processing system including a programmable central processor unit it is important to authenticate the operating system of the central processor unit. If plug-in cards are used to provide upgrades to the functionality of the system it is also important to authenticate these plug-in cards. The means to authenticate the components of the data processing system must be such as to provide security for the authentication process itself if the authentication process is to be reliable in detecting any compromise of the components of the system.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide an effective method and system for testing one or more components of a data processing system in order to determine the authenticity of the tested component or components.
According to the present invention there is provided a method of determining the authenticity of one or more system components of a data processing system which also includes a programmable central processor unit, memory, a security circuit having a cryptographic engine, and a cryptographic key store, the method comprising the steps of entering one or more keys into the cryptographic key store, operating on the contents of the cryptographic key store by means of the cryptographic engine to generate a digital signature referenced to a component of the system to be authenticated, generating a digital signature from the component to be authenticated, and providing an indication of authenticity by comparing the digital signature generated by the cryptographic engine with that generated from the component to be authenticated.
Further according to the present invention there is provided a data processing system including one or more components to be checked for authenticity, a programmable central processing unit, memory and a security circuit having a cryptographic engine and a cryptographic key store for storing one or more cryptographic keys, the cryptographic engine being adapted to operate on the contents of the cryptographic key store to generate a digital signature referenced to a component of the system to be checked for authenticity, and means being provided to generate a digital signature from the component to be checked for authenticity and to provide an indication of authenticity by comparing the digital signature generated by the cryptographic engine with that generated from the component to be authenticated.
REFERENCES:
patent: 4910774 (1990-03-01), Barakat
patent: 5224160 (1993-06-01), Paulini et al.
patent: 5343527 (1994-08-01), Moore
patent: 5434870 (1995-07-01), Benton et al.
patent: 5473692 (1995-12-01), Davis
patent: 5530749 (1996-06-01), Easter et al.
patent: 5644638 (1997-07-01), Thiriet
patent: 5781723 (1998-07-01), Yee et al.
patent: 5802592 (1998-09-01), Chess et al.
patent: 5844986 (1998-12-01), Davis
patent: 5892902 (1999-04-01), Clark
patent: 5958051 (1999-09-01), Renaud et al.
patent: 0707270 (1996-04-01), None
patent: 0 816 970 A2 (1998-01-01), None
patent: WO99/17255 (1999-04-01), None
Kruse D: “Guarding the Operating System” Siemens Magazine of Computers & Communications, (COM), vol. 14, No. 5, Sep. 1986, pp. 14-16, XP000611029.
Schneier, Applied Cryptography, 2nd edition, pp. 34-41, 1996.
Callahan Paul E.
NCR Corporation
Swann Tod
Welte Gregory A.
LandOfFree
Secure data processing method and system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure data processing method and system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure data processing method and system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2533522