1. Field of the Invention
The present invention relates generally to information security and particularly to security in networked information systems.
2. Background Art
For a networked information system to be secured, it must employ mechanisms to limit access to at least some of the data with which the system can interact. Often access to such secured data is controlled by “keys”—data codes that, when processed, allow access to other secured data.
One means by which data can be maintained secured is to limit the number of hardware devices with which the secured data can interact. This can be done by packaging these hardware devices and the secured data within a secured module (or within a secured block on a chip). However, interfacing such a secured module with a networked information system introduces the possibility that the secured data could be communicated outside of the secured module. To maintain security of the data in this environment, the interaction between the secured data and the commands received from the network must be reliably controlled.
However, reliable performance of hardware devices depends upon maintaining the parameters of the devices (e.g., clock frequency, power supply voltages, etc.) and the environment surrounding them (e.g., temperature, electromagnetic radiation, etc.) within their design specifications. Thus, an individual at odds with the purpose of the secured system could cause one or more of the hardware devices to operate outside of their design specifications with the hope that doing this will compromise the integrity of the secured module and facilitate access to the secured data or the keys.
Operating the hardware devices outside of their design specifications can cause instructions to be improperly or incompletely processed. This, in turn, can change the sequence in which instructions are performed. Thus, for a given command, the failure of the instructions to be properly performed in the correct sequence can be indicative of a loss of control of the security of the data within the secured module. What is needed, therefore, is one or more procedures that can verify whether the instructions for a given command are properly performed in the correct sequence.