1. Field
The present invention relates to the field of data security. More particularly, this invention relates to a system and method for authenticating software code before execution by the host processor.
2. General Background
Over the last few years, computers have become products highly valued by consumers. The reason is that computers are highly versatile and enjoy a wide range of applications. Of major concern, however, is that computers, especially mobile computers such as laptops or hand-helds, are vulnerable to theft due to their commercial value and their exposure to insecure environments such as cars, hotel rooms and airport lobbies.
Currently, there exist a number of security mechanisms that are marginally effective. However, these mechanisms are still vulnerable to component or device replacement since no protected environment for execution of code and for manipulation of data is provided. For example, one type of conventional security mechanism involves the use of password software, which is normally executed after a host processor of the computer has been powered-up and has already fetched macro-instructions from Basic Input/Output System (BIOS) code residing in a Read Only Memory (ROM) device. The ROM device is physically separate from the host processor.
More specifically, during a normal power-on reset, a host processor of a conventional computer automatically jumps to a predetermined hardwired address. This address is a predetermined reset vector which is mapped to a ROM device containing the BIOS code. As a result, the host processor performs instruction fetches of BIOS code which usually prompts the computer to perform the following operations: (i) initialize its electronic hardware; (ii) initialize its peripheral devices; and (iii) boot its Operating System.
Unfortunately, the password-based security mechanism and other current security mechanisms can be easily circumvented. One way would be to replace the ROM device containing BIOS code with another memory device having a new, different BIOS code.
Additionally, due to the growing usage of networking solutions such as the Internet, computers are becoming more susceptible to invasive software virus attacks. Software viruses may be obtained during transactions over the Internet such as, for example, downloading data from either a website or an electronic bulletin board. For example, the software virus may include a program, infiltrating the BIOS code and executing in the background, that sends contents of hard disk drive over the Internet. Likewise, some of the software viruses are intended to damage the BIOS code which renders the computer inoperable.
These above-described scenarios further demonstrate the necessity in providing a protected environment for execution of code and for manipulation of data within a computer.
The present invention relates to processor in communication with a cryptographic device. The cryptographic device authenticates software code, loaded into the cryptographic device during a boot procedure, before permitting the host processor to execute the software code.