In a security conscious digital computer environment, measures must be taken to ensure that sensitive data is not transferred or allowed to be accessed unless specifically authorized. One of the problems in constructing such an environment is the possibility of a hardware failure in the digital computer assigned the responsibility for maintaining the security of the sensitive data. For example, in a digital computer whose output is controlled by a buffer control word which specifies not only the starting address of the data to be transferred but also the number of words to be transferred, a failure in the loading of the number of words to be transferred could cause more output words to be outputted than was anticipated by the software. This undesirable situation, caused by hardware malfunction, could result in the leaking of sensitive data.
However, if the software is required to insert a certain code pattern or value as determined by a number of key bits in the output words and the digital computer hardware makes a check of the certain code pattern before an output transfer is allowed to take place, the odds of an erroneous output of sensitive data will be greatly diminished. In the example previously given, a failure in the loading of the buffer control word count causing an attempted transfer of a greater number of output words than was desired would not result in an erroneous transfer if the key value as determined the key bits in the output words do not match the predetermined lock value, since the hardware comparison apparatus would detect the mismatch, prevent the erroneous output transfer and alert the central processor section of the digital computer that a mismatch has occurred.