1. Technical Field
The present invention relates in general to security features in data processing systems and in particular to security systems employing system component serial numbers in encryption mechanisms. Still more particularly, the present invention relates to preventing data processing system component serial numbers used for encryption type security features from being duplicated or counterfeited.
2. Description of the Related Art
Many software manufacturers write electronic data in nonvolatile memories, such as hard disk drives, to provide system security features. However, because the data is written in a nonvolatile memory, the data can be easily counterfeited, thus bypassing the system security. For example, many data processing systems contain a license manager which utilizes a password to verify that specific software is entitled to run on a specific data processing system. When the software is ordered, a password is sent with the software which enables the code to run on the system. The password is normally based on a serial number stored in some nonvolatile memory in the system. If the system serial number can be counterfeited (copied or duplicated), then the same password may be utilized to enable the software on any data processing system, rather than just the specific data processing system for which the license was purchased. To prevent counterfeiting of the serial numbers, manufacturers need a nonvolatile memory which can be written with data but which also allows the manufacturer to detect whether the data has been modified or copied.
Various attempts have been made to create alteration detection schemes for data written to nonvolatile memory. One method, for example, places a block on nonvolatile memory preventing data from being written to the memory only if privileged commands are utilized. This protection is easily avoided by simply clipping leads onto the nonvolatile memory from an external tester and writing the data. Alternatively, the nonvolatile memory may be simply replaced with a memory chip which was loaded with a copy from another system. This type of protection allows duplication of data or modification of any data by simply "echoing back" the expected results.
A more secure alteration detection method employs an electronic signature placed with the data. Again, however, if the data is copied from another nonvolatile memory chip, the data may be duplicated (but not modified). Since the intent is to prevent duplication and reuse of serial numbers, the security provided by this method is unsatisfactory.
The electronic signature may be made harder to counterfeit by adding a unique chip serial number, generated in another chip (other than the nonvolatile memory chip), to the data containing the system serial number. However counterfeiting is not impossible since the chip serial number may be counterfeited along with the data containing the system serial number so that the electronic signature compares with the expected result. Since any data passed to a processor may be intercepted and counterfeited, only when the chip serial number is on the processor chip will acceptable security be achieved. Putting the serial number on the processor chip achieves acceptable security for a processor card, but does nothing to provide security for other cards in a data processing system.
It would be desirable, therefore, to detect counterfeiting of data contained in a nonvolatile memory, preventing duplication and reuse of serial numbers used as part of a security feature in a data processing system. It would also be advantageous if the mechanism used to detect counterfeiting prevented detection of encryption keys and circumvention of the security feature by echoing back data.