In the past, there have been no means available for treating operating system code not resident in main storage of a computer, that is operating system code stored on tape, disk or the like, any differently than data having far lower security requirements. The lack of security results in two problem areas.
The first problem area is with respect to the nonsecured communication channel between the computer manufacturer and the customer. For example, a typical penetration of security is to deliver the penetrator's code to a customer, counterfeiting the computer manufacturer's packaging and delivery procedures.
The second problem area results from the fact that the copy of the operating system on auxiliary storage is under control of the operating system's file management component, and a successful subversion of the file management component can be used to change the copy of the operating system on disk, which if the change is undetected, will subsequently be loaded in place of the valid operating system.
As set forth above, the manufacturer's packaging and delivery techniques are easily counterfeited, so another method must be devised to authenticate an operating system. It has been suggested that a parity type check be performed on the operating system, but it has been found that such a parity check is easily subverted.
According to the present invention, the validity of a program such as an operating system being loaded in a computer is authenticated in an operating system authenticator through the use of a user's identification code or secret key and a verifier code which are unique to a valid operating system. The operating system to be authenticated is concurrently loaded into main memory and the system authenticator. A hash function is generated in the authenticator as a function of the user's identification code and the operating system being loaded. After the complete operating system has been loaded, the hash function is compared with the verifier value. If they compare, the loaded operating system is valid, and if there is a lack of comparison the loaded operating system is invalid, and computer operation is terminated.