`Lewis
`
`US005734819A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,734,819
`Mar. 31, 1998
`
`1/1995 Yamnagishii
`5,379,433
`1/1995 Akiyama .
`5,386,468
`~ 395/186
`2/1995 Gniube ......
`5,388,212
`«+ 380/23
`2/1995 Konno..........+.
`5,392,356
`ww» 380/25
`3/1995 Goodman etal.
`§,402,492
`5,416,840=S/1995 Came w..ecccssccsessecaesecessnnesanoneones 380/4
`[73]
`Assignee:
`International Business Machines
`5,481,672
`1/1996 Okuno.....
`. 395/186 X
`Corporation, Armonk, NLY.
`5,483,658
`1/1996 Grube ......
`. 395/186 X
`5,530,753
`6/1996 Easter......
`. 380/4
`5,546,463
`8/1996 Caputo...ccscecserrsscresarsnerreasnee 380/25
`
`[54]
`
`[75]
`
`METHOD AND APPARATUSFOR
`VALIDATING SYSTEM OPERATION
`
`Inventor: David Otto Lewis, Rochester, Minn.
`
`[21]
`
`Appl. No.: 322,246
`
`........scsesssssseseneeereee 395/186
`
`ent
`
`[22]
`
`Filed:
`
`Oct. 12, 1994
`
`FOREIGN PATENT DOCUMENTS
`
`Tint, Co ecceeccccscsssssesnnentssnvestnenseeeccereeneeee GO6F 11/00
`.
`9/1985 European Pat. Off.
`0175 359 A2
`[51]
`0 302710 A3=8/1988~—European Pat. Off..
`TS. Ce csecesseessessssessaee 395/186; 380/45; 364/260.81;
`[52]
`0 425 053 Al
`10/1990 European Pat. Off.
`.
`364/286.4
`WO 93/23807
`5/1993 European Pat. Off.
`.
`Field of Search 0...cscs 395/186, 187.01,
`395/188.01; 380/4, 25, 30, 45; 364/222.5,
`260.81, 286.4, 286.5
`
`[58]
`
`Primary Examiner—Robert W. Beausoliel, Jr.
`Assistant Examiner—Dieu-Minh Le
`Attorney, Agent, or Firm—Andrew J. Dillon
`
`[57]
`
`ABSTRACT
`
`A method and apparatus for providing system operation
`validation is disclosed. The method and apparatus for vali-
`dation operates within a computer system comprising a
`central processing unit coupled to a programmable memory,
`and to a system device. The programmable memory may
`store programs and instructions executable on the CPU and
`a non-volatile memory is also provided for access by the
`CPU. The system operation validation is provided by a chip
`identifier located within a device memory within the system
`device, which memory also serves as a chip identifier
`register. Selected information stored within the non-volatile
`memory is used, along with the chip identifier. to generate
`a first encryption code associated with the system device. An
`encryption key is used to generate a second encryption code
`associated with the computer system. Thefirst and second
`encryption codes are matchedto providea first level system
`operation validation. A second chip identifier is generated,
`which identifier is associated with the computer system.
`Both chip identifiers are compared to provide a second level
`system operation validation.
`
`11 Claims, 3 Drawing Sheets
`
`Roku EX1023
`U.S. Patent No. 6,411,941
`
`[56]
`
`References Cited ©
`
`U.S. PATENT DOCUMENTS
`
`4/1981 Konheim .......secsereceeee 395/186 X
`4,264,782
`1/1984 Eckert, Jr. et al.
`- 364/900
`4,424,573
`
`4/1984 Mayer ......cscs
`«+ 364/200
`4,442,486
`
`6/1984 Heffron et al.
`...
`.- 364/900
`4,454,594
`
`7/1984 Smith, II .....
`-». 364/200
`4,462,076
`
`1/1987 Chorley .........
`178/22.08
`4,634,807
`3/1987 Pailen et al.
`..
`-
`4,652,990
`
`6/1987 Rackman ......
`saeee 380/4
`4,670,857
`8/1987 Joshi
`.........
`364/200
`4,688,169
`3/1988 Haneda.....
`.- 364/900
`4,731,748
`364/900
`6/1988 Ross......
`1
`4,751,667
`scenes 380/4
`9/1989 Karp ..........
`4,866,769
`2/1990 Lee etal.
`..
`4,903,299
`vw. 380/125
`6/1990 Marshall
`...
`4,933,969
`5,068,894 LI/E99L Hoppe ccccossssssesssseemnssseseessseess 380/23
`5,075,805 12/1991 Peddle etal. .
`. 360/61
`5,113,518
`5/1992 Durst, Jr. et al.
`395/550
`veoseee
`5,182,770
`1/1993 Medveczky ...
`380/4
`5,199,066
`3/1993 Logan cccscsssecsssersessesssssesssnsessees 380/4
`5,276,738
`1/1994 Hirsch ..ssusn
`380/46
`5,282,247
`1/1994 McLean etal.
`.. 380/4
`5,287,408
`2/1994 Samson.........
`.- 380/4
`5,337,357
`8/1994 Chow...
`» 380/4
`5,343,524
`8/1994 Muet al.
`ccccccsscscosecrecsnnssessserseee 380/4
`
`.
`
`
`
`
`READ CONTENTS
`
`
`VOLATILE
`MEMORY INTO
`SYSTEM MEMORY
`
`AUTHENTICATION
`CODE GABEON
`FIRST PORTION OF
`
`DATA IN SYSTEM
`BING REY
`
`VALIQATE ievla
`ATARI
`
`
`GAANT SYSTEM
`OPERATION
`
`
`Roku EX1023
`U.S. Patent No. 6,411,941
`
`
`
`U.S. Patent
`
`Mar.31, 1998
`
`Sheet 1 of 3
`
`5,734,819
`
`
`20 12
`
`MEMORY
`
`
`
` MEMORY
`
`
`NON-VOLATILE |
`
`
`
` CHIP ID
`
`
`
`DEVICE
`
`
`REGISTER
`
`ADDRESS
`
`IN
`
`BYTES
`
`0-7
`
`120
`
`st
`
`DEVICE TYPE
`
`8-15|DEVICE SERIAL NUMBER
`
`
`
`
`
`
`
`
`
`
`
`
`46-23|CHIP ID
`
`24-31|UNIQUE DEVICE DATA
`
`32-39|MESSAGE AUTHENTICATION CODE
`
`40 -
`
`DEVICE DATA AREA
`
`Fig. 2
`
`
`
`U.S. Patent
`
`.
`
`Fig. 3
`
`Mar. 31, 1998
`
`Sheet 2 of 3
`
`5,734,819
`
`ESTABLISH
`TEXT STORAGE
`AREA IN NVM
`
`ENCRYPT
`PORTION OF
`TEXT DATA
`BASED ON KEY
`
`EXCLUSIVE OR
`ENCRYPTED
`DATA WITH A
`SECOND
`PORTION OF
`DATA
`
`ENCRYPT
`RESULTS WITH
`NEXT PORTION
`OF DATA
`
`HAS ALL
`DATA BEEN
`ENCRYPTED
`
`MEMORY
`
`ESTABLISH
`RESULTANT
`ENCRYPTED DATA
`
`AS MESSAGE
`
`AUTHENTICATION
`CODE
`
`PLACE MESSAGE
`AUTHENTICATION
`CODE IN
`NON-VOLATILE
`
`
`
`US. Patent
`
`Mar. 31, 1998
`
`Sheet 3 of 3
`
`5,734,819
`
`410
`
`READ CONTENTS
`OF NON-
`VOLATILE
`MEMORY INTO
`
`SYSTEM MEMORY
`
`
`
`
`
`
`
`GENERATE
`MESSAGE
`AUTHENTICATION
`CODE BASED ON
`FIRST PORTION OF
`DATA IN SYSTEM
`MEMORY
`USING KEY
`
`
`
`
`
`
` 416
`
`NO
`
`ABORT SYSTEM
`
`MAC STORED
`IN NVM TO MAC
`
`OPERATION
`
`READ CHIP ID
`INTO CPU
`
`
`
`COMPARE
`CHIP 1D FIELD IN
`
`SYSTEM MEMORY
`
`
`TO CHIP 'D FIELD
`FROM STEP
`418
`
`422
`YES
`
`420
`
`
`
`VALIDATE NVM
`DATA AND
`GRANT SYSTEM
`OPERATION
`
`RETURN
`
`Frg.
`
`4
`
`
`
`5,734,819
`
`1
`METHOD AND APPARATUS FOR
`VALIDATING SYSTEM OPERATION
`
`BACKGROUNDOF THE INVENTION
`1. Technical Field
`
`The present invention relates, generally, to a computer
`system having a non-volatile memory and, more specifically,
`to electronic security information being stored in the non-
`volatile memory. More specifically, the present invention
`relates to a computer system having a non-volatile memory
`with security information written into the non-volatile
`memory and a way of detecting when that information has
`been altered so as to prevent operation of the computer
`system once tampering has been detected.
`2. Description of the Related Art
`Electronic serial numbers are being employed in more and
`more electronic devices. These serial numbers are used for
`multiple purposes ranging from determining whether a
`deviceis still under warranty to providing a unique machine
`identification so that a software key is required to run onthat
`specific machine serial number (this feature is provided in
`license managers such as NETLS). The objective of provid-
`ing the electronic serial number is to allow software access
`to the serial number so that it can be tracked electronically
`or used as part of the software key encryption algorithm.
`There is an inherent weakness in the electronic serial num-
`ber in that the manufacturer of the electronic device wants
`to control the machine serial number or unique data andthat
`every machine serial number written must be unique. To
`provide the manufacturer the flexibility to write a different
`serial number on each machine, the machine is designed
`with some type of non-volatile memory (NVM) that the
`manufacturer can write (such as EPROM, PROM, ROS,
`EEPROM,flash type of memory or a track or header on a
`tape. DASD or optical diskette). Since the serial numberis
`located in a programmable memory, it is easy for someone
`else to duplicate the serial number by simply copying the
`contents of one NVM media to another NVM media or
`writing a portion of the NVM media. Bycreating a duplicate
`serial number machine, all of the software programsthat are
`licensed for the original machine can now be used on the
`duplicate serial number machine effectively bypassing the
`license manager checks.
`There are multiple ways in which a unique chip identifier
`can be programmedin a chip and made non changeable. The
`easiest way is to have a tie up or down signal feed a series
`of fuses, which in turn feed inputs to a register. These fuses
`can be blown by a laser as part of the normal chip manu-
`facture process providing a unique chip identifier. The chip
`fuses are typically blownat the wafer level and contain the
`lot number, the wafer number, and the chip location on the
`wafer. Obviously many bits are needed (more than 64) on
`high volumechipssince there is a high percentage of chips
`that are scrapped and the unique chip identifiers are never
`used. Chip fuses have been used for many years in DRAM
`and SRAM designsto select a different portion of the array
`to be used if found defective by manufacturing. Theability
`to produce uniquechip identifiers is knownin the industry.
`A second waya unique chip identifier can be built into a
`module is by using module laser delete chip /O’s. Module
`laser delete is done in a similar fashion as the chip laser
`delete in that a tie up or down signal is fed to a series of fuses
`which in turn go to chip I/O pins and from there to latches
`in a register. A laser is used to blow the fuse thus causingthe
`data in the latch to be personalized. Theregister is then made
`
`10
`
`15
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`2
`available to the software. This method reduces the number
`of bits needed for the unique chip identifier since the chips
`have already been tested before mounting on the modules
`and most modules will test good. Again, since a fuse has
`been blown, it is not possible to duplicate easily another
`unique chip identifier.
`There are several encryption techniques that can be used
`that can provide the manufacturer the capability to detect
`any duplication or modification of the non-volatile memory
`data such as a serial number. One example of the encryption
`technique is the Message Authentication Code (MAC),
`which uses the Data Encryption Standard encryption algo-
`rithm. The MACroutine is passed a string of text data and
`an encryption key and returns an 8 byte MAC. Since the
`DES encryption encrypts 8 bytes at a time andthe result of
`the previous 8 byte encryption is used with the next 8 bytes
`of encryption, the last 8 bytes of the encryption are depen-
`dent on all of the previous text data so any change in any of
`the previous data will be detected in the last 8 bytes of the
`encryption (the MAC).
`Atthe time the device is manufactured. the manufacturer
`will select an 8 byte encryption key that must be kept secret.
`The unique chip Identifier is included in the text portion of
`the data to be encrypted along with any other data the
`manufacturer wants to prevent being modified. A MAC is
`then generated and written along with the data in the
`non-volatile memory along with the data. The operating
`system software program then reads the non-volatile
`memory and the unique chip identifier from the hardware.If
`the unique chip identifier found in the text portion of the
`non-volatile memory does not compare with the one in the
`hardware, then the text has been altered (probably copied
`from another machine) and the software program can reject
`the device as being an invalid device. If the unique chip
`identifier in the non-volatile memory does match the one in
`the chip, then the software program verifies that the MACis
`correct by generating a new MAC for the text of the
`non-volatile memory using the same key that was used to
`generate the MAC in manufacturing and then compares the
`MACgenerated with the MACin the non-volatile memory.
`If the MACs compare then the software program is assured
`that none of the text data that is covered by the MAC has
`been altered. Since only the manufacturer and the checking
`software knowsthe key to create the MAC AND the unique
`chip identifier is part of the text that created the MAC,it is
`not possible to alter the text or MAC unless the encryption
`key is known. Obviously the key must be kept secret and
`protected by the software and the manufacturer.
`Another encryption technique that can be used is RSA
`where the manufacturer usesa private key to encrypt the text
`where the unique chip identifier is again included in the text
`where modification detection is required. A public key is
`then used by the software program to decrypt the encrypted
`data and a comparison is made by the software program of
`the unique chip identifier in the hardware with that in the
`encrypted text. If there is a match then the text is valid,
`otherwise the text has been copied from another machine or
`has been otherwise altered. The advantage of the RSA is that
`two different keys are used for encryption and decryption
`and if the public key is known,the private key can not be
`determined whereas DES uses the same key for encryption
`and decryption so the software program must hide the key
`very well. This invention does not rely on any specific
`encryption technique only on the fact that the manufacturer
`can control access to the encryption key.
`Accordingly, what is needed is a computer system secu-
`rity arrangement using non-volatile memory wherecritical
`
`
`
`5,734,819
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`3
`data is written, which is monitored for detecting whether the
`information has been altered so the system may not be run
`in its altered state.
`
`SUMMARYOF THE INVENTION
`It is therefore one object of the present invention to
`provide a computer system having a non-volatile memory.
`It is another object of the present invention to provide
`electronic security information stored in the non-volatile
`memory.
`It is yet another object of the present invention to provide
`a computer system having a non-volatile memory with
`security information written into the non-volatile memory
`and a way of detecting when that information has been
`altered so as to prevent operation of any portion of the
`computer system once tampering has been detected.
`The foregoing objects are achieved as is now described.
`According to the present invention, a method and apparatus
`for providing system operation validation is disclosed. The
`method and apparatus for validation operates within a com-
`puter system comprising a central processing unit coupled to
`a programmable memory, and to a system device. The
`programmable memory may store programs and instructions
`executable on the CPU and a non-volatile memory is also
`provided for access by the CPU. The system operation
`validation is provided by a chip identifier located within a
`device memory within the system device. which memory
`also serves as a chip identifier register. Selected information
`stored within the non-volatile memory is used, along with
`the chip identifier, to generate a first encryption code asso-
`ciated with the system device. An encryption key is used to
`generate a second encryption code associated with the
`computer system. Thefirst and second encryption codes are
`matchedto providea first level system operation validation.
`A second chip identifier is generated, which identifier is
`associated with the computer system. Both chip identifiers
`are compared to provide a second level system operation
`validation.
`Examples of the devices associated with the computer
`system include field replaceable units wherein the chip
`identifier is a chip serial numberthat is uniquely identified
`with information stored in the non-volatile memory, such as
`an EPROM-type device, a DASD-type device, or microcode
`on a magnetic tape used in a tape drive device. The encryp-
`tion codes may be message authentication codes.
`An alternative method for validating system operation is
`also disclosed where the method generates a unique device
`digital signature associated with the system device. The
`system then generates a unique system digital signature
`associated with the computer system, The system then
`evaluates both unique digital signatures for system valida-
`tion. Once the digital signatures are validated, the system
`grants system operation to the system device. The digital
`signatures for both the system device and the computer
`system are based upon their respective chip identifiers or
`their encryption codes generated on selected information
`stored within memories associated with each device and
`system. respectively, or both. In either embodiment, the
`validation also is able to detect whether the selected infor-
`mation stored within either the system device or the com-
`puter system has beenaltered.
`The above as well as additional objects, features, and
`advantagesofthe present invention will become apparentin
`the following detailed written description.
`BRIEF DESCRIPTION OF THE DRAWINGS
`The novel features believed characteristic of the invention
`are set forth in the appended claims. The invention itself
`
`4
`however, as well as a preferred mode of use, further objects
`and advantagesthereof, will best be understood by reference
`to the following detailed description of an illustrative
`embodiment when read in conjunction with the accompa-
`nying drawings, wherein:
`FIG. 1 is a block diagram of a computer system upon
`which the present invention may be implemented;
`FIG. 2 depicts a block diagram of a Message Authenti-
`cation Code written into the non-volatile memory of FIG.1;
`FIG. 3 is a block diagram of a flowchart representing a
`method of generating the Message Authentication Code of
`FIG.2;
`FIG.4 depicts a block diagram ofa flowchart representing
`the comparison of the MAC codes for detecting alteration
`according to the present invention.
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`
`With reference now to the figures and in particular with
`reference to FIG. 1, depicting a block diagram of a typical
`configuration, such as a programmable apparatus or com-
`puter system 10, upon which the invention is used. Com-
`puter system 10 includes a memory unit 12 connected to a
`central processing unit (CPU) 14. The memory unit 12
`contains instructions and programsthat are executed in CPU
`14. Theseinstructions are used to contro! a device 16, which
`maybe an electro-mechanical device such as, for example.
`a DASDdevice, with an electronic device controller, tape
`reader or diskette reader, or an electronic device such as, for
`example, a cache controlier. For example, the system may be
`directed to a microcode-load tape to work only with a
`designated processor in a designated system. Device 16
`further includes a chip ID register 18, which includes a
`unique chip identifier within the chip ID register 18. The
`chip identifier is read by an instruction executed in CPU 14.
`The unique chip identifier is built as part of the chip
`identifier register 18 so that each chip in a manufactured set
`has a different unique chip identifier.
`A non-volatile memory device (NVM) 20 is further
`connected to CPU 14. NVM 20 contains various information
`that the device manufacturer uses as part of the device 16
`control, such as DEVICE TYPE, DEVICE SERIAL
`NUMBER,and any other UNIQUE DEVICE DATA.To be
`able to detect any alteration in the NVM 20, a CHIP ID is
`included so that any software programs in memory 12 can
`comparethe chip ID in device 16 with the chip ID written
`in NVM 20. Additionally, an encryption code, for example,
`a Message Authentication Code (MAC)is written in NVM
`20 where the DEVICE TYPE, DEVICE SERIAL
`NUMBER, CHIP 1D and UNIQUE DEVICE DATAare used
`as the text input to the MAC generation method. Further, an
`encryption key is further provided to which the software
`programs in memory 12 also have access.
`FIG. 3 is a block diagram of a flowchart depicting the
`method used to generate the MAC shownin FIG,2.In step
`310, a text storage area is established in NVM 20, to which
`the MACis checked.consisting of 0-31 of the NVM address
`base. In this example, the text has a length of 32 bytes. In
`step 312, a 64 bit key is used to encrypt the first eight (8)
`bytes of the text data using a data encryption scheme (DES)
`method, which is well known to those skilled in the art, to
`yield eight (8) bytes of encrypted data. Next, in step 314.
`these eight (8) bytes of encrypted data are exclusively ORed
`with the next eight (8) bytes of the text data. The results are
`then encrypted in step 316. using the DES method and the
`same key. The results are eight (8) bytes of encrypted data
`
`45
`
`50
`
`55
`
`65
`
`
`
`5,734,819
`
`5
`that include the current eight (8) bytes of the text, plus all the
`previous eight(8) byte blocks of text. The system continues
`to encrypt the remaining text using steps 314 and 316. In
`step 318, the system determines whether all the text has been
`encrypted and if so, in step 320, a resultant eight (8) bytes
`is used as the MAC,which is used to detect any change in
`any of the text that was used as input to generate the MAC.
`In step 322, the MACis placed in NVM 20 at locations
`32-39, shown in FIG. 2.
`The MACis used to provide a means, or digital signature,
`for detecting when a serial number or any other critical data
`written into NVM 20is altered. Once there is modification
`or duplication detected,
`the software program stored in
`memory 12 can then take steps to prevent software programs
`from running on the altered device 16. To provide modifi-
`cation detection of NVM 20. the system uses several ID
`items. First, a unique chip identifier that is different from any
`other chip, which is non-alterable, is used as a standard by
`which the software determinesthe identity of the device and
`whether alterations have occurred. Second,
`the software
`programs are given the ability to read this chip identifier.
`Third, the non-volatile memory is included to hold the text
`covered by the encryption algorithm. The non-volatile
`memory is that non-volatile memory used to store data that
`the manufacturer wants to prevent from being altered (such
`as warranty data) using an encryption technique in which the
`unique chip identifier is used as part of the encryption
`algorithm or the chip identifier.
`While system 10 is operating, system code is retrieved
`from memory 12 into CPU 14 for execution. Prior to using
`device 16, the system code performs a chip identification
`and NVM contentalteration detection test, which is illus-
`trated in the flowchart of FIG. 4. In step 410, the system
`reads the contents of NVM 26 into memory 12. Next, in step
`412, the system generates a Message Authentication Code of
`the first 32 bytes of the NVM data that was stored in memory
`12, using the same key that the manufacturer used to create
`the MACstored in bytes 32-39 in NVM 20.In step 414, the
`system compares the MACstored in memory 12 from bytes
`32-39 of the NVM 20 data with the MAC generatedin step
`412. If the MACs do not compare, then the NVM 20 data is
`not valid and the device 16 cannot be used and the system
`aborts in step 416. If the MACs do compare, the system, in
`step 418, reads the chip ID from the chip ID register 18 into
`CPU 14. Next, in step 420, the system compares the chip ID
`field from bytes 16—23 of the NVM data stored in memory
`12 with the chip ID field read from chip ID register 18 read
`in step 418. If the fields compare, then the NVM datais valid
`and system operation is granted in step 422; otherwise the
`NVM data has been copied from another system (because
`the MAC wasgood, it had to have been copied from another
`system) and the device cannot be used and the system aborts
`in step 416.
`While the invention has been particularly shown and
`described with reference to a preferred embodiment, it will
`be understood by those skilled in the art that various changes
`in form and detail may be made therein without departing
`from the spirit and scope of the invention.
`I claim:
`1. In a computer system comprising a central processing
`unit (CPU) coupled to a programmable memory, which may
`store programs and instructions executable on said CPU. a
`system device, coupled to said CPU, and a non-volatile
`memory, coupled to said CPU, a system operation validator
`comprising:
`a chip identifier located in a chip identifier register within
`said system device;
`meansfor utilizing selected information stored within said
`non-volatile memory and said chip identifier to gener-
`ate a first encryption code associated with said system
`device;
`
`6
`an encryption key stored within said programmable
`memory;
`meansfor generating a second encryption code associated
`with said CPU using said encryption key, wherein said
`encryption codes must match for system operation
`validation;
`means for generating a second chip identifier associated
`with said CPU, wherein said chip identifiers must
`match for system operation validation.
`2. The invention according to claim 1 wherein said system
`device is a field-replaceable unit and said chip identifier is a
`chip serial number and said non-volatile memory is a
`semiconductor-type device.
`3. The invention according to claim 1 wherein said chip
`identifier is a chip serial number and said non-volatile
`memory is a magnetic media-type device.
`4. The invention according to claim 1 wherein said chip
`identifier is a chip serial number and said non-volatile
`memory is an optical-type device.
`5. The invention according to claim 1 wherein said chip
`identifier is a chip serial number and said non-volatile
`memory is a tape-drive device with said information being
`stored as microcode on a tape.
`6. The invention according to claim 1 wherein said
`encryption codes are comprised of message authentication
`codes.
`7. In a computer system comprising a central processing
`unit (CPU) coupled to a programmable memory, which may
`store programs andinstructions executable on said CPU. a
`system device, coupled to said CPU. and a non-volatile
`memory, coupled to said CPU. a method for validating
`system operation comprising the stepsof:
`locating a chip identifier within in a chip identifier register
`within said system device;
`utilizing selected information stored with said non-
`volatile memory and said chip identifier to generate a
`first encryption code associated with said system
`device;
`generating a second encryption code associated with said
`CPU using an encryption key;
`determining whether said encryption codes match for
`system operation validation;
`upon matching said encryption codes, generating a second
`chip identifier associated with said CPU;
`determining whether said chip identifiers match for sys-
`tem operation validation;
`upon matching said chip identifiers. granting system
`operation.
`8. The invention according to claim 7 wherein said system
`device is a field-replaceable unit and said chip identifier is a
`chip serial number and said non-volatile memory is an
`EPROM-type device.
`9. The invention according to claim 7 wherein said chip
`identifier is a chip serial number and said non-volatile
`memory is a DASD-type device.
`10. The invention according to claim 7 wherein said chip
`identifier is a chip serial number and said non-volatile
`memory is a tape-drive device with said information being
`stored as microcode on a tape.
`11. The invention according to claim 7 wherein said
`encryption codes are comprised of message authentication
`codes.
`
`10
`
`15
`
`20
`
`25
`
`35
`
`45
`
`50
`
`55
`
`65
`
`