Xref: utzoo comp.arch:7959 comp.edu:1944 comp.misc:4773 Path: utzoo!attcan!uunet!lll-winken!ncis.llnl.gov!helios.ee.lbl.gov!pasteur!ucbvax!decwrl!purdue!mailrus!uflorida!haven!aplcen!wb3ffv!tcsc3b2!pag From: pag@tcsc3b2.UUCP (Philip A. Gross) Newsgroups: comp.arch,comp.edu,comp.misc Subject: Re: built-in security features Summary: serial numbers recorded in EPROMS on motherboard Keywords: computer security, network security Message-ID: <356@tcsc3b2.UUCP> Date: 19 Jan 89 17:32:18 GMT References: <8846@nsc.nsc.com> <5995@polya.Stanford.EDU> <1804@maccs.McMaster.CA> <24102@amdcad.AMD.COM> Organization: The Computer Solution Co., Inc. of VA Lines: 59 In article <24102@amdcad.AMD.COM>, rpw3@amdcad.AMD.COM (Rob Warnock) writes: [...stuff deleted...] > Fortune Systems (yes, they still exist, as part of SCI) had a protection > scheme on their Unix systems which allowed user backups. Uninstalled software > was encrypted with a "global" key known only to Fortune. The act of installing > it -- using a protected (gencrypted) "install" program -- caused it to be > decrypted and re-encrypted with a key based on the CPU serial number (the > key was stored in a PAL on the motherboard). Thus once the software had been > "installed" on a given CPU, you could make as many copies as you like (back > it up, put it on a net server, etc.), but it would only run on the specific > CPU it had been "installed" on. > [...stuff deleted...] > Motherboard changes required moving the (socketed) security PAL. And a > damaged security PAL could be replaced [with a *lot* of questions asked, > as the PALs never broke!] from the factory, based on the serial number of > the CPU. (Oh, and the PAL stored not the actual serial number, but some > encrypted/checksummed function of the serial number.) > [...even more stuff deleted...] > More importantly, there was a program for 3rd-party software vendors so > they could have their disks "branded" by Fortune to make them one-time > installable. (You didn't *have* to use copy-protection, by the way. Things > compiled on a Fortune would run on any CPU unless specifically "branded".) > Physical security of uninstalled disks was an issue, as clearly any > uninstalled program disk was a single-use "blank check". (There were some > tricks played to prevent copying of uninstalled disks.) [...yet more stuff deleted...] The AT&T 3B2 line of computers as well as the NCR Towers make use of a what is generally called a firmware serial number that is kept on the motherboard. On the AT&T box, the serial number is recorded in one of four EPROMS on the motherboard. On the NCR box, it is recorded perhaps in some other manner. NCR makes use of it during the installation of the UNIX operating system, effectively locking the OS to the particular Tower it was installed on. While AT&T (from what I understand) doesn't make use of the firmware serial number in the installation of the UNIX operating system, they do provide a function call in 'C' which can be used to get, among other things, the firmware serial number. This can then be used during the installation of software to lock the software onto that particular box. In fact, the accounting software and 4GL database that we resale does this. ========================================+====================================== Philip A. Gross | The Computer Solution Co., Inc. | I haven't heard what I have 1009 Sycamore Square, P.O. Box 716 | to say about that yet. Midlothian, VA 23113-0716 | Voice: (804)794-3491 | ----------------------------------------+-------------------------------------- INTERNET: pag%tcsc3b2@wb3ffv.ampr.org USENET: ...!ames!haven!aplcen!wb3ffv!tcsc3b2!pag UUCP: tcsc3b2!pag (804)794-1514 ATTMAIL: attmail!tcsc3b2!pag ******************************************************************************* The opinions expressed here are strictly mine and nobody elses. ===============================================================================