In many computing applications, it is often necessary or desirable to use a code that uniquely identifies a device. For example, in Digital Rights Management (DRM) systems, which enforce rights to content (e.g., audio, video, text, software, etc.), the rights are typically tied to a particular device (i.e., the content is usable only on a particular device), in which case it is necessary or convenient to identify the device by a unique (or substantially unique) identification code.
In cases where a device is manufactured for this purpose, many hardware techniques exist for ensuring that the device is identifiable by a unique, unalterable machine identification (MID). For example, an MID is usually placed in hardware in a tamper-resistant way (such as by burning the MID into the device's processor or into a built-in ROM, non-erasably encoding the MID on a built-in disk, using a smart card dongle, or using permanent electronic serial numbers encoded on the device's components, etc.).
Many devices, however, do not have a built-in unique MID, or hardware from which one can be derived. For example, most handheld computers (e.g., PocketPC computers, Palm computers, etc.) are built from identical hardware that has no built-in unique identifiers. In such cases, it may be necessary to uniquely identify such a device, even if the device does not have any built-in unique identifiers.
Most software approaches to creating an MID yield an MID that can be altered, duplicated or set by a device's user, making these MIDs untenable for security use. An MID that can be changed without detection invites “spoofing” of the device that the MID is supposed to identify, thus allowing an interloper to obtain access to data or use of software that is supposed to be restricted to one device having a particular MID. Conventional software-based MIDs typically have the drawback that the software that creates them generally duplicates the same MID if the software is simply run again on the same machine or on a different machine, allowing anyone who obtains the software to spoof the MID. Other deficiencies in software-created MIDs are their inability to survive a warm-boot (i.e., where the operating system (O/S) is restarted, but user data is not erased), and lack of techniques for using an MID in a manner that allows a change in the MID by a nefarious user to be detected.
The present invention overcomes the drawbacks of the prior art.