The use of computers and other data processing equipment to process information and perform communication has been widespread for many years and continues to become more and more prevalent. Computers are increasingly used to transfer private data, including data used to perform financial transactions involving significant sums. Privacy and authentication is vitally important in such transactions. It is highly undesirable for an unauthorized party to successfully imitate an owner of a checking account or brokerage account and gain the opportunity to conduct unauthorized transactions.
Encryption is commonly used to protect information during transactions conducted by computers, but encryption does not necessarily provide authentication. Even in cases where the financial entity servicing the account authenticates itself through the use of a certificate, the customer owning the account is typically authenticated through the use of a username and a password. It is often possible for a skilled attacker to gain access to a user's private passwords and other authentication information. Such information may even be gathered by various Internet services which monitor a user's Internet activities in order to provide services and conveniences for the user. Once this information is gathered, it is subject to being attacked, and if the service which gathered the information employs inadequate security precautions, private information of hundreds or thousands of users may fall into the hands of unauthorized persons.
If a proper username and password are supplied, it is impossible for an entity such as a financial institution operating an online banking service or the like to know that the username and password were supplied by an unauthorized user. Improved security procedures are sorely needed for protection of customer financial and other transactions.
The typical computer presently in use possesses many unique features. Even computers from the same manufacturer and of the same model possess differing features, such as surface characteristics of hard disks and the like. Once computers are placed into service, their characteristics diverge more and more, due to differing amounts of wear, different data written to and erased from the memory and hard disk and other features which are altered by use, such as differences caused by differing frequency of running of defragmentation programs and errors in storage of data, such as lost clusters and the like. If data could be extracted based on the unique features of a computer, this data could be used to authenticate the computer to a remote server or entity.
In addition, unique features of a computer or other data processing equipment could be used to provide control over software execution, or encryption of customer data. Many consumer applications involve the use of software in which the distributor gives physical possession of the software media to a consumer, but wishes to continue to exert control over the use of the software. This may occur, for example, when a vendor wishes to distribute a digital video disc (DVD) to a consumer and to allow only limited use of the disc, such as playing it only on a single player or for a specified number of plays. Other applications involve the use of software or data which is confidential in nature, such as consumer credit or debit card information. It may be advantageous for a consumer to have a database of credit card information stored on his or her own computer, but highly undesirable for someone else to be able to copy that information and view or use it on a different computer.
There exists, therefore, a need in the art for techniques which employ unique features of data processing systems to allow for authentication of a computer or other storage medium, for installation of software or data to a storage medium in a way which prevents proper operation if the software or data is copied to another storage medium without authorization, and for providing encryption for data installed to a storage medium, which will render the software or data unreadable if copied to a different storage medium.