Computers and digital devices (for example, cellular phones, laptops, mp3 players, and the like), collectively “computing systems”, are becoming an essential part of today's world. Many people find it hard to go anywhere without having their personal digital devices. In the past few years advancements in digital technology have transferred various digital devices from simple single task gadgets into a complete computing platform. As more and more people use different digital devices to access and process sensitive information such as bank accounts, health records, and the like, it becomes vital to uniquely identify the devices used to access this sensitive information in order to enforce secure access policies.
Due to the physical nature of computing systems, the laws of physics ensure that these systems will have differences in their physical structure even when they are built to be identical. This phenomenon is referred to as “manufacturing variability” and is a major source of concern for manufacturers striving to produce identical devices.
A large number of physical devices have been shown to contain some type of a fingerprint, used to distinguish one physical device from another. Examples of such devices are digital circuits, CDs, and regular writing paper. In general, prior art fingerprinting techniques take advantage of the manufacturing variability left during the manufacturing process. However, it is now understood that no manufacturing process produces 100% identical devices, even when these devices are extremely small and sit right next to each other in the manufacturing space.
In accordance with the present system and method, the inherent manufacturing variability of components is used to extract unique identifiers (sometimes referred to herein as “fingerprints”) for individual computing systems. Utilizing the manufacturing variability, identifying strings are determined which can aid various cryptographic operations. The identifying strings are determined pursuant to a software- (or firmware-) controlled operation of the computer system, without changing or adding anything to the pre-existing hardware structure of the computing system. Using this approach, the software and, more particularly, the method performed by the operational steps controlled by the software, detects and processes the manufacturing variability without manipulating the hardware or changing the original design of the computing, but rather by running special software that can extract and utilize the manufacturing variability for identification purposes using the information naturally available to an operating system running on a computing system.
Using such an approach represents substantial advancement over prior art attempts to generate fingerprints, which attempts require changes to the hardware of the computing systems or even changes to the data which is collected from the hardware. In the prior art, such changes include adding new chips to the computing system, changing the design of the used chips, adding an external specialized device to aid with the extraction of a unique identifier, or even requiring the hardware to perform measurements which typically are not provided to an operating system. In contrast, the present method does not require any change to the hardware of a standard computing system, that is, one which has not been equipped with special hardware to extract device-specific strings. Instead, for computing systems, all that is required to extract these computing system-specific identifiers, is an installation of specialized software carrying out steps in accordance with the method described herein. Moreover, by applying the present extraction techniques described herein, unique identifiers are extracted which enjoy noise-free qualities with high entropy, thus enabling direct usage of extracted values in cryptographic protocols and security applications.