This invention relates to use of an adaptive system profile, and more particularly to regeneration of a system-specific quantity using the system profile.
There are situations in which a software component executing on a device, such as a computer, desires to determine if the device is the same device on which it previously executed. For example, the software component may have been licensed for use on a single computer, and when the software component is executed at later times, the licensing of the host computer needs to be checked. One approach is to form a system profile of the computer, for example, based on types of components, specific serial numbers, etc. on the computer.
In related situations, a server computer may desire to determine if a client computer is the same computer with which it has previously communicated. One approach currently used is for the server computer to cause a quantity to be stored on the computer (e.g., as a browser “cookie”) and later retrieval of the same quantity may indicate that the computer is the same. In another approach, a quantity related to the client computer, for instance a system profile of the client computer, is provided to the server computer and that profile is regenerated in different sessions to determine whether they match and therefore that the client computers are the same.
If the system profile is used as the basis of cryptographic operations that combines identifiers of one or more components, for example, using a key generation procedure, a change in the system profile, for example, based on replacement of a component of the system, may result in an invalid key being generated, and a computer that should have been declared to be the same as in a previous session is declared to be different.
Device recognition via hardware fingerprints is a well studied problem. In some devices special hardware chips are implemented to achieve this goal but such security chips are currently not included in most computing devices used in the market. Furthermore also for these chips mechanisms are required to assure that the chip is still integrated in the same hardware environment.
In general a significant problem is to keep the device fingerprint stable under changes to the system (like exchange and degrading of hardware components). If the device is not recognized after the exchange of e.g. a memory card expensive and time consuming procedures are required to solve this problem e.g. via a call center.