The present disclosure relates generally to generating identifiers for a computing environment. More particularly, the present disclosure relates to generating an identifier for a collection of assets in a computing environment, in a change-tolerant manner, using an error-correction scheme.
Many protection technologies for computer systems need a mechanism to robustly identify the system on which a software application is running. This is generally accomplished by reading out device identifiers from various assets of the system, such as hardware devices (motherboard parameters, BIOS, MAC address, hard disk, CD/DVD player, graphics card, I/O controllers) that are integrated into the system. These device identifiers are then combined into an identifier of the system. A simple way to derive such an identifier is by applying an exclusive-or (XOR) to all device identifiers.
As computer hardware parts, or other assets, change, such as due to replacement and repairs, a method to determine the system identifier needs to accommodate occasional changes to the device identifiers. One way of supporting hardware updates is by allowing a small number device identifiers to change while still generating the same system identifier. A known way to achieve this is by recording the unique device identifiers during an initialization phase and, during the identifier calculation phase, comparing the recorded parameters with the actual parameters. If a sufficient match exists, the recorded parameters are used to obtain the system identifier.
There are other methods that derive a system identifier from a collection of contributing pieces of information that may change over time. Although based on different contributing information, such methods also need to accommodate changes to the contributing information without changing the calculated identifier. As in the system described above, the method consists of recording the contributing information, comparing the recorded information with actual information, and enabling use of the system if a sufficient match exists between the actual information and the recorded information.
One problem with such methods is that the comparison of the recorded device identifiers with the retrieved parameters is sensitive to attacks. The presence of the recorded device identifiers is the key enabler for these attacks. It is, therefore, desirable to provide a method of generating a system identifier that is tolerant of changes in the computing environment, while being resistant to malicious attacks.