1. Field of the Invention
The field of the invention comprises electronic fingerprinting methods for identifying computers and other electronic devices.
2. Scope and Usage of Certain Terms
The following lexicon sets forth the intended scope and meaning of certain terms and concepts used herein. Examples provided in this lexicon are intended to clarify and not to limit the meaning of the respective term. The definitions set forth here include the plural and grammatical variations of the terms defined. Unless otherwise noted, meanings of terms not included in this lexicon are to be determined by reference to first the specification and then, if necessary, the American Heritage Dictionary of the English Language, Third Edition, Houghton Mifflin Co., 1992, ver. 3.6p.
Electronic device—a device of the type having a case or cabinet and comprising at least one component within the case or cabinet whose operation depends on the controlled conduction of charge-carriers through the component. By way of example, but without limitation, Electronic device includes computers, computer accessories, video monitors, DVD and CD players and recorders, radios, televisions, magnetic recording and/or play-back devices, optical recording and/or playback devices.
Identify and ID—when used with respect to electronic devices, “identify” refers to 1) the act of ascertaining definitive characteristics of a particular electronic device; 2) the act of determining the particular electronic device from which ID data or fingerprints originate; and/or 3) the act of distinguishing a particular electronic device from all other electronic devices. “ID” refers to an identifying means or process based on a unique data representation, trait, or characteristic.
Idiosyncratic—traits, characteristics, and/or features of an individual electronic device that are sufficiently unique or peculiar, either alone or in combination, that they can be used to identify that electronic device. The degree of uniqueness or peculiarity implied by the term will be understood by those skilled in the art as being a function of the objectives, requirements, and specifications of the particular implementation of the invention, as discussed below. Unless explicitly modified, the term is not limited to any specific type or domain of feature, trait, or characteristic, but may be applied to, by way of example, emissions, intangible features or identifiers, component traits and specifications, performance characteristics, arbitrary alphanumeric identifiers, and the like.
Emission—refers to radiations, vibrations, and other emanations of one or more components of an electronic device. When used without modification, the term is intended to be understood in its broadest sense, without any limitation as to energy type, wavelength, speed of propagation, or other physical characteristics. By way of example, the term “emission” includes electromagnetic (EM) radiations, including radio-frequency (“RF”) emissions, and vibrational emissions, such as acoustic waves produced, by electronic devices.
Emissions ID data and non-emissions ID data—“Emissions ID data” refers to data representative of and/or derived from idiosyncratic emissions produced by the electronic device being identified. “Non-emissions ID data” refers to idiosyncratic data used to identify electronic devices wherein the data are not derived from emissions. Examples of non-emissions ID data include alphanumeric identifiers for hardware and software, component specifications, performance characteristics, and the like.
Electronic fingerprint—a data representation of an idiosyncratic feature of an electronic device. “Electronic fingerprint” is a generic term that encompasses both non-emissions electronic fingerprints and emissions fingerprints (defined below). Verb forms of “electronic fingerprint” refer to a process of obtaining an electronic fingerprint.
Emissions and non-emissions fingerprints—“Emissions fingerprint” refers to an electronic fingerprint derived from emissions ID data. A “non-emissions fingerprint” is an electronic fingerprint derived from non-emissions ID data. A non-emissions fingerprint may also be referred to herein as a “conventional electronic fingerprint.”
Collecting or acquiring emissions—to receive or detect emissions by a means, and in a manner, that produces an analog or digital representation of the emissions received or detected.
Signature—a compound data structure composed of a plurality of electronic fingerprints and/or non-electronic ID data such as encryption keys, passwords, and biometric data.
3. Statement of the Problem Solved by the Invention
The primary technical problem solved by the present invention is how to exploit the physical characteristics of an electronic device to obtain reliable and efficient electronic fingerprints and signatures from that device with a minimum of inconvenience to the end-user.
In virtually all fields of endeavor that employ electronic devices, there are situations in which it is desirable or necessary to be able to identify individual electronic devices. At the most basic level this is done simply by affixing a label bearing a unique alphanumeric identifier to the electronic device. However, for many applications, including many consumer and security applications, a far more sophisticated means of identifying electronic devices is required. For example, in the commercial software market, vendors often wish to restrict the use of a software program to an individual computer for which the program is licensed, thereby “locking-down” the program to a specific device. In such situations, there must be a means for identifying, often remotely or over the Internet, the individual computer as one that has permission to run the vendor's application. Similarly, vendors of audio-visual materials often wish to be able to lock-down their materials to a single electronic device that has been licensed to play the material, and yet do so in a way that is entirely transparent or minimally disruptive to the end-user.
The problem of identifying electronic devices is also commonly encountered in the design and implementation of secure computer systems. Computer security requires that executables, web sites, data/databases, and computer networks be maintained in a way that allows only specified individuals or specified computers to gain access to the protected executables, web sites, data, and networks. The importance of computer security to the nation is reflected by recent government interest in the subject. The Under Secretary of Defense for Acquisition, Technology, and Logistics has launched the Software Protection Initiative (SPI) as a means to prevent the unauthorized distribution and exploitation of national security application software by adversaries of the United States. The focus of SPI is to improve protection methods for critical scientific, engineering, and modeling and simulation software running on computing platforms ranging from desktops through supercomputers. In particular, SPI has identified key software technologies as vital technology resources for the national security and defense of the United States.
SPI, and computer security in general, encompass a broad range of issues and a broad range of requirements. The most vital and problematic aspect of computer security is protecting computers against malicious remote attacks, which often deny service to computer resources, provide the attacker with unauthorized access to computing resources or sensitive data, or destroy data. Such attacks often take the form of a virus or internet worm.
4. Existing Art
Solutions to the foregoing problems generally require the acquisition of a capability for identifying individual electronic devices. The current state of the art for achieving this capability includes, inter alia, (1) licensing protocols, (2) hardware dongles, (3) disk drive volume ID's and (4) encrypted CPU IDs. All of these methods have relative advantages, but any of these methods when used alone can be compromised with moderate effort—even combinations of these methods can be compromised by a knowledgeable and well-funded attacker. As a result, there has been intense interest in the security community in obtaining high quality idiosyncratic fingerprints and signatures from electronic devices, particularly fingerprints and signatures that are substantially invariant over the operating life of the device. The concept of a fingerprint or signature for computer identification provides a basis for an authentication method that overcomes many of the deficiencies of current approaches.
a. Electronic Fingerprints and Signatures Art
Electronic fingerprinting is a general term encompassing many diverse methods of producing or acquiring a code—the electronic fingerprint—that is peculiar to a specific computer or other electronic device. An electronic fingerprint can be used to prevent access to the device by anyone who cannot reproduce the code. Alternatively, an electronic fingerprint may be transmitted to and stored in remote devices that can then use the fingerprint to identify the device from which it originated. For instance, the systems administrator of a network can use a directory of electronic fingerprints when polling computers attached to the network in order to detect unauthorized connections. Once obtained, electronic fingerprints can be employed in a great number of different ways to maintain the security of individual machines or entire networks.
Given the impressive potential utility of electronic fingerprinting, many solutions have been proposed to solve the problem of how to produce efficient and robust electronic fingerprints. The general approach is to identify one or more features or traits of the electronic device to be protected and then represent those traits in a digital format that can be manipulated, encrypted, stored, transmitted, and subjected to interrogation and verification. To be useful, an electronic fingerprint must be idiosyncratic—that is it must be a sufficiently unique representation of the electronic device to provide the level of security required. Of course, the level of uniqueness that is required will depend on the situation. In some situations it is necessary to be able to distinguish one individual device from all others—absolute identity. In other situations it is sufficient to identify one or more electronic devices as members of a defined class—for instance, identifying computers using a particular version of an operating system or identifying all computers connected to a network.
For most applications a single ID trait or characteristic is not sufficiently unique for electronic fingerprinting; therefore, electronic signatures are often constructed from a plurality of fingerprints and other ID traits which, when taken together, provide a sufficient level of uniqueness. Traits that are commonly combined to produce electronic signatures include alphanumeric identifiers arbitrarily assigned to one or more components of the electronic device; code segments embedded into operating systems, drivers, or other software; performance characteristics—baud rates for modems, clock rates for CPU's, spin rates for DVD players/recorders. Most of these characteristics used alone can be easily hacked by interrogating the system or the component; however, by combining a number of such characteristics and by employing encryption/authentication processes, it is possible to derive an electronic signature that is reasonably unique for the electronic device.
U.S. Pat. No. 6,148,407 to Aucksmith is representative of the foregoing approach of deriving and employing electronic signatures for computers from a plurality of standard traits. Aucksmith discloses the use of traits such as processor ID, cache ID, memory controller, BIOS version, Ethernet address, and CD-ROM type. The traits chosen are converted to discrete digital reference values, which are then combined into an aggregate signature. This signature can then be encrypted, stored, transmitted, manipulated, and interrogated. An agent, entity, or software application that “knows” the signature, the encryption technique, and the storage location can interrogate the computer on the basis of its signature to determine whether or not the computer has access rights to the application, data, or network being protected.
b. Electronic Device Emissions Art
It is well known that many electronic components—such as CPU's, buses, drives, motors, clocks—produce EM emissions, most commonly in the RF portion of the EM spectrum. In addition, some electronic components—such as fans and motors—produce vibrational emissions, which may be in the human audible frequency range or may be above or below that range. Such EM and vibrational emissions are generally considered to be a bane of good electronic design. For instance, the Federal Communications Commission regulates, and often prohibits, the use of many consumer electronic products in airplanes because the RF emissions of the devices can interfere with radio communications or navigational instruments that are necessary for the safety of the aircraft. It is also generally considered advantageous to mitigate vibrational emissions, many of which are annoying to the user. Thus, much of the literature related to EM and vibrational emissions from electronic devices is devoted to ways to eliminate or reduce such emissions. For example, U.S. Pat. No. 6,538,524 to Miller advocates electrically lossy transmission system to reduce RF emissions in computers. And U.S. Pat. Nos. 6,489,402 to Ohyama et al. and 6,468,451 describe advances in vibrational and acoustic insulation used in electronic devices.