1. Field
The present invention relates generally to security in computing environments, and more particularly, to a method and apparatus for detection of tampering attacks against systems that use computing environments for identification purposes.
2. Background
Using a non-user configurable environment of a computing system has become a popular way of authenticating devices that run security programs as well as for managing the valid use of copy controlled and licensed software.
The use of parameter information to build a unique identity for that computing system is typically deployed in the software publishing and digital rights management industry. One common term used to describe the process is called hardware fingerprinting.
One of the important improvements to hardware fingerprinting is the concept of tolerance, which allows the computing system to tolerate a small number of changes to its environment without triggering a failure. A failure of the process occurs when the protected software detects that it is in use on a new or unknown device and therefore requires re-authentication.
The practice known as tolerance involves making queries to multiple device parameters and making a weighted and or prioritized decision about how many of those parameters are allowed to change before the controlling software decides to treat the computing environment as a new and unknown system requiring manual re-authentication.
The hardware fingerprinting system may be circumvented, however, if a rogue entity is able to interfere with the detection process of the protected software. For example, the rogue entity may emulate the hardware fingerprint of the original computing environment to fool the protected software to think that it is executing in the original computing environment.