Method and apparatus for producing computer platform fingerprints

US 6,148,407 A
Filed: 09/30/1997
Issued: 11/14/2000
Est. Priority Date: 09/30/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of identifying a computer system comprising the steps of:

generating a first fingerprint for a first computer system using a plurality of computer system traits;

generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and

comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for computer platform identification. According to the method, a first fingerprint is generated using a plurality of computer system traits. A second fingerprint is generated on an unidentified computer and then compared to the first fingerprint. This comparison results in a value representing a probability that the unidentified computer system is the same computer system which generated the first fingerprint. A system disclosed includes a processor which is coupled to memory by a bus. The memory contains a first routine which retrieves a plurality of system traits to form a first fingerprint. The memory also contains a second routine which retrieves the first fingerprint and compares the first fingerprint to a second fingerprint.

Citations

30 Claims

1. A method of identifying a computer system comprising the steps of:
- generating a first fingerprint for a first computer system using a plurality of computer system traits;
  
  generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and
  
  comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising, before the step of generating said second fingerprint, the steps of:
    - storing said first fingerprint;
      
      beginning an activity requiring fingerprint verification; and
      
      retrieving said first fingerprint.
  - 3. The method of claim 2 wherein the step of storing further comprises the steps of:
    - encrypting said first fingerprint to form an encrypted fingerprint; and
      
      writing said first fingerprint to a non-volatile storage device.
  - 4. The method of claim 3 wherein the step of comparing further comprises the steps of:
    - generating a weighted sum of differences between a plurality of corresponding values comprising said first fingerprint and said second fingerprint; and
      
      comparing said weighted sum to a threshold value.
  - 5. The method of claim 3 wherein said step of generating said first fingerprint further comprises:
    - sampling at least one of a constant trait, a membership trait, a revision trait, and a performance trait.
  - 6. The method of claim 1 wherein said step of comparing further comprises the steps of:
    - assigning a highest prediction function value if a trait value in said first fingerprint equals said trait value in said second fingerprint; and
      
      using said highest prediction function value in determining said value representing said probability that said unidentified computer system is said first computer system.
  - 7. The method of claim 1 wherein said step of comparing further comprises the step of:
    - applying a plurality of prediction functions to a plurality of differences between a plurality of traits in said first fingerprint and a plurality of corresponding traits in said second fingerprint.
  - 8. The method of claim 7 wherein said step of applying further comprises the step of using a plurality of prediction equation classes, each of said plurality of prediction equation classes having at least one parameter which varies based on which trait is being compared.
  - 9. The method of claim 1 wherein said step of comparing further comprises the steps of:
    - assigning a prediction function value which is less than half a highest prediction function value if a value representing a trait in said first fingerprint is not equal to a corresponding value in said second fingerprint and said trait is a constant trait; and
      
      using said prediction function value in determining said value representing said probability that said unidentified computer system is said first computer system.
  - 10. The method of claim 1 wherein said step of comparing further comprises the steps of:
    - assigning a prediction function value that is greater than one half a highest prediction function value if a value representing a trait in said first fingerprint is not equal to a corresponding value in said second fingerprint and said trait is a membership trait; and
      
      using said prediction function value in determining said value representing said probability that said unidentified computer system is said first computer system.
  - 11. The method of claim 1 wherein said step of comparing further comprises the steps of:
    - assigning a prediction function value that is linearly increasing to a value of less than one half a highest prediction function value if a value representing a trait in said first fingerprint is less than a corresponding value in said second fingerprint and said trait is a revision trait;
      
      assigning a prediction function value that linearly decreasing to approximately one half said highest prediction function value if said value representing said trait in said first fingerprint is greater than said corresponding value in said second fingerprint and said trait is a revision trait; and
      
      using said prediction function value in determining said value representing said probability that said unidentified computer system is said first computer system.
  - 12. The method of claim 1 wherein said step of comparing further comprises the steps of:
    - assigning a prediction function value that is exponentially increasing to a value of approximately one half a highest prediction function value if a value representing a trait in said first fingerprint is less than a corresponding value in said second fingerprint and said trait is a performance trait;
      
      assigning a prediction function value that forms a parabolic function having endpoints greater than one half said highest prediction function value if said value representing said trait in said first fingerprint is greater than said corresponding value in said second fingerprint and said trait is a performance trait; and
      
      using said prediction function value in determining said value representing said probability that said unidentified computer system is said first computer system.

13. A method of identifying an unidentified computer system comprising the steps of:
- sampling a plurality of trait values of said unidentified computer system;
  
  comparing said plurality of trait values with a plurality of template values from a known computer system to generate a comparator output value; and
  
  deciding whether said unidentified computer system is said known computer system by comparing the comparator output value to a threshold value.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the step of comparing further comprises the steps of:
    - comparing said plurality of traits values with said plurality of template values to generate a plurality of comparison values;
      
      weighting said plurality of comparison values using a plurality of weights.
  - 15. The method of claim 14 wherein said step of weighting further comprises the steps of:
    - normalizing said plurality of comparison values using a trait specific prediction function to generate a plurality of normalized values; and
      
      weighting each of said plurality of normalized values with a relative reliability factor to generate a plurality of weighted values; and
      
      summing said plurality of weighted values to form said comparator output value.
  - 16. The method of claim 15 wherein the step of summing further comprises the step of summing each of said plurality of weighted values as said plurality of weighted values are formed by the steps of comparing, normalizing, and weighting.
  - 17. The method of claim 13 wherein the step of sampling further comprises the steps of:
    - determining a plurality of actual trait values; and
      
      converting said plurality of actual trait values to said plurality of trait values which are numeric trait values.
  - 18. The method of claim 17 wherein the step of determining said plurality of actual trait values comprises the step of calling an operating system routine which tests a system characteristic to determine each actual trait value.
  - 19. The method of claim 17 wherein the step of converting comprises the steps of:
    - scaling an ordered trait according to a monotonic function; and
      
      translating a non-ordered trait into a random discrete value.
  - 20. The method of claim 13, further comprising the steps of:
    - indicating said unidentified computer system is said known computer system if said comparator output value is greater than said threshold value; and
      
      indicating said unidentified system is not said known computer system if said comparator output value is less than said threshold value.

21. A method of identifying a computer system comprising the steps of:
- sampling a plurality of traits of an unidentified computer system, said plurality of traits being represented by a plurality of values V_i ;
  
  comparing said plurality of values V_i with a plurality of stored template values R_i to generate a plurality of comparison values Δ
  
  _i ;
  
  normalizing said plurality of comparison values Δ
  
  _i using a trait specific prediction function β
  
  _i to generate a plurality of normalized values β
  
  _i (Δ
  
  _i);
  
  weighting each of said plurality of normalized values with a relative reliability factor ω
  
  _i to generate a plurality of weighted values ω
  
  _i β
  
  _i (Δ
  
  _i);
  
  summing said plurality of weighted values to form a comparator output value K; and
  
  deciding whether said unidentified computer system is a known computer system by comparing said comparator output value K to a threshold value.

22. A method of generating a computer fingerprint, comprising the steps of:
- sampling a plurality of values representing computer system traits;
  
  encrypting said plurality of values to form an encrypted fingerprint by generating a section of self modifying code storing said plurality of values in a first fingerprint representing computer system traits; and
  
  storing said encrypted fingerprint.
- View Dependent Claims (23)
- - 23. The method of claim 22 further comprising:
    - generating a second fingerprint for an unidentified computer system using said plurality of computer system traits;
      
      decoding said encrypted fingerprint to recover said first fingerprint; and
      
      comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system generated said first fingerprint.

24. A method of comparing computer system fingerprints comprising the steps of:
- retrieving a plurality of template values representing a known machine;
  
  sampling a plurality of trait values representing a second machine; and
  
  summing a plurality of weighted prediction function values, each of said plurality of weighted prediction function values being a function of a difference between a corresponding member of said plurality of template values and said plurality of trait values.

25. A computer system comprising:
- a processor;
  
  a bus;
  
  a memory coupled to said processor by said bus, said memory containing;
  
  a first routine which, when executed by the processor, retrieves a plurality of system traits to form a first system fingerprint; and
  
  a second routine which, when executed by the processor, retrieves said first system fingerprint, forms a second system fingerprint, and compares said first system fingerprint and said second system fingerprint to develop a value representing a probability that said first system fingerprint matches said second system fingerprint.
- View Dependent Claims (26, 27)
- - 26. The computer system of claim 25 further comprising:
    - a plurality of computer system components, a subset of said plurality of computer system components having an identifying trait, wherein said plurality of system traits retrieved by said first routine include said identifying trait of each of subset of said plurality of computer system components.
  - 27. The computer system of claim 26 wherein said plurality of computer system components comprises:
    - a plurality of hardware components having a plurality of hardware traits forming a first portion of said plurality of system traits; and
      
      a plurality of software components having a plurality of software traits and a plurality of software preferences forming a second portion of said plurality of system traits.

28. An article comprising a machine readable medium that stores instructions which, when executed by a machine, cause the machine to perform operations comprising:
- generating a first fingerprint for a first computer system using a plurality of computer system traits;
  
  generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and
  
  comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system.
- View Dependent Claims (29, 30)
- - 29. The article of claim 28 wherein the machine readable medium stores further instructions which, when executed by a machine, cause the machine to perform comparing operations comprising:
    - generating a weighted sum of differences between a plurality of corresponding values comprising said first fingerprint and said second fingerprint; and
      
      comparing said weighted sum to a threshold value.
  - 30. The article of claim 28 wherein the machine readable medium stores further instructions which, when executed by a machine, cause the machine to perform comparing operations comprising:
    - applying a plurality of prediction functions to a plurality of differences between a plurality of traits in said first fingerprint and a plurality of corresponding traits in said second fingerprint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Aucsmith, David
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Smithers, Matthew

Application Number

US08/941,146
Time in Patent Office

1,141 Days
Field of Search

380/4, 380/23, 382/124, 382/125, 713/200, 713/202
US Class Current

726/16
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

G06V 20/80   Recognising image objects c...

Method and apparatus for producing computer platform fingerprints

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for producing computer platform fingerprints

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links