Method and apparatus for producing computer platform fingerprints
First Claim
1. A method of identifying a computer system comprising the steps of:
- generating a first fingerprint for a first computer system using a plurality of computer system traits;
generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and
comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for computer platform identification. According to the method, a first fingerprint is generated using a plurality of computer system traits. A second fingerprint is generated on an unidentified computer and then compared to the first fingerprint. This comparison results in a value representing a probability that the unidentified computer system is the same computer system which generated the first fingerprint. A system disclosed includes a processor which is coupled to memory by a bus. The memory contains a first routine which retrieves a plurality of system traits to form a first fingerprint. The memory also contains a second routine which retrieves the first fingerprint and compares the first fingerprint to a second fingerprint.
-
Citations
30 Claims
-
1. A method of identifying a computer system comprising the steps of:
-
generating a first fingerprint for a first computer system using a plurality of computer system traits; generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of identifying an unidentified computer system comprising the steps of:
-
sampling a plurality of trait values of said unidentified computer system; comparing said plurality of trait values with a plurality of template values from a known computer system to generate a comparator output value; and deciding whether said unidentified computer system is said known computer system by comparing the comparator output value to a threshold value. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of identifying a computer system comprising the steps of:
-
sampling a plurality of traits of an unidentified computer system, said plurality of traits being represented by a plurality of values Vi ; comparing said plurality of values Vi with a plurality of stored template values Ri to generate a plurality of comparison values Δ
i ;normalizing said plurality of comparison values Δ
i using a trait specific prediction function β
i to generate a plurality of normalized values β
i (Δ
i);weighting each of said plurality of normalized values with a relative reliability factor ω
i to generate a plurality of weighted values ω
i β
i (Δ
i);summing said plurality of weighted values to form a comparator output value K; and deciding whether said unidentified computer system is a known computer system by comparing said comparator output value K to a threshold value.
-
-
22. A method of generating a computer fingerprint, comprising the steps of:
-
sampling a plurality of values representing computer system traits; encrypting said plurality of values to form an encrypted fingerprint by generating a section of self modifying code storing said plurality of values in a first fingerprint representing computer system traits; and storing said encrypted fingerprint. - View Dependent Claims (23)
-
-
24. A method of comparing computer system fingerprints comprising the steps of:
-
retrieving a plurality of template values representing a known machine; sampling a plurality of trait values representing a second machine; and summing a plurality of weighted prediction function values, each of said plurality of weighted prediction function values being a function of a difference between a corresponding member of said plurality of template values and said plurality of trait values.
-
-
25. A computer system comprising:
-
a processor; a bus; a memory coupled to said processor by said bus, said memory containing; a first routine which, when executed by the processor, retrieves a plurality of system traits to form a first system fingerprint; and a second routine which, when executed by the processor, retrieves said first system fingerprint, forms a second system fingerprint, and compares said first system fingerprint and said second system fingerprint to develop a value representing a probability that said first system fingerprint matches said second system fingerprint. - View Dependent Claims (26, 27)
-
-
28. An article comprising a machine readable medium that stores instructions which, when executed by a machine, cause the machine to perform operations comprising:
-
generating a first fingerprint for a first computer system using a plurality of computer system traits; generating a second fingerprint for an unidentified computer system using said plurality of computer system traits; and comparing said first fingerprint and said second fingerprint to determine a value representing a probability that said unidentified computer system is said first computer system. - View Dependent Claims (29, 30)
-
Specification