Authentication of computing and communications hardware

US 8,726,407 B2
Filed: 10/13/2010
Issued: 05/13/2014
Est. Priority Date: 10/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a client device by executing encoded instructions configured to cause a computer to:

generate a current machine fingerprint for the client device comprising a processor and memory, at least in part by retrieving raw configuration data indicating current configuration states of hardware making up the client device and processing the data to generate the current machine fingerprint using less than an entirety of the raw configuration data retrieved from the hardware;

receive an identifier of the client device and from the client device through a computer network, wherein the identifier is separate from the current machine fingerprint;

use the identifier to obtain a previously generated and stored machine fingerprint associated with the identifier, wherein the stored machine fingerprint was generated using the entirety of the raw configuration data; and

provide an indication that the client device is authentic in response to determining that the current machine fingerprint matches the stored machine fingerprint;

wherein the current machine fingerprint matches the stored machine fingerprint if the configuration of the client device has not changed in any critical way since the stored fingerprint was generated.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a computing device or hardware component includes computer-implemented process steps for assigning a unique identifier to the hardware component, generating a baseline fingerprint for the hardware component using algorithm-processing characteristic configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, transmitting the identifier in association with the baseline fingerprint for storage in a computer-readable data structure, and generating a data signal, in response to a query comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component at a time after the baseline fingerprint is generated.

221 Citations

17 Claims

1. A method for authenticating a client device by executing encoded instructions configured to cause a computer to:
- generate a current machine fingerprint for the client device comprising a processor and memory, at least in part by retrieving raw configuration data indicating current configuration states of hardware making up the client device and processing the data to generate the current machine fingerprint using less than an entirety of the raw configuration data retrieved from the hardware;
  
  receive an identifier of the client device and from the client device through a computer network, wherein the identifier is separate from the current machine fingerprint;
  
  use the identifier to obtain a previously generated and stored machine fingerprint associated with the identifier, wherein the stored machine fingerprint was generated using the entirety of the raw configuration data; and
  
  provide an indication that the client device is authentic in response to determining that the current machine fingerprint matches the stored machine fingerprint;
  
  wherein the current machine fingerprint matches the stored machine fingerprint if the configuration of the client device has not changed in any critical way since the stored fingerprint was generated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising generating the machine fingerprint further determined by current configuration states of software stored on the client device.
  - 3. The method of claim 1, further comprising transmitting the identifier and the current machine fingerprint from the client device to a server for comparison to the stored machine fingerprint.
  - 4. The method of claim 3, further comprising encrypting the current machine fingerprint before transmitting to the server.
  - 5. The method of claim 1, wherein the current machine fingerprint is generated by a server in communication with the client device.
  - 6. The method of claim 5, further comprising retrieving, using the server, raw configuration data from the client device for use in generating the current machine fingerprint.
  - 7. The method of claim 6, further comprising transmitting an application from the server to the client, the application configured for retrieving the raw configuration data.
  - 8. The method of claim 1, further comprising providing an indication that the client device is not authentic in response to determining that the current machine fingerprint does not match the stored machine fingerprint.

9. A method for authenticating a hardware component by executing encoded instructions configured to cause a computer to:
- assign a unique identifier to the hardware component;
  
  generate a baseline fingerprint for the hardware component using an algorithm processing an entirety of raw configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, wherein the baseline fingerprint is separate from the identifier;
  
  transmit the identifier in association with the baseline fingerprint for storage in a computer-readable data structure; and
  
  generate a data signal, in response to a query from the hardware component through a computer network and comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the raw configuration data of the hardware component at a time after the baseline fingerprint is generated;
  
  wherein the second fingerprint is generated using less than an entirety of the raw configuration data of the hardware component; and
  
  wherein the stored baseline fingerprint matches the second fingerprint if the configuration of the hardware component has not changed in any critical way since the stored baseline fingerprint was generated.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising serving an application from a server in response to the query, the application configured to regenerate the second fingerprint on the hardware component and cause transmission of the second fingerprint to the server.
  - 11. The method of claim 10, wherein the application is further configured to delete the second fingerprint from the hardware component after the transmission of the second fingerprint and to go dormant.
  - 12. The method of claim 9, further comprising retrieving raw configuration data from the hardware component for use in regenerating the second fingerprint, in response to the query.
  - 13. The method of claim 12, further comprising regenerating the second fingerprint using less than an entirety of the determined raw configuration data retrieved from the hardware component.
  - 14. The method of claim 13, further comprising transmitting an application from a server to the hardware component in response to the query, the application configured for retrieving the raw configuration data.

15. A non-transitory computer-readable medium encoded with instructions configured to cause a computer to:
- generate a baseline fingerprint for a hardware component by processing an entirety of raw configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed;
  
  transmit the baseline fingerprint for storage in a computer-readable data structure in association with a unique identifier assigned to the hardware component, wherein the baseline fingerprint is separate from the identifier; and
  
  generate a data signal, in response to a query from the hardware component through a computer network and comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component subsequent to generation of the baseline fingerprint;
  
  wherein the encoded instructions are further configured to cause the computer to retrieve raw configuration data from the hardware component for use in regenerating the second fingerprint;
  
  wherein the encoded instructions are further configured to cause the computer to regenerate the second fingerprint using less than an entirety of the raw configuration data retrieved from the hardware component; and
  
  wherein the stored baseline fingerprint matches the second fingerprint if the configuration of the hardware component has not changed in any critical way since the stored baseline fingerprint was generated.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the encoded instructions are further configured to cause a computer to serve an application from a server in response to the query, the application configured to regenerate the second fingerprint on the hardware component and cause transmission of the second fingerprint to the server.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the encoded instructions are further configured to cause a computer to transmit an application to the hardware component configured for retrieving the raw configuration data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptosoft Limited
Original Assignee
DeviceAuthority Inc. (f/k/a NetAuthority, Inc.) (Device Authority Ltd.)
Inventors
Etchegoyen, Craig S.
Primary Examiner(s)
Perungavoor, Venkat
Assistant Examiner(s)
Mehrmanesh, Amir

Application Number

US12/903,946
Publication Number

US 20110093703A1
Time in Patent Office

1,308 Days
Field of Search

726/26, 726/16, 726/29, 726 34- 35, 380/27, 380/230, 713/168, 713/189, 713/176, 713/193
US Class Current

726/34
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

G06F 21/88   Detecting or preventing the...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 9/32   including means for verifyi...

Authentication of computing and communications hardware

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

221 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of computing and communications hardware

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

221 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links