GB2465998A - Generating a unique hardware identifier using clock signals - Google Patents

Generating a unique hardware identifier using clock signals Download PDF

Info

Publication number
GB2465998A
GB2465998A GB0822188A GB0822188A GB2465998A GB 2465998 A GB2465998 A GB 2465998A GB 0822188 A GB0822188 A GB 0822188A GB 0822188 A GB0822188 A GB 0822188A GB 2465998 A GB2465998 A GB 2465998A
Authority
GB
United Kingdom
Prior art keywords
identifier
clock signal
computer apparatus
hardware computer
unique identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0822188A
Other versions
GB0822188D0 (en
Inventor
Tom Frans Maurits Hostyn
Anatoliy Lubashevskiy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Priority to GB0822188A priority Critical patent/GB2465998A/en
Publication of GB0822188D0 publication Critical patent/GB0822188D0/en
Publication of GB2465998A publication Critical patent/GB2465998A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

A unique identifier for a hardware computer apparatus, such as a personal computer (PC), is generated by measuring the relative deviations of clock signals produced by individual components of the apparatus e.g. by measuring the relative deviations of audio, video, CPU and system clock signals. The step of measuring the relative deviations may comprise measuring the deviations of clock signals relative to a reference clock signal, which may be the CPU or system clock signal. The unique identifier may be stored locally or at an external storage device for later comparison with a re-generated identifier. Several applications are disclosed including use of the identifier in a digital rights management (DRM) system. In one embodiment the identifier may be used as an encryption key.

Description

S
Generation Of A Unique Identifier For A Hardware Computer Apparatus The present invention relates to a method of generating a unique identifier for a hardware computer apparatus. The hardware computer apparatus, such as a personal computer (PC), comprises a plurality of individual components which produce clock signals.
Various methods and systems have been designed to allow identification of hardware computer devices. One such example is the MAC address used by network adapters or network interface cards. The MAC address of a device on a network can be obtained by other parties to help them identify the device. However, although the MAC address was originally intended as a permanent identifier, it can be easily modified by a user. Therefore, there is not any guarantee that a single hardware computer device will maintain the same MAC address, or that a hardware computer device identified by its MAC address is the same device as a device which has previously been identified as having that same MAC address.
Some systems for identifying hardware computer apparatuses rely on detecting the presence of certain software, or a registration or product code of a piece of software. These systems rely on the assumption that a certain apparatus with a certain software configuration or registration number is the same as that registered or previously identified with the same software configuration. However, because a software installation can be cloned in its entirety, such systems are relatively easy to fool or circumvent.
More complicated systems for identifying hardware computer devices rely upon collecting various hardware serial numbers, such as the serial number of the hard-drive, and other hardware properties of the device such as the central processing unit (CPU) type or random access memory (RAM) size. The collection of more infonnation about the device makes it more difficult for another device to appear to be another device.
It is preferred to gather more information about the hardware of a particular device, rather than the software present on the device, because hardware cannot be cloned in the same way as software. However, even when systems collect various hardware properties and serial numbers from a hardware device in order to identify that device, there are still problems. As already identified, some serial numbers (such as a MAC address) can be easily modified by a user. Further, information about the system properties and serial numbers is often obtained from the operating system or software environment which controls the hardware device. However, because the operating system is a piece of software, it can be (and often is) hacked to return false information.
Therefore, there is a need for a method of identifying a hardware computer apparatus which is more reliable than the currently available methods. The present invention aims to at least partly address this need.
According to a first aspect of the present invention, there is provided a method of generating a unique identifier for a hardware computer apparatus comprising components which produce plural clock signals, the method comprising: measuring the relative deviations of the clock signals; and producing a unique identifier from the measured deviations.
Further according to the first aspect of the invention there is provided an apparatus implementing a corresponding method. There is also provided a computer program capable of execution by a hardware computer apparatus comprising components which produce plural clock signals, the computer program being arranged, on execution, to cause the hardware computer apparatus to perform a corresponding method, and there is further provided a storage medium storing such a computer program.
This method of generating an identifier has the advantage that the identifier will, in practice, be unique for the hardware computer apparatus. This is because generated identifier is created from inherent physical properties of the apparatus, which vary from apparatus to apparatus unpredictably. The clock signals in any apparatus will deviate from an ideal clock signal in a different way to those in another. Therefore, every apparatus will produce a different identifier according to the present invention. As such, it is extremely difficult for one apparatus to falsely identify itself as another apparatus.
In some embodiments, one of the clock signals is a reference clock signal, and the step of measuring the relative deviations comprises measuring the relative deviations of the clock signals relative to the reference clock signal. This allows the identifier to be produced even in the absence of an ideal' clock signal.
Typically the hardware computer apparatus comprises an audio component producing an audio clock signal, andlor a video component producing a video clock signal, and/or a central processing unit component for the hardware computer apparatus which produces a central processing unit clock signal, andlor a system clock component which produces a system clock signal. In some embodiments, the reference clock signal is the central processing unit clock signal. In some embodiments, the reference clock signal is the system clock signal. These embodiments relate to common components that might be found in computer hardware apparatuses.
In some embodiments, the deviations are measured over a period long enough to take a reliable measurements of the clock signal deviations, for example at least 300 seconds, and preferably at least 600 seconds.
The upper limit on the period over which deviations are measured is determined by the length of time that would be prohibitive, in practice, to the implementation of the invention, for example being at most 7200 seconds, and preferably at most 3600 seconds.
According to a second aspect of the present invention, there is provided a method of registering a hardware computer apparatus, which comprises components which produce plural clock signals, so that it may later be identified, the method comprising: generating a unique identifier in accordance with the method of the first aspect; and storing the unique identifier.
According to this aspect, a unique identifier is produced which may later be used to confirm the identity of the apparatus. By storing the identifier, the stored identifier is available to be accessed at a later date.
The step of storing may comprise storing the unique identifier in a storage component of the hardware computer apparatus, or alternatively the second aspect may comprise transmitting the unique identifier to an external storage device; and wherein the step of storing comprises storing the unique identifier at the external storage device. That is, the stored identifier may be stored remotely or locally.
According to a third aspect of the present invention, there is provided a method for confirming the identity of a hardware computer apparatus comprising components which produce plural clock signals, the method comprising: generating a unique identifier in accordance with the method of the first aspect; comparing the generated unique identifier with a stored identifier and storing data regarding the result of the comparison.
According to this aspect, the identity of an apparatus can be confirmed if the stored and generated identifiers match. If they do not match, the apparatus which generated the identifier is not the same as that which produced the stored identifier.
The stored identifier may be stored in a storage component of the hardware computer apparatus, and said step of comparing may occur at the hardware computer apparatus. Alternatively, the identifier may be stored at a location remote to the hardware computer apparatus, and said step of comparing occurs at that remote location.
In some embodiments the result of the comparison is a match between the generated unique identifier and the stored identifier if an error between the generated identifier is less than a predetermined magnitude. This prevents errors in the measurements of the clock signals, or small changes in the clock signals due to environmental factors, from causing identifiers generated by the same hardware computer apparatus to be identified as not matching.
In order that the present invention may more readily be understood, the following description is given, by way of example only, with reference to the accompanying drawings, in which: Fig. 1 is a schematic diagram of a system in which the embodiment of the hardware computer apparatus of the present invention is a personal computer; Fig. 2 is a flow diagram showing a method of generating a unique identifier for a hardware computer apparatus, wherein the unique identifier is subsequently stored; Fig. 3 is a graph representing clock signals for various components in a hardware computer apparatus; and Fig. 4 is a flow diagram showing a method of comparing a generated identifier for a hardware computer apparatus with a previously stored identifier.
Fig. I shows is a schematic diagram of a system 1, according to an embodiment of the present invention. The system 1 comprises hardware computer apparatus which is a personal computer (PC) 10. However, the present invention is not limited to the hardware computer apparatus being a PC. The hardware computer apparatus may be other suitable device such as a personal music or video player, a DVD player, mobile telephone, games console, television, radio receiver etc. The invention may also be implemented in a home gateway or router device which receives data directly or indirectly from the internet or a private network.
The PC 10 of Fig. I comprises a central processing unit (CPU) 11 for the apparatus, a video component 12, an audio component 13 and a system clock component 14. The system clock is used to control interrupts to the CPU to schedule tasks. These components 11, 12, 13, 14 all comprise clocks which each generate a clock signal. However, the invention is not limited to working with these clocks, and is not limited to working with this number of clocks.
In other embodiments of the invention, other hardware computing apparatuses may comprise a variety of other components which themselves comprise clock devices, such as various real-time timers which allow software programs to schedule tasks, a VBLANK clock which regulates the rate at which a screen is refreshed with new content, and a battery powered clock which remembers human' time (day/monthlyear -hour: second) amongst other possibilities.
Further, other embodiments may include PCs 10 or other hardware computer apparatuses which are linked together. For example, in Fig. 1 PC I Oa is linked to a printer 40, which has a component 41 which produces a clock signal. In general, according to other embodiments of the invention, a hardware computer apparatus may have access to other clock signals present in other apparatuses connected directly or indirectly, for example by USB, i-Link, or over a network to a GPS clock, a network time clock (via NTP (Network Time Protocol) or other similar protocol), or to other signals related to periodic events such as the reception of external data, and signals such as real-time digital video signals. In some embodiments, the invention utilises all the clocks and clock signals available to the hardware computer device.
In Fig. I the PC 10 is connected to a network 20 via a network interface 15.
Other PCs 10 are also connected to the network 20, as well as servers or other apparatuses 30 which communicate with the hardware computer apparatuses.
The PC allows generation of a unique identifier which can be used by the servers 30 to confirm the identity of each hardware computer device 10.
Alternatively, the identifier can be used as an encryption key, allowing the PC 10 to access content supplied to that particular PC 10, for example from servers 30, after they have generated the identifier/key. Other PCs 10, for which the content is not intended for use by, will not be able to generate the correct key and will therefore be unable to access the content.
The present invention relies upon the fact that clocks comprised in the components of a PC 10 or other hardware computer apparatuses are not perfectly accurate. Also, the inaccuracies in clock signals produced by clock devices are different, because different clock devices are designed in different ways, according to their functions. For example, the audio clock, such as would be present in audio component 13 of PC 10 is accurate in regularity, but tends to drift over time. In contrast, a battery powered clock for remembering human' time has a low frequency, but is accurate over long periods of time (e.g. hours or days).
As such, the clock signals of components 11, 12, 13, 14 of PC 10 deviate from a theoretical perfect' clock signal. Further, the deviation of each clock signal from the ideal signal is different. Even clock devices from the same production line will produce signals with different deviations from an imaginary clock which keeps ideal time, due to slight differences in their manufacture.
The present invention uses the relative deviations of clock signals in PC 10 to create a unique identifier for the PC 10. By unique' it is meant that the identifier will in practice be different for almost all PCs 10. Because the deviations of the clock signals cannot be predicted, it is extremely unlikely that two PCs 10 will have components 11, 12, 13, 14 generating clock signals with the same relative deviations.
Fig. 2 shows a flow diagram representing the method by which a unique identifier for the PC 10 shown in Fig.! is generated and stored. The method is performed by a computer program executed on the PC 10. The computer program may be written in any suitable programming language. The computer program may be stored on a computer-readable storage medium, which may be of any type, for example: a recording medium which is insertable into a drive of the PC 10 and which may store information magnetically, optically or opto-magnetically; a fixed recording medium of the computer system such as a hard drive; or a computer memory.
The method has the following steps. In step SI the relative deviations of the clock signals produced by components 11, 12, 13, 14 of PC 10 are measured. In step S2, the measured deviations are used to produce the unique identifier. In step S3, the identifier is stored, either locally or remotely.
In a generalised PC 10 containing a plurality of components that each have a clock producing a clock signal, the clock signals CO, Cl, C2... CN will each deviate from an ideal clock signal.
Each clock keeps time imperfectly, compared to an ideal clock. We can assume that the error in each clock signal is linear compared to an ideal clock signal.
That is, we can assume that the rate at which the clock signals deviate from an ideal clock signal is constant. Therefore, a simple algorithm to generate an identifier in step S2 would be to measure the rate of deviation for each clock signal for a PC 10 and record the set of the deviation rates as an identifier.
In practice, the deviation rate can be measured by having a reference signal against which the deviation is measured. Because the deviation of each clock signal from an ideal signal is linear, we do not need to use the ideal clock signal as a reference: any clock in the PC 10 can be used as a reference clock, and the clock signal it generates can be used as the reference clock signal CR. However, to enable later comparisons and checks, the same reference clock should be used every time the PC 10 generates the identifier. The clock signal used as the reference may be selected randomly. Alternatively the signal may be selected as the first available signal from a pre-defined list (for example the CPU clock signal or the system clock signal), or by some other heuristic such as the slowest clock signal for example. In all cases it is advisable to keep a record of the reference signal used (in case the system later changes). However, when a predefined order or heuristic is used, that information will still be knownat the time the identifier is checked (and can therefore be used to generate another identifier). In contrast, if the signal is selected randomly then data representing the signal used must be stored so that the same reference signal may be used when generating later identifiers. Similarly, if a predefined order or heuristic is used to process the non-reference clock signals, that order will be known when a later identifier is produced. If, on the other hand, the order of processing those signals is random (the first time an identifier is generated) data representing the order signals are processed must be stored to allow later generation of identifiers for checking.
Alternatively, the deviations may be measured without a reference clock, for instance by ordering the clocks in some order (either random, pre-defined or according to some heuristic) and measuring the deviations between neighbouring' signals (i.e. signals (i) and (i+1)). If the order in which signals are processed affects the final identifier, and no pre-defined order or heuristic is used, it is also necessary to store data representing that order, so that the same order may be used when generating later identifiers.
Once a reference clock signal CR has been selected, measurements of the clock signals at a first and second time can be made and the corresponding times' according to each clock signal recorded. This data can be used to calculate the rate at which the clock signals deviate from the reference clock signal. That is, a gradient' representing the relative rate at which the time is measured by each clock signal compared to the reference clock can be calculated.
Fig. 3 shows a diagram representing a series of clock signals (CO, Cl, C2,...CN). In Figure 3, the actual' or ideal' time is shown on the x-axis, whilst the reported or recorded time for each clock signal is shown on the y-axis. For clock signals CO, Cl, C2...CN, the set {TOi, Tli, T2i,...TNi} represents a measurement of all clock signals at an actual' time i. Therefore, for measurements taken at two'actual' times u and v there will be a first set of measurements {TOu, Tlu, T2u,...TNu} and a second set {TOv, Tlv, T2v,...TNv}.
If CO is taken as chosen as the reference signal CR, the relative rates of the clock signals compared to the reference signal Cr can be calculated as {(Tl v-Tlu)f(T0v.-TOu), (T2v-T2u)/(TOv-TOu), ... (TNv-TNu)/(TOv-TOu)}. This set of values can be used as the unique identifier for the PC 10.
However, in practice, working with these measurements may be undesirable, especially if the magnitude of the measurements is much larger than the differences in the values of the measurements. In that case, the set of values would all be approximately 1, whilst the quantities of interest would be the small deviations from I. As such, the set of values would be unnecessarily difficult to compute with.
Further, it is preferable to take more than two measurements for each clock signal to establish the rate at which it deviates from the reference.
The following version of the algorithm provides another way of calculating a unique identifier.
Once again, as shown in Fig. 3, suppose that we have N+l clock signals available on the hardware computer apparatus of interest: CO, Cl,..., CN.. Once again let CO represent the reference clock signal.
Now we can choose the k+1 moments according to the reference clock signal: tO, ii, t2... tk and measure the times on all clock signals for these moments.
Let Tij (i 0.. .N, j = 0.. .k) represent the measurement of clock signal Ci in the moment tj. Let us then transformation all the measurements to give Sij, where: Sij=Tij-TiO (i=0...N,j=O...k) Let us also make the transformation rj=tj-tO (j=O...k) The result of these transformations is that all clock signals appear to start at the same time rO = 0, and we are only dealing with the differences, Sij, from the reference clock signal, rather than the absolute values.
When taking several measurements to establish the rate of deviation of a clock signal, those measurements may not fall on a straight line because of differences in the environment conditions (temperature, etc.) when the measurements are taken.
Therefore, it is necessary to perform a regression to calculate the rate of deviation relative to the reference signal.
For the reference clock signal, because this signal defines when the measurements are taken, we always have: S0jrj (j=O...k) For other clock signals the measurements will distinguish from the reference signal and from each other due to the clock differences. For each other, non-reference, clock signal Ci we may build the regression line: Si =Aix r (i=l...N) In this regression, Ai relates Si, the modelled difference of clock i from the reference clock, to the time r.
The calculation of the values of Ai for the clock signals (i = 1.. .N) may be done with the usual formula: Sxrj Ai k rU2 j=o After the calculation of the coefficients Ai (i = I...N), the set of these values themselves could be used as an identifier. However, we can make the further transformation: ai=Ai-1 (i=0...N)
II
Now the equations of the regression line for the clock signal Ci will be of the form: Si=r+aixr (i=l...N) From this formulation we can see that: ai x r is the deviation from the reference clock signal of clock signal Ci in a time interval of duration r; * ai is the deviation of the clock signal Ci from the reference clock signal during a unit time interval; and * the sign of ai shows if the clock signal Ci is faster (if the sign is positive) or slower (if the sign is negative) then the reference clock signal.
Thus, the set of the coefficients {al, a2...aN} may also be used as a unique identifier for PC 10. As previously discussed in some embodiments, the order of the ai coefficients may be pre-determined. That is, for example, al may be defined as the coefficient corresponding to the CPU clock signal, a2 may be defined as corresponding to another component, etc. It is noted that the example of al corresponding to the CPU clock signal is not limiting on the invention. Any clock signal may be set as corresponding to al (or any other ai coefficient). In some examples the system clock is used. In some examples the clock on an audio processing board is used.
In some embodiments, the type' of clock signal (i.e. from a CPU, graphics card etc) may be further associated with the corresponding ai coefficient in the identifier itself.
The approximate values of the ai coefficients may be estimated from the assumption that the characteristic deviation of a clock signal is, for example, about 1 second per 24 hour.
In that case: ai 1 =1.2xlO-5 24 x 3600 If we further assume that a computer hardware component clock has a time unit of 1 ms, and that it is desirable to measure a deviation interval of about 10 ms, the required period over which measurements would need to be taken would be: Measurement period -1 0/ai 864000 ms 14.4 mm Of course, different measurement periods could be used. However, the measurement period is preferably at least 300 seconds, and more preferably 600 seconds, in order to provide long enough to take reliable measurements of the clock signal deviations. Further, in order that the invention can be implemented in practice, the measurement period is preferably at most 7200 seconds and more preferably at most 3600 seconds. This ensures the measurement period is not prohibitive to the implementation of the invention.
By comparing an identifier previously generated in accordance with the present invention and stored, for example stored at a server 30, with another identifier obtained for a PC 10 at a particular sample or polling time, it can be determined whether the PC 10 is the same as that for which the previously generated identifier was produced. If the identifiers match, the PC 10 is the same as that for which the previously generated identifier was produced. If the identifiers do not match, the PC is different to that for which the previously generated identifier was produced. Fig. 4 shows a flow chart for a method of comparing identifiers. The method is performed by a computer program executed, at least in part, on the PC 10. As discussed below, certain steps of the method may be performed by a computer program executed on an apparatus remote to the PC 10, such as apparatus 30 in Fig. 1. The computer program may be written in any suitable programming language. The computer program may be stored on a computer-readable storage medium, which may be of any type, for example: a recording medium which is insertable into a drive of the PC 10 or apparatus 30 and which may store information magnetically, optically or opto-magnetically; a fixed recording medium of the computer system such as a hard drive; or a computer memory.
The method has the following steps. In step S4, an identifier is generated in accordance with the method shown in Fig. 2. In step S5, the generated identifier is compared with a previously generated and stored identifier. The previously stored identifier may have been stored locally or remotely, and the comparison itself may take place locally (i.e. at the PC 10) or at a remote device (i.e. server or other apparatus 30). In step S6, data regarding the outcome of the comparison is stored.
Once again the storing can either be local or remote to the PC 10.
The comparison in step S5 may apply various criteria to decide whether the two identifiers match.
The simplest criterion is that identifiers match if they were identical.
However, the invention is not limited to that case. This is because, as already mentioned, in practice there may be some difference in identifiers generated by the same PC 10 at different times, due to changes in the environmental conditions affecting the operation of the PC 10 and its components 11, 12, 13, 14. As such, these errors are desirably taken into account when determining if identifiers match, in order to avoid classifying identifiers generated by the same PC 10 as not matching. Thus an alternative criterion is as follows.
If two sets of ai coefficients contain different numbers of coefficients, that implies that the PCs 10 for which the sets were generated have different numbers of clock signals and are therefore not the same PC 10. In this case the identifiers do not match. However, a refinement is to allow for a comparison to be carried out to identify if a PC 10 has been upgraded, thereby introducing one or more new components containing clocks producing clock signals, or if components producing clock signals have been removed from the PC 10. In that case, the algorithm identifies if all the ai coefficients in the smaller set match (that is, are the same or within a predefined tolerance of) ai coefficients in the larger set. If they do, it is likely that the apparatuses are the same, but have been modified. Therefore, the identifiers If the type of clock signal associated with each ai coefficient is part of the identifier, then a mis-match in this information could be used to determine that identifiers do not match.
If the clock signals are ordered to produce the coefficients for the identifier, and two sets of ai coefficients contain an ai with the same index i but different signs it is highly probable that these sets are from two different apparatuses. Therefore, the identifiers would not be said to match.
If we regard each deviation set as a vector with coordinates defined by the coefficients ai we may calculate the error between the vector representing the stored identifier and the vector representing the generated identifier. Various methods of quantifying the error may be used. One example would be to measure the Euclidean distance between the two vectors. That is: L = (au-ai2)2 Where L is the distance between two vectors, the first composed of coefficients au and the second composed of ai2. Therefore L is the measurement of error between the identifiers. If L is zero, or within some predefined tolerance, then the identifiers match.
Other comparison and matching criteria could be used, and the invention is not limited to the example given above.
Embodiments of the present invention also cover situations in which an identifier generated, as previously discussed, from the measured relative deviations of clock signals are used. These included checks to ensure that a PC 10 is the same as that which is expected or required, which find use in various situations, and some of which are now discussed.
For example, a network 20 could be configured to only allow access to a PC which has been previously authorised. A unique identifier for that PC 10 could be generated at the time of the first authorisation, and stored on a server or other apparatus 30. That stored identifier could be compared to identifiers generated every subsequent time the PC 10 tries to connect to the network 20. If the generated and previously stored identifiers match, then the PC 10 would be allowed access to the network 20.
Another use for the identifiers of the present invention may be to allow identification of a particular PC 10 on a network 20 in order to send it particular information or content. As before, a stored identifier for a particular PC 10 (e.g. known to be at a certain location or belonging to a certain user) could be used for comparison with the identifiers generated for apparatuses on a network 20. The information or content is then only sent to the PC 10 with the identifier matching the stored identifier. Content means for example audio/video information material, audio information material, still or moving images, executable data files such as games and data files such as updates, additional levels, settings parameters for games. Content may be delivered in packets andlor as a stream of data. Content may be delivered as files.
Generating a unique identifier for a hardware device comprising a number of components may find particular application in the area of broadcast receivers where no back channel is available. This allows information or content to be delivered to all receivers in communication with the network and for some or all of that information or content to be associated with one or more of the unique identifiers. In this way, the receiver is configured to interpret information or content which is not associated with its identifier. The receiver may be a receiver for receiving satellite or digital terrestrial television, radio or data signals.
Alternatively, software or other content could be designed to only work on an PC 10 with a certain identifier. For example, digital rights management (DRM) methods can also take advantage of the present invention. DRM systems allow users to view purchased content on certain devices only. If a user has two PCs 10 or other devices such as portable media players, they will want to be able to view their content on both devices. However, the content provider will not want it to be possible to transfer the content to any device (i.e. belonging to an unauthorised user). Modern DRM systems allow a user to register a certain number of apparatuses which will be able to play content bought or owned by that user. These apparatuses are then provided with decryption keys to allow access to the content. However, because these systems rely on identifying the registered devices by existing methods, they can be
S
circumvented by the methods already discussed to allow unauthonsed users! apparatuses to access the content.
In one embodiment, the present invention allows for a more secure DRM system. A unique identifier generated in accordance with the invention could be used to associate PC 10 with an account, to make it more difficult for another, unauthorised, apparatus to access the account. The identifier could also be used as part of an encryption algorithm used to encrypt and/or decrypt the content. In either case, because the identifiers generated according to the present invention are, in practice, unique, an unauthonsed PC 10 attempting to access an account or play some content will be recognised when it cannot provide the correct identifier, and will be denied access.
This DRM system has the further benefit that, if an unauthorised PC 10 does provide an identifier whilst attempting to access an account, that identifier could later be used to identify the PC 10 if it is located.
In a further embodiment, the identifier may be stored on the hardware computer apparatus in a secure storage space (for example in the CPU). As such, the identifier cannot be read or tampered with. The hardware computer apparatus can use such a stored identifier to perform, for example, system integrity checks (i.e. to check itself for changes), without reference to external apparatuses. If a change is detected, the apparatus could take appropriate action, such as disabling itself.
In another embodiment the identifier may be generated and stored at the time of manufacture. A hardware computing device may be deliberately provided with an array of clocks for the sole purpose of being used to generate the identifier.

Claims (21)

  1. CLAIMS1. A method of generating a unique identifier for a hardware computer apparatus comprising components which produce plural clock signals, the method comprising: measuring the relative deviations of the clock signals; and producing a unique identifier from the measured deviations.
  2. 2. The method according to claim 1, wherein one of the clock signals is a reference clock signal, and the step of measuring the relative deviations comprises measuring the relative deviations of the clock signals relative to the reference clock signal.
  3. 3. The method according to claim 1 or claim 2, wherein the hardware computer apparatus comprises an audio component producing an audio clock signal.
  4. 4. The method according to any one of the previous claims, wherein the hardware computer apparatus comprises a video component producing a video clock signal.
  5. 5. The method according to any previous claim, wherein the hardware computer apparatus comprises a central processing unit component for the hardware computer apparatus which produces a central processing unit clock signal.
  6. 6. The method according to any previous claim, wherein the hardware computer apparatus comprises a system clock component which produces a system clock signal.
  7. 7. The method according to claim 5 or claim 6, wherein the reference clock signal is the central processing unit clock signal.I
  8. 8. The method according to claim 6, wherein the reference clock signal is the system clock signal.
  9. 9. The method according to any previous claim, wherein the deviations are measured over a period of at least 300 seconds, and preferably at least 600 seconds.
  10. 10. The method according to any previous claim, wherein the deviations are measured over a period of at most 7200 seconds, and preferably at most 3600 seconds.
  11. 11. A method of registering a hardware computer apparatus, which comprises components which produce plural clock signals, so that it may later be identified, the method comprising: generating a unique identifier in accordance with claim 1; and storing the unique identifier.
  12. 12. The method according to claim 11, wherein said hardware computing apparatus further comprises a storage component, and said step of storing comprises storing the unique identifier in the storage components.
  13. 13. The method according to claim 11, further comprising: transmitting the unique identifier to an external storage device; and wherein the step of storing comprises storing the unique identifier at the external storage device.
  14. 14. A method for confirming the identity of a hardware computer apparatus comprising components which produce plural clock signals, the method comprising: generating a unique identifier in accordance with claim I; comparing the generated unique identifier with a stored identifier; and storing data regarding the result of the comparison.
  15. 15. The method according to claim 14, wherein the stored identifier is stored in a storage component of the hardware computer apparatus, and said step of comparing occurs at the hardware computer apparatus.
  16. 16. The method according to claim 15, wherein the stored identifier is stored at a location remote to the hardware computer apparatus, and said step of comparing occurs at that location.
  17. 17. The method according to any one of claims 3-16, wherein the result of the step of comparing is a match between the generated unique identifier and the stored identifier if an error between the generated identifier is less than a predetermined magnitude.
  18. 18. A hardware computer apparatus comprising: components which produce plural clock signals; a unit for measuring the relative deviations of the clock signals; and a unit for producing a unique identifier from the measured deviations.
  19. 19. A computer program capable of execution by a hardware computer apparatus comprising components which produce plural clock signals, the computer program being arranged, on execution, to cause the hardware computer apparatus to perform a method according to claim 1.
  20. 20. A storage medium storing a computer program according to claim 19.
  21. 21. An apparatus for generating a unique identifier for a hardware computer apparatus comprising components which produce plural clock signal, the apparatus being constructed and arranged substantially as hereinbefore described with reference to and/or as illustrated in Figures 1, 2, 3 or 4 of the accompanying drawings.
GB0822188A 2008-12-04 2008-12-04 Generating a unique hardware identifier using clock signals Withdrawn GB2465998A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0822188A GB2465998A (en) 2008-12-04 2008-12-04 Generating a unique hardware identifier using clock signals

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0822188A GB2465998A (en) 2008-12-04 2008-12-04 Generating a unique hardware identifier using clock signals

Publications (2)

Publication Number Publication Date
GB0822188D0 GB0822188D0 (en) 2009-01-14
GB2465998A true GB2465998A (en) 2010-06-09

Family

ID=40289518

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0822188A Withdrawn GB2465998A (en) 2008-12-04 2008-12-04 Generating a unique hardware identifier using clock signals

Country Status (1)

Country Link
GB (1) GB2465998A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160014084A1 (en) * 2014-07-09 2016-01-14 Shape Security, Inc. Using Individualized APIs to Block Automated Attacks on Native Apps and/or Purposely Exposed APIs with Forced User Interaction
US9729506B2 (en) 2014-08-22 2017-08-08 Shape Security, Inc. Application programming interface wall

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490637B1 (en) * 1999-08-24 2002-12-03 Conexant Systems Inc. System and method for dynamic assignment of unique serial number to system device
WO2007001394A2 (en) * 2005-06-27 2007-01-04 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
WO2007087559A2 (en) * 2006-01-24 2007-08-02 Pufco, Inc. Signal generator based device security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490637B1 (en) * 1999-08-24 2002-12-03 Conexant Systems Inc. System and method for dynamic assignment of unique serial number to system device
WO2007001394A2 (en) * 2005-06-27 2007-01-04 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
WO2007087559A2 (en) * 2006-01-24 2007-08-02 Pufco, Inc. Signal generator based device security

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160014084A1 (en) * 2014-07-09 2016-01-14 Shape Security, Inc. Using Individualized APIs to Block Automated Attacks on Native Apps and/or Purposely Exposed APIs with Forced User Interaction
US10050935B2 (en) * 2014-07-09 2018-08-14 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US10397187B2 (en) 2014-07-09 2019-08-27 Shape Security, Inc. Blocking automated attacks with forced user interaction
US11032243B2 (en) 2014-07-09 2021-06-08 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US9729506B2 (en) 2014-08-22 2017-08-08 Shape Security, Inc. Application programming interface wall
US10834050B2 (en) 2014-08-22 2020-11-10 Shape Security, Inc. Modifying authentication for an application programming interface

Also Published As

Publication number Publication date
GB0822188D0 (en) 2009-01-14

Similar Documents

Publication Publication Date Title
US20200233981A1 (en) Method to Identify Consumer Electronics Products
US8239852B2 (en) Remote update of computers based on physical device recognition
US8938625B2 (en) Systems and methods for securing cryptographic data using timestamps
US8438645B2 (en) Secure clock with grace periods
US8800058B2 (en) Licensing verification for application use
CN1902694B (en) Server device for authentication, and method and system for detecting unauthorized terminal
US20130004142A1 (en) Systems and methods for device authentication including timestamp validation
CN109308421B (en) Information tamper-proofing method and device, server and computer storage medium
US20080027871A1 (en) Update method and update system
JP2009048667A (en) Method of granting license for drm technology for supporting multiple devices
US20070219917A1 (en) Digital License Sharing System and Method
EP2278517A2 (en) System and method for piracy reduction in software activation
EP1637965A1 (en) Source and destination components for transferring a license, methods and programs therefor
EP1637963A1 (en) License copying component, program and method thereof
US9239928B2 (en) Secure time for mobile devices
CN100578518C (en) Content use management system, content-providing system, content-using device and method
TWI691857B (en) Digital rights management system and digital rights protection method
US20230088172A1 (en) System for secure provisioning and enforcement of system-on-chip (soc) features
CN100555249C (en) Content use and management system and method, content playback apparatus and method, computer program
CN103988463A (en) Information processing device, information storage device, information processing system, and information processing method, as well as program
US20080247546A1 (en) Method and apparatus for protecting digital content stored in usb mass storage device using time information
GB2465998A (en) Generating a unique hardware identifier using clock signals
JP2005128960A (en) Apparatus and method for reproducing content
KR101290809B1 (en) Server for providing contents, method for encoding contents, decoding contents, and recording medium
EP2278521A2 (en) Devices and methods for auditing and enforcing computer game licenses

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)