Idiosyncratic Computer Signatures used for Software Protection
Small Business Information
1160 Pepsi Place Suite 300, Charlottesville, VA, 22901
AbstractThe Software Protection Initiative (SPI) calls for an ability to "lock-down or authenticate" a particular application executable to a specific computing platform. Current practices to achieve this capability include (1) electronic licensing protocols, (2) hardware dongles, (3) disk volume IDs and, more recently, (4) encrypted CPU IDs. All of these methods have relative advantages and disadvantages; however, these methods can be compromised with moderate effort when used as the only solution to the problem. As a result, the security community has recently become interested in the feasibility of obtaining high quality idiosyncratic electronic signatures directly from a computing platform. These signatures would provide a means of authentication that addresses the deficiencies of the current methods. Our Phase I research effort demonstrated the existence of idiosyncratic features, the feasibility of using these features to uniquely identify a computer, and a method for leveraging this identification to prevent unauthorized software execution. The result of the Phase I research was an integrated algorithm, software, and hardware design. The proposed Phase II research will produce a fully functional prototype of a PCI card device that interacts with application software to prevent it from executing on unauthorized computing platforms.
* information listed above is at the time of submission.