可靠的方式生成唯一的硬件ID [英] Reliable way of generating unique hardware ID
问题描述
问题:我必须为每个联网的客户提供唯一的ID,例如:
- 如果在同一台计算机和同一操作系统上重新安装软件,则它(ID)应该在目标计算机上安装客户端软件后继续存在,
- 当安装了客户端软件的硬盘驱动器克隆到具有相同硬件配置(或尽可能相似)的另一台计算机时,客户端软件应该知道这种变化。
一点点解释和一些背后故事 / p>
这个问题基本上是老问题,也触及软件防拷贝保护的主题,因为在这里提到的一些机制。我应该清楚,在这一点上,我不是寻找一个防拷贝保护方案。请,继续阅读。 :)
我正在使用一个客户端 - 服务器软件,应该在本地网络中工作。我必须解决的问题之一是识别网络中的每个唯一的客户端(不是那么多的问题),以便我可以应用某些属性到每个特定的客户端,在特定的部署期间保留和实施这些属性
在寻找解决方案时,我注意到以下情况:
- Windows激活系统使用对硬件修改极为敏感的某种重型指纹机制
- 磁盘映像软件沿所有卷ID复制(格式化时绑定到每个分区)以及在安装过程中,第一次运行期间或以任何其他方式定制,唯一生成的ID,这是严格的软件本质,并存储在注册表或硬盘驱动器,因此很容易混淆两个。
这种问题的明显选择是找出BIOS标识符(不是100%确定如果通过相同的主板型号是唯一的)因为这是我唯一可以依靠的是不重复,通过克隆转移,并且不能改变(至少不是通过使用一些用户空间程序)。一切都失败了,因为不可靠(MAC克隆,任何人?),或太苛刻(因为它对配置更改太敏感)。
子问题我想问的是,我做的正确,建筑方面吗?也许有一个更好的工具,我必须完成的任务...
我想到的另一种方法是类似于握手机制,其中服务器维护连接的客户端ID(在任何给定时刻甚至可以是完全基于软件的和非唯一的)的内部查找表,并且如果在连接时提供重复的ID,则告诉客户端在握手期间想出不同的ID。不幸的是,这种方法不能很好地满足在生命期间将属性绑定到特定客户端的要求。
在我看来,你应该根据自己的需求构建唯一的ID。此ID可以从对您很重要的信息(有关软件和硬件组件的一些信息)构造为散列(如MD5,SHA1或SHA512)。
如果您使用自己的私钥对此类哈希进行签名,并且软件在启动期间验证了密钥(签名的哈希值)已签名公钥必须与软件一起安装)。可以用不同的在线服务来扩展这种类型的解决方案,但是公司客户可以找到不那么好的在线服务。
Question: I have to come up with unique ID for each networked client, such that:
- it (ID) should persist once client software is installed on target computer, and should continue to persist if software is re-installed on same computer and same OS installment,
- it should not change if hardware configuration is modified in most ways (except changing the motherboard)
- When hard drive with client software installed is cloned to another computer with identical hardware configuration (or, as similar as possible), client software should be aware of that change.
A little bit of explanation and some back-story:
This question is basically age old question that also touches the topic of software copy-protection, as some of the mechanisms used in that area are mentioned here. I should be clear at this point that I'm not looking for a copy-protection scheme. Please, read on. :)
I'm working on a client-server software that is supposed to work in a local network. One of the problems I have to solve is to identify each unique client in the network (not so much of a problem), so that I can apply certain attributes to every specific client, retain and enforce those attributes during the deployment lifetime of a specific client.
While I was looking for a solution, I was aware of the following:
- Windows activation system uses some kind of heavy fingerprinting mechanism that is extremely sensitive to hardware modifications,
- Disk imaging software copies along all Volume IDs (tied to each partition when formatted), and custom, uniquely generated IDs during installation process, during first run, or in any other way, that is strictly software in its nature, and stored in registry or on hard drive, so it's very easy to confuse two.
The obvious choice for this kind of problem would be to find out BIOS identifiers (not 100% sure if this is unique through identical motherboard models, though), as that's the only thing I can rely on that isn't duplicated, transferred by cloning, and that can't be changed (at least not by using some user-space program). Everything else fails as either being not reliable (MAC cloning, anyone?), or too demanding (in terms that it's too sensitive to configuration changes).
Sub-question that I'd like to ask is, am I doing it correctly, architecture-wise? Perhaps there is a better tool for the task that I have to accomplish...
Another approach I had in mind is something similar to a handshake mechanism, where a server maintains an internal lookup table of connected client IDs (which can be even completely software-based and non-unique at any given moment), and tells the client to come up with a different ID during handshake, if a duplicate ID is provided upon connection. That approach, unfortunately, doesn't play nicely with one of the requirements to tie attributes to specific client during lifetime.
It seems to me that you should construct the unique ID corresponding to your requirements yourself. This ID can be constructed as a hash (like MD5, SHA1 or SHA512) from the information which are important for you (some information about software and hardware component).
You can makes your solution more secure if you sign such hash with your own private key and your software verify during the starting, that the key (signed hash value) is signed (only public key must be installed together with your software). One can expand such kind of solution with different online services, but corporate clients could find online services not so nice.
这篇关于可靠的方式生成唯一的硬件ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
