In fact, any two Web sites verifying the number will get different results, making it almost impossible to correlate their visitor lists. The ID mechanism also would have operated outside of Windows by using a proprietary software agent that was intended to prevent "spoofing" of the ID number.

This approach makes the ID number far more complex than a car's license plate or vehicle ID number. "The processor number says if you write down my license plate number and someone else does, they'll be different numbers," said Shawn Abbott, chief technology officer at Rainbow Technologies Inc. (Irvine, Calif.).

These factors might mitigate the concerns of privacy groups such as the Electronic Privacy Information Center (Epic; Washington), which declared a boycott of Intel products over the ID numbers in Pentium IIIs. Intel subsequently withdrew plans to include the ID number in response to those concerns. Epic and others feared that the ID number could have been used for surveillance of consumer Web surfing; another common concern was that the ID number could be easily faked in software, rendering the concept useless.

Technology to keep the ID number blinded was developed by Rainbow for its own hardware "dongles," which for years have been sold to corporations for PC security. Intel approached Rainbow last year to develop the security setup for the ID number.

"Very early on, when Intel described it, they were very, very careful to address certain concerns," Abbott said. The final scheme was defined after deep scrutiny by Intel and Rainbow, addressing problems such as traceability on the Web, he said.

Under Intel's scheme, every Web server has a unique, randomized ID number that's transmitted along with a request to verify a PC's ID number. At this point, a trusted agent intercepts the request and submits it to the microprocessor.

The agent then takes the Web and Pentium numbers, runs a complex set of calculations, and returns a third number, which is uploaded to the server.

It's this third number that is used to identify that particular Pentium. The process will return the same number every time that particular machine accesses the server in question, verifying the machine's identity.

But because every Web server has a different ID, the hashed number uploaded from the PC will differ from one site to the next. No site will know the Pentium's actual ID number, nor will any two servers use the same hashed number to represent a particular Pentium.

The setup also prevents "spoofing" of the serial number, another fear among privacy advocates. The agent that intercepts the ID request is an example of "tamper-resistant software," which is difficult to replicate or alter and manages to tap the processor ID number without divulging the number to the outside.

Tamper-resistant software is a "black art," Abbott said, and several companies in the security industry have tried their hand at it. "Think of them [tamper-resistant agents] as armor around something. They can always be taken apart and defeated, but the effort becomes too much," he said.

Intel was unavailable for comment late Tuesday.