1. Introduction

In this tutorial, we’ll introduce GUID, the globally unique identifier. GUID is a 128-bit sequence we consider unique in practice as its repeat probability is very low (\boldsymbol{10^{-36}}).

GUID is also interchangeably called UUID, which stands for the universally unique identifier.

2. When and Why Do We Use GUIDs?

Let’s say we have ten client apps that create, process, and then insert transactional data into a database table. This table has its primary key, and we need to ensure that the keys are unique. Here, we use GUID to satisfy the uniqueness constraint on the table’s primary key. Each client can generate a unique ID at its end instead of asking a central authority for it or relying on the database to produce unique IDs.

Alternatively, if the security standards require an independent central authority to issue IDs as per known information security standards such as ISO27001, we’ll set up a GUID generator on our server. Then, when a client application needs a GUID, it will ask the server for one.

So, we use GUID to ensure each of our independent systems or clients generates or gets a unique ID with each request it sends to the central server. Additionally, GUID also helps the server differentiate between any two calls made by the same client for the same service.

3. GUID Structure

There are various ways to calculate a GUID. The most common way to construct a GUID is to use a combination of the system time and the system’s MAC address. GUID is in hexadecimal digits. They are grouped as 32 hexadecimal characters with four hyphens:

    [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX]

The time part is taken from the underlying system’s CPU’s clock and is thus assured to be different from any other GUID. The system’s MAC address consists of a unique combination of 12 hexadecimal digits.

The following figure shows the typical flow for GUID generation using the above two parameters:

Guid Flow

For every request we make to get a new GUID, the GUID module fetches the system time stamp from the CPU controller and the MAC address from the network controller. Then, it uses both these values to generate a unique GUID and return it to the user.

4. Generating a GUID in Practice

A client can generate GUIDs locally or ask a GUID issuer online for a GUID.

4.1. Local Generation

Almost all programming languages have built-in modules for generating GUIDs. For example, Python has a module uuid:

import uuid
id = uuid.uuid4().hex

If we make two consecutive calls to uuid4(), we’ll get two different strings. For example:

4415025897284eafa2b711dacc97b98
b47c791b68374ff6baaf00cfb127d321

So, clients can use their GUID generators when sending their requests to a server.

4.2. Online Generators

In the case of large production systems that deal with financial data, most companies prefer to use their GUID server because of security issues as well as compliance with international security standards such as SOC 2.

The following figure shows the typical flow for the generation of a GUID:

GUID Generation Flow

Firstly, the user calls the authentication server with proper credentials to request a GUID. The authentication server then verifies the user’s credentials and returns the authorization response and a token that is to be used for all future requests in the current session. After the authentication step, the user makes a request to the GUID server for a GUID. The GUID server generates a hash (MD5) and uses it to create a GUID. It also updates the GUID database and returns the GUID to the user.

5. Conclusion

In this article, we have studied GUIDs and their roles in modern computer systems. We generally use a GUID when we want to uniquely identify something in a global context during a particular session.

Almost all major programming languages have built-in libraries to generate a GUID so the programmer can easily use them to ensure uniqueness in all their request calls.