Remote re-enrollment of physical unclonable functions
US-2019138753-A1 · May 9, 2019 · US
Secure enrollment for physical unclonable function devices
US11343109B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11343109-B2 |
| Application number | US-202016900675-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 12, 2020 |
| Priority date | Jun 12, 2019 |
| Publication date | May 24, 2022 |
| Grant date | May 24, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for secure enrollment of physical unclonable function devices include providing a device with an enrollment controller. The enrollment controller receives an enrollment request from an enrollment system and authenticates the request. If the request is authentic, the enrollment controller generates challenges in a pseudorandom order determined by a random seed that is shared with the enrollment system. The enrollment controller issues the challenges to interrogation circuitry coupled to a PUF array and records the responses. The responses are transmitted in encrypted form, and in the pseudorandom order, to the enrollment system. The responses are encrypted using a random number shared with the enrollment system. The enrollment system and the enrollment controller can independently generate the encryption key using the shared random number and/or other securely shared information.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system, comprising: processing circuitry and a communication interface coupled to the processing circuitry; a physical unclonable function (PUF) array of PUF devices; interrogation circuitry coupled to the processing circuitry and the PUF array and configured to measure physical characteristics of the PUF devices; and memory coupled to the processing circuitry and storing instructions that, when executed by the processing circuitry, cause the system to: receive an enrollment request via the communication interface from an enrollment system; transmit a random token value to the enrollment system via the communication interface; receive authentication information from the enrollment system via the communication interface, the authentication information based on the random token value and information previously shared between the system and the enrollment system; determine, using the authentication information, that the enrollment request is authentic; generate a set of challenges; generate a corresponding set of responses to the set of challenges by: causing the interrogation circuitry to measure physical characteristic values of PUF devices identified by each challenge of the set of challenges; and outputting response data for that challenge based on that challenge using the measured physical characteristic values of the of PUF devices identified by that challenge; encrypt response data indicating the response to each challenge of the set of challenges; and transmit the encrypted response data to the enrollment system via the communication interface. 2. The system of claim 1 , wherein the instructions, when executed to generate the set of challenges, cause the system to use the processing circuitry to: output, as the set of challenges, a set of pseudo-random numbers determined by a seed value derived from a first random number and the authentication information received from the enrollment system. 3. The system of claim 1 , wherein the instructions, when executed to cause the interrogation circuitry to measure the physical characteristic values of the PUF devices identified by each challenge, cause interrogation circuitry to: repeatedly measure a physical characteristic of each PUF device identified by that challenge; and output, as the measured physical characteristic value of each PUF device, data indicating one or more statistical properties of the repeatedly measured physical characteristic of that PUF device. 4. The system of claim 1 , wherein the information previously shared between the system and the enrollment system includes a password, and the instructions, when executed by the processing circuitry, further cause the system to: compare the authentication information received from the enrollment system to a digest value produced by hashing the random token value and the password shared by the system and the enrollment system; and output a signal indicating that the enrollment request is authentic. 5. The system of claim 1 , wherein the instructions, when executed by the processing circuitry, further cause the system to: transmit a second random value to the enrollment system; derive an encryption key from the second random value; and encrypt the response data using the encryption key. 6. The system of claim 1 , wherein the PUF array comprises PUF devices of one of the following types: SRAM cells; ring oscillator circuits; gate delay circuits; resistive memory devices; ferroelectric memory devices; phase change memory devices; magnetic memory devices; flash memory devices; and one-time programmable memory devices. 7. A system, comprising: enrollment circuitry and a communication interface coupled to the enrollment circuitry and a communication port; a physical unclonable function (PUF) array of PUF devices; interrogation circuitry coupled to the enrollment circuitry and the PUF array and configured to measure physical characteristics of the PUF devices; wherein the enrollment circuitry is configured to: detect the presence of a test unit connected to the communication interface via the communication port: receive an enrollment request via the communication interface from the test unit; transmit a random token value to the test unit via the communication interface, receive authentication signals from the test unit via the communication interface, the authentication signals based on the random token value and information previously shared between the system and the test unit; determine, using the authentication signals, that the enrollment request is authentic; generate a set of challenges; generate a corresponding set of responses to the set of challenges by: causing the interrogation circuitry to measure physical characteristic values of PUF devices identified by each challenge of the set of challenges; and outputting response data for that challenge based on the measured physical characteristic values of the of PUF devices identified by that challenge; encrypt response data indicating the response to each challenge of the set of challenges; and transmit the encrypted response data to the test unit via the communication port. 8. The system of claim 7 , wherein the enrollment circuitry, when generating the set of challenges, generates, as the set of challenges, a set of pseudo-random numbers determined by a seed value derived from a first random number and the authentication signals received from the test unit. 9. The system of claim 7 , wherein the enrollment circuitry, when causing the interrogation circuitry to measure the physical characteristic values of the PUF devices identified by each challenge, causes interrogation circuitry to: repeatedly measure a physical characteristic of each PUF device identified by that challenge; and output, as the measured physical characteristic value of each PUF device, data indicating one or more statistical properties of the repeatedly measured physical characteristic of that PUF device. 10. The system of claim 7 , wherein the information previously shared between the system and the test unit includes a password, and the enrollment circuitry is further configured to: compare the authentication signals received from the test unit to a digest value produced by hashing the random token value and the password shared by the system and the enrollment circuitry; and output a signal indicating that the enrollment request is authentic. 11. The system of claim 7 , wherein the enrollment circuitry is further configured to: transmit a second random value to the test unit; derive an encryption key from the second random value; and encrypt the response data using the encryption key. 12. The system of claim 7 , wherein the PUF array comprises PUF devices of one of the following types: SRAM cells; ring oscillator circuits; gate delay circuits; resistive memory devices; ferroelectric memory devices; phase change memory devices; magnetic memory devices; flash memory devices; and one-time programmable memory devices. 13. A method, comprising: detecting the presence of a test unit connected to a communication interface via a communication port of an electronic device having a physical unclonable function (PUF) array of PUF devices: receiving an enrollment request via the communication interface from the test unit; transmitting a random token value to the test unit via the communication interface; receiving authentication signals from the test unit via the communication interface, the authentication signals based on the random token value and information previously shared between the test u
Assignees
Inventors
Classifications
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
involving passwords or one-time passwords (network architectures or network communication protocols for using one-time keys in a packet data network H04L63/067) · CPC title
Details relating to cryptographic hardware or logic circuitry · CPC title
involving random numbers or seeds · CPC title
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11343109B2 cover?
- Systems and methods for secure enrollment of physical unclonable function devices include providing a device with an enrollment controller. The enrollment controller receives an enrollment request from an enrollment system and authenticates the request. If the request is authentic, the enrollment controller generates challenges in a pseudorandom order determined by a random seed that is shared …
- Who is the assignee on this patent?
- Univ Northern Arizona
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3278. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 24 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).