Dynamic intrinsic chip identification

US 10,142,335 B2
Filed: 12/18/2015
Issued: 11/27/2018
Est. Priority Date: 12/18/2015
Status: Active Grant

First Claim

Patent Images

1. A method for intrinsic chip identification, comprising:

receiving first counter information from a device;

determining whether the first counter information matches second counter information;

enabling authentication in response to the first counter information matching the second counter information;

receiving a first set of frequencies from the device, wherein the first set of frequencies are selected based on the first counter information;

determining whether each frequency of the first set of frequencies is within a predetermined range of a corresponding frequency of a second set of frequencies, wherein the second set of frequencies are selected based on the second counter information;

selecting a challenge response pair comprising a challenge and a response as a result of each frequency of the first set of frequencies being within the predetermined range of a corresponding frequency of the second set of frequencies;

transmitting the challenge to the device in response to selecting the challenge response pair;

receiving the response as a result of the challenge being sent to the device;

determining whether the response matches an expected response; and

granting authentication as a result of the response matching the expected response.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method, system, and program product are disclosed for intrinsic chip identification. One method includes receiving first counter information from a device, determining whether such information matches second counter information, receiving first frequencies from the device, determining whether each frequency of such frequencies is within a predetermined range of a corresponding frequency of second frequencies, receiving a response to a challenge sent to the device, determining whether the response matches an expected response, and granting authentication. Granting authentication may include granting authentication in response to: the first counter information matching the second counter information; each frequency of the first frequencies being within the predetermined range of a corresponding frequency of the second frequencies; and the expected response matching the response. The expected response may be updated over time. The security apparatus may include circuitry that is shared with circuitry outside the security apparatus for computations other than authentication.

7 Citations

15 Claims

1. A method for intrinsic chip identification, comprising:
- receiving first counter information from a device;
  
  determining whether the first counter information matches second counter information;
  
  enabling authentication in response to the first counter information matching the second counter information;
  
  receiving a first set of frequencies from the device, wherein the first set of frequencies are selected based on the first counter information;
  
  determining whether each frequency of the first set of frequencies is within a predetermined range of a corresponding frequency of a second set of frequencies, wherein the second set of frequencies are selected based on the second counter information;
  
  selecting a challenge response pair comprising a challenge and a response as a result of each frequency of the first set of frequencies being within the predetermined range of a corresponding frequency of the second set of frequencies;
  
  transmitting the challenge to the device in response to selecting the challenge response pair;
  
  receiving the response as a result of the challenge being sent to the device;
  
  determining whether the response matches an expected response; and
  
  granting authentication as a result of the response matching the expected response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein granting authentication comprises granting authentication in response to:
    - the first counter information matching the second counter information;
      
      each frequency of the first set of frequencies being within the predetermined range of a corresponding frequency of the second set of frequencies; and
      
      the expected response matching the response.
  - 3. The method of claim 1, wherein the device comprises a security apparatus, and the security apparatus comprises circuitry configured to perform a physically unclonable function (“
    - PUF”
      
      ), and the circuitry is shared with circuitry outside of the security apparatus for computations other than authentication.
  - 4. The method of claim 3, wherein the circuitry comprises at least one of a counter, a second memory, a pseudo-random number generator (“
    - PRNG”
      
      ), and a ring oscillator (“
      
      RO”
      
      ).
  - 5. The method of claim 1, wherein the first counter information is stored in a counter of the device and the second counter information is stored in a counter of a second device.
  - 6. The method of claim 1, wherein the first set of frequencies is determined based on the first counter information and the second set of frequencies is determined based on the second counter information.
  - 7. The method of claim 1, wherein the first set of frequencies is determined by accessing a first memory corresponding to the first counter information and the second set of frequencies is determined by accessing a second memory corresponding to the second counter information.
  - 8. The method of claim 1, wherein the first set of frequencies is determined by a first pseudo-random number generator (“
    - PRNG”
      
      ) and the second set of frequencies is determined by a second PRNG.
  - 9. The method of claim 8, wherein the first PRNG uses the first counter information as an input and the second PRNG uses the second counter information as an input.
  - 10. The method of claim 1, wherein the predetermined range blocks a frequency of the first set of frequencies from being greater than a corresponding frequency of the second set of frequencies.
  - 11. The method of claim 1, wherein the expected response is updated over time.
  - 12. The method of claim 1, comprising updating the predetermined range.
  - 13. The method of claim 12, wherein updating the predetermined range comprises using a model applied to historical data to determine an updated predetermined range.

14. A system comprising:
- a processor;
  
  a first memory having program instructions embodied therewith, the program instructions executable by the processor; and
  
  a security apparatus comprising circuitry configured to perform a physically unclonable function (“
  
  PUF”
  
  ), wherein the circuitry comprises a first counter and a second counter, a first set of frequencies are selected based on the first counter, a second set of frequencies are selected based on the second counter, a challenge response pair is selected as a result of each frequency of the first set of frequencies being within a predetermined range of a corresponding frequency of the second set of frequencies, and authentications are enabled in response to the first counter matching the second counter and each frequency of the first set of frequencies being within a predetermined range of a corresponding frequency of the second set of frequencies;
  
  wherein the system uses the security apparatus to perform authentications and the processor uses the security apparatus for computations while the security apparatus is not being used to perform authentications.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein the circuitry comprises at least one of a counter, a second memory, a pseudo-random number generator (“
    - PRNG”
      
      ), and a ring oscillator (“
      
      RO”
      
      ).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kothandaraman, Chandrasekharan, Rosenblatt, Sami, Topaloglu, Rasit O.
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US14/975,512
Publication Number

US 20170180369A1
Time in Patent Office

1,075 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0876 based on the identity of th...

Dynamic intrinsic chip identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic intrinsic chip identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links