Method and System for Electronically Securing an Electronic Device Using Physically Unclonable Functions

US 20080279373A1
Filed: 07/17/2007
Published: 11/13/2008
Est. Priority Date: 05/11/2007
Status: Active Grant

First Claim

Patent Images

1. A method of electronically securing a device, comprising:

generating an output from a physically unclonable function (PUF) circuit to produce a PUF output;

retrieving a transfer function parameter; and

generating a security key by performing a transfer function algorithm using the PUF output and a transfer function parameter.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to a system for securing an integrated circuit chip used in an electronic device by utilizing a circuit or other entity to produce physically unclonable functions (PUF) to generate a security word, such as an RSA public or private key. A PUF, according to its name and configuration, performs functions that are substantially difficult to be duplicated or cloned. This allows the invention to provide a unique and extremely secure system for authentication. In operation, the stored parameters can be used to more efficiently and quickly authenticate the device without the need to run the burdensome security key generation processes without compromising the level of security in the device. Such a system can be used to substantially eliminate the time to produce security keys when a user needs to authenticate the device at power up or other access point.

289 Citations

32 Claims

1. A method of electronically securing a device, comprising:
- generating an output from a physically unclonable function (PUF) circuit to produce a PUF output;
  
  retrieving a transfer function parameter; and
  
  generating a security key by performing a transfer function algorithm using the PUF output and a transfer function parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, further comprising:
    - performing an error correction process on the PUF output to produce a corrected PUF output; and
      
      generating security keys by performing a transfer function algorithm using the corrected PUF output and a transfer function parameter from storage.
  - 3. A method according to claim 2, wherein performing an error correction process includes receiving the PUF output, retrieving ECC parity bits and executing an error correction algorithm using the PUF output and parity bits.
  - 4. A method according to claim 3, further comprising performing a verification process on the PUF output before error correction.
  - 5. A method according to claim 3, further comprising performing a verification process on the PUF output after error correction.
  - 6. A method according to claim 1, wherein generating security keys includes performing a transfer function algorithm using the PUF output and at least one transfer function parameter from storage.
  - 7. A method according to claim 1, wherein generating an output from a physically unclonable function (PUF) circuit includes exciting a PUF circuit to produce a PUF output, performing a verification algorithm to produce a consistent PUF output, and performing error correction on the consistent PUF output using error correction parity bits to produce a corrected PUF output;
    - wherein retrieving a transfer function parameter from storage includes retrieving a plurality of transfer function offset values stored in memory; and
      
      wherein generating security keys includes executing a transfer function algorithm using the corrected PUF output and at least one transfer function offset value from storage.
  - 8. A method according to claim 1, wherein generating security keys includes executing a transfer function algorithm using the corrected PUF output and a transfer function offset value, the method further including:
    - receiving the PUF output by a pseudo random number generator to produce a seed value;
      
      generating a prime number by combining the seed value with a transfer function offset value; and
      
      generating a security key using the prime number.
  - 9. A method according to claim 1, further comprising generating a plurality of security keys by:
    - receiving the PUF output by a plurality of pseudo random number generators to produce a plurality of seed values;
      
      generating a plurality of prime numbers by combining the seed values with corresponding transfer function offset values; and
      
      generating security keys using the plurality of prime numbers.
  - 10. A method according to claim 1, further comprising generating a plurality of security keys by:
    - receiving the PUF output by two independent pseudo random number generators to produce two seed values;
      
      generating two prime numbers by combining the two seed values with corresponding transfer function offset values; and
      
      generating a security key using the plurality of prime numbers.
  - 11. A method according to claim 1, further comprising generating a plurality of security keys by:
    - receiving a PUF output by a first pseudo random number generator to produce a first seed value;
      
      generating a first and second prime number by combining the first seed value with first and second corresponding transfer function offset values;
      
      receiving a PUF output by a second pseudo random number generator to produce a second seed value;
      
      generating a second prime number by combining the second seed value with a second corresponding transfer function offset value; and
      
      generating a private and a public security key using the first and second prime numbers.
  - 12. A method according to claim 11, further comprising:
    - combining a PUF output with a third offset value to generate a decryption key for use in decrypting encrypted data.
  - 13. A method according to claim 11, further comprising:
    - combining a PUF output with a third offset value to generate an symmetric decryption key;
      
      combining the symmetric decryption key with and encrypted signing key with a symmetric decrypt or to produce a signing key; and
      
      combining the signing key and the public security key to generate a signature.
  - 14. A method according to claim 11, further comprising:
    - retrieving a signature offset value from storage;
      
      combining a PUF output with a third offset value to generate a symmetric decryption key;
      
      combining the symmetric decryption key with an encrypted signing key with a symmetric decrypt or to produce a signing key; and
      
      combining the signing key and the public security key to generate a signature.

15. A method for electronically securing a device, comprising:
- generating an output from a physically unclonable function (PUF) circuit to produce a PUF output;
  
  retrieving a signature transfer function parameter;
  
  combining the PUF output with the signature transfer function parameter to generate a symmetric decryption key;
  
  combining the symmetric decryption key with an encrypted signing key using a symmetric decryptor to produce a signing key; and
  
  combining the signing key and a public security key to generate a signature security key.

16. A method for electronically securing a device, comprising:
- reading an output from a physically unclonable function (PUF) circuit as a PUF output;
  
  computing transfer function parameters using the PUF output; and
  
  storing the transfer function parameters in nonvolatile memory for subsequent operations to generate security keys by combining the PUF output with the transfer function parameters.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 17. A method according to claim 16, further comprising generating error correction parity bits and storing them in memory for subsequent use in generating a corrected PUF output that has been corrected for errors.
  - 18. A method according to claim 16, wherein computing the transfer function parameters includes generating a plurality of offset values by:
    - generating a first seed value with a first pseudo random number generator;
      
      generating a first prime number with a first prime number generator using the first seed value;
      
      computing a first transfer function offset value with the first seed value and the first prime number;
      
      generating a second seed value with a second pseudo random number generator;
      
      generating a second prime number with a second prime number generator using the second seed value; and
      
      computing a second transfer function offset value with the second seed value and the second prime number.
  - 19. A method according to claim 18, wherein computing a plurality of offset values include performing an arithmetic operation using the first seed value and the first prime number.
  - 20. A method according to claim 18, wherein computing a plurality of offset values include adding the first seed value with the first prime number.
  - 21. A method according to claim 18, wherein computing a plurality of offset values include subtracting the first seed value from the first prime number.
  - 22. A method according to claim 18, wherein computing a plurality of offset values include dividing the first seed value by the first prime number.
  - 23. A method according to claim 16, further comprising:
    - performing a verification algorithm to the PUF output to produce a consistent PUF output.
  - 24. A method according to claim 23, wherein performing a verification algorithm includes receiving multiple PUF outputs and choosing a statistically consistent output value to produce a consistent PUF output.
  - 25. A method according to claim 23, wherein performing a verification algorithm includes receiving multiple PUF outputs and choosing a statistically consistent output value to produce a verified PUF output according to predetermined parameters.
  - 26. A method according to claim 16, further comprising generating an output security parameter by calculating key pairs as the security parameter.
  - 27. A method according to claim 16, wherein the PUF output and the security parameter are integers, and the security output is larger than the PUF output;
    - wherein defining the transfer function includes identifying an arithmetic expression of a transfer function.
  - 28. A method according to claim 27, wherein the arithmetic expression is of the form y=mx+b, wherein the value of m and b are stored in data storage, and wherein x is the value of the PUF output, and y is the resultant security parameter.
  - 29. A method according to claim 27, wherein the next time when a security parameter is needed, reading the PUF and applying the transfer function.

30. A system for electronically securing a device, comprising:
- a physically unclonable circuit configured to generate a persistent random number a security word;
  
  nonvolatile memory configured to store at least one transfer function parameter; and
  
  a processor configured to generate a security key by processing the security word and the transfer function.
- View Dependent Claims (31, 32)
- - 31. A system according to claim 30, wherein the physically unclonable circuit is made up of a plurality of integrated circuit components configured to generate a binary value when excited to define the security word.
  - 32. A system according to claim 30, wherein the physically unclonable circuit is made up of a series of ring oscillators configured to generate a binary value when excited that defines the security word.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synaptics Incorporated
Original Assignee
Validity Sensors Incorporated (Synaptics Incorporated)
Inventors
Schwab, Frank, Dean, Gregory L., Erhart, Richard A.

Granted Patent

US 8,290,150 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/46
CPC Class Codes

H04L 9/302   involving the integer facto...

H04L 9/3249   using RSA or related signat...

H04L 9/3278   using physically unclonable...

Method and System for Electronically Securing an Electronic Device Using Physically Unclonable Functions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

289 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Electronically Securing an Electronic Device Using Physically Unclonable Functions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

289 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links