Temperature-Profiled Device Fingerprint Generation and Authentication from Power-Up States of Static Cells

US 20090326840A1
Filed: 06/26/2008
Published: 12/31/2009
Est. Priority Date: 06/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for generating at least one identifier for uniquely identifying an electronic device, wherein the electronic device contains a number of static storage elements, and wherein the method comprises:

cycling power provided to the static storage elements multiple times;

reading values of the static storage elements after the power cycling to collect a set of power-up states;

repeating the cycling and reading for multiple environmental temperatures of the device to collect the sets of power-up states for the multiple environmental temperatures; and

computing the at least one identifier from the collected sets of power-up states.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for generating device fingerprints and authenticating devices uses initial states of internal storage cells after each of a number multiple power cycles for each of a number of device temperatures to generate a device fingerprint. The device fingerprint may include pairs of expected values for each of the internal storage cells and a corresponding probability that the storage cell will assume the expected value. Storage cells that have expected values varying over the multiple temperatures may be excluded from the fingerprint. A device is authenticated by a similarity algorithm that uses a match of the expected values from a known fingerprint with power-up values from an unknown device, weighting the comparisons by the probability for each cell to compute a similarity measure.

Citations

33 Claims

1. A method for generating at least one identifier for uniquely identifying an electronic device, wherein the electronic device contains a number of static storage elements, and wherein the method comprises:
- cycling power provided to the static storage elements multiple times;
  
  reading values of the static storage elements after the power cycling to collect a set of power-up states;
  
  repeating the cycling and reading for multiple environmental temperatures of the device to collect the sets of power-up states for the multiple environmental temperatures; and
  
  computing the at least one identifier from the collected sets of power-up states.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the at least one identifier is a single identifier, and wherein the computing computes the single identifier from all of the collected sets of power-up states.
  - 3. The method of claim 2, wherein the repeating repeats the cycling and reading for exactly two temperatures, a first temperature substantially near a lower operating temperature limit of the electronic device and a second temperature substantially near an upper operating temperature limit of the electronic device, and wherein the repetitions of the reading are performed at a fixed operating voltage supplied to the electronic device.
  - 4. The method of claim 1, wherein the at least one identifier comprises multiple identifiers, wherein the computing computes a separate identifier for the multiple environmental temperatures in conformity with the set of power-up states collected for the corresponding environmental temperature.
  - 5. The method of claim 1, wherein the computing comprises:
    - computing an expected value of the power-up state for the static storage elements for the multiple environmental temperatures from the set of power-up states collected for the corresponding environmental temperature; and
      
      combining the expected value for the multiple environmental temperatures to generate a unified expected value for the static storage elements, wherein the at least one identifier includes fields expressing the unified expected value of the power-up state of at least some of the static storage elements for the multiple environmental temperatures.
  - 6. The method of claim 5, wherein the computing further comprises:
    - determining which of the storage elements have expected values that change over the multiple environmental temperatures; and
      
      excluding the storage elements that have expected values that change over the multiple environmental temperatures from the computing of the at least one identifier by setting the corresponding unified expected value to a static value.
  - 7. The method of claim 6, wherein the at least one identifier comprises pairs of the unified expected value and the probability that the corresponding unified expected value will be assumed by the corresponding storage element for storage elements that are not excluded by the excluding.
  - 8. The method of claim 1, wherein the repeating repeats the cycling and reading for multiple power supply voltages applied to the device to collect the sets of power-up states, one set for the multiple power supply voltages at the multiple environmental temperatures.

9. A computer system comprising a processor for executing program instructions and a memory coupled to the processor for storing the program instructions, wherein the program instructions comprise program instructions for generating at least one identifier for uniquely identifying an electronic device, wherein the electronic device contains a number of static storage elements, wherein the program instructions comprise program instructions for:
- reading initial values of the static storage elements after cycling power applied to the static storage elements, for multiple power cycles, to collect a set of power-up states;
  
  repeatedly executing the program instructions for reading for multiple environmental temperatures of the device, wherein multiple cycles of power are applied to the electronic device for the multiple environmental temperatures, to collect the sets of power-up states for the corresponding multiple environmental temperatures; and
  
  computing the at least one identifier from the collected sets of power-up states.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer system of claim 9, wherein the at least one identifier is a single identifier, and wherein the program instructions for computing compute the single identifier from all of the collected sets of power-up states.
  - 11. The computer system of claim 10, wherein the program instructions for repeatedly executing repeat the program instructions for reading for exactly two temperatures, a first temperature substantially near a lower operating temperature limit of the electronic device and a second temperature substantially near an upper operating temperature limit of the electronic device, and wherein the program instructions for reading are executed while providing a fixed operating voltage to the electronic device.
  - 12. The computer system of claim 9, wherein the at least one identifier comprises multiple identifiers, wherein the program instructions for computing compute separate identifiers for the multiple environmental temperatures in conformity with the set of power-up states collected for the corresponding environmental temperature.
  - 13. The computer system of claim 9, wherein the program instructions for computing further comprise program instructions for:
    - computing an expected value of the power-up state for the static storage elements for the multiple environmental temperatures from the set of power-up states collected for the corresponding environmental temperature; and
      
      combining the expected value for the multiple environmental temperatures to generate a unified expected value for each of the static storage elements, wherein the at least one identifier includes fields expressing the unified expected value of the power-up state of at least some of the static storage elements for the multiple environmental temperatures.
  - 14. The computer system of claim 13, wherein the program instructions for computing further comprise program instructions for:
    - determining which of the storage elements have expected values that change over the multiple environmental temperatures; and
      
      excluding the storage elements that have expected values that change over the multiple environmental temperatures from the computing of the at least one identifier by setting the corresponding unified expected value to a static value.
  - 15. The computer system of claim 14, wherein the at least one identifier comprises pairs of the unified expected value and the probability that the corresponding unified expected value will be assumed by the corresponding storage element for storage elements that are not excluded by the program instructions for excluding.
  - 16. The computer system of claim 9, wherein the program instructions for repeatedly executing repeatedly execute the program instructions for reading for multiple power supply voltages applied to the device to collect the sets of power-up states for the multiple power supply voltages at the multiple environmental temperatures.

17. A computer program product comprising computer-readable storage media encoding program instructions for execution by a processing system, wherein the program instructions comprise program instructions for generating at least one identifier for uniquely identifying an electronic device, wherein the electronic device contains a number of static storage elements, wherein the program instructions comprise program instructions for:
- reading initial values of the static storage elements after cycling power applied to the static storage elements, for multiple power cycles, to collect a set of power-up states;
  
  repeatedly executing the program instructions for reading for multiple environmental temperatures of the device, wherein multiple cycles of power are applied to the electronic device for the multiple environmental temperatures, to collect the sets of power-up states for the multiple environmental temperatures; and
  
  computing the at least one identifier from the collected sets of power-up states.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein the at least one identifier is a single identifier, and wherein the program instructions for computing compute the single identifier from all of the collected sets of power-up states.
  - 19. The computer program product of claim 17, wherein the program instructions for repeatedly executing repeatedly execute the program instructions for reading for exactly two temperatures, a first temperature substantially near a lower operating temperature limit of the electronic device and a second temperature substantially near an upper operating temperature limit of the electronic device, and wherein the program instructions for reading are executed while providing a fixed operating voltage to the electronic device.
  - 20. The computer program product of claim 17, wherein the at least one identifier comprises multiple identifiers, wherein the program instructions for computing compute separate identifiers for the corresponding multiple environmental temperatures in conformity with the set of power-up states collected for the corresponding environmental temperature.
  - 21. The computer program product of claim 17, wherein the program instructions for computing further comprise program instructions for:
    - computing an expected value of the power-up state for the static storage elements for the multiple environmental temperatures from the set of power-up states collected for the corresponding environmental temperature; and
      
      combining the expected value for the multiple environmental temperatures to generate a unified expected value for the static storage elements, wherein the at least one identifier includes fields expressing the unified expected value of the power-up state of at least some of the static storage elements for the multiple environmental temperatures.
  - 22. The computer program product of claim 21, wherein the program instructions for computing further comprise program instructions for:
    - determining which of the storage elements have expected values that change over the multiple environmental temperatures; and
      
      excluding the storage elements that have expected values that change over the multiple environmental temperatures from the computing of the at least one identifier by setting the corresponding unified expected value to a static value.
  - 23. The computer program product of claim 21, wherein the at least one identifier comprises pairs of the unified expected value and the probability that the corresponding unified expected value will be assumed by the corresponding storage element for storage elements that are not excluded by the program instructions for excluding.
  - 24. The computer program product of claim 17, wherein the program instructions for repeatedly executing repeatedly execute the program instructions for reading for multiple power supply voltages applied to the device to collect the sets of power-up states for the corresponding multiple power supply voltages at the multiple environmental temperatures.

25. A method for authenticating an electronic device as being a particular electronic device, wherein the electronic device contains a number of static storage elements, and wherein the method comprises:
- applying power to the electronic device;
  
  reading initial values of the static storage elements after applying power to collect a set of power-up states;
  
  comparing the initial values with an identifier corresponding to the particular electronic device, wherein the identifier encodes an expected value of a set of static storage elements within the particular device and a probability that one of the static storage elements will assume its corresponding expected value.
- View Dependent Claims (26, 27)
- - 26. The method of claim 25, wherein the comparing further comprises:
    - for the static storage elements of the particular electronic device that have an expected value that matches the initial value of the corresponding static storage elements in the electronic device, adding the corresponding probability to a total;
      
      for the static storage elements of the particular electronic device that have an expected value that does not match the initial value of the corresponding static storage elements in the electronic device, subtracting the corresponding probability from a total; and
      
      comparing the total to a threshold value to determine if a match between the initial values and the identifier is sufficient.
  - 27. The method of claim 26, further comprising dividing the total by a number of static storage elements included in the comparing.

28. A computer system comprising a processor for executing program instructions and a memory coupled to the processor for storing the program instructions, wherein the program instructions comprise program instructions for authenticating an electronic device as being a particular electronic device, wherein the electronic device contains a number of static storage elements, wherein the program instructions comprise program instructions for:
- reading initial values of the static storage elements after power has been applied to the electronic device to collect a set of power-up states; and
  
  comparing the initial values with an identifier corresponding to the particular electronic device, wherein the identifier encodes an expected value of a set of static storage elements within the particular device and a probability that one of the static storage elements will assume its corresponding expected value.
- View Dependent Claims (29, 30)
- - 29. The computer system of claim 28, wherein the program instructions for comparing further comprise program instructions for:
    - for the static storage elements of the particular electronic device that have an expected value that matches the initial value of the corresponding static storage elements in the electronic device, adding the corresponding probability to a total;
      
      for the static storage elements of the particular electronic device that have an expected value that does not match the initial value of the corresponding static storage elements in the electronic device, subtracting the corresponding probability from a total; and
      
      comparing the total to a threshold value to determine if a match between the initial values and the identifier is sufficient.
  - 30. The computer system of claim 29, wherein the program instructions further comprise program instructions for dividing the total by a number of static storage elements included in the comparing.

31. A computer program product comprising computer-readable storage media encoding program instructions for execution by a processing system, wherein the program instructions comprise program instructions for authenticating an electronic device as being a particular electronic device, wherein the electronic device contains a number of static storage elements, wherein the program instructions comprise program instructions for:
- reading initial values of the static storage elements after power has been applied to the electronic device to collect a set of power-up states; and
  
  comparing the initial values with an identifier corresponding to the particular electronic device, wherein the identifier encodes an expected value of a set of static storage elements within the particular device and a probability that one of the static storage elements will assume its corresponding expected value.
- View Dependent Claims (32, 33)
- - 32. The computer program product of claim 31, wherein the program instructions for comparing further comprise program instructions for:
    - for the static storage elements of the particular electronic device that have an expected value that matches the initial value of the corresponding static storage elements in the electronic device, adding the corresponding probability to a total;
      
      for the static storage elements of the particular electronic device that have an expected value that does not match the initial value of the corresponding static storage elements in the electronic device, subtracting the corresponding probability from a total; and
      
      comparing the total to a threshold value to determine if a match between the initial values and the identifier is sufficient.
  - 33. The computer program product of claim 32, further comprising program instructions for dividing the total by a number of static storage elements included in the comparing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kim, Joonsoo, Schaub, Jeremy D., Gebara, Fadi H., Strumpen, Volker

Granted Patent

US 8,219,857 B2
Time in Patent Office

Days
Field of Search
US Class Current

702/57
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/73   by creating or determining ...

G11C 11/41   forming static cells with p...

G11C 16/20   Initialising; Data preset; ...

G11C 2029/4402   Internal storage of test re...

G11C 2029/5002   Characteristic

G11C 29/50   Marginal testing, e.g. race...

Temperature-Profiled Device Fingerprint Generation and Authentication from Power-Up States of Static Cells

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Temperature-Profiled Device Fingerprint Generation and Authentication from Power-Up States of Static Cells

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links