PHYSICS-BASED KEY GENERATION

US 20150180841A1
Filed: 03/05/2015
Published: 06/25/2015
Est. Priority Date: 02/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an output generated by a first component of a first node, wherein the output is based on a physical configuration of the first component, and wherein outputs generated by the first component vary over time;

generating, with a controller of the first node, a key based on the output;

encrypting, with the controller, data with the key; and

transmitting the encrypted data to a second node, the second node comprising a second component configured to generate an output that is based on a physical configuration of the second component, wherein a first clock of the first node and a second clock of the second node are substantially synchronized such that the first and second nodes are configured to generate substantially time-matched keys based on outputs of the first and second components, respectively.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some examples, a controller is configured to generate a key based on a physics-based output of a component. The controller may, for example, use the key to authenticate communication between at least two nodes, to encrypt data, or to decrypt data, may be generated based on a physics-based output generated a component. The output generated by the component may vary over time, such that the controller is configured to generate a different key, depending on the time at which the output from the component used to generate the key was generated by the component. In some examples, the key is not stored in a memory, and is a discrete signal that only exists in real-time while the component is active and generating the detectable output.

Citations

20 Claims

1. A method comprising:
- receiving an output generated by a first component of a first node, wherein the output is based on a physical configuration of the first component, and wherein outputs generated by the first component vary over time;
  
  generating, with a controller of the first node, a key based on the output;
  
  encrypting, with the controller, data with the key; and
  
  transmitting the encrypted data to a second node, the second node comprising a second component configured to generate an output that is based on a physical configuration of the second component, wherein a first clock of the first node and a second clock of the second node are substantially synchronized such that the first and second nodes are configured to generate substantially time-matched keys based on outputs of the first and second components, respectively.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - generating, by a circuit of the first node, a waveform or particle from the output of the first component; and
      
      converting the waveform or particle into a discrete signal, wherein generating the key based on the output of the first component comprises generating the key based on the discrete signal.
  - 3. The method of claim 1, further comprising controlling a stimulus source to apply a stimulus to the first component to cause the first component to generate the output.
  - 4. The method of claim 1, wherein the output generated by the first component comprises a first output, the key comprises a first key, and the data comprises a first data set, the method further comprising:
    - receiving a second output generated by the first component of the first node, wherein the second output is based on the physical configuration of the first component and is different than the first output;
      
      generating, with the controller of the first node, a second key based on the second output;
      
      encrypting, with the controller, a second data set with the second key; and
      
      transmitting the encrypted second data set to the second node.
  - 5. The method of claim 1, wherein the output generated by the first component comprises a first output generated by the first component at a first time, the key comprises a first key, and the data comprises a first data set, the method further comprising:
    - receiving a second output generated by the first component of the first node at a second time, wherein the second output is based on the physical configuration of the first component and is different than the first output;
      
      generating, with the controller of the first node, a second key based on the second output;
      
      receiving a second data set from the second node at a second time within the predetermined time window of the second time; and
      
      decrypting, with the controller, the received second data set with the second key.
  - 6. The method of claim 1, wherein the controller comprises a first controller, the key comprises a first key, and the output generated by the first component comprises the output generated by the first component at a first time, the method further comprising:
    - receiving, by a second node, the encrypted data from the first node;
      
      receiving, by a second controller of the second node, the output generated by the second component at a second time, the second time being within a predetermined time window of the first time;
      
      generating, with the second controller, a second key based on the output generated by the second component at the second time; and
      
      decrypting, with the second controller, the received encrypted data with the second key.
  - 7. The method of claim 1, wherein generating the key comprises:
    - generating a value based on the output generated by the first component;
      
      transforming the value with a transformation algorithm that results in a unique value; and
      
      generating the key based on the unique value.

8. A system comprising:
- a first node comprising;
  
  a communication module;
  
  a first component configured to generate an output, wherein the first component is a physical structure, wherein the output is based on a physical configuration of the first component, and wherein outputs generated by the first component vary over time;
  
  a first clock; and
  
  a controller configured to generate a key based on the output generated by the first component, encrypt data with the key, and transmit the encrypted data to a second node via the communication module, the second node comprising a second component configured to generate an output that is based on a physical configuration of the second component, wherein a first clock of the first node and a second clock of the second node are synchronized such that the first and second nodes are configured to generate substantially time-matched keys based on outputs of the first and second components, respectively.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, wherein the output generated by the first component comprises a first output generated at a first time and the key comprises a first key, wherein the first component is configured to generate a second output at a second time, the second output being different than the first output, and wherein the controller is configured to generate a second key based on the second output.
  - 10. The system of claim 9, further comprising a stimulus source configured to apply a first stimulus to the first component to cause the first component to generate the first output and a second stimulus different than the first stimulus to the first component to cause the first component to generate the second output.
  - 11. The system of claim 9, wherein the data comprises a first data set and the controller is configured to encrypt a second data set with the second key and transmit the encrypted second data set to the second node via the communication module.
  - 12. The system of claim 9, wherein the data comprises a first data set and the controller is configured to receive a second data set from the second node and decrypt the second data set with the second key.
  - 13. The system of claim 9, wherein the first component comprises a plurality of components, and wherein the controller is configured to select a first subset of components of the plurality of components, wherein the first subset of components is configured to generate the first output, and wherein the controller is configured to select a second subset of components of the plurality of components, wherein second subset of components is configured to generate the second output.
  - 14. The system of claim 8, wherein the output generated by the first component comprises an output generated by the first component at a first time, the key comprises a first key, the communication module comprises a first communication module, and the controller comprises a first controller, the system further comprising:
    - the second node comprising;
      
      a second communication module;
      
      the second component; and
      
      a second controller configured to generate a second key based on the output generated by the second component at a second time, the second time being within a predetermined window of time of the first time, the second controller being further configured to receive the encrypted data from the first node via the second communication module and decrypt the data using the second key.
  - 15. The system of claim 8, wherein the controller is configured to generate the key by at least generating a value based on the output generated by the first component, transforming the value with a transformation algorithm that results in a unique value, and generating the key based on the unique value.

16. A system comprising:
- a first node comprising;
  
  a communication module;
  
  a first component configured to generate an output, wherein the first component is a physical structure, wherein the output is based on a physical configuration of the first component, and wherein outputs generated by the first component vary over time;
  
  a first clock; and
  
  a controller configured to generate a key based on the output generated by the first component, receive data from a second node, and decrypt the received data with the key, the second node comprising a second component configured to generate an output that is based on a physical configuration of the second component, wherein a first clock of the first node and a second clock of the second node are synchronized such that the first and second nodes are configured to generate substantially time-matched keys based on outputs of the first and second components, respectively.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the output generated by the first component comprises a first output generated by the first component at a first time and the data comprises a first data set, the first component being further configured to generate a second output at a second time, the second output being different than the first output, wherein the controller is configured to generate a second key based on the second output, encrypt a second data set with the second key, and transmit the encrypted second data set to the second node via the communication module.
  - 18. The system of claim 17, wherein the output generated by the first component comprises a first output generated by the first component at a first time and the data comprises a first data set, the first component being further configured to generate a second output at a second time, the second output being different than the first output, wherein the controller is configured to generate a second key based on the second output, receive a second data set from the second node, and decrypt the second data set with the second key.
  - 19. The system of claim 16, wherein the key comprises a first key, the output generated by the first component comprises a first output, the communication module comprises a first communication module, and the controller comprises a first controller, the system further comprising:
    - the second node comprising;
      
      a second communication module;
      
      the second component; and
      
      a second controller configured to generate a second key based on a second output generated by the second component within a predetermined window of time of a time at which the first component generates the first output, encrypt the data using the second key, and transmit, via the second communication module, the encrypted data to the first node.
  - 20. The system of claim 16, wherein the controller is configured to generate the key by at least generating a value based on the output generated by the first component, transforming the value with a transformation algorithm that results in a unique value, and generating the key based on the unique value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Heffner, Kenneth H.

Granted Patent

US 10,015,148 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0435   wherein the sending and rec...

H04L 9/08   Key distribution or managem...

H04L 9/0819   Key transport or distributi...

H04L 9/0866   involving user or device id...

H04L 9/0872   using geo-location informat...

H04L 9/12   Transmitting and receiving ...

H04L 9/30   Public key, i.e. encryption...

PHYSICS-BASED KEY GENERATION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PHYSICS-BASED KEY GENERATION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links