RESILIENT DEVICE AUTHENTICATION SYSTEM WITH METADATA BINDING
First Claim
1. A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (“
- PUF”
), the system comprising;
one or more verification authorities (“
VAs”
) each including a VA processor and a VA memory loaded with a complete verification set (“
loaded CVS”
) that includes hardware part-specific data associated with the PUFs of the one or more managed devices and further includes metadata, the VA processor being configured to create a limited verification set (“
LVS”
) by performing one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS that represents both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and
one or more provisioning entities (“
PEs”
) each connectable to at least one of the one or more VAs, each PE including a PE processor and a PE memory loaded with a LVS, and configured to select a subset of the LVS loaded in the PE memory so as to create an application limited verification set (“
ALVS”
).
4 Assignments
0 Petitions
Accused Products
Abstract
A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices'"'"' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS). The system may also comprise one or more device management systems each connectable to a PE and to managed devices and including a memory configured to store an ALVS. The VA may also be configured to create a replacement LVS.
-
Citations
10 Claims
-
1. A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (“
- PUF”
), the system comprising;
one or more verification authorities (“
VAs”
) each including a VA processor and a VA memory loaded with a complete verification set (“
loaded CVS”
) that includes hardware part-specific data associated with the PUFs of the one or more managed devices and further includes metadata, the VA processor being configured to create a limited verification set (“
LVS”
) by performing one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS that represents both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and
one or more provisioning entities (“
PEs”
) each connectable to at least one of the one or more VAs, each PE including a PE processor and a PE memory loaded with a LVS, and configured to select a subset of the LVS loaded in the PE memory so as to create an application limited verification set (“
ALVS”
). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- PUF”
Specification
-
- Resources
-
Current AssigneeAnalog Devices, Inc.
-
Original AssigneeSypris Electronics, LLC (Sypris Solutions Incorporated)
-
InventorsDuren, Michael J., Walsh, John J., Wallrabenstein, John Ross, Aldridge, Hal A.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06F 12/1408 by using cryptography for d...G06F 21/44 Program or device authentic...G06F 2212/1052 Security improvementH04L 63/08 for authentication of entit...H04L 63/0876 based on the identity of th...H04L 9/0866 involving user or device id...H04L 9/3242 involving keyed hash functi...H04L 9/3278 using physically unclonable...
