RESILIENT DEVICE AUTHENTICATION SYSTEM WITH METADATA BINDING
First Claim
1. A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (“
- PUF”
), the system comprising;
one or more verification authorities (“
VAs”
) each including a VA processor and a VA memory loaded with a complete verification set (“
loaded CVS”
) that includes hardware part-specific data associated with the PUFs of the one or more managed devices and further includes metadata, the VA processor being configured to create a limited verification set (“
LVS”
) by performing one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS that represents both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and
one or more provisioning entities (“
PEs”
) each connectable to at least one of the one or more VAs, each PE including a PE processor and a PE memory loaded with a LVS, and configured to select a subset of the LVS loaded in the PE memory so as to create an application limited verification set (“
ALVS”
).
4 Assignments
0 Petitions
Accused Products
Abstract
A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices'"'"' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS). The system may also comprise one or more device management systems each connectable to a PE and to managed devices and including a memory configured to store an ALVS. The VA may also be configured to create a replacement LVS.
-
Citations
10 Claims
-
1. A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (“
- PUF”
), the system comprising;
one or more verification authorities (“
VAs”
) each including a VA processor and a VA memory loaded with a complete verification set (“
loaded CVS”
) that includes hardware part-specific data associated with the PUFs of the one or more managed devices and further includes metadata, the VA processor being configured to create a limited verification set (“
LVS”
) by performing one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS that represents both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and
one or more provisioning entities (“
PEs”
) each connectable to at least one of the one or more VAs, each PE including a PE processor and a PE memory loaded with a LVS, and configured to select a subset of the LVS loaded in the PE memory so as to create an application limited verification set (“
ALVS”
). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- PUF”
Specification