Hardware device to physical structure binding and authentication
First Claim
1. An apparatus, comprising:
- a physical structure including an external physically unclonable function (“
PUF”
) circuit disposed in or on the physical structure, the external PUF circuit coupled to output an external PUF value associated with the physical structure; and
a hardware device communicatively coupled to the physical structure, the hardware device including a cryptographic fingerprint unit for authenticating a binding of the hardware device and the physical structure, the cryptographic fingerprint unit including;
an internal PUF circuit disposed in or on the hardware device, the internal PUF circuit coupled to output an internal PUF value associated with the hardware device;
binding logic coupled to receive the internal PUF value and the external PUF value associated with the physical structure, wherein the binding logic is configured to generate a binding PUF value using the internal PUF value and the external PUF value; and
a cryptographic unit coupled to receive the binding PUF value, wherein the cryptographic unit is configured to use the binding PUF value to allow a challenger to authenticate the binding of the hardware device and the physical structure.
4 Assignments
0 Petitions
Accused Products
Abstract
Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function (“PUF”) circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.
-
Citations
31 Claims
-
1. An apparatus, comprising:
-
a physical structure including an external physically unclonable function (“
PUF”
) circuit disposed in or on the physical structure, the external PUF circuit coupled to output an external PUF value associated with the physical structure; anda hardware device communicatively coupled to the physical structure, the hardware device including a cryptographic fingerprint unit for authenticating a binding of the hardware device and the physical structure, the cryptographic fingerprint unit including; an internal PUF circuit disposed in or on the hardware device, the internal PUF circuit coupled to output an internal PUF value associated with the hardware device; binding logic coupled to receive the internal PUF value and the external PUF value associated with the physical structure, wherein the binding logic is configured to generate a binding PUF value using the internal PUF value and the external PUF value; and a cryptographic unit coupled to receive the binding PUF value, wherein the cryptographic unit is configured to use the binding PUF value to allow a challenger to authenticate the binding of the hardware device and the physical structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31)
-
-
16. A method for cryptographically fingerprinting a binding of a hardware device and a physical structure, the method comprising:
-
generating an internal physically unclonable function (“
PUF”
) value using an internal PUF circuit disposed within the hardware device;receiving an external PUF value from the physical structure, wherein the physical structure includes an external PUF circuit disposed in or on the physical structure, the external PUF circuit coupled to output an external PUF value associated with the physical structure; generating a binding PUF value using the internal PUF and the external PUF; seeding a cryptographic function based on the binding PUF value; generating a cryptographic key from the cryptographic function; and storing the cryptographic key associated with a binding identifier of the binding of the hardware device and the physical structure as a binding fingerprint for future use by a challenger to authenticate the binding of the hardware device and the physical structure using a cryptographic challenge and response. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for cryptographically authenticating a binding of a hardware device and a physical structure, the method comprising:
-
retrieving a binding identifier of the binding of the hardware device and the physical structure, wherein the physical structure includes an external physically unclonable function (“
PUF”
) circuit disposed in or on the physical structure, the external PUF circuit coupled to output an external PUF value associated with the physical structure;using the binding identifier to retrieve a binding fingerprint for the binding of the hardware device and the physical structure, the binding fingerprint including a cryptographic key, wherein the binding fingerprint is based upon a binding PUF value generated by a combination of an internal PUF circuit disposed within the hardware device and the external PUF value associated with the physical structure; and authenticating the binding of the hardware device and the physical structure using the cryptographic key. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification