Authentication with physical unclonable functions
First Claim
1. A method for authenticating a device using an authentication station, said device providing a capability to accept a challenge value from the authentication station and return a response value to the challenge value to the authentication station that depends on fabrication characteristics of the device, the method comprising:
- identifying the device, including accepting identification data at the authentication station from the device to be authenticated;
determining authentication data characterizing one or more pairs of challenge and response values associated with the identified device that were previously obtained by a trusted authority in communication with the device, wherein said determining of the data includes securely receiving the data characterizing the one or more pairs of challenge and response values directly from the device at the authentication station and does not require communication between the authentication station and the trusted authority after identifying the device;
providing a first challenge value from the authentication station to the device;
accepting a first response value at the authentication station from the device;
determining whether the pair of the first challenge value and the first response value sufficiently match the authentication data.
1 Assignment
0 Petitions
Accused Products
Abstract
Physical Unclonable Functions (PUFs) for authentication can be implemented in a variety of electronic devices including FPGAs, RFIDs, and ASICs. In some implementations, challenge-response pairs corresponding to individual PUFs can be enrolled and used to determine authentication data, which may be managed in a database. Later when a target object with a PUF is intended to be authenticated a set (or subset) of challenges are applied to each PUF device to authenticate it and thus distinguish it from others. In some examples, authentication is achieved without requiring complex cryptography circuitry implemented on the device. Furthermore, an authentication station does not necessarily have to be in communication with an authority holding the authentication data when a particular device is to be authenticated.
147 Citations
19 Claims
-
1. A method for authenticating a device using an authentication station, said device providing a capability to accept a challenge value from the authentication station and return a response value to the challenge value to the authentication station that depends on fabrication characteristics of the device, the method comprising:
-
identifying the device, including accepting identification data at the authentication station from the device to be authenticated; determining authentication data characterizing one or more pairs of challenge and response values associated with the identified device that were previously obtained by a trusted authority in communication with the device, wherein said determining of the data includes securely receiving the data characterizing the one or more pairs of challenge and response values directly from the device at the authentication station and does not require communication between the authentication station and the trusted authority after identifying the device; providing a first challenge value from the authentication station to the device; accepting a first response value at the authentication station from the device; determining whether the pair of the first challenge value and the first response value sufficiently match the authentication data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for authenticating a device using an authentication station, said device providing a capability to accept a challenge value from the authentication station and return a response value to the challenge value to the authentication station that depends on fabrication characteristics of the device, the method comprising:
-
identifying the device, including accepting identification data at the authentication station from the device to be authenticated; determining authentication data characterizing one or more pairs of challenge and response values associated with the identified device that were previously obtained by a trusted authority in communication with the device, wherein the authentication data comprises model parameters sufficient to predict a response value for each of a plurality of challenge values for which response values have not been provided from the device; providing a first challenge value from the authentication station to the device; accepting a first response value at the authentication station from the device; determining whether the pair of the first challenge value and the first response value sufficiently match the authentication data. - View Dependent Claims (16, 17, 18, 19)
-
Specification