Deterrence of device counterfeiting, cloning, and subversion by substitution using hardware fingerprinting
First Claim
1. A computing device, comprising:
- a hardware platform;
device circuitry coupled to perform a primary function of the computing device disposed in or on the hardware platform; and
a cryptographic fingerprint unit coupled to authenticate the hardware platform including;
a physically unclonable function (“
PUF”
) circuit disposed in or on the hardware platform, the PUF circuit coupled to output a PUF value;
a plurality of programmable PUF perturbation devices coupled to one or more signal paths within the PUF circuit or disposed adjacent to the one or more signal paths, wherein the programmable PUF perturbation devices influence delays associated with the one or more signal paths based on a programmed state of the PUF perturbation devices;
a key generator coupled to generate a private key and a public key based on the PUF value; and
a decryptor coupled to receive an authentication challenge posed to the computing device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.
4 Assignments
0 Petitions
Accused Products
Abstract
Deterrence of device subversion by substitution may be achieved by including a cryptographic fingerprint unit within a computing device for authenticating a hardware platform of the computing device. The cryptographic fingerprint unit includes a physically unclonable function (“PUF”) circuit disposed in or on the hardware platform. The PUF circuit is used to generate a PUF value. A key generator is coupled to generate a private key and a public key based on the PUF value while a decryptor is coupled to receive an authentication challenge posed to the computing device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.
-
Citations
29 Claims
-
1. A computing device, comprising:
-
a hardware platform; device circuitry coupled to perform a primary function of the computing device disposed in or on the hardware platform; and a cryptographic fingerprint unit coupled to authenticate the hardware platform including; a physically unclonable function (“
PUF”
) circuit disposed in or on the hardware platform, the PUF circuit coupled to output a PUF value;a plurality of programmable PUF perturbation devices coupled to one or more signal paths within the PUF circuit or disposed adjacent to the one or more signal paths, wherein the programmable PUF perturbation devices influence delays associated with the one or more signal paths based on a programmed state of the PUF perturbation devices; a key generator coupled to generate a private key and a public key based on the PUF value; and a decryptor coupled to receive an authentication challenge posed to the computing device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for cryptographically fingerprinting a hardware device, the method comprising:
-
generating a physically unclonable function (“
PUF”
) value using a PUF circuit disposed within the hardware device;selecting an error correction code (“
ECC”
) codeword for reducing noise in a second portion of the PUF value based upon a first portion of the PUF value;generating a seed value for seeding the cryptographic function based on the second portion of the PUF value; seeding a cryptographic with the seed value; generating a cryptographic key from the cryptographic function; and storing the cryptographic key associated with an identifier of the hardware device as a device fingerprint for future use by a challenger to authenticate the hardware device using a cryptographic challenge and response. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for cryptographically authenticating a hardware device, the method comprising:
-
programming a PUF perturbation device coupled to one or more signal paths within a PUF circuit or disposed adjacent to the PUF circuit, wherein the programming the PUF perturbation device causes the PUF circuit to output a new PUF value different than a previous PUF value of the PUF circuit, the hardware device including the PUF circuit; generating a cryptographic key from the new PUF value; storing the cryptographic key associated with a device identifier of the hardware device as a device fingerprint in a memory; retrieving the device identifier of the hardware device; using the device identifier to retrieve a device fingerprint for the hardware device from the memory, the device fingerprint including a public key generated by a key generator seeded with a seed value based on the new PUF value; encrypting a message with the public key to generate an encrypted message; challenging the hardware device to decrypt the encrypted message, wherein in response to challenging the hardware device to decrypt the encrypted message, the hardware device enables the PUF circuit to regenerate the new PUF value and the key generator uses the regenerated new PUF value to generate a private key and decrypt the encrypted message using the private key; and determining whether the hardware device has been compromised based upon whether the hardware device is able to decrypt the encrypted message. - View Dependent Claims (26, 27, 28, 29)
-
Specification