Multi-factor authentication
First Claim
1. A hardware device, comprising:
- a hardware platform;
device circuitry coupled to perform a primary function of the hardware device disposed in or on the hardware platform; and
a cryptographic fingerprint unit for authenticating a user of the hardware device, the cryptographic fingerprint unit including;
a physically unclonable function (“
PUF”
) circuit disposed in or on the hardware platform, wherein the PUF circuit is a first authentication factor representing something the user has; and
combining logic coupled to receive at least one other authentication factor and challenge the PUF circuit with the at least one other authentication factor, wherein the at least one other authentication factor is at least one of a second authentication factor representing something the user knows or a third authentication factor representing something the user is, and wherein the PUF circuit is coupled to receive the at least one other authentication factor as a challenge and coupled to output a PUF value in response to being challenged with the at least one other authentication factor, the combining logic coupled to generate a multi-factor authentication value based on the PUF value;
wherein the cryptographic fingerprint unit uses the multi-factor authentication value to allow a challenger to authenticate the user of the hardware device.
3 Assignments
0 Petitions
Accused Products
Abstract
Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function (“PUF”) circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.
198 Citations
28 Claims
-
1. A hardware device, comprising:
-
a hardware platform; device circuitry coupled to perform a primary function of the hardware device disposed in or on the hardware platform; and a cryptographic fingerprint unit for authenticating a user of the hardware device, the cryptographic fingerprint unit including; a physically unclonable function (“
PUF”
) circuit disposed in or on the hardware platform, wherein the PUF circuit is a first authentication factor representing something the user has; andcombining logic coupled to receive at least one other authentication factor and challenge the PUF circuit with the at least one other authentication factor, wherein the at least one other authentication factor is at least one of a second authentication factor representing something the user knows or a third authentication factor representing something the user is, and wherein the PUF circuit is coupled to receive the at least one other authentication factor as a challenge and coupled to output a PUF value in response to being challenged with the at least one other authentication factor, the combining logic coupled to generate a multi-factor authentication value based on the PUF value; wherein the cryptographic fingerprint unit uses the multi-factor authentication value to allow a challenger to authenticate the user of the hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for enrolling a user of a hardware device for subsequent authentication, the method comprising:
-
challenging a physically unclonable function (“
PUF”
) circuit with a second authentication factor representing a biometric of the user to generate a multi-factor authentication value, wherein the biometric of the user is measured by a biometric reader of the hardware device and the PUF circuit is coupled to receive the second authentication factor as a challenge, and wherein the PUF circuit is a first authentication factor representing something the user has;seeding a cryptographic function based on the multi-factor authentication value; generating a cryptographic key from the cryptographic function; and storing the cryptographic key of the hardware device for future use by a challenger to authenticate the user of the hardware device using a cryptographic challenge and response. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for enrolling a user of a hardware device for subsequent authentication, the method comprising:
-
challenging a physically unclonable function (“
PUF”
) circuit with a second authentication factor representing a biometric of a user, wherein the biometric of the user is measured by a biometric reader of the hardware device and the PUF circuit is coupled to receive the second authentication factor as a challenge, and wherein the PUF circuit is disposed within the hardware device;generating a PUF value in response to being challenged with the second authentication factor;
wherein the PUF value is a first authentication factor representing something the user has;generating helper data using the PUF value; and storing the helper data for future use to recover the PUF value during for a cryptographic challenge and response. - View Dependent Claims (23, 24, 25)
-
-
26. A method for cryptographically authenticating a user of a hardware device, the method comprising:
-
retrieving a device identifier of the hardware device; using the device identifier to retrieve a user-device fingerprint for the hardware device, the user-device fingerprint including a cryptographic key, wherein the user-device fingerprint is based upon a multi-factor authentication value based on a physically unclonable function (“
PUF”
) value generated in response to challenging a PUF circuit of the hardware device with a second authentication factor representing a biometric of a user, wherein the biometric of the user is measured by a biometric reader of the hardware device and the PUF circuit is coupled to receive the second authentication factor as a challenge, and wherein the PUF value is a first authentication factor representing something the user has; andauthenticating the user of the hardware device using the cryptographic key. - View Dependent Claims (27, 28)
-
Specification