Apparatus, system and method for providing cryptographic key information with physically unclonable function circuitry

US 9,208,355 B1
Filed: 05/28/2013
Issued: 12/08/2015
Est. Priority Date: 05/28/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an interface to couple the apparatus to a host and to perform an exchange of data with the host;

physically unclonable function (PUF) circuitry configured to generate a first value;

a first cryptographic engine coupled to receive the first value from the PUF circuitry;

control circuitry coupled to signal the first cryptographic engine to perform a cryptographic operation associated with the exchange of data, wherein the first cryptographic engine is configured to perform the cryptographic operation based on the first value;

a first signal line coupled between the PUF circuitry and the first cryptographic engine, wherein the first cryptographic engine is coupled to receive the first value from the PUF circuitry via the first signal line; and

a bus coupling the first cryptographic engine to the control circuitry or the interface, wherein the first cryptographic engine is coupled to output a result of the cryptographic operation to the bus, wherein any exchange of the first value by the first cryptographic engine and any exchange of the first value by the PUF circuitry is for communication of the first value independent of the bus, wherein the bus is further coupled to the PUF circuitry independent of the first signal line, wherein the PUF circuitry is further configured to output a second value to the bus independent of the second value being exchanged via the first signal line.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques and mechanisms for providing a value from physically unclonable function (PUF) circuitry for a cryptographic operation of a security module. In an embodiment, a cryptographic engine receives a value from PUF circuitry and based on the value, outputs a result of a cryptographic operation to a bus of the security module. The bus couples the cryptographic engine to control logic or interface logic of the security module. In another embodiment, the value is provided to the cryptographic engine from the PUF circuitry via a signal line which is distinct from the bus, where any exchange of the value by either of the cryptographic engine and the PUF circuitry is for communication of the first value independent of the bus.

Citations

20 Claims

1. An apparatus comprising:
- an interface to couple the apparatus to a host and to perform an exchange of data with the host;
  
  physically unclonable function (PUF) circuitry configured to generate a first value;
  
  a first cryptographic engine coupled to receive the first value from the PUF circuitry;
  
  control circuitry coupled to signal the first cryptographic engine to perform a cryptographic operation associated with the exchange of data, wherein the first cryptographic engine is configured to perform the cryptographic operation based on the first value;
  
  a first signal line coupled between the PUF circuitry and the first cryptographic engine, wherein the first cryptographic engine is coupled to receive the first value from the PUF circuitry via the first signal line; and
  
  a bus coupling the first cryptographic engine to the control circuitry or the interface, wherein the first cryptographic engine is coupled to output a result of the cryptographic operation to the bus, wherein any exchange of the first value by the first cryptographic engine and any exchange of the first value by the PUF circuitry is for communication of the first value independent of the bus, wherein the bus is further coupled to the PUF circuitry independent of the first signal line, wherein the PUF circuitry is further configured to output a second value to the bus independent of the second value being exchanged via the first signal line.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the PUF circuitry configured to generate the first value includes the PUF circuitry configured to perform a deterministic generation of the first value.
  - 3. The apparatus of claim 1, wherein the PUF circuitry includes:
    - a first PUF circuit configured to perform a deterministic generation of a second value; and
      
      a random number generator circuit coupled to receive the second value, wherein the PUF circuitry configured to generate the first value includes the random number generator circuit configured to generate the first value in response to the received second value.
  - 4. The apparatus of claim 3, wherein the random number generator circuit includes a PUF circuit.
  - 5. The apparatus of claim 1, wherein the PUF circuitry is configured to provide the second value as a symmetric key.
  - 6. The apparatus of claim 1, wherein the PUF circuitry is configured to perform a non-deterministic generation of the second value.
  - 7. The apparatus of claim 1, further comprising a second cryptographic engine coupled to the bus, the second cryptographic engine configured to receive the second value and to generate an asymmetric key value pair based on the second value.
  - 8. The apparatus of claim 1, wherein the cryptographic operation is configured to evaluate software code for a trusted execution environment.
  - 9. The apparatus of claim 1, wherein the first value is a symmetric key for the cryptographic operation.
  - 10. The apparatus of claim 1, wherein the first cryptographic engine configured to perform the cryptographic operation includes the first cryptographic engine configured to generate an asymmetric key value pair based on the first value.

11. A method at a security module coupled to a host, the method comprising:
- performing an exchange of data with the host via an interface of the security module;
  
  generating a first value with physically unclonable function (PUF) circuitry;
  
  exchanging the first value from the PUF circuitry to a first cryptographic engine with a signal line;
  
  in response to signaling by control circuitry of the security module, performing with the first cryptographic engine a cryptographic operation associated with the exchange of data based on the first value;
  
  outputting a result of the cryptographic operation from the first cryptographic engine to a bus of the security module, the bus coupling the first cryptographic engine to the control circuitry or the interface, wherein any exchange of the first value by the first cryptographic engine and any exchange of the first value by the PUF circuitry is for communication of the first value independent of the bus; and
  
  outputting a second value from the PUF circuitry to the bus independent of any communication of the second value via the signal line.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein generating the first value includes performing a deterministic generation of the first value.
  - 13. The method of claim 11, further comprising:
    - performing with a first PUF circuit of the PUF circuitry a deterministic generation of a second value,receiving the seed value at a random number generator of the PUF circuitry, wherein generating the first value includes the random number generator circuit generating the first value in response to the received second value.
  - 14. The method of claim 11, further comprising:
    - receiving the second value at a second cryptographic engine coupled to the bus; and
      
      generating an asymmetric key value pair based on the second value.
  - 15. The method of claim 11, wherein the cryptographic operation to evaluate software code for a trusted execution environment.

16. A system comprising:
- a host including one or more processor cores;
  
  a security module including;
  
  an interface coupling the security module to the host, the interface to perform an exchange of data with the host;
  
  physically unclonable function (PUF) circuitry configured to generate a first value;
  
  a first cryptographic engine coupled to receive the first value from the PUF circuitry;
  
  control circuitry coupled to signal the first cryptographic engine to perform a cryptographic operation associated with the exchange of data, wherein the first cryptographic engine is configured to perform the cryptographic operation based on the first value;
  
  a first signal line coupled between the PUF circuitry and the first cryptographic engine, wherein the first cryptographic engine is coupled to receive the first value from the PUF circuitry via the first signal line; and
  
  a bus coupling the first cryptographic engine to the control circuitry or the interface, wherein the first cryptographic engine is coupled to output a result of the cryptographic operation to the bus, wherein any exchange of the first value by the first cryptographic engine and any exchange of the first value by the PUF circuitry is for communication of the first value independent of the bus, wherein the bus is further coupled to the PUF circuitry independent of the first signal line, wherein the PUF circuitry is further configured to output a second value to the bus independent of the second value being exchanged via the first signal line.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the PUF circuitry is configured to perform a deterministic generation of the first value.
  - 18. The system of claim 17, wherein the PUF circuitry is configured to perform a non-deterministic generation of the second value.
  - 19. The system of claim 16, further comprising a second cryptographic engine coupled to the bus, the second cryptographic engine configured to receive the second value and to generate an asymmetric key pair based on the second value.
  - 20. The system of claim 16, wherein the cryptographic operation is configured to evaluate software code for a trusted execution environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Technology & Engineering Solutions Of Sandia LLC (Honeywell International Inc.)
Original Assignee
Sandia Corporation (Martin Marietta Corporation)
Inventors
Areno, Matthew
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US13/903,813
Time in Patent Office

924 Days
Field of Search

713/192
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/73   by creating or determining ...

H04L 9/0866   involving user or device id...

H04L 9/3271   using challenge-response

H04L 9/3278   using physically unclonable...

Apparatus, system and method for providing cryptographic key information with physically unclonable function circuitry

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, system and method for providing cryptographic key information with physically unclonable function circuitry

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links