Unclonable ID based chip-to-chip communication

US 9,219,722 B2
Filed: 12/11/2013
Issued: 12/22/2015
Est. Priority Date: 12/11/2013
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for authenticating a node in an electronic communications system, the method comprising:

receiving an authentication request from a node;

transmitting a generating challenge to the node, wherein the generating challenge prompts the node to generate a first code representing an output of a first encryption challenge having inputs that include a random value and a first intrinsic ID based on an intrinsic feature, wherein the first encryption challenge is an invertible function;

receiving the first code from the node in response to the generating challenge;

generating a second code as an extracted value from an inverse function, wherein the second code represents an output of a second encryption challenge having inputs that include at least two of;

the first code, the random value, and a second intrinsic ID, wherein the second intrinsic ID is obtained from a source other than the node, and wherein the random value comprises one of an external value transmitted to the node and the electronic communications system, or a value generated in each of the electronic communications system and the node using a same seed input; and

authenticating the node, using a check function, based on one or more of;

the second encryption challenge having inputs of the random value and the second intrinsic ID, and the second code matching the first code;

the second encryption challenge having inputs of the first code and the random value, and the second code matching the second intrinsic ID; and

the second encryption challenge having inputs of the first code and the second intrinsic ID, and the second code matching the random value;

whereby the first intrinsic ID matches the second intrinsic ID.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first copy of an intrinsic ID of a first node may be stored on a second node. The first node may receive a challenge that causes it to generate a second copy of its intrinsic ID. The second copy and a random value may be used as inputs of a function to generate a first code. The first code is transmitted to the second node. The second node decodes the first code using its local copies of the random value and/or the intrinsic ID. The second node checks the decoded information against its local information and authenticates the first node if there is a match.

17 Citations

View as Search Results

18 Claims

1. A computer implemented method for authenticating a node in an electronic communications system, the method comprising:
- receiving an authentication request from a node;
  
  transmitting a generating challenge to the node, wherein the generating challenge prompts the node to generate a first code representing an output of a first encryption challenge having inputs that include a random value and a first intrinsic ID based on an intrinsic feature, wherein the first encryption challenge is an invertible function;
  
  receiving the first code from the node in response to the generating challenge;
  
  generating a second code as an extracted value from an inverse function, wherein the second code represents an output of a second encryption challenge having inputs that include at least two of;
  
  the first code, the random value, and a second intrinsic ID, wherein the second intrinsic ID is obtained from a source other than the node, and wherein the random value comprises one of an external value transmitted to the node and the electronic communications system, or a value generated in each of the electronic communications system and the node using a same seed input; and
  
  authenticating the node, using a check function, based on one or more of;
  
  the second encryption challenge having inputs of the random value and the second intrinsic ID, and the second code matching the first code;
  
  the second encryption challenge having inputs of the first code and the random value, and the second code matching the second intrinsic ID; and
  
  the second encryption challenge having inputs of the first code and the second intrinsic ID, and the second code matching the random value;
  
  whereby the first intrinsic ID matches the second intrinsic ID.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the intrinsic feature is an intrinsic feature of the node;
      
      the first intrinsic ID is an intrinsic ID of the node dynamically generated by the node based on the intrinsic feature of the node using the generating challenge; and
      
      the second intrinsic ID is obtained from a database record associated with the generating challenge and the node, wherein the database record is not maintained on the node.
  - 3. The method of claim 1, wherein:
    - the first intrinsic ID is obtained from a database record associated with the generating challenge, wherein the database record is obtainable by the node; and
      
      the second intrinsic ID is dynamically generated using the generating challenge based on the intrinsic feature.
  - 4. The method of claim 1, wherein:
    - the second code is the output of the second encryption challenge having inputs of the random value and the second intrinsic ID; and
      
      authenticating the node is based on a hashed value of the first code matching a hashed value of the second code, wherein the hashed value of the first code and the hashed value of the second code are generated using a hash algorithm.
  - 5. The method of claim 1, further comprising:
    - transmitting a plurality of additional generating challenges to the node, wherein the plurality of additional generating challenges prompt the node to generate a corresponding plurality of intrinsic IDs of the node;
      
      receiving encrypted copies of the plurality of intrinsic IDs;
      
      decrypting the encrypted copies of the plurality of intrinsic IDs to generate a corresponding plurality of decrypted values; and
      
      authenticating the node based on each of the plurality of decrypted values matching a corresponding intrinsic ID obtained from a source other than the node.
  - 6. The method of claim 1, wherein the intrinsic feature includes one or more of:
    - a power-up voltage value of SRAM, pairings of ring-oscillator PUPs values, DRAM retention fail counts, a result of a race condition in an arbiter-PUP, and an optical speckle of a disordered three-dimensional microstructure.

7. A system for authenticating a node in an electronic communications system, the system comprising:
- a computer having a processor and a tangible storage device; and
  
  a program embodied on the storage device for execution by the processor, the program having a plurality of modules, the plurality of modules including;
  
  a receiving module configured to receive an authentication request from a node;
  
  a transmitting module configured to transmit a generating challenge to the node, wherein the generating challenge prompts the node to generate a first code representing an output of a first encryption challenge having inputs that include a random value and a first intrinsic ID based on an intrinsic feature, wherein the first encryption challenge is an invertible function;
  
  a second receiving module configured to receive the first code from the node in response to the generating challenge;
  
  a generating module configured to generate a second code as an extracted value from an inverse function, wherein the second code represents an output of a second encryption challenge having inputs that include at least two of;
  
  the first code, the random value, and a second intrinsic ID, wherein the second intrinsic ID is obtained from a source other than the node, and wherein the random value comprises one of an external value transmitted to the node and the electronic communications system, or a value generated in each of the electronic communications system and the node using a same seed input; and
  
  an authenticating module configured to authenticate the node, using a check function, based on one or more of;
  
  the second encryption challenge having inputs of the random value and the second intrinsic ID, and the second code matching the first code;
  
  the second encryption challenge having inputs of the first code and the random value, and the second code matching the second intrinsic ID; and
  
  the second encryption challenge having inputs of the first code and the second intrinsic ID, and the second code matching the random value;
  
  whereby the first intrinsic ID matches the second intrinsic ID.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein:
    - the intrinsic feature is an intrinsic feature of the node;
      
      the first intrinsic ID is an intrinsic ID of the node dynamically generated by the node based on the intrinsic feature of the node using the generating challenge; and
      
      the second intrinsic ID is obtained from a database record associated with the generating challenge and the node, wherein the database record is not maintained on the node.
  - 9. The system of claim 7, wherein:
    - the first intrinsic ID is obtained from a database record associated with the generating challenge, wherein the database record is obtainable by the node; and
      
      the second intrinsic ID is dynamically generated using the generating challenge based on the intrinsic feature.
  - 10. The system of claim 7, wherein:
    - the second code is the output of the second encryption challenge having inputs of the random value and the second intrinsic ID; and
      
      authenticating the node is based on a hashed value of the first code matching a hashed value of the second code, wherein the hashed value of the first code and the hashed value of the second code are generated using a hash algorithm.
  - 11. The system of claim 7, further comprising:
    - transmitting a plurality of additional generating challenges to the node, wherein the plurality of additional generating challenges prompt the node to generate a corresponding plurality of intrinsic IDs of the node;
      
      receiving encrypted copies of the plurality of intrinsic IDs;
      
      decrypting the encrypted copies of the plurality of intrinsic IDs to generate a corresponding plurality of decrypted values; and
      
      authenticating the node based on each of the plurality of decrypted values matching a corresponding intrinsic ID obtained from a source other than the node.
  - 12. The system of claim 7, wherein the intrinsic feature includes one or more of:
    - a power-up voltage value of SRAM, pairings of ring-oscillator PUFs values, DRAM retention fail counts, a result of a race condition in an arbiter-PDF, and an optical speckle of a disordered three-dimensional microstructure.

13. A computer program product for authenticating a node in an electronic communications system, the computer program product comprising a tangible storage non-transitory computer-readable device having program code embodied therewith, the program code executable by a processor of a computer to perform a method, the method comprising:
- receiving, by the processor, an authentication request from a node;
  
  transmitting a generating challenge to the node, wherein the generating challenge prompts the node to generate a first code representing an output of a first encryption challenge having inputs that include a random value and a first intrinsic ID based on an intrinsic feature, wherein the first encryption challenge is an invertible function;
  
  receiving, by the processor, the first code from the node in response to the generating challenge;
  
  generating, by the processor, a second code as an extracted value from an inverse function, wherein the second code represents an output of a second encryption challenge having inputs that include at least two of;
  
  the first code, the random value, and a second intrinsic ID, wherein the second intrinsic ID is obtained from a source other than the node, andwherein the random value comprises one of an external value transmitted to the node and the electronic communications system, or a value generated in each of the electronic communications system and the node using a same seed input; and
  
  authenticating, by the processor, the node using a check function based on one or more of;
  
  the second encryption challenge having inputs of the random value and the second intrinsic ID, and the second code matching the first code;
  
  the second encryption challenge having inputs of the first code and the random value, and the second code matching the second intrinsic ID; and
  
  the second encryption challenge having inputs of the first code and the second intrinsic ID, and the second code matching the random value;
  
  whereby the first intrinsic ID matches the second intrinsic ID.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein:
    - the intrinsic feature is an intrinsic feature of the node;
      
      the first intrinsic ID is an intrinsic ID of the node dynamically generated by the node based on the intrinsic feature of the node using the generating challenge; and
      
      the second intrinsic ID is obtained from a database record associated with the generating challenge and the node, wherein the database record is not maintained on the node.
  - 15. The computer program product of claim 13, wherein:
    - the first intrinsic ID is obtained from a database record associated with the generating challenge, wherein the database record is obtainable by the node; and
      
      the second intrinsic ID is dynamically generated using the generating challenge based on the intrinsic feature.
  - 16. The computer program product of claim 13, wherein:
    - the second code is the output of the second encryption challenge having inputs of the random value and the second intrinsic ID; and
      
      authenticating the node is based on a hashed value of the first code matching a hashed value of the second code, wherein the hashed value of the first code and the hashed value of the second code are generated using a hash algorithm.
  - 17. The computer program product of claim 13, further comprising:
    - transmitting a plurality of additional generating challenges to the node, wherein the plurality of additional generating challenges prompt the node to generate a corresponding plurality of intrinsic IDs of the node;
      
      receiving encrypted copies of the plurality of intrinsic IDs;
      
      decrypting the encrypted copies of the plurality of intrinsic IDs to generate a corresponding plurality of decrypted values; and
      
      authenticating the node based on each of the plurality of decrypted values matching a corresponding intrinsic ID obtained from a source other than the node.
  - 18. The computer program product of claim 13, wherein the intrinsic feature includes one or more of:
    - a power-up voltage value of SRAM, pairings of ring-oscillator PUFs values, DRAM retention fail counts, a result of a race condition in an arbiter-PDF, and an optical speckle of a disordered three-dimensional microstructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
GlobalFoundries, Inc.
Inventors
Chellappa, Srivatsan, Kirihata, Toshiaki, Rosenblatt, Sami
Primary Examiner(s)
HO, DAO Q

Application Number

US14/102,607
Publication Number

US 20150163211A1
Time in Patent Office

741 Days
Field of Search

713/155
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 9/3278   using physically unclonable...

Unclonable ID based chip-to-chip communication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Unclonable ID based chip-to-chip communication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links