Data to hardware binding with physical unclonable functions
| DWPI Title: Method for enrolling data with hardware device, involves utilizing data on hardware device, in response to determining that neither data nor hardware device is modified since enrollment phase |
| Abstract: The various technologies presented herein relate to binding data (e.g., software) to hardware, wherein the hardware is to utilize the data. The generated binding can be utilized to detect whether at least one of the hardware or the data has been modified between an initial moment (enrollment) and a later moment (authentication). During enrollment, an enrollment value is generated that includes a signature of the data, a first response from a PUF located on the hardware, and a code word. During authentication, a second response from the PUF is utilized to authenticate any of the content in the enrollment value, and based upon the authentication, a determination can be made regarding whether the hardware and/or the data have been modified. If modification is detected then a mitigating operation can be performed, e.g., the hardware is prevented from utilizing the data. If no modification is detected, the data can be utilized. |
| Use: Method for enrolling data with hardware device (claimed). |
| Advantage: Binding the data to the IC protects the integrity of the data or prevents use of the data by unintended hardware. Encryption enables protection of both the integrity and the confidentiality of the data and prevents devices other than the IC with which the data is originally enrolled from utilizing the data. By applying encryption, other hardware is prevented from utilizing the data. |
| Novelty: The method involves receiving an authentication data signature and an enrollment value at a hardware device during an authentication phase for data (110) and the hardware device. The enrollment value (165) is based on a combination of an enrollment data signature and a physical unclonable function (PUF) signature (180). The authentication data signature and the enrollment value are analyzed to determine whether one of the data or the hardware device is modified since the enrollment phase, by utilizing the hardware device during the authentication phase for the data and the hardware device. The data is prevented from being utilized on the hardware device, in response to determining that one of the data or the hardware device is modified. The data on the hardware device is utilized, in response to determining that neither the data nor the hardware device is modified since the enrollment phase. |
| Filed: 3/22/2016 |
| Application Number: US15077590A |
| Tech ID: SD 11764.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |