| Abstract: | Detection and deterrence of device tampering and subversion by
substitution may be achieved by including a cryptographic unit within a
computing device for binding multiple hardware devices and mutually
authenticating the devices. The cryptographic unit includes a physically
unclonable function ("PUF") circuit disposed in or on the hardware
device, which generates a binding PUF value. The cryptographic unit uses
the binding PUF value during an enrollment phase and subsequent
authentication phases. During a subsequent authentication phase, the
cryptographic unit uses the binding PUF values of the multiple hardware
devices to generate a challenge to send to the other device, and to
verify a challenge received from the other device to mutually
authenticate the hardware devices. |