Repeatable masking of sensitive data
| DWPI Title: Method for repeatable masking of sensitive data, involves outputting second masked physical unclonable function (PUF) response to remotely located device, where remotely located device is unable to perform computing operation |
| Abstract: The various technologies presented herein relate to enabling a value generated based upon a physical unclonable function (PUF) response to be available as needed, while also preventing exposure of the PUF to a malicious entity. A masked PUF response can be generated based upon applying a function to a combination of the PUF response and a data file (e.g., a bitstream), and the masked PUF response is forwarded to a requesting entity, rather than the PUF response. Hence, the PUF is masked from any entity requiring access to the PUF. The PUF can be located in a FPGA, wherein the data file is a bitstream pertinent to one or more configurable logic blocks included in the FPGA. A first masked PUF response generated with a first data file can have a different value to a second masked PUF response generated with a second data file. |
| Use: Method for repeatable masking of sensitive data. |
| Advantage: The security of the PUF is maintained as the PUF response is not directly exposed, for preventing malicious entity from obtaining the PUF response for its own ends. The sensitive data is reliably obtained by a known system but is not exposed to attack by a malicious entity. The method enables value generated based upon PUF response to be available as needed, while also preventing exposure of the PUF response to a malicious entity. The program is provided with the PUF response, masked PUF response is provided, for ensuring that the PUF response P is not exposed to the program. |
| Novelty: The method (300) involves receiving a response value from a PUF. A first data file comprising first configuration data that is applied to configurable logic block of a field programmable gate array (FPGA) is received. The first masked PUF response is outputted to a remotely located device. A second data file comprising second configuration data that is applied to configurable logic block of the FPGA is received. A function is computed to generate a second masked PUF response where the second data file and the response value are inputs to the function, and where the first masked PUF response and the second masked PUF response have different values. The second masked PUF response is outputted to the remotely located device, where the remotely located device is unable to perform the computing operation responsive to receiving the second masked PUF response. |
| Filed: 3/22/2016 |
| Application Number: US15077594A |
| Tech ID: SD 12216.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |