-
公开(公告)号:US20090132624A1
公开(公告)日:2009-05-21
申请号:US11577316
申请日:2005-10-10
申请人: Ernst Haselsteiner , Pim Theo Tuyls
发明人: Ernst Haselsteiner , Pim Theo Tuyls
IPC分类号: G06F7/58
CPC分类号: G06F7/588 , H03K3/84 , H04L9/0662 , H04L9/0866
摘要: An integrated circuit (1 . . . 1′″, 1a . . . I c) with a true random number generator (2 . . . 2′″), which true random number generator (2 . . . 2″) comprises at least one instable physically uncloneable function (3 . . . 3′″, 3a, 3a′) for generating true random numbers (8). Hence, each device of a group of devices can be provided with a unique true random generator, so that each device of the group is provided with different true random numbers even when said devices are applied to identical environmental conditions. Such a random number generator (2 . . . 2′″) may be part of a smart card as well as of a module for near field communication, for example.
摘要翻译: 具有真随机数发生器(2 ... 2“)的集成电路(1,...,1,...,1a。 )包括用于产生真实随机数(8)的至少一个不稳定的物理上不可克隆的功能(3,3 ...,3a,3a')。 因此,一组设备的每个设备可以被提供有唯一的真随机发生器,使得即使当所述设备被应用于相同的环境条件时,该组的每个设备都被提供有不同的真随机数。 例如,这种随机数发生器(2 ... 2“)可以是智能卡以及用于近场通信的模块的一部分。
-
公开(公告)号:US08848477B2
公开(公告)日:2014-09-30
申请号:US13877656
申请日:2011-09-28
IPC分类号: G11C5/14
CPC分类号: G11C5/148 , G06F7/588 , G11C5/14 , G11C7/20 , G11C7/24 , H04L9/0866 , H04L9/3278
摘要: An electric physical unclonable function (PUF) (100) is provided comprising a semiconductor memory element (110) connectable to a PUF control means for reading content from the memory element and for deriving at least in part from said content a digital identifier, such as a secret key. Upon powering the memory element it settles into one of at least two different stable states. The particular stable state into which the memory element settles is dependent at least in part upon random physical characteristics of the memory element introduced during manufacture of the memory element. Settling of the memory element is further dependent upon a control input (112) of the memory element. The electric physical unclonable function comprises shielding means (142, 144) for shielding, during a time period including the power-up of the memory element and lasting at least until the settling of the memory element, the control input from receiving control signals upon which the particular stable state into which the memory element settles is dependent. In this way, the dependency of the memory element on its physical characteristics is improved, and dependency on possibly irreproducible control signals is reduced.
摘要翻译: 提供电物理不可克隆功能(PUF)(100),其包括可连接到PUF控制装置的半导体存储元件(110),用于从存储元件读取内容,并且至少部分地从所述内容导出数字标识符,诸如 秘密钥匙 在为存储器元件供电时,它稳定在至少两个不同的稳定状态之一中。 存储元件稳定的特定稳定状态至少部分地取决于在存储元件的制造期间引入的存储元件的随机物理特性。 存储器元件的稳定还取决于存储元件的控制输入(112)。 电物理不可克隆功能包括屏蔽装置(142,144),用于在包括存储元件的上电的持续时间期间屏蔽屏蔽装置,并持续至少直到存储元件的稳定,控制输入从其上接收控制信号 存储元件稳定的特定稳定状态是依赖的。 以这种方式,存储元件对其物理特性的依赖性得到改善,并且减少了可能不可再生的控制信号的依赖性。
-
3.发明授权公开(公告)号:US08694856B2
公开(公告)日:2014-04-08
申请号:US13390255
申请日:2010-08-06
申请人: Pim Theo Tuyls , Geert Jan Schrijen
发明人: Pim Theo Tuyls , Geert Jan Schrijen
IPC分类号: G11C29/00
CPC分类号: G06F21/73 , H04L9/002 , H04L9/0866 , H04L2209/805
摘要: Systems for generating an identifying response pattern comprising a memory (120) used as a physically unclonable function configured for generating a response pattern dependent on physical, at least partially random characteristics of said memory may be vulnerable to freezing attacks and to aging. A memory-overwriting device (110) configured for overwriting at least a first portion of the plurality of memory locations to obscure the response pattern in the memory avoids freezing attacks. An anti-degradation device (160) configured to write to each respective location of a second portion of the plurality of memory locations an inverse of a response previously read from the memory reduces the effects of aging.
摘要翻译: 用于生成识别响应模式的系统包括用作被配置用于生成依赖于所述存储器的物理,至少部分随机特性的响应模式的物理不可克隆功能的存储器(120),其易于受到冻结攻击和老化。 被配置为重写多个存储器位置的至少第一部分以遮蔽存储器中的响应模式的存储器重写设备(110)避免了冻结攻击。 一种抗劣化装置(160),被配置为写入多个存储器位置的第二部分的每个相应位置,先前从存储器读取的响应的反相减少了老化的影响。
-
公开(公告)号:US08433983B2
公开(公告)日:2013-04-30
申请号:US12067988
申请日:2006-09-11
IPC分类号: G06F11/00
CPC分类号: H04L9/3231 , H04L2209/08 , H04L2209/34
摘要: This invention relates to methods and devices for verifying the identity of a person based on a sequence of feature components extracted from a biometric sample. Thereafter, the feature components are quantized and assigned a data bit sequence in such a way that adjacent quantization intervals have a Hamming distance of 1. The data bit sequences are concatenated into a bit string, and said bit string is combined with a helper data set by using an exclusive disjunction (XOR) operation into a codeword. Finally, the codeword is decoded into a secret V and a secret S is matched with the secret V.
摘要翻译: 本发明涉及用于基于从生物特征样本提取的特征成分序列来验证个人身份的方法和装置。 此后,对特征分量进行量化并分配数据比特序列,使得相邻量化间隔的汉明距离为1.数据比特序列被连接成比特串,并且所述比特串与辅助数据组合 通过对代码字使用独占分离(XOR)操作。 最后,码字被解码为秘密V,秘密S与秘密V匹配。
-
公开(公告)号:US20130051552A1
公开(公告)日:2013-02-28
申请号:US13574311
申请日:2011-01-19
申请人: Héléna Handschuh , Pim Theo Tuyls
发明人: Héléna Handschuh , Pim Theo Tuyls
IPC分类号: H04L9/14
CPC分类号: G06F21/602 , H04L9/0866 , H04L9/0897 , H04L9/3033 , H04L2209/34 , H04L2209/805
摘要: A computing device for obtaining a first cryptographic key during an enrollment phase, the computing device comprising a key generator for generating the first cryptographic key in dependence upon a seed, the computing device being configured for storing the first cryptographic key on a storage of the computing device for later cryptographic use of the first cryptographic key on the computing device during a usage phase coming after the enrollment phase wherein, the computing device further comprises a physically unclonable function, the key generator being configured for deriving the seed from an output of the physically unclonable function, and an encryption module for encrypting the first cryptographic key using a second cryptographic key derived from the output of the physically unclonable function, the computing device being configured for storing the first cryptographic key on the storage in encrypted form.
摘要翻译: 一种用于在注册阶段期间获得第一密码密钥的计算设备,所述计算设备包括密钥生成器,用于根据种子生成所述第一密码密钥,所述计算设备被配置为将所述第一密码密钥存储在所述计算 用于在注册阶段之后的使用阶段期间在计算设备上稍后加密使用第一加密密钥的设备,其中,所述计算设备还包括物理上不可克隆的功能,所述密钥生成器被配置用于从物理的输出中导出种子 不可克隆功能,以及加密模块,用于使用从物理不可克隆功能的输出导出的第二加密密钥来加密第一加密密钥,该计算设备被配置为以加密的形式将第一加密密钥存储在存储器上。
-
6.发明申请公开(公告)号:US20120179952A1
公开(公告)日:2012-07-12
申请号:US13390255
申请日:2010-08-06
申请人: Pim Theo Tuyls , Geert Jan Schrijen
发明人: Pim Theo Tuyls , Geert Jan Schrijen
CPC分类号: G06F21/73 , H04L9/002 , H04L9/0866 , H04L2209/805
摘要: Systems for generating an identifying response pattern comprising a memory (120) used as a physically unclonable function configured for generating a response pattern dependent on physical, at least partially random characteristics of said memory may be vulnerable to freezing attacks and to aging. A memory-overwriting device (110) configured for overwriting at least a first portion of the plurality of memory locations to obscure the response pattern in the memory avoids freezing attacks. An anti-degradation device (160) configured to write to each respective location of a second portion of the plurality of memory locations an inverse of a response previously read from the memory reduces the effects of aging.
摘要翻译: 用于生成识别响应模式的系统包括用作被配置用于生成依赖于所述存储器的物理,至少部分随机特性的响应模式的物理不可克隆功能的存储器(120),其易于受到冻结攻击和老化。 被配置为重写多个存储器位置的至少第一部分以遮蔽存储器中的响应模式的存储器重写设备(110)避免了冻结攻击。 一种抗劣化装置(160),被配置为写入多个存储器位置的第二部分的每个相应位置,先前从存储器读取的响应的反相减少了老化的影响。
-
公开(公告)号:US07898648B2
公开(公告)日:2011-03-01
申请号:US11721389
申请日:2005-12-12
CPC分类号: H04L9/3278 , G07D7/0032
摘要: The invention relates to an optical identifier (30) for generating an identification signal in response to an incident radiation beam (12), and to a corresponding method. In order to provide an optical identifier (30) which can be produced by a simplified process and which has nevertheless a sufficient or even improved stability against environmental interferences it is proposed that said identifier comprises a carrier layer (32), at least partially transparent to said radiation beam (12), having a first scattering face (34) comprising a plurality of randomly oriented partial faces for scattering at least a part of said radiation beam (12), wherein said identification signal is formed by a scattered part of said radiation beam (12). Further, a device comprising said identifier, and a reading apparatus for identifying the identifier are proposed.
摘要翻译: 本发明涉及一种用于响应于入射辐射束(12)产生识别信号的光学标识符(30)以及相应的方法。 为了提供可以通过简化的过程产生并且仍然具有足够或甚至改善的对环境干扰的稳定性的光学标识符(30),建议所述标识符包括载体层(32),至少部分地透明到 所述辐射束(12)具有包括多个随机取向的部分面的第一散射面(34),用于散射所述辐射束(12)的至少一部分,其中所述识别信号由所述辐射的散射部分形成 梁(12)。 此外,提出了包括所述标识符的装置和用于识别标识符的读取装置。
-
公开(公告)号:US20090282259A1
公开(公告)日:2009-11-12
申请号:US12296682
申请日:2007-04-10
CPC分类号: G06Q20/388 , G06F21/35 , G06F2221/2103 , G06Q20/341 , G06Q20/40975 , G07F7/1008 , H04L9/3234 , H04L9/3278 , H04L2209/08 , H04L2209/12 , H04L2209/805
摘要: The present invention relates to a method of authenticating, at a verifier (210), a device (101, 201) comprising a physical token (102), a system for performing authentication and a device comprising a physical token which provides measurable parameters. A basic idea of the present invention is to provide a secure authentication protocol in which a low-power device (101, 201), for example an RFID tag, comprising a physical token (102) in the form of a physical uncloneable function (PUF) is relieved from performing cryptographic operations or other demanding operations in terms of processing power. To this end, a PUF device (101, 201) to be authenticated verifies if it in fact is being queried by an authorized verifier. For instance, an RFID tag comprising a PUF (102) may be arranged in a banknote which a bank wishes to authenticate. This verification is based on the bank's unique ability to reveal concealed data, such as data having been created in an enrolment phase at which the RFID tag (or actually the PUF) was registered with the bank. Now, the RFID tag again challenges its PUF to create response data sent to the verifier. The verifier checks whether the response data is correct and, if so, authenticates the device comprising the physical token, since the device is able to produce response data that corresponds to response data concealed and stored in the enrolment phase.
摘要翻译: 本发明涉及一种在验证器(210)处认证包括物理令牌(102)的设备(101,201),用于执行认证的系统和包括提供可测量参数的物理令牌的设备的方法。 本发明的基本思想是提供一种安全认证协议,其中低功率设备(101,201),例如RFID标签,其包括物理不可克隆功能(PUF)形式的物理令牌(102) )在处理能力方面没有进行密码操作或其他苛刻的操作。 为此,将被认证的PUF设备(101,201)验证其实际上是否被授权验证者查询。 例如,包括PUF(102)的RFID标签可以布置在银行希望认证的钞票中。 这种验证是基于银行揭露隐藏数据的独特能力,例如在RFID标签(或实际上是PUF)在银行注册的注册阶段创建的数据。 现在,RFID标签再次挑战其PUF来创建发送给验证者的响应数据。 验证者检查响应数据是否正确,如果是,则认证包括物理令牌的设备,因为该设备能够产生对应于隐藏并存储在注册阶段中的响应数据的响应数据。
-
公开(公告)号:US20080229119A1
公开(公告)日:2008-09-18
申请号:US12064089
申请日:2006-08-16
IPC分类号: G06F21/00
CPC分类号: G11B20/00086 , G11B20/00123 , G11B20/00173 , G11B20/00268 , G11B20/00876 , H04L9/3234 , H04L9/3236 , H04L9/3278 , H04L2209/60
摘要: The present invention relates to a method of enabling authentication of an information carrier (105), the information carrier (105) comprising a writeable part (155) and a physical token (125) arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge (165) to the physical token (125) resulting in a first response (170), and detecting the first response (170) of the physical token (125) resulting in a detected first response data (175), the method being characterized in that it further comprises the following steps; forming a first authentication data (180) based on information derived from the detected first response data (175), signing the first authentication data (180), and writing the signed authentication data (185) in the writeable part (155) of the information carrier (105). The invention further relates to a method of authentication of an information carrier (105), as well as to devices for both enabling authentication as well as authentication of an information carrier (105).
摘要翻译: 本发明涉及一种能够认证信息载体(105)的方法,所述信息载体(105)包括布置成在接收到挑战时提供响应的可写入部分(155)和物理令牌(125),所述方法 包括以下步骤: 将第一挑战(165)应用于所述物理令牌(125),从而产生第一响应(170),并且检测所述物理令牌(125)的第一响应(170),从而产生检测到的第一响应数据(175) 其特征在于还包括以下步骤: 基于从检测到的第一响应数据(175)导出的信息,形成第一认证数据(180),对第一认证数据(180)进行签名,并将签名认证数据(185)写入信息的可写入部分(155) 载体(105)。 本发明还涉及信息载体(105)的认证方法,以及用于启用认证以及信息载体(105)的认证的设备。
-
公开(公告)号:US20080222426A1
公开(公告)日:2008-09-11
申请号:US11815660
申请日:2006-01-26
申请人: Geert Jan Schrijen , Pim Theo Tuyls
发明人: Geert Jan Schrijen , Pim Theo Tuyls
IPC分类号: H04L9/32
CPC分类号: G07C9/00087
摘要: A security device comprising means for authenticating an entity using biometric data, characterized by means for alternatively authenticating the entity using a security code such as a personal identification number. Also a system configured to grant an authorization upon a successful authorization by the security device, in which the authorization granted after the authentication using the security code is restricted in scope compared to the authorization granted after the authentication using the biometric data.
摘要翻译: 一种安全装置,其包括用于使用生物特征数据认证实体的装置,其特征在于用于使用诸如个人识别号码的安全码替代地认证所述实体的装置。 还有一种被配置为在安全设备的成功授权之后授予授权的系统,其中使用安全码的认证之后授权的授权在与使用生物特征数据的认证之后授予的授权相比较的范围上被限制。
-
-
-
-
-
-
-
-
-
搜索结果
70 条记录 (耗时 0.023 秒)
