SYSTEM AND METHODS WITH ASSURED ONE-TIME, REPLAY-RESISTANT PASSWORDS

摘要

An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.

主权项

1. A method for controlling access to a protected device, comprising:
receiving, by the protected device, a current token, said current token including data corresponding to a current password, said password generated as a current value of a chain of hash function evaluations initiated from a private key value and continuing to a final, public key value; testing, within the protected device, the validity of the current password by computing a sub-chain of at least one evaluation of the hash function until a revealed value is obtained; performing an action corresponding to the current password only if the current password is valid; and indicating receipt of the current password by physically and permanently altering the state of at least one unit of a one-time programmable hardware device within the protected device, thereby incrementing a count entry indicating the number of tokens received by the protected device.