Resilient device authentication system

摘要

A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS). Also disclosed is a device for use with an authentication system, comprising: a first hardware part and a second hardware part that are adapted to communicate with and perform authentication on each other; and/or a hardware part that contains two or more chips that are adapted to communicate with and perform authentication on each other.

主权项

1. A resilient device authentication system for use with one or more managed devices each including a physically-unclonable function (“PUF”), comprising:
a) one or more verification authorities (“VAs”) each including a central processing unit and a VA memory loaded with a complete verification set (“loaded CVS”) that includes, for each of a plurality of managed devices, numerous challenge-response pairs each characterizing the managed device's PUF, said VA configured to create a limited verification set (“LVS”) from said loaded CVS through a one-way algorithmic transformation of data in said loaded CVS, said one or more VAs further configured to create a replacement LVS; and b) one or more provisioning entities (“PEs”) each connectable to at least one of said one or more VAs, including a central processing unit and a PE memory loaded with a LVS (“loaded LVS”), and configured to select a subset of said loaded LVS so as to create an application limited verification set (“ALVS”).