Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: A physical uncloneable function (PUF) pattern is used for verifying a physical condition of an item. The PUF pattern is arranged to be damaged in the event that said item is exposed to a predetermined environmental condition. Verification of the physical condition of the item, is carried out by obtaining a measured response from the PUF pattern, and comparing the measured response with a stored response in respect of the PUF.

Abstract: A system, method, and devices for communicating from a primary station to a plurality of secondary station are disclosed. The method includes the step of allocating a resource to the secondary stations over time on the basis of a hash function such that for a particular subframe the control channel elements to be searched in the search space are assigned at an equal probability for different secondary stations, and such that for any pair of subframes, the number of secondary station identifiers which can generate output values i and j is approximately the same for any values of i and j.

Abstract: An authentication method authenticates a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a sub-authorization, the operation is still performed. Further, a device that includes a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list.

Abstract: A transponder (1) comprises at least one memory (MEM1, MEM2) for storing encrypted information (E_k(EPC, PI)) that has been encrypted by use of a key (k) and for storing the key (k) associated with the encrypted information (E_k(EPC, PI)). The transponder (1) is adapted to send the key (k) slower response than the encrypted information (E_k(EPC, PI)) in response to queries of a reading device (2), which is preferably done by delaying the transmission of the key (k) or by limiting the response rate at which the key (k) is transmitted. In particular the invention is related to RFID systems.

Abstract: An authentication method authenticates a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a sub-authorization, the operation is still performed. Further, a device that includes a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list.

Abstract: An authentication method authenticates a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a sub-authorization, the operation is still performed. Further, a device that includes a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list.

Abstract: A system, method, and devices for communicating from a primary station to a plurality of secondary station are disclosed. The method includes the step of allocating a resource to the secondary stations over time on the basis of a hash function such that for a particular subframe the control channel elements to be searched in the search space are assigned at an equal probability for different secondary stations, and such that for any pair of subframes, the number of secondary station identifiers which can generate output values i and j is approximately the same for any values of i and j.

Abstract: The present invention relates to a method for communicating from a primary station to a plurality of secondary station, comprising the step of at the primary station allocating a resource to the secondary stations over the time on the basis of a hash function, wherein the hash function is such that the probability that two secondary stations are allocated common resources in two subframes substantially equals the product of the probability that the two secondary stations are allocated a common resource in the first subframe and the probability that the two secondary stations are allocated a common resource in the second subframe.

Abstract: A method of encrypting data using a first key and multiple encryption keys at least in part based on the first key. The method includes encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys, each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, and encrypting each group by the respective associated encryption key.

Abstract: A method (100) is disclosed of generating an identifier from a semiconductor device (600) comprising a volatile memory (610) having a plurality of memory cells. The method comprises causing (110) the memory cells to assume a plurality of pseudo-random bit values inherent to variations in the microstructure of the memory cells; retrieving (120) the bit values from at least a subset of the plurality of memory cells; and generating the identifier from the retrieved bit values. The method (100) is based on the realization that a substantial amount of the cells of a volatile memory can assume a bit value that is governed by underlying variations in manufacturing process parameters; this for instance occurs at power-up for an SRAM or after a time period without refresh for a DRAM.

Abstract: A device for verifying at least one challenge-response pair includes a coherent light source configured to emit coherent light. A challenge creating device is configured to create an optical challenge to be sent to a physically unclonable function (PUF). A wavefront shaping device is configured to perform a verification based on an optical response from the physically unclonable function (PUF). A detector is configured to read out a result of the verification performed by the wavefront shaping device. A focusing device is configured to focus light exiting from the wavefront shaping device onto the detector for detection.

Abstract: A system 100 for increasing data security comprises predetermined system data 104 to be protected. A cryptographic unit 108 is used for cryptographic processing of respective blocks of the content data in dependence on respective keys. A key provider 106 determines the respective key used for the processing of a respective block of the content data in dependence on a respective portion 112 of the predetermined system data 104, the portion not including all the predetermined system data, wherein different respective portions of the predetermined system data are selected for the respective blocks of content data. A server system 200 for increasing data security comprises an output 202 for providing processed content data 110 to a client system 100, the client system comprising predetermined system data 104 to be protected. The server system 200 also comprises a cryptographic unit 208 and a key provider 206.

Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: The invention relates to a method for proving authenticity of a prover PRV to a verifier VER, the method comprising generating a secret S using a physical token by the prover PRV. Obtaining a public value PV by the verifier, where the public value PV has been derived from the secret S using a function for which the inverse of said function is computationally expensive. The method further comprising a step for conducting a zero knowledge protocol between the prover PRV and the verifier VER in order to prove to the verifier VER, with a pre-determined probability, that the prover PRV has access to the physical token, where the prover PRV makes use of the secret S and the verifier VER makes use of the public value PV. The invention further relates to a system employing the method, and an object for proving authenticity.

Abstract: The present invention relates to a method of enabling authentication of an information carrier (105), the information carrier (105) comprising a writeable part (155) and a physical token (125) arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge (165) to the physical token (125) resulting in a first response (170), and detecting the first response (170) of the physical token (125) resulting in a detected first response data (175), the method being characterized in that it further comprises the following steps; forming a first authentication data (180) based on information derived from the detected first response data (175), signing the first authentication data (180), and writing the signed authentication data (185) in the writeable part (155) of the information carrier (105).

Abstract: An authentication system and method is presented for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. The authentication method verifies whether the first party is authenticated. If the first party is not authenticated, then it is determined if the first party qualifies for a sub-authorization. The sub-authorization depends on a value of a grace-counter associated with a number of times that first parties have been qualified for the sub-authorization. If the first party qualifies for the sub-authorization, the operation is performed and the grace counter is decremented. If the first party is authenticated, then the grace counter is set to a predetermined number.

Abstract: A cuvette (10) for storing a biological sample to be analyzed by means of a predefined detection technique is disclosed. The cuvette (10) is formed from a moldable material that contains particles (15a, 15b) at a concentration within a predefined range. The particles (15a, 15b) are randomly distributed, in order to form a unique pattern. Moreover, the particles (15a, 15b) have measurable physical properties, so that the unique pattern is detectable using the detection technique that is used to analyze the biological sample. The unique properties obtained by the randomly distributed particles (15a, 15b) render copying nearly impossible, since it is more complicated to distribute the particles in a predetermined pattern than to let them distribute randomly.

Abstract: This invention relates to an authentication method for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a sub-authorization, the operation is still performed. Further, a device that comprises a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list.

Abstract: A record carrier, recording device, read-out device and method is provided which provides a flexible security level to protect user data during transmission over a communication bus, also when the data is recorded on a record carrier such as a recordable optical disc. In accordance with the method, management information comprising encryption indication information indicating that user data stored in an associated sector of a record carrier, such as a recordable optical disk, is to be encrypted by a read-out device before being transmitted over a communication bus.