Abstract: Some embodiments are directed to a cryptographic device, including a non-volatile memory, a range of the memory storing data, a selector arranged to receive a selector signal configuring a memory read-out unit for a regular read-out mode or for a PUF read-out mode of the same memory, a control unit arranged to send the selector signal to the selector configuring the memory read-out unit in the regular read-out mode, and reading the memory range to obtain the data, and send the selector signal to the selector configuring the memory read-out unit for PUF read-out mode and obtaining a noisy bit string from the memory range.

Abstract: A programming device (110) arranged to obtain and store a random bit string in a memory device (100), the memory device (100) comprising multiple one-time programmable memory cells (122), a memory cell having a programmed state and a not-programmed state, the memory cell being one-time programmable by changing the state from the not-programmed state to the programmed state through application of an electric programming energy to the memory cell.

Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: Some embodiments are directed to a cryptographic device, including a non-volatile memory, a range of the memory storing data, a selector arranged to receive a selector signal configuring a memory read-out unit for a regular read-out mode or for a PUF read-out mode of the same memory, a control unit arranged to send the selector signal to the selector configuring the memory read-out unit in the regular read-out mode, and reading the memory range to obtain the data, and send the selector signal to the selector configuring the memory read-out unit for PUF read-out mode and obtaining a noisy bit string from the memory range.

Abstract: A programming device (110) arranged to obtain and store a random bit string in a memory device (100), the memory device (100) comprising multiple one-time programmable memory cells (122), a memory cell having a programmed state and a not-programmed state, the memory cell being one-time programmable by changing the state from the not-programmed state to the programmed state through application of an electric programming energy to the memory cell.

Abstract: The present invention relates to a method of converting an encrypted data set into an encryption of individual bits representing the data set. Further, the invention relates to a system for converting an encrypted data set into an encryption of individual bits representing the data set. A basic idea of the present invention is to provide a protocol in which it is possible to divide an encryption of a data set in the form of e.g. a biometric feature, such as a number x, where x?{0, 1, . . . , n?1}, into an encryption of respective bits x0, x1, . . . , xt?1 forming the number x, where t is the number of bits of the number n?1, without leaking any information about x or its bits x0, x1, . . . , xt?1. Hence, the present invention enables splitting of the encryption [[x]] into the respective encrypted bits [[x0]], [[x1]] . . . , [[xt?1]] forming the encrypted number x=?I=1n xi 2i.

Abstract: The present invention relates to a system and a method of verifying the identity of an individual by employing biometric data associated with the individual (603), wherein privacy of said biometric data (X, Y) is provided. A helper data scheme (HDS) is employed to provide privacy of the biometric data. The present invention is advantageous for number of reasons. First, processing of security sensitive information is performed in a secure, tamper-proof environment (601, 604, 606) which is trusted by the individual. This processing, combined with utilization of a helper data scheme, enables set up of a biometric system where the biometric template is available in electronic form only in the secure environment. Moreover, electronic copies of the biometric templates are not available in the secure environment permanently, but only when the individual offers her template to the sensor.

Abstract: A method of encrypting data using a first key and multiple encryption keys at least in part based on the first key. The method includes encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys, each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, and encrypting each group by the respective associated encryption key.

Abstract: In systems for establishing a cryptographic key depending on a physical uncloneable function (PUF) it may be a problem that internal information correlated with the cryptographic key is leaked to the outside of the system via a side-channel. To mitigate this problem a cryptographic system for reproducibly establishing a cryptographic key is presented. The system comprises a physical system comprising a physical, at least partially random, configuration of components from which an initial bit-string is derived. An error corrector corrects deviations occurring in the initial bit-string. Through the use of randomization the error corrector operates on a randomized data. Information leaking through a side channel is thereby reduced. After error correction a cryptographic key may be derived from the initial bit-string.

Abstract: A method of and system (110) for controlled activation of at least one function in a product or component at a remote location, which activation requires a correct activation data item to be available in the product or component. The method comprises receiving one or more noisy outputs of an unclonable element associated with the component from the remote location, and providing helper data to the remote location, which helper data transforms the one or more noisy outputs to a single value which corresponds to the correct activation data item.

Abstract: The present invention relates to a method of converting an encrypted data set into an encryption of individual bits representing the data set. Further, the invention relates to a system for converting an encrypted data set into an encryption of individual bits representing the data set. A basic idea of the present invention is to provide a protocol in which it is possible to divide an encryption of a data set in the form of e.g. a biometric feature, such as a number x, where x?{0, 1, . . . , n?1}, into an encryption of respective bits x0, x1, . . . , xt-1 forming the number x, where t is the number of bits of the number n?1, without leaking any information about x or its bits x0, x1, . . . , xt-1. Hence, the present invention enables splitting of the encryption [[x]] into the respective encrypted bits [[x0]], [[x1]], . . . , [[xt-1]] forming the encrypted number x=?I=1n xi 2i.

Abstract: The present invention relates to a method of converting an encrypted data set into an encryption of individual bits representing the data set. Further, the invention relates to a system for converting an encrypted data set into an encryption of individual bits representing the data set. A basic idea of the present invention is to provide a protocol in which it is possible to divide an encryption of a data set in the form of e.g. a biometric feature, such as a number x, where x?{0, 1, . . . , n?1}, into an encryption of respective bits x0, x1, . . . , xt-1 forming the number x, where t is the number of bits of the number n?1, without leaking any information about x or its bits x0, x1, . . . , xt-1 Hence, the present invention enables splitting of the encryption [[x]] into the respective encrypted bits [[x0]], [[x1]], . . . , [[xt-1]] forming the encrypted number x=?I=1n xi 2i.

Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: The present invention relates to a method of enabling authentication of an information carrier (105), the information carrier (105) comprising a writeable part (155) and a physical token (125) arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge (165) to the physical token (125) resulting in a first response (170), and detecting the first response (170) of the physical token (125) resulting in a detected first response data (175), the method being characterized in that it further comprises the following steps; forming a first authentication data (180) based on information derived from the detected first response data (175), signing the first authentication data (180), and writing the signed authentication data (185) in the writeable part (155) of the information carrier (105).

Abstract: The invention relates to a method for proving authenticity of a prover PRV to a verifier VER, the method comprising generating a secret S using a physical token by the prover PRV. Obtaining a public value PV by the verifier, where the public value PV has been derived from the secret S using a function for which the inverse of said function is computationally expensive. The method further comprising a step for conducting a zero knowledge protocol between the prover PRV and the verifier VER in order to prove to the verifier VER, with a pre-determined probability, that the prover PRV has access to the physical token, where the prover PRV makes use of the secret S and the verifier VER makes use of the public value PV. The invention further relates to a system employing the method, and an object for proving authenticity.

Abstract: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.

Abstract: This invention relates to physical uncloneable function (PUF) devices for determining authenticity of an item, systems for determining authenticity of a physical item, and methods for determining authenticity of an item. A PUF pattern of the PUF device is damaged when using the item for the first time.

Abstract: An electric physical unclonable function (PUF) (100) is provided comprising a semiconductor memory element (110) connectable to a PUF control means for reading content from the memory element and for deriving at least in part from said content a digital identifier, such as a secret key. Upon powering the memory element it settles into one of at least two different stable states. The particular stable state into which the memory element settles is dependent at least in part upon random physical characteristics of the memory element introduced during manufacture of the memory element. Settling of the memory element is further dependent upon a control input (112) of the memory element.

Abstract: A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server (200) and a computing device (110). During an enrollment phase, the computing device obtains a first response from an integrated physically unclonable function (150) integrated in the computing device. The system comprises an enrollment module (130) for determining helper data from a decryption key and the first response to enable later reconstruction of the decryption key from the helper data and a second response obtained from the physically unclonable function. During a reconstruction phase, which occurs after the enrollment phase and typically after a security breach has occurred that revealed data and/or programming code of the computing device, the server may encrypt digital information using an encryption module (220) with a cryptographic encryption key corresponding to the decryption key.

Abstract: A method and a device of verifying the validity a digital signature based on biometric data. A verifier attains a first biometric template of the individual to be verified, for instance by having the individual provide her fingerprint via an appropriate sensor device. Then, the verifier receives a digital signature and a second biometric template. The verifier then verifies the digital signature by using either the first or the second biometric template as a public key. The attained (first) biometric template of the individual is compared with the received (second) biometric template associated with the signature and if a match occurs, the verifier can be confident that the digital signature and the associated (second) biometric template have not been manipulated by an attacker for impersonation purposes.