Abstract: A method of and system (110) for controlled activation of at least one function in a product or component at a remote location, which activation requires a correct activation data item to be available in the product or component. The method comprises receiving one or more noisy outputs of an unclonable element associated with the component from the remote location, and providing helper data to the remote location, which helper data transforms the one or more noisy outputs to a single value which corresponds to the correct activation data item.

Abstract: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.

Abstract: The invention relates to a method for proving authenticity of a prover PRV to a verifier VER, the method comprising generating a secret S using a physical token by the prover PRV. Obtaining a public value PV by the verifier, where the public value PV has been derived from the secret S using a function for which the inverse of said function is computationally expensive. The method further comprising a step for conducting a zero knowledge protocol between the prover PRV and the verifier VER in order to prove to the verifier VER, with a pre-determined probability, that the prover PRV has access to the physical token, where the prover PRV makes use of the secret S and the verifier VER makes use of the public value PV. The invention further relates to a system employing the method, and an object for proving authenticity.

Abstract: The invention provides a method of generating arbitrary numbers given a seed, characterized by providing a challenge derived from the seed to a physical token, receiving an initial response from the physical token, combining the initial response with helper data associated with the challenge to produce a stable response, and generating the arbitrary numbers using a pseudo-random number generator using the stable response as a seed for the generator. Preferably one or more of these pseudo-random permutations are used as one or more round function(s) in a Feistel block cipher. The generated arbitrary numbers may also be used to create a cryptographic key.

Abstract: The present invention relates to a method and a device of verifying the validity a digital signature based on biometric data. A basic idea of the invention is that a verifier attains a first biometric template of the individual to be verified, for instance by having the individual provide her fingerprint via an appropriate sensor device. Then, the verifier receives a digital signature and a second biometric template. The verifier then verifies the digital signature by means of using either the first or the second biometric template as a public key. The attained (first) biometric template of the individual is compared with the received (second) biometric template associated with the signature and if a match occurs, the verifier can be confident that the digital signature and the associated (second) biometric template have not been manipulated by an attacker for impersonation purposes.

Abstract: There is provided a method of generating a key for encrypting Communications between first and second terminals comprising obtaining a measurement of characteristics of a physical identifier of a user; and extracting a key from the physical identifier using a code selected from a collection of codes, each code in the collection defining an ordered mapping from a set of values of the characteristics to a set of keys; wherein the collection of codes comprises at least one code in which the ordered mapping is a permutation of the ordered mapping of one of the other codes in the collection.

Abstract: It is described a RFID device (231a, 231b, 231c, 331) comprising a data memory (236) and an electronic circuit arrangement (237, 238, 239, 247) coupled thereto. The electronic circuit arrangement has a first and a second operational configuration, wherein by receiving a control command (250a) the electronic circuit arrangement can be switched irreversibly from the first to the second configuration. The RFID device further comprises a communication interface (245) being coupled to the electronic circuit arrangement. In the first configuration the RFID device is adapted to communicate with a standard RFID reader (110) via the communication interface. In the second configuration the communication with the standard RFID reader is disabled and the RFID device is adapted to communicate with a readout-RFID device (370). The RFID device may be equipped with a secondary communication interface that can be used to communicate with the RFID device in a privacy-preserving manner.

Abstract: The present invention relates to a method of authenticating, at a verifier (210), a device (101, 201) comprising a physical token (102), a system for performing authentication and a device comprising a physical token which provides measurable parameters. A basic idea of the present invention is to provide a secure authentication protocol in which a low-power device (101, 201), for example an RFID tag, comprising a physical token (102) in the form of a physical uncloneable function (PUF) is relieved from performing cryptographic operations or other demanding operations in terms of processing power. To this end, a PUF device (101, 201) to be authenticated verifies if it in fact is being queried by an authorized verifier. For instance, an RFID tag comprising a PUF (102) may be arranged in a banknote which a bank wishes to authenticate.

Abstract: The present invention relates to a method of authenticating a physical token (14) which provides measurable parameters, and a device (11) comprising a physical token (14) which provides measurable parameters for authentication. A basic idea of the invention is to utilize properties of a physical token (14) comprised in a device (11) to detect whether the device has been tampered with. In an enrolment phase, values of a plurality of physical parameters provided by the physical token are measured. This set of measured values is referred to as response data. Noise-correcting data, also referred to as helper data, is employed to provide noise-robustness to the response data in a secure way. Then, in an authentication phase, the parameter values are measured again, and the noise-correcting data is employed to derive verification data. The verification data is compared with the enrolment data and a determination is made whether the derived verification data corresponds to the enrolment data.

Abstract: The invention relates to an optical identifier (30) for generating an identification signal in response to an incident radiation beam (12), and to a corresponding method. In order to provide an optical identifier (30) which can be produced by a simplified process and which has nevertheless a sufficient or even improved stability against environmental interferences it is proposed that said identifier comprises a carrier layer (32), at least partially transparent to said radiation beam (12), having a first scattering face (34) comprising a plurality of randomly oriented partial faces for scattering at least a part of said radiation beam (12), wherein said identification signal is formed by a scattered part of said radiation beam (12). Further, a device comprising said identifier, and a reading apparatus for identifying the identifier are proposed.

Abstract: The present invention relates to a method of creating challenge-response pairs, a method of authenticating a plurality of physical tokens, a system for creating challenge-response pairs and a device for authenticating a plurality of physical tokens. A basic idea of the invention is to interconnect a plurality of physical tokens (101, 102, 103), such as a plurality of uncloneable functions (PUFs), in a sequence, provide the sequence with a challenge (Q and use a response of a PUF as a challenge to a subsequent PUF in the sequence. When a final PUF is reached in the sequence and produces a response (R), a challenge-response pair (CRP) has been created, which pair comprises the challenge provided to the sequence of PUFs and the response produced by the final PUF. At least the challenge of this CRP is then stored.

Abstract: The present invention relates to a method and apparatus for encrypting data (105) by means of a first key (115), and a method and apparatus for decrypting encrypted data by means of a second key (185). The present invention alleviates the need for exact key information by allowing encryption of data (105) by means of a first key (115) and subsequent decryption of the encrypted data by means of a second key (185) without the need for the first key (115), provided that the first key (115) and the second key (185) form a sufficient estimate of an encryption/decryption key pair. During encryption, multiple encryption keys (135), at least in part based on the first key (115), are used to encrypt a redundant representation (122) of the data (105). The encrypted data (124) may subsequently be decrypted by using multiple decryption keys (165) based on the second key (185), without the need for the first key (115), provided that the second key (185) forms a sufficient estimate of the first key (115).

Abstract: The invention relates to a method of establishing a shared secret between two or more parties, based on a physical token, wherein helper data from both the enrolment and the authentication measurement is used in such a way that only response data reliable at both measurements is used to generate the shared secret. The generated shared secret is therefore identical to both parties to a high degree of certainty. The invention further relates to a system for generating such a shared secret, comprising a central database server and a terminal, or any one of them.

Abstract: The semiconductor device of the invention includes a circuit and a protecting structure. It is provided with a first and a second security element and with an input and an output. The security elements have a first and a second impedance, respectively, which impedances differ. The device is further provided with a measuring unit a processing unit and a connection unit. The processing unit transform any first information received into a specific program of measurement. Herewith a challenge-response mechanism is implemented in the device.

Abstract: An optical identifier (1) can be used as a Physical Unclonable Function for producing a speckle pattern, as a response, upon being challenged with a light beam, as a challenge. This property can be used for identification of the optical identifier or of an object attached thereto, for the authentication of an information carrier or for generation of transaction keys. Since the response obtained in response to given challenge is highly sensitive to the relative position of the optical identifier, light beam source and detector for the speckle pattern, this relative position has to be accurately adjusted to reliably obtain the same response to a given challenge. To this aim, an optical identifier is proposed having an alignment area (3) for splitting an incident beam into distinct beams (6, 7) which can be detected as alignment signals (10a, 10b, 10c, 10d) on a detector (8) and used for the monitoring and for the adjustment of said relative position.

Abstract: An integrated circuit (1 . . . 1??, 1a . . . I c) with a true random number generator (2 . . . 2??), which true random number generator (2 . . . 2?) comprises at least one instable physically uncloneable function (3 . . . 3??, 3a, 3a?) for generating true random numbers (8). Hence, each device of a group of devices can be provided with a unique true random generator, so that each device of the group is provided with different true random numbers even when said devices are applied to identical environmental conditions. Such a random number generator (2 . . . 2??) may be part of a smart card as well as of a module for near field communication, for example.

Abstract: A system 100 for authenticating a physical product 110, such as a banknote, including at least one physical product and a verification device 130. The physical product including a random distribution of a plurality of physically detectable particles 112 in a substrate of the product. In association with the physical product, a digital representation (114) is stored (‘stored representation’) of measured physical properties of the particles including an actual distribution of at least some of the particles, where the physical properties are measured through reflection and transmission. The verification device includes a measurement unit 450 for determining a digital representation (‘measured representation’) based on measurements of physical properties of the particles, including an actual distribution of at least some of the particles, through reflection and transmission; and a comparison unit 470 for comparing the measured representation with the stored representation.

Abstract: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.

Abstract: A security element comprises at least one oscillating circuit (O1-On) and a digital signature (2). Each oscillating circuit (O1-On) comprises a capacitor (C1-Cn) as resonance frequency setting element wherein the capacitor (C1-Cn) consists of two electrodes (8, 10) which are spaced apart from each other and a dielectric (9) that is sandwiched between the two electrodes (8, 10). The capacitor (C1-Cn) of each oscillating circuit has a random capacitance value which randomness is caused by a non-uniform thickness (d) of the dielectric (9) and/or by an inhomogeneous dielectric material. The digital signature (2) comprises reference values indicative for the resonance frequencies (f1-fh) of the oscillating circuits wherein the reference values are digitally signed with a secret key.

Abstract: The present invention relates to a method of converting an encrypted data set into an encryption of individual bits representing the data set. Further, the invention relates to a system for converting an encrypted data set into an encryption of individual bits representing the data set. A basic idea of the present invention is to provide a protocol in which it is possible to divide an encryption of a data set in the form of e.g. a biometric feature, such as a number x, where x?{0, 1, . . . , n?1}, into an encryption of respective bits x0, x1, . . . , xt?1 forming the number x, where t is the number of bits of the number n?1, without leaking any information about x or its bits x0, x1, . . . , xt?1 Hence, the present invention enables splitting of the encryption [[x]] into the respective encrypted bits [[x0]], [[x1]], . . . , [[xt?1]] forming the encrypted number x=?I=1n xi 2i.