Abstract: Systems and method are provided for determining a reliability of a physically unclonable function (PUF) cell of a device. One or more activation signals are provided to a PUF cell under a plurality of conditions. A PUF cell output provided by the PUF cell under each of the plurality of conditions is determined. A determination is made of a number of times the PUF cell output of the PUF cell is consistent. And a device classification value is determined based on the determined number of times for a plurality of PUF cells.

Abstract: An apparatus includes a current-based temperature compensation circuit having a reference buffer, a biasing current mirror, and a controller. The reference buffer is configured to receive a biasing reference voltage at a voltage input terminal and replicate the biasing reference voltage to first and second buffer terminals. At least one of the first and second buffer terminals is configured to be electrically connected to at least one gate terminal of an analog complementary metal oxide semiconductor (CMOS) physically unclonable function (PUF) cell. The biasing current mirror is configured to receive a reference current at a current input terminal and replicate the reference current to the first buffer terminal. The controller is configured to compensate an output of the CMOS PUF cell for temperature variation based on a weighted sum of a bandgap current, a current proportional to absolute temperature, and a current complementary to absolute temperature.

Abstract: An electronic circuit includes a driving cell, one or more driven cells and one or more inverters. The driving cell has two or more inputs and at least one output and is configured to toggle the output between first and second logic states in response to the inputs. Each driven cell has two or more inputs, of which at least one input is configured to be driven by the output of the driving cell. The one or more inverters are placed in a signal network that connects the driving cell to the driven cells. The inverters are configured to balance, over the signal network, (i) a first capacitive load charged by electrical currents caused by transitions from the first logic state to the second logic state and (ii) a second capacitive load charged by electrical currents caused by transitions from the second logic state to the first logic state.

Abstract: Combined physical unclonable function (PUFs); methods, apparatuses, systems, and computer program products for enrolling combined PUFs; and methods, apparatuses, systems, and computer program products for authenticating a device physically associated with a combined PUF are described. In an example embodiment, a combined PUF includes a plurality of PUFs and one or more logic gates. Each PUF includes a plurality of stages and an arbiter configured to generate a single PUF response based on response portions generated by the plurality of stages. The one or more logic gates are configured to combine the single PUF response for each of the plurality of PUFs in accordance with a combination function to provide a combined response.

Abstract: A method of verifying that a first device and a second device are physically interconnected is disclosed. The method is performed by a verifier and includes sending a challenge R1 to the first device, for use as basis for input to a first physical unclonable function, PUF, —part of the first device, receiving, a response, RES1, from the second device, the response RES1 being based on an output of a second PUF part of the second device, and verifying that the first device and the second device are interconnected for the case that the received response, RES1, and an expected response fulfills a matching criterion. A method in a first device and a method in a second device and corresponding devices, computer programs and computer program products are also disclosed.

Abstract: Systems and method are provided for determining a reliability of a physically unclonable function (PUF) cell of a device. One or more activation signals are provided to a PUF cell under a plurality of conditions. A PUF cell output provided by the PUF cell under each of the plurality of conditions is determined. A determination is made of a number of times the PUF cell output of the PUF cell is consistent. And a device classification value is determined based on the determined number of times for a plurality of PUF cells.

Abstract: Bit generating cells are subjected to processes that accelerate aging-related characteristics before they are configured for use in the field (enrolled). Aging improves the reliability of the cells by shifting device characteristic in a direction that improves the cell behavior with respect not only to aging but also environment variations. Outputs of the cells are read, and the cells are reconfigured with a bias to output an opposite value, and then aged for enrollment.

Abstract: Methods and systems generate seeds for public-private key pairs by determining a timestamp value associated with a process design kit (PDK) when a user of the PDK triggers a tool of the PDK while designing an integrated circuit device to have a physical unclonable function device (PUF). The methods and systems generate a first value by mapping the timestamp value to data of the user, generate a second value by mapping the timestamp value to configuration data of the PDK, and generate a third value by mapping the timestamp value to layout data of the PDK. A random number is then generated by applying a function to the first value, the second value, and the third value. A public-private encryption key pair is generated using the random number as a first seed number and using a second number generated by the number generation device as a second seed number.

Abstract: A method of identifying primitives for implementing a physical unclonable function providing a response representative of a device comprising a plurality of primitives coupled in pairs, said primitives being configured for being one-time programmable through application of a burning energy to said primitives, by selecting a subset of the pairs, assessing a difference between electrical characteristics values provided by primitives belonging to each pair of said subset, qualifying all pairs of primitives for which the assessed difference is higher than a reference threshold, and identifying said qualified pairs of primitives comprising programming at least one primitive of each pair of primitives for which the assessed difference is lower than said reference threshold, by applying a burning energy to said at least one primitive so as to differentiate qualified pairs of primitives from those that are not qualified.

Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes multiple arrays of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a user's credentials. A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. The computing device can provide authentication without storing information which could be used by an attacker to compromise user credentials. Redundancy and robustness to varying loads are provided by the use of multiple PUF arrays which may be used as backups or to provide load balancing. Backdoor access may be provided to trusted parties without exposing user credentials.

Abstract: A memory device includes a memory cell array comprising a plurality of memory cells wherein each of the plurality of memory cells is configured to be in a data state, and a physically unclonable function (PUF) generator. The PUF generator further includes a first sense amplifier, coupled to the plurality of memory cells, wherein while the plurality of memory cells are being accessed, the first sense amplifier is configured to compare accessing speeds of first and second memory cells of the plurality of memory cells, and based on the comparison, provide a first output signal for generating a first PUF signature.

Abstract: The disclosure relates to systems, methods and devices to provide race-condition true random number generator (TRNG) for soft intellectual property (IP) in field-programmable gate arrays (FPGAs). In an exemplary embodiment, a pair of long adder chains are raced against one another to complete a full cycle. Due to variances in the silicon, different chains will win each race at different times and thereby produce entropy. A calibration circuit can be used to set up the adder chains in an appropriate initial state to maximize the entropy produced. This structure has been found to be robust to layout changes, and the use of two such adder-chain-pairs reduces interference from other structures. Among others, the soft IP makes adding a robust TRNG to an FPGA much easier without concerns for how the structures are laid out or what other IP is nearby in the layout. The disclosed embodiments reduces the effort to add a TRNG to an FPGA design and improves the robustness of the TRNG making the design FIPS certifiable.

Abstract: A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A corresponding decryption key is written to the second device and then is burned into the decryption module of the second device.

Abstract: An apparatus includes a first feed-forward PUF, a second feed-forward PUF and an exclusive-or circuit configured to perform an exclusive-or operation of an output of the first feed-forward PUF and an output of the second feed-forward PUF.

Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.

Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.

Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.

Abstract: A random number generator includes a counting value generator, an address generator, a static entropy source and a processing circuit. The counting value generator generates a first random number. The address generator generates an address signal. The static entropy source is connected with the address generator to receive the address signal and generates a second random number. The processing circuit is connected with the static entropy source and the counting value generator to receive the first random number and the second random number. After the first random number and the second random number are processed by the processing circuit, the processing circuit generates an output random number.

Abstract: A method for physically unclonable function (PUF) cell-pair remapping includes combining PUF cell-pairs between PUF cells in a first array and PUF cells in a second array, acquiring physical parameters for each of the PUF cell-pairs, selecting PUF cell-pairs based on a comparison of the acquired parameters with a first reference, and remapping the selected PUF cell-pairs.

Abstract: The present disclosure describes systems, apparatuses, and methods for implementing a logic gate circuit structure for operating one or more Boolean functions. Instead of stacking transistors in series to accommodate an increased number of inputs, a parallel configuration is presented that significantly reduces the cascaded number of transistors and the total number of transistors for the same functionality.

Abstract: In accordance with a first aspect of the present disclosure, a radio frequency identification (RFID) transponder is provided, comprising a modulator, a current sensor and a clock recovery circuit, wherein: the modulator is configured to modulate an unmodulated carrier signal received from an external RFID reader; the current sensor is configured to sense a current that flows through one or more transistors comprised in the modulator; and the clock recovery circuit is configured to recover a clock signal using the current sensed by the current sensor. In accordance with a second aspect of the present disclosure, a corresponding method of operating a radio frequency identification (RFID) transponder is conceived.

Abstract: A method and data processing system is provided for detecting an attack on a physically unclonable function (PUF). In the method, a first list of PUF responses to challenges is produced during production testing of an integrated circuit comprising the PUF. The first list is stored in a memory on the integrated circuit. A second list of PUF responses to the challenges is produced during normal operation of the integrated circuit in the field. The second list is compared to the first list. A difference between entries of the first and second lists computed. If the difference is greater than a threshold difference, then an indication of a hardware trojan is generated. The method may also include monitoring a series of challenges for an indication of a non-random pattern in the series. Detection of a non-random pattern may indicate a modeling attack.

Abstract: An integrated circuit includes one or more intellectual property (IP) cores, one or more general purposes input/output (GPIO) interfaces, each GPIO interface having one or more ports, and one or more security circuits, each security circuit being coupled between an IP core and a GPIO interface. A security circuit, in operation, selectively enables communications between the IP core and the GPIO interface coupled to the security circuit based on an indication of the security status of the IP core, an indication of the security status of the GPIO interface or both the indication of the security status of the IP core and the indication of the security status of the GPIO interface.

Abstract: This disclosure describes techniques for analyzing statistical quality of bitstrings produced by a physical unclonable function (PUF). The PUF leverages resistance variations in the power grid wires of an integrated circuit. Temperature and voltage stability of the bitstrings are analyzed. The disclosure also describes converting a voltage drop into a digital code, wherein the conversion is resilient to simple and differential side-channel attacks.

Abstract: Disclosed is a method of generating secret information on the basis of a ring oscillator. According to an embodiment of the present disclosure, there is provided an apparatus for generating secret information on the basis of a ring oscillator, the apparatus including: multiple PUF information generation units each including at least one ring oscillator cell and generating physically unclonable function (PUF) information generated by the at least one ring oscillator cell; a phase checking unit cross-checking phases for the multiple pieces of the PUF information that are output from the multiple PUF information generation units, respectively; and a secret key generation unit outputting secret key information based on a result of comparing the multiple phases received from the phase checking unit.

Abstract: Disclosed is a physical unclonable function generator circuit and method. In one embodiment, a physical unclonable function (PUF) generator comprising: a plurality of PUF cells, wherein each of the plurality of PUF cells comprises a first MOS transistor and a second MOS transistor, wherein terminal S of the first MOS transistor is connected to terminal D of the second MOS transistor at a dynamic node, terminal D of the first MOS transistor is coupled to a first bus and terminal G of the first NMOS transistor is coupled to a second bus, and terminals S and G of the second NMOS transistor are coupled to ground; a plurality of dynamic flip-flop (DFF) circuits wherein each of the plurality of DFF circuits is coupled to each of the plurality of PUF cells respectively; a population count circuit coupled to the plurality of DFF circuits; and an evaluation logic circuit having an input coupled to the population count circuit and an output coupled to the plurality of DFF circuits.

Abstract: A secure IC includes multiple functionally-equivalent combinational logic circuits, multiple sets of state-sampling components, and control circuitry. Each combinational logic circuit receives one or more inputs, and applies a combinational-logic operation to the one or more inputs so as to produce one or more outputs. Each set of state-sampling components includes one or more state-sampling components that samples one or more of the outputs of one of the combinational logic circuits and provides one or more of the sampled outputs as inputs to another of the combinational logic circuits. The control circuitry receives multiple sets of input data for processing by the combinational logic circuits, routes the sets of input data to the combinational logic circuits, extracts sets of output data from the combinational logic circuits, and outputs each set of output data in association with the respective set of input data.

Abstract: An authentication protocol using a Hardware-Embedded Delay PUF (“HELP”), which derives randomness from within-die path delay variations that occur along the paths within a hardware implementation of a cryptographic primitive, for example, the Advanced Encryption Standard (“AES”) algorithm or Secure Hash Algorithm 3 (“SHA-3”). The digitized timing values which represent the path delays are stored in a database on a secure server (verifier) as an alternative to storing PUF response bitstrings thereby enabling the development of an efficient authentication protocol that provides both privacy and mutual authentication.

Abstract: A randomization element includes a logic input for inputting a logic signal, a logic output for outputting the input logic signal at a delay and a randomization element. The randomization elements introduces the delay between said logic input and said logic output and operates selectably in static mode and in dynamic mode in accordance with a mode control signal. A logic circuit may be formed with randomization elements interspersed amongst the logic gates, to obtain protection against side channel attacks by inputting a selected control sequence into the randomization elements.

Abstract: An apparatus is provided which comprises: an entropy source to produce a first random sequence of bits, wherein the entropy source comprises an array of bi-stable cross-coupled inverter cells; a first circuitry coupled to the entropy source, wherein the first circuitry to generate an entropy source selection set; and a second circuitry coupled to the entropy source and the first circuitry, wherein the second circuitry is to receive the first random sequence and the entropy source selection set, and wherein the second circuitry is to generate a second random sequence.

Abstract: Methods and system of generating a code are described. A device can receive a request to generate a code. The device can select a set of cells among a plurality of cells. The device can determine current through the selected cells in a forward mode. The device can determine current through the selected cells in a reverse mode. The device can determine a set of differences between the currents of the forward mode and the reverse mode. The set of differences corresponds to the set of selected cells. The device can transform the set of differences into the code. The device can output the code to respond to the request.

Abstract: A device identification is generated for a programmable device. A security key is generated to protect a content of the programmable device. A device birth certificate is generated with the device identification and the security key. The programmable device is programmed with the device birth certificate at time of manufacture of the programmable device.

Abstract: A secret is stored in a computing device. The device generates a value determined based at least in part on a substantially random process. As a result of the value satisfying a condition, the device causes the secret to be unusable to perform cryptographic operations such that the device is unable to cause the secret to be restored. The secret may be programmatically unexportable from the device.

Abstract: A physically unclonable function (PUF) system is provided. The PUF system includes an entropy source, a plurality of selectable paths, a random selection block, and error correction logic. The plurality of selectable paths are formed between the entropy source and an output for providing a PUF response. The random selection block is for randomly selecting one of the plurality of selectable paths in response to receiving a challenge. The error correction logic is coupled to the output for receiving the PUF response and for correcting any errors in the PUF response for the plurality of selectable paths. By using a different path through the entropy source each time a challenge is received, protection is provided against side-channel attacks.

Abstract: A random number generator includes an entropy source comprising a first digital device arranged to apply to an input signal a first delay value to obtain a first signal and a second digital device arranged to apply to the input signal a second delay value different from the first delay value to obtain a second signal; a sampling unit configured to sample one of the first and second signals using the other signal as reference clock, thereby obtaining a sampled signal; measurement means to perform measurements of the sampled signal's delay difference with respect to the reference clock; a controller circuit arranged to monitor the measured delay difference of the sampled signal and to check the values of the measured delay difference and, once a given condition related to the values is met, to output a configuration signal.

Abstract: A first plurality of logic gates and a second plurality of logic gates may be associated with a symmetric configuration. A first output at a first value may be generated by the first plurality of logic gates based on a first portion of input signals. A second output may be generated by the second plurality of logic gates at the first value based on a second portion of the input signals. A subsequent first output at a particular value may be generated by the first plurality of logic gates based on a first portion of a second plurality of input signals and a subsequent second output maybe generated by the second plurality of logic gates based on a second portion of the second plurality of input signals. A value of the subsequent second output may be complementary to the particular value of the subsequent first output.

Abstract: A security system with entropy bits includes a physically unclonable function circuit, and a security key generator. The physically unclonable function circuit provides a plurality of entropy bit strings. The security key generator generates a security key by manipulating a manipulation bit string derived from the plurality of entropy bit strings according to an operation entropy bit string. Each bit of the operation entropy bit string is used to determine whether to perform a corresponding operation to the manipulation bit string.

Abstract: One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.

Abstract: A semiconductor device includes a first field effect transistor and a second field effect transistor which are respectively coupled to gate electrodes. An insulation property of a gate insulating film of the first field effect transistor is broken down. A resistance value of the gate insulating film of the second field effect transistor is greater than a resistance value of the gate insulating film of the first field effect transistor.

Abstract: A tamper-proof computing device used in conducting a point-of-sale transaction. The tamper-proof computing device comprises a touch-screen display. In some embodiments, an ITO layer is deposited on the touch-screen display that has a tamper line embedded in the ITO layer, such that the tamper line is susceptible to breaking upon unauthorized physical manipulation, and the tamper line is in communication with a microcontroller that is configured to detect the tamper, and to render the tamper-proof computing device inoperable. The tamper line can be a single line trace embedded in the ITO layer or a cluster of traces embedded in the ITO layer. A method of manufacturing comprises forming a tamper line in an ITO layer, depositing the ITO layer on the display and coupling the tamper line to a security microcontroller.

Abstract: Disclosed is a physical unclonable function generator circuit and method. In one embodiment, a physical unclonable function (PUF) generator includes: a PUF cell array comprising a plurality of bit cells, wherein each of the plurality of bit cells comprises at least two inverters, at least one floating capacitor, at least two dynamic nodes, wherein the at least one floating capacitor is coupled between a first inverter at a first dynamic node and a second inverter at a second dynamic node; a PUF controller coupled to the PUF cell array, wherein the PUF controller is configured to charge the first dynamic nodes through the respective first inverters in the plurality of bit cells; and a finite state machine coupled to the PUF cell array configured to determine voltage levels on the second dynamic nodes through the respective second inverters in the plurality of bit cells to determine first logical states of the plurality of bit cells at at least one sampling time and generate a PUF signature.

Abstract: The present invention provides a method for authenticating distributed peripherals on a computer network using an array of physically unclonable functions (PUF). As each PUF is unique, each PUF is able to generate a plurality of challenge response pairs that are unique to that PUF. The integrated circuits of the PUF comprise a plurality of cells, where a parameter (such as a voltage) of each cell may be measured (possibly averaged over many readings). The plurality of cells in the PUF may be arranged in a one, two or more dimensional matrix. A protocol based on an addressable PUF generator (APG) allows the protection of a network having distributed peripherals such as Internet of things (IoT), smart phones, lap top and desk top computers, or ID cards. This protection does not require the storage of a database of passwords, or secret keys. and thereby is immune to traditional database hacking attacks.

Abstract: A method of writing data to a memory device and reading data from the memory device includes issuing a challenge to a PUF device during a power-up process in order to derive a PUF response, error correcting the PUF response, providing delinearized addresses via a delinearization algorithm to the memory device using the error corrected PUF response, masking data, which is written to the memory device, via a masking module using the error corrected PUF response, de-masking data, which is read from the memory device, via the masking module (19) using the error corrected PUF response; and performing a check-sum verification of read data such that address delinearization and data masking are used together to obfuscate the memory content.

Abstract: A process variation evaluation method and a process variation evaluating device are provided. The process variation evaluation method is adapted to an electronic device having a PUF device, a recording array and a controller, and includes: iteratively powering up the PUF device in various conditions and detecting a state change of each of the PUF cells in the PUF device by the controller, in which the controller compares a current state in a current iteration and a previous state in a previous iteration of each PUF cell to detect the state change and setting a value indicating the state change in a corresponding bit in the recording array; counting a number of bits with the set value in the recording array after a plurality of iterations; and evaluating a variation of a process according to the counted number by the controller.

Abstract: An SRAM circuit that includes a biasing circuit adapted to selectively bias the transistors of the SRAM array to lower the threshold voltage of selected transistors. The SRAM circuit includes well voltages and positive voltages that are selectively different, and substrate voltages and ground voltages that are selectively different.

Abstract: A system of hardware configuration of a programmable control instrument, test and measure that includes an integrated FPGA is disclosed. The FPGA includes a static section comprising at least one static logic FPGA preset; a dynamic section comprising at least one dynamic logic FPGA programmable by a user; and a logical interface that connects the static section and dynamic section.

Abstract: The present invention provides a method for authenticating distributed peripherals on a computer network using an array of physically unclonable functions (PUF). As each PUF is unique, each PUF is able to generate a plurality of challenge response pairs that are unique to that PUF. The integrated circuits of the PUF comprise a plurality of cells, where a parameter (such as a voltage) of each cell may be measured (possibly averaged over many readings). The plurality of cells in the PUF may be arranged in a one, two or more dimensional matrix. A protocol based on an addressable PUF generator (APG) allows the protection of a network having distributed peripherals such as Internet of things (IoT), smart phones, lap top and desk top computers, or ID cards. This protection does not require the storage of a database of passwords, or secret keys, and thereby is immune to traditional database hacking attacks.

Abstract: An integrated circuit includes a tamper sensor that has plurality of state circuits. Each of the plurality of state circuits has a respective output that provides a respective logic state. When operating properly, the respective logic state is toggled in response to a clock signal. The respective logic state fails to toggle in response to a respective fault injection. The tamper sensor has an output that provides a fault signal in response to a difference in the respective logic state of the plurality of state circuits. Additionally, the integrated circuit includes a protected circuit, as well as a tamper response circuit. The tamper response circuit is connected to the tamper sensor and to the protected circuit. The tamper response circuit executes a protection operation to secure the protected circuit in response to the fault signal.

Abstract: A method and apparatus is disclosed for protecting electronic devices from security breaches (e.g., in the form of DPA attacks) by managing input/output (I/O) pin states. The technique is particularly useful in financial applications in which data security related operations, such as those involving cryptography, are performed by payment card readers, and the power supplied to drive the operations are measured and analyzed by attackers to extract sensitive information. The technique prevents any external device from measuring the operation power by disabling the I/O pins. The I/O pins are set to a logic low at any given time a data security related operation is performed. As a result, no communication with the external environment is possible during the data security operation, and external power measurements by DPAs are prevented.

Abstract: A physical unclonable function (PUF) circuit and a PUF system including the same are provided. The PUF circuit includes a plurality of PUF cells each configured to generate an output voltage by dividing a power voltage, a reference voltage generator configured to generate a first reference voltage by dividing the power voltage, and a comparing unit configured to sequentially compare the output voltages of the plurality of PUF cells with the first reference voltage to output data values of the plurality of PUF cells.