Abstract: An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.

Abstract: Some embodiments relate to an electronic cryptographic device (100) arranged to determine a cryptographic key. The cryptographic device is arranged for an enrollment phase and a later reconstruction phase. The cryptographic device comprising a physically unclonable function (PUF) (110) and a processor circuit. The circuit being configured to determine during the enrollment phase debiasing data (142), first noise reduction data (131) and first noise reduction data. The circuit being configured to during the reconstruction phase compute at least one cryptographic key from first corrected bits and second corrected bits.

Abstract: Some embodiments are directed to an electronic cryptographic device arranged to determine a cryptographic key. The cryptographic device can include a physically unclonable function (PUF) arranged to produce a first noisy bit string during the enrollment phase and a second noisy bit string during the reconstruction phase, and a statistical unit arranged to execute a statistical test for verifying correct functioning of the physical unclonable function. The statistical test computes a statistical parameter for the physical unclonable function using helper data. The statistical test determines correct functioning if the statistical parameter satisfies a criterion of the statistical test.

Abstract: Some embodiments are directed to a cryptographic device, including a non-volatile memory, a range of the memory storing data, a selector arranged to receive a selector signal configuring a memory read-out unit for a regular read-out mode or for a PUF read-out mode of the same memory, a control unit arranged to send the selector signal to the selector configuring the memory read-out unit in the regular read-out mode, and reading the memory range to obtain the data, and send the selector signal to the selector configuring the memory read-out unit for PUF read-out mode and obtaining a noisy bit string from the memory range.

Abstract: A programming device (110) arranged to obtain and store a random bit string in a memory device (100), the memory device (100) comprising multiple one-time programmable memory cells (122), a memory cell having a programmed state and a not-programmed state, the memory cell being one-time programmable by changing the state from the not-programmed state to the programmed state through application of an electric programming energy to the memory cell.

Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: Some embodiments are directed to an electronic cryptographic device including a physically unclonable function and an enrollment unit configured to generate a first PUF data during the enrollment phase, the first PUF data derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data including a first helper data. The first PUF data is transmitted to an electronic server during an enrollment phase. The device includes a use-phase unit configured to generate a second PUF data derived from a second noisy bit string during a use phase. The first helper data is received from the server in response to transmitting the second PUF data. An error corrector is configured to apply the first helper data to the second noisy bit string.

Abstract: An aspect concerns an electronic cryptographic device (100), comprising a cache memory configured to cache a further memory, a mask storage configured for storing a mask, a mask generator configured to generate the mask and to store the mask in the mask storage, a cache write mechanism configured to write a content of the further memory in the cache memory masked with the mask stored in the mask storage, a cache read mechanism configured to read a content of the cache memory unmasked with the mask stored in the mask storage.

Abstract: Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit. The PUF is configured to produce a first noisy bit string during an enrollment phase and a second noisy bit string during a reconstruction phase. The debiasing unit (120) is configured to determine debiasing data from the first noisy bit string during the enrollment phase. The debiasing data marks bits in the first noisy bit string as retained or discarded. The key reconstruction unit is configured to determine the cryptographic key from bits in the second noisy bit string marked as retained by the debiasing data, the cryptographic key being independent from bits in the second noisy bit string marked as discarded by the debiasing data.

Abstract: Some embodiments are directed to a cryptographic method for providing an electronic first device, an electronic second device and an electronic intermediary device, the cryptographic method establishing a cryptographically protected communication channel between the first device and the second device. The method comprises establishing a session identifier (SID) between the first device and the intermediary device. The first device sends the session identifier and a first key element to the second device over an out-of-band channel. The second device sends a registration message comprising the session identifier to the intermediary device. The first and derived at the first and second device.

Abstract: An electronic cryptographic device (100) comprising a physically unclonable function (PUF) (110) and an enrollment unit (142) arranged to generate a first PUF data during the enrollment phase, the first PUF data being derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data comprising a first helper data. The first PUF data is transmitted to an electronic server during an enrollment phase. The device comprises a use-phase unit (144) arranged to generate a second PUF data derived from a second noisy bit string during a use phase. The first helper data is received from the server in response to transmitting the second PUF data. An error corrector (160) is arranged to apply the first helper data to the second noisy bit string.

Abstract: An electronic system 100 for generating a cryptographic key, the system comprising a memory 110 used as a physically unclonable function, the memory being writable, volatile and configured such that upon each powering-up of the memory the memory settles into a memory content which depends upon at least partially random physical characteristics of the memory, the memory being accessible through a memory interface, and a key derivation unit 150 configured to derive the cryptographic key from the memory content into which the memory settled, wherein the electronic system for generating a cryptographic key further comprises, a memory read-out unit connected to the memory through the memory interface and to the key derivation unit, the memory read-out unit comprising an address scrambler 140 for retrieving the memory content over the memory interface in a scrambled order.

Abstract: A random number generating system for generating a sequence of random numbers comprising a memory, the memory being writable, volatile and configured such that the memory contains an at least partially random memory content upon each powering-up of the memory, an instantiating unit configured for seeding the random number generating system with a seed dependent upon the at least partially random memory content, the sequence of random numbers being generated in dependence upon the seed, and an over-writing unit configured for over-writing at least part of the memory with random numbers generated by the random number generating system in dependence upon the seed.

Abstract: A physical unclonable function is provided 100, comprising a plurality of bus-keepers 110, each bus-keeper of the plurality of bus-keepers 110 being configured to settle into one of at least two different stable states upon power-up, the particular stable state into which a particular bus-keeper of the plurality of bus-keepers settles being dependent at least in part upon the at least partially random physical characteristics of the particular bus-keeper, and a reading circuit 120 for reading the plurality of stable states into which the plurality of bus-keepers settled after a power-up, the plurality of bus-keepers being read-only.

Abstract: In systems for establishing a cryptographic key depending on a physical uncloneable function (PUF) it may be a problem that internal information correlated with the cryptographic key is leaked to the outside of the system via a side-channel. To mitigate this problem a cryptographic system for reproducibly establishing a cryptographic key is presented. The system comprises a physical system comprising a physical, at least partially random, configuration of components from which an initial bit-string is derived. An error corrector corrects deviations occurring in the initial bit-string. Through the use of randomization the error corrector operates on a randomized data. Information leaking through a side channel is thereby reduced. After error correction a cryptographic key may be derived from the initial bit-string.

Abstract: A method of and system (110) for controlled activation of at least one function in a product or component at a remote location, which activation requires a correct activation data item to be available in the product or component. The method comprises receiving one or more noisy outputs of an unclonable element associated with the component from the remote location, and providing helper data to the remote location, which helper data transforms the one or more noisy outputs to a single value which corresponds to the correct activation data item.

Abstract: An electronic system 100 for generating a cryptographic key, the system comprising a memory 110 used as a physically unclonable function, the memory being writable, volatile and configured such that upon each powering-up of the memory the memory settles into a memory content which depends upon at least partially random physical characteristics of the memory, the memory being accessible through a memory interface, and a key derivation unit 150 configured to derive the cryptographic key from the memory content into which the memory settled, wherein the electronic system for generating a cryptographic key further comprises, a memory read-out unit connected to the memory through the memory interface and to the key derivation unit, the memory read-out unit comprising an address scrambler 140 for retrieving the memory content over the memory interface in a scrambled order.

Abstract: The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.

Abstract: The present invention relates to a method of enabling authentication of an information carrier (105), the information carrier (105) comprising a writeable part (155) and a physical token (125) arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge (165) to the physical token (125) resulting in a first response (170), and detecting the first response (170) of the physical token (125) resulting in a detected first response data (175), the method being characterized in that it further comprises the following steps; forming a first authentication data (180) based on information derived from the detected first response data (175), signing the first authentication data (180), and writing the signed authentication data (185) in the writeable part (155) of the information carrier (105).

Abstract: The invention relates to a method for proving authenticity of a prover PRV to a verifier VER, the method comprising generating a secret S using a physical token by the prover PRV. Obtaining a public value PV by the verifier, where the public value PV has been derived from the secret S using a function for which the inverse of said function is computationally expensive. The method further comprising a step for conducting a zero knowledge protocol between the prover PRV and the verifier VER in order to prove to the verifier VER, with a pre-determined probability, that the prover PRV has access to the physical token, where the prover PRV makes use of the secret S and the verifier VER makes use of the public value PV. The invention further relates to a system employing the method, and an object for proving authenticity.