Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Abstract: A resilient sensor system is disclosed for use on a device requiring sensor data. The system includes a calibrated and an uncalibrated sensor arranged to sense the same environmental stimulus. During enrollment, the raw sensor output from both sensors is differenced over a range of sensor input to build an unclonable fingerprint of the sensor pair. This fingerprint is checked against a contemporaneously generated fingerprint to ensure continued fidelity of the calibrated sensor.

Abstract: Systems and methods of correcting errors in encrypted communication between a server and client devices using keyless encryption schemes are disclosed. Client devices with arrays of physical-unclonable-function devices respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. To send an encrypted message, the server generates a message digest, extracts data from the stored arrays on the basis of the message digest, applies error correction codes to the message, encrypts the message with the extracted data, and sends the message to a client. The server may receive a handshake containing all or part of the message digest, measures its PUF, and decrypts and decodes the message.

Abstract: Arrangements and methods for a program-read-erase memory using ReRAM cells is disclosed. The memory includes an array of pristine ReRAM cells. A first digital symbol is encoded in the memory by partially forming cells, while the opposite digital value is encoded in pristine cells. As part of a read process, all cells are subject to partial formation voltage which erases all data as it is being read. ReRAM memories used in this manner are advantageously usable to store challenges for interrogating PUFs for recovery of PUF-generated encryption keys.

Abstract: Systems and methods for symmetric encryption between a client and a server device include a client device having an array of physical unclonable function devices and a server device storing information sufficient to reconstruct responses of the devices to an applied stimulus such as varying levels of electrical current. The server shares a challenge with the client, which measures characteristics such as electrical resistances for a subset of the devices according to instructions extracted from the challenge. The client measures a corresponding reference device in the array for each device of the subset and assigns a value determined based on a comparison of each device with the corresponding reference device to generate a cryptographic key. The server calculates an expected response of the client to the challenge according to a model of the devices in the array, and uses the calculated response to generate the key independently.

Abstract: Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Abstract: The present invention provides a method for using a tamper-resistant physical unclonable functions (PUF) to generate temporary passwords, encrypt a password manager database for one-way encryption, and authenticate users. Resistive Random-Access Memory (ReRAM) can be exploited as PUFs. On the server side, a ReRAM PUF can be used to change the format of the password manager database. By comparing the resistance values extracted from the ReRAM PUF, a bitstream can be generated which can then be used as a challenge. Furthermore, by utilizing the hash function and the ReRAM PUF, the password manager database's content can be encrypted as a one-way encryption. The resistance values, which are the ReRAM PUF output, are converted to a bitstream and then replace the user ID and password hash in the database.

Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes multiple arrays of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a user's credentials. A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. The computing device can provide authentication without storing information which could be used by an attacker to compromise user credentials. Redundancy and robustness to varying loads are provided by the use of multiple PUF arrays which may be used as backups or to provide load balancing. Backdoor access may be provided to trusted parties without exposing user credentials.

Abstract: Systems and methods for the generation and use of session keys supporting secure communications between a client and server device are disclosed. The client hashes each of a series of passwords a first number of times. The hashed passwords are sent to a server. The server applies the hashed password to an array of PUF devices, and receives an initial response bitstream which is stored. The client later hashes each of the series of passwords a second number of times, which is less than the first number, and these are sent to the server. The server continues to hash the second message digest, generate PUF responses, and compare the result to the initially stored responses. For each password, the number of hashes necessary to achieve a match is a partial session key. Latency is improved by an array of separately addressable PUFs, each producing a partial session key.

Abstract: A system and method of secure communication between computing devices based on physical unclonable functions such as memories having dissolvable conductive paths is provided. The method involves enrolling a client device, the client device having a PUF such as a pristine ReRAM. The PUF is enrolled in a secure environment by reading and storing the resistances of the PUF's addressable memory cells. The cells are categorized into “rugged” and “vulnerable” categories on the basis of their resistance, the vulnerable cells being those more likely to be permanently altered during the generations of PUF responses. The rugged cells are used for the generation of PUF responses for cryptographic key generation, but the vulnerable cells may be inspected to detect unauthorized 3rd party access to the PUF.

Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Abstract: Systems and methods for cryptographic key generation at a client and server are disclosed. The client has an array of PUF devices, and the server has an image that PUF. The server sends the client addresses of PUF devices to be measured, and retrieves previously stored responses corresponding to those addresses from its database. The client measures responses at the addresses. Each device hashes the resulting responses, and the server compares the hash received from the client to its own. If the hashes to not match, the server searches for a matching hash be perturbing the measured response bit stream until a match is achieved. The perturbed response bitstream, and the measured response at the client are then salted, and used for key generation.

Abstract: Systems and methods for the generation and use of session keys supporting secure communications between a client and server device are disclosed. The client device has or receives a password, which it hashes a predetermined first number of times. The hashed password is sent as a message digest to a server. The server applies the hashed password to a an array of PUF devices, and receives a response bitstream which is stored. The client later hashes the password a second predetermined number of times, which is less than the first predetermined number, and this second message digest is sent to the server. The server continues to hash the second message digest, generate PUF responses, and compare the result to the initially stored responses. The number of hashes necessary to achieve a match is the session key.

Abstract: A low-power, controllable, and reconfigurable method to control weights in model neurons in an Artificial Neural Network is disclosed. Memristors are utilized as adjustable synapses, where the memristor resistance reflects the synapse weight. The injection of extremely small electric currents (a few nanoamperes) in each cell forces the resistance to drop abruptly by several orders of magnitudes due to the formation of a conductive path between the two electrodes. These conductive paths dissolve as soon as the current injection stops, and the cells return to their initial state. A repeated injection of currents into the same cell results in an almost identical effect in resistance drop. Different, stable resistance values in each cell can be controllably achieved by injecting different current values.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: Systems and methods for providing authentication and secure cryptographic communication between a client and server are described. The client includes an addressable array of PUF devices. The client receives or generates a set of instructions usable to determine a range of PUF addresses. The client measures the PUF addresses and generates a first set of responses. The responses are used to encrypt a session key, which is stored, along with the instructions and a hash of the responses, at the client. Later, the client may recover the session key by using the instructions to measure the PUF again, resulting in a second set of responses. Using a response-based cryptography search engine, the client may then iteratively modify and hash the second set of responses until a response set is uncovered that matches the first response set. This modified response set may then be used to uncover the session key.

Abstract: A system includes a memory device configured to store data at addressable locations in the memory device, a physically unclonable function (PUF) device including an array of PUF elements, and a memory interface coupled to the memory device and the PUF device. The memory interface is configured to receive a request to store first data in the memory device, store the first data in the memory device at a first location of the memory device, and transmit the first data and the first location to the PUF device. The PUF device is configured to create a first challenge value using the first data and the first location, generate a first response value using the first challenge value, and store the first response value as a first data integrity tag in the memory device, wherein the first data integrity tag is associated with the first data.

Abstract: A system is configured to derive a set of encryption keys from measured device characteristics of at least one PUF device and communicate with a remote device by performing a cryptographic operation secured by the set of encryption keys. The cryptographic operation includes segmenting a first data stream into a first plurality of data stream fragments, segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value, identifying, using the first numeric value, a first encryption key of the set of encryption keys, and applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

Abstract: Systems and methods of authentication and encrypted communication between a server and client devices using independently-generated shared encryptions keys are disclosed. Client devices with arrays of physical-unclonable-function devices are respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. Subsequently, the server issues challenges to the clients. The clients derive encryption keys from their responses to those challenges generated by the clients from characteristics of portions of the arrays specified by the challenges. The clients send messages encrypted with the client-generated encryption keys to the server. The server uses the stored characteristics to independently reproduce the client-generated encryption key. When the server-generated encryption key matches the client-generated key, the clients may be authenticated and the clients can communicate securely with the server without exchanging encryption keys.