Patents by Inventor John Ross Wallrabenstein
John Ross Wallrabenstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180351754Abstract: A system and device including reconfigurable physical unclonable functions (‘RPUFs’) and threshold cryptography uses cryptographic and physical means of security. A plurality of reconfigurable physical unclonable functions (‘RPUFs’) and a memory are connected to a processor that is configured to derive information associating the RPUFs with cryptographic shares of a sensitive value, store such information in the memory, and reconfigure a RPUF upon powering up of the device such that information stored in the memory is not valid for the reconfigured RPUF.Type: ApplicationFiled: June 6, 2017Publication date: December 6, 2018Applicant: Analog Devices, Inc.Inventors: John Ross Wallrabenstein, Thomas Joseph Brindisi
-
Publication number: 20180248706Abstract: An authentication system and device including physical unclonable function (PUF) and threshold cryptography comprising: a PUF device having a PUF input and a PUF output and constructed to generate, in response to the input of a challenge, an output value characteristic to the PUF and the challenge; and a processor having a processor input that is connected to the PUF output, and having a processor output connected to the PUF input, the processor configured to: control the issuance of challenges to the PUF input via the processor output, receive output from the PUF output, combine multiple received PUF output values each corresponding to a share of a private key or secret, and perform threshold cryptographic operations. The system and device may be configured so that shares are refreshable, and may be configured to perform staggered share refreshing.Type: ApplicationFiled: April 24, 2018Publication date: August 30, 2018Applicant: Analog Devices, Inc.Inventor: John Ross Wallrabenstein
-
Patent number: 10013543Abstract: A system, device, and method for binding metadata, such as information derived from the output of a biometric sensor, to hardware intrinsic properties by obtaining authentication-related metadata and combining it with information pertaining to a root of trust, such as a physical unclonable function. The metadata may be derived from a sensor such as a biometric sensor, the root of trust may be a physical unclonable function, the combination of the metadata and root of trust information may employ a hash function, and output from such a hash process may he used as an input to the root of trust. The combined information can he used in interactive or non-interactive authentication.Type: GrantFiled: June 5, 2017Date of Patent: July 3, 2018Assignee: Analog Devices, Inc.Inventors: John J. Walsh, John Ross Wallrabenstein
-
Patent number: 9998445Abstract: A device authentication system for use with an authenticatable device having a physically-unclonable function and constructed to, in response to input, of challenge C, internally generate an output O characteristic to the PUF and the challenge C, and configured to: i) upon receiving challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value.Type: GrantFiled: May 20, 2015Date of Patent: June 12, 2018Assignee: Analog Devices, Inc.Inventor: John Ross Wallrabenstein
-
Patent number: 9996480Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).Type: GrantFiled: February 8, 2016Date of Patent: June 12, 2018Assignee: Analog Devices, Inc.Inventors: John J. Walsh, John Ross Wallrabenstein, Hal A. Aldridge, Michael J. Duren
-
Patent number: 9946858Abstract: An authentication system and device including physical unclonable function (PUF) and threshold cryptography comprising: a PUF device having a PUF input and a PUF output and constructed to generate, in response to the input of a challenge, an output value characteristic to the PUF and the challenge; and a processor having a processor input that is connected to the PUF output, and having a processor output connected to the PUF input, the processor configured to: control the issuance of challenges to the PUF input via the processor output, receive output from the PUF output, combine multiple received PUF output values each corresponding to a share of a private key or secret, and perform threshold cryptographic operations. The system and device may be configured so that shares are refreshable, and may be configured to perform staggered share refreshing.Type: GrantFiled: June 22, 2015Date of Patent: April 17, 2018Assignee: Analog Devices, Inc.Inventor: John Ross Wallrabenstein
-
Patent number: 9806718Abstract: An authenticatable device according to one embodiment includes a reconfigurable physical unclonable function (‘RPUF’) used with one parameter to recover sensitive values (e.g., a secret or a share of a secret) and a different parameter to encode and store values (e.g., challenge-helper pairs) correlated to the sensitive values. In another embodiment, a pair of RPUFs is used instead of a single PUF, with one RPUF used to recover sensitive values and the other RPUF used to encode and store correlated values. In still another embodiment, the desired expiration of values can be enforced by employing redundant RPUFs; when the device is powered on, one (or more than one, but less than all) of the RPUFs is selected and transitioned to a new configuration, invalidating any correlated values previously constructed using the old configuration, and the RPUF that was not reconfigured is used to recover the sensitive value(s) using the remaining correlated value(s).Type: GrantFiled: June 8, 2016Date of Patent: October 31, 2017Assignee: Analog Devices, Inc.Inventor: John Ross Wallrabenstein
-
Publication number: 20170270288Abstract: A system, device, and method for binding metadata, such as information derived from the output of a biometric sensor, to hardware intrinsic properties by obtaining authentication-related metadata and combining it with information pertaining to a root of trust, such as a physical unclonable function. The metadata may be derived from a sensor such as a biometric sensor, the root of trust may be a physical unclonable function, the combination of the metadata and root of trust information may employ a hash function, and output from such a hash process may he used as an input to the root of trust. The combined information can he used in interactive or non-interactive authentication.Type: ApplicationFiled: June 5, 2017Publication date: September 21, 2017Applicant: Analog Devices, Inc.Inventors: John J. Walsh, John Ross Wallrabenstein
-
Patent number: 9715590Abstract: A system and device for verifying the integrity of a system from its subcomponents, the system comprising a plurality of subcomponents each having a physical state, the system and the device comprising a processor that is connected to each of the subcomponents, the processor configured to verify systemic integrity by performing verification on some or all specified subcomponents. The verification may be individual (1,1) or threshold (n,1), and may be interactive or non-interactive.Type: GrantFiled: May 5, 2015Date of Patent: July 25, 2017Assignee: Analog Devices, Inc.Inventors: Douglas J. Gardner, John J. Walsh, John Ross Wallrabenstein
-
Patent number: 9672342Abstract: A system, device, and method for binding metadata, such as information derived from the output of a biometric sensor, to hardware intrinsic properties by obtaining authentication-related metadata and combining it with information pertaining to a root of trust, such as a physical unclonable function. The metadata may be derived from a sensor such as a biometric sensor, the root of trust may be a physical unclonable function, the combination of the metadata and root of trust information may employ a hash function, and output from such a hash process may be used as an input to the root of trust. The combined information can be used in interactive or non-interactive authentication.Type: GrantFiled: May 5, 2015Date of Patent: June 6, 2017Assignee: Analog Devices, Inc.Inventors: John J. Walsh, John Ross Wallrabenstein
-
Publication number: 20170149572Abstract: An authenticatable device according to one embodiment includes a reconfigurable physical unclonable function (‘RPUF’) used with one parameter to recover sensitive values (e.g., a secret or a share of a secret) and a different parameter to encode and store values (e.g., challenge-helper pairs) correlated to the sensitive values. In another embodiment, a pair of RPUFs is used instead of a single PUF, with one RPUF used to recover sensitive values and the other RPUF used to encode and store correlated values. In still another embodiment, the desired expiration of values can be enforced by employing redundant RPUFs; when the device is powered on, one (or more than one, but less than all) of the RPUFs is selected and transitioned to a new configuration, invalidating any correlated values previously constructed using the old configuration, and the RPUF that was not reconfigured is used to recover the sensitive value(s) using the remaining correlated value(s).Type: ApplicationFiled: June 8, 2016Publication date: May 25, 2017Applicant: Analog Devices, Inc.Inventor: John Ross Wallrabenstein
-
Publication number: 20170063559Abstract: An authentication system and device including physical unclonable function (PUF) and threshold cryptography comprising: a PUF device having a PUF input and a PUF output and constructed to generate, in response to the input of a challenge, an output value characteristic to the PUF and the challenge; and a processor having a processor input that is connected to the PUF output, and having a processor output connected to the PUF input, the processor configured to: control the issuance of challenges to the PUF input via the processor output, receive output from the PUF output, combine multiple received PUF output values each corresponding to a share of a private key or secret, and perform threshold cryptographic operations. The system and device may be configured so that shares are refreshable, and may be configured to perform staggered share refreshing.Type: ApplicationFiled: May 5, 2015Publication date: March 2, 2017Inventor: John Ross Wallrabenstein
-
Publication number: 20160269186Abstract: An authentication system and device including physical unclonable function (PUF) and threshold cryptography comprising: a PUF device having a PUF input and a PUF output and constructed to generate, in response to the input of a challenge, an output value characteristic to the PUF and the challenge; and a processor having a processor input that is connected to the PUF output, and having a processor output connected to the PUF input, the processor configured to: control the issuance of challenges to the PUF input via the processor output, receive output from the PUF output, combine multiple received PUF output values each corresponding to a share of a private key or secret, and perform threshold cryptographic operations. The system and device may be configured so that shares are refreshable, and may be configured to perform staggered share refreshing.Type: ApplicationFiled: June 22, 2015Publication date: September 15, 2016Applicant: Sypris Electronics, LLC.Inventor: John Ross Wallrabenstein
-
Publication number: 20160170907Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).Type: ApplicationFiled: February 8, 2016Publication date: June 16, 2016Applicant: Sypris Electronics, LLCInventors: John J. Walsh, John Ross Wallrabenstein, Hal A. Aldridge, Michael J. Duren
-
Patent number: 9292692Abstract: A system and device for verifying the integrity of a system from its components, the system comprising a plurality of components each having a physical state, the system and the device comprising a processor that is connected to each of the components, the processor configured to verify systemic integrity by performing verification on some or all specified components. The verification may be individual (1, 1) or threshold (n, 1), and may be interactive or non-interactive.Type: GrantFiled: June 22, 2015Date of Patent: March 22, 2016Assignee: Sypris Electronics, LLCInventor: John Ross Wallrabenstein
-
Publication number: 20160021096Abstract: A device authentication system for use with an authenticatable device having a physically-unclonable function and constructed to, in response to input, of challenge C, internally generate an output O characteristic to the PUF and the challenge C, and configured to: i) upon receiving challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value.Type: ApplicationFiled: May 20, 2015Publication date: January 21, 2016Inventor: John Ross Wallrabenstein
-
Publication number: 20150341792Abstract: A network authentication system with dynamic key generation that facilitates the establishment of both endpoint identity, as well as a secure communication channel using a dynamically-generated key between two end devices (potentially on separate local area networks). An interactive or noninteractive authentication protocol is used to establish the identity of the target end device, and dynamic key generation is used to establish a shared symmetric session key for creating an encrypted communication channel between the end devices.Type: ApplicationFiled: May 22, 2015Publication date: November 26, 2015Applicant: Sypris Electronics, LLCInventors: John J. Walsh, John Ross Wallrabenstein, Charles J. Timko
-
Publication number: 20150317480Abstract: A system and device for verifying the integrity of a system from its subcomponents, the system comprising a plurality of subcomponents each having a physical state, the system and the device comprising a processor that is connected to each of the subcomponents, the processor configured to verify systemic integrity by performing verification on some or all specified subcomponents. The verification may be individual (1,1) or threshold (n,1), and may be interactive or non-interactive.Type: ApplicationFiled: May 5, 2015Publication date: November 5, 2015Applicant: Sypris Electronics, LLCInventors: Douglas J. Gardner, John J. Walsh, John Ross Wallrabenstein
-
Publication number: 20150317481Abstract: A system and device for verifying the integrity of a system from its components, the system comprising a plurality of components each having a physical state, the system and the device comprising a processor that is connected to each of the components, the processor configured to verify systemic integrity by performing verification on some or all specified components. The verification may be individual (1, 1) or threshold (n, 1), and may be interactive or non-interactive.Type: ApplicationFiled: June 22, 2015Publication date: November 5, 2015Applicant: SYPRIS ELECTRONICS, LLCInventors: Douglas J. Gardner, John J. Walsh, John Ross Wallrabenstein
-
Publication number: 20150318994Abstract: A system, device, and method for binding metadata, such as information derived from the output of a biometric sensor, to hardware intrinsic properties by obtaining authentication-related metadata and combining it with information pertaining to a root of trust, such as a physical unclonable function. The metadata may be derived from a sensor such as a biometric sensor, the root of trust may be a physical unclonable function, the combination of the metadata and root of trust information may employ a hash function, and output from such a hash process may be used as an input to the root of trust. The combined information can be used in interactive or non-interactive authentication.Type: ApplicationFiled: May 5, 2015Publication date: November 5, 2015Applicant: Sypris Electronics, LLCInventors: John J. Walsh, John Ross Wallrabenstein