Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).

Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS). Also disclosed is a device for use with an authentication system, comprising: a first hardware part and a second hardware part that are adapted to communicate with and perform authentication on each other; and/or a hardware part that contains two or more chips that are adapted to communicate with and perform authentication on each other.

Abstract: A resilient device authentication system and method comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS). Also disclosed is a device comprising a controller, device memory, input/output capable of communicating with the authentication system, and a physically-unclonable function associated with hardware part-specific information corresponding to hardware part-specific data in the loaded CVS. Further disclosed is an authentication system including hardware security modules.

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Abstract: A unique, strong, shared, symmetric network-wide key (or a limited number of group-wide keys) is generated by a central authority and initially provisioned to nodes in a network, which use it for ensuing traffic encryption. Nodes establish trust by sending each other authentication messages encrypted with the shared secret key, and thereupon adding each other to their respective trust lists. Also, an optional rekeying scheme whereby an existing shared secret key can be replaced by a new secret key that is introduced by the central authority and automatically propagated from node to node through the network.