JP5724305B2 - Device specific information generation apparatus, device specific information generation method, and authentication apparatus - Google Patents

Description

  The present invention relates to a device specific information generation apparatus, a device specific information generation method, and an authentication apparatus, and more particularly to a device specific information generation apparatus, a device specific information generation method, and an authentication apparatus that generate specific information using a physical state inside the device. .

  In order to realize security functions such as encryption and authentication in a system that prevents unauthorized use of network and information devices, each device is required to hold secret information such as a secret key and a device-specific secret ID. It is done. At this time, it is important as system safety to prevent secret information from leaking to the outside even when the device is hacked, and a technique for realizing this is called a tamper resistant technique. In recent years, as such tamper-resistant technology, research on methods for generating device-specific information using physical variations inevitably occurring in the manufacturing process of devices that make up equipment has progressed. It is called Unclonable Function (PUF).

FIG. 1 shows a configuration diagram of a unique information generation apparatus based on PUF. The unique information generation apparatus 110 includes a device physical information generation unit 120 and a physical information mapping unit 130. Further, as shown in FIG. 1, the unique information generation device 110 functions as a component of the authentication device 100, and the authentication device 100 performs security functions such as authentication and encryption using information generated by the unique information generation device 110. Run.
The device physical information generation unit 120 includes a plurality of identical generation circuits such as a circuit on a processor and a memory (SRAM). Even if the processors are manufactured in the same lot, if the devices are different, variations in signal propagation delay occur even in the same wiring. In the PUF using the delay, unique information is generated based on the randomness of the delay. PUF using SRAM uses the fact that the element value at startup is random. As input information from the outside, the device physical information unit 120 designates information to acquire physical information from among a plurality of generation circuits.
The physical information mapping unit 130 executes processing for converting the physical information of the generation circuit obtained from the device physical information generation unit 120 into specific information of the bit string. The generated device unique information is used for encryption processing or hash function in the authentication device when used as an ID or a secret key, and is directly output to the outside when used as a response in challenge-response authentication.
A device specific information generation method using randomness of wiring delay is disclosed in Patent Document 1 and Non-Patent Document 1.

FIG. 2 shows a configuration example of a device physical information generation unit 120 and a physical information mapping unit 130 that use a ring oscillator as a physical information generation circuit.
The device physical information generation unit 120 includes a plurality of identical ring oscillator circuits 200, a selector 210 that selects the ring oscillator circuit 200, and a counter 220 that measures a frequency. At this time, the input information of FIG. 1 designates two ring oscillators by the selector 210.
The physical information mapping unit 130 compares the counter values of the two counters 220 with the comparator 230 and outputs “0” or “1” depending on the magnitude.
In the unique information generation based on PUF, the unique information is generated so that the output bits are not inferred from other output bits. In a PUF that uses a ring oscillator, for example, if fA <fB and fB <fC at the frequencies fA, fB, and fC of the three circuits A, B, and C, the output bits when A and C are selected (fA < fC) can be derived. Avoiding such an event can be achieved by limiting the use of each ring oscillator only once. However, this method can simply obtain at most N / 2-bit output for N ring oscillators.
There are not two methods to increase the number of output bits under the constraint that each ring oscillator is used at most once, but the frequency order itself of more ring oscillators (referred to as "order information") ) Is output. Such a method is described in Non-Patent Document 1 and Non-Patent Document 2.
Since the total number of order information in the n groups is n !, the assumption is that the magnitude of the frequency is random for each device. B bits can be obtained. Where n! Is the factorial of n.
B = log (n!) / Log (2) ... [Formula 1]
At this time, there is no problem even if the expression information in the bit string exceeds [Expression 1]. At this time, the hash function is applied to the entire output bit string to perform the process to match [Expression 1]. Specific information.
In device specific information generation using such physical information, a bit different from the initial setting may be generated at the time of use due to the influence of noise, so when using this specific information as a secret key or ID It is desirable that the same output as at the initial setting be obtained even if some errors occur. As a general method for dealing with this, a method of applying an error correction unit 300 as shown in FIG. 3 is known. The error correction unit 300 applies error correction coding to the output bit string of the physical information mapping apparatus 130 at the time of initialization, and holds a syndrome (or parity) generated for the bit string in the nonvolatile memory. When using device specific information, this syndrome is used to correct error bits. Since the syndrome is held in the non-volatile memory by the error correction unit 300, there is a possibility that it will be acquired by an attacker. At this time, since information corresponding to this size is leaked, a process of reducing the number of bits by the hash function unit 310 is applied and used as a secret key or ID.

  As a technique related to the present invention, Patent Document 2 discloses a semiconductor identification circuit that obtains unique identification information based on a difference in logic threshold value using variations in logic threshold values of the first gate circuit and the second gate circuit. There is disclosure (paragraphs 0014-0016). Further, Patent Document 3 discloses a device to be authenticated that includes an element to be authenticated in which characteristics of an output signal with respect to continuous input signals vary spontaneously during manufacturing, and uses the characteristics as individual-specific information (paragraph 0008). -0013). Further, Patent Document 4 discloses an authentication system in which an authentication socket device adds unique authentication information calculated in a hardware device to communication data and transmits it (paragraph 0021).

Special Publication 2009-524998 Japanese Patent Laid-Open No. 2003-332452 JP 2006-221361 A JP 2008-299457

G. E. Shu and S. Devadas, “Physically Unclonable Functions for Device Generation and Secret Key Generation,” Proc. 44th Design Automation Conference, pp.9-14 “LISA: Maximizing RO PUF ’s Key Extraction”, Proc. IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2010

  In device specific information generation using physical information, it is important to increase the number of effective bits as unique information. At this time, it is desired to suppress the influence of noise in the generation of physical information from appearing in the bit string.

[Object of invention]
It is an object of the present invention to increase the number of effective bits as device specific information in a device and method for generating device specific information from physical information measured by a device physical information generation unit, and to have high reliability against the influence of noise. It is to provide an apparatus and method that can be generated at a time.

Device-specific information generating apparatus according to the present invention, the group setting performed and device physical information generating unit having a plurality of generator of a physical information, a grouping of the plurality of generating circuits as the initial setting operation for the device-specific information generated and parts, in each group, the comparing pairs of device physical information based on the physical information generated by the generating unit generating circuits belonging to the group, concatenating the bits determined according to the magnitude of the physical information is the result of the comparison e Bei and a sequence information mapping unit for mapping the sequence information and generate output bit string as the device-specific information for the group, said group setting unit selects a generation circuit of the device physical information generating unit Based on physical information obtained from the control unit and the generation circuit selected by the control unit, the group that is generating the generation circuit is selected. A physical information determination unit that generates a group so that the difference exceeds the threshold, and a physical information determination unit that generates the group so that the difference exceeds the threshold And a holding memory for holding an index of the generation circuit constituting the group .

A device specific information generation method according to the present invention is an initial setting operation for generating device specific information in the device specific information generation method of a device specific information generation apparatus including a device physical information generation unit having a plurality of physical information generation circuits. the step of comparing a row cormorants step grouping of the plurality of physical information generating circuit, for each of the groups, a pair of physical information generating circuit belonging to the group based on the physical information generated by the device physical information generating unit as When, and a step of mapping the sequence information and generate output bit string as the device-specific information for the group by concatenating bits determined according to the magnitude of the physical information which is the comparison result, the grouping In the step of performing based on physical information obtained from the selected physical information generating circuit. When deciding whether to make the physical information generation circuit a member of the group that is generating, set a threshold for the difference of physical information of the physical information generation circuit in the group, and set the group so that the difference exceeds the threshold generated and characterized in that.
Authentication system according to the present invention, in the authentication system of the host device and the application device, said comprising the application device the above device-specific information generating device, device-specific is the application device at the time of initial setting generated by the device-specific information generating device masked secret key sent from the host device stored in the memory in the information, wherein the application device using the information held device-specific information generated by the device-specific information generating device when the application execution and the memory A secret key is generated.

  In the present invention, it is possible to reduce the probability that the influence of noise appears in the output bit string by appropriately grouping the generation circuits in the initial setting, and by combining output generation based on the mapping of the order information of the generation circuits in the group The number of effective bits as device specific information can be increased.

It is a block diagram showing the structure of a specific information production | generation apparatus. It is a block diagram of the specific information production | generation apparatus using a ring oscillator. It is a block diagram showing the means to produce | generate a secret key and ID with a specific information production | generation apparatus. It is a block diagram showing the structure of one Embodiment of the device specific information generation apparatus concerning this invention. It is a block diagram showing the structure of the group setting part in this embodiment. It is a flow showing the process of the group setting part in this embodiment. It is a block diagram showing the structure of the order information mapping part in this embodiment. It is a flow showing the process of the order information mapping part in this embodiment. It is a block diagram showing the structure of the error correction part in this embodiment. It is a block diagram showing the structure of the authentication system using the device specific information generation apparatus of this embodiment.

FIG. 4 is a block diagram showing an embodiment of a device specific information generating apparatus according to the present invention. A unique information generation apparatus 400 serving as a device specific information generation apparatus includes a device physical information generation unit 120, an error correction unit 300, a group setting unit 410, and an order information mapping unit 420. The error correction unit 300 is connected to the hash function unit 310.
The group setting unit 410 performs an initial setting process for generating device specific information. In this initial setting process, physical information is acquired from the generation circuit constituting the device physical information generation unit 120, and a group of generation circuits used for generation of specific information is generated.
The order information mapping unit 420 maps the order information based on the physical information of the generating circuit for each group set by the group setting unit 410 to a bit string and outputs it. The mapping of the order information is performed so that the number of order inversions between the order information corresponds to the Hamming distance between the output bit strings.

FIG. 5 is a block diagram showing the configuration of the group setting unit 410. The group setting unit 410 includes a control unit 500, a physical information determination unit 510, and a temporary group memory 520.
The control unit 500 determines an index of a generation circuit for acquiring physical information. Based on the physical information obtained from the device physical information generation unit 120, the physical information determination unit 510 determines whether to make this generation circuit a member of the group.
The temporary group memory 520 holds the generating circuit index that constitutes the group being created. The control unit 500 also refers to the temporary group memory 520 to determine the index of the generation circuit.

FIG. 6 is a flowchart showing an initial setting process by the group setting unit 410.
First, group setting initialization is performed (step S610). In the control unit 500, the number of groups is set to 0, and the index g of the group to be generated is set to an initial value (0). If necessary, parameters are set in the control unit 500 and the physical information determination unit 510.
Next, initialization for starting generation of group g is performed (step S620). Specifically, the physical information value stored in the physical information determination unit 510 is initialized, and the temporary group memory 520 is emptied.
The controller 500 determines the index i of the generation circuit that is a candidate for the current group member (step S630).
An index i is designated to the device physical information generation unit 120, and the measured physical information D [i] is acquired (step S640).
Based on D [i], the physical information determination unit 510 determines whether or not the generation circuit i can be added as a member of the current group g (step S650). This determination is performed by the physical information determination unit 510 by comparing D [i] with the physical information of the generation circuit corresponding to the index stored in the temporary group memory 520.
If it is determined in step S650 that addition is possible, i is added to the current group g (step S660).
It is determined whether or not the generation of the group g is finished (step S670). This is determined, for example, based on whether the size of the group g reaches a predetermined upper limit.
When the generation of the group g is completed, the index information of the generation circuit constituting the group g is output (step S680).
The control unit 500 determines whether or not the group configuration trial has been completed for all the generation circuits (step S685).
If it is determined in step S685 that the process is complete, the initial setting process is terminated. If not, g is incremented and generation of the next group g is started (steps S690 and S620).
In step S650, when physical information between different generation circuits is close, the magnitude relationship is likely to be reversed due to noise. Therefore, when adding to a group, the difference between the physical information of the generation circuits in the group increases to some extent. It is fundamental to do so. This process can be executed by setting a threshold value that determines the lower limit of the difference.
On the other hand, when the physical information is very far away, the same tendency may be shown between the devices, and the bits generated between the generation circuits are not effective as the unique information. Therefore, in such a case, it is possible to generate a group that increases the number of effective bits as device-specific information by setting an upper limit value for the above threshold value.
Regarding the setting of these threshold values of physical information, which are the conditions for group generation, a method of giving in advance and a method of calculating and setting a standard value by measuring physical information of several generation circuits can be considered. In this embodiment, since the number of output bits varies depending on the group configuration, a method of calculating the bit string output after group generation, changing the threshold setting, and redoing group generation can be considered. If the number of bits is small, reset the threshold value loosely. On the other hand, when the number of bits is too large, a method of improving the reliability of the output bit string while securing a sufficient number of output bits by setting a strict threshold value is conceivable.
As a condition for generating a group, a method of forming a group only from generating circuits that are relatively close in the device physical information generating unit 120 in addition to these threshold values may be considered. This is effective when there is locality in the physical information. By adding such a restriction, it is possible to generate a group that increases the number of effective bits as device-specific information. In the case where the index of the generation circuit corresponds to the positional relationship, this restriction can be realized by generating a group with the generation circuit of the index within a certain range in the control unit 500.

FIG. 7 is a block diagram showing a configuration of the order information mapping unit 420.
The group memory 700 stores the group information of the generation circuit of the physical information generated by the group setting unit 410. A group can be expressed by a set of indices of generation circuits. The group memory 700 may be realized by an external storage means.
The index reading unit 710 performs processing for reading an index from the group memory 700.
The physical information comparison unit 720 acquires physical information measured for the generation circuit specified by the read index reading unit 710, compares the physical information corresponding to the index pair, and outputs 0 or 1 bits. To do.
The buffer 730 concatenates the bits output from the physical information comparison unit 720 to form a bit string that becomes device specific information.

FIG. 8 is a flow showing processing of the order information mapping unit 420 in FIG. In the group memory 700, the number of groups is represented by G, the size of the group g (0 ≦ g <G) is represented by L [g], and the index of the i-th generation circuit is represented by N_g [i] (0 ≦ i <L [g ]). Details will be described below.
Initialization processing is performed (step S800). The index reading unit 710 sets the index g of the group to 0, and the indexes i and j in the group to 0 and 1, respectively. The output sequence of the buffer 730 is empty.
The index reading unit 710 designates the generation circuit corresponding to N_g [i], N_g [j] to the device physical information generation unit 120 and generates the measured physical information D [j], D [i] (step S805). .
The physical information comparison unit 720 compares the magnitudes of D [j] and D [i] to determine the output bit 0 or 1 (step S810).
The output bit of step S810 is concatenated with the output series S of the buffer (steps S815 and S820).
In step S825, it is determined whether i is smaller than j-1, and if i is smaller than j-1, 1 is added to i in step S830, and steps S805-S820 are executed. In this way, steps S805 to S820 are repeated for i smaller than j (steps S825 and S830).
If i = j, i is initialized (i ← 0) (step S835). In step S840, it is determined whether j is smaller than L [g] -1. If j is smaller than L [g] -1, 1 is added to j in step S845, and steps S805-S835 are executed. Thus, steps S805-S835 are repeated for j smaller than L [g] (steps S835, S840, S845).
If j = L [g], j is initialized (j ← 1), and the next group of outputs is generated (steps S850, S855, S860).
The end of output generation is confirmed for all groups, S is output, and the device specific information generation processing is ended (steps S855 and S865).
In this flow, the indexes j and i of the generating circuit are processed in ascending order, but these can also be performed in descending order. Also, there is no problem even if “0” and “1” in steps S815 and S820 are reversed.
In step S800, S is initialized to an empty series, but a method of setting different constants for each device is also conceivable. A method of adding different constants for each device after generation of S is also conceivable. By setting a random constant for each device, the attacker can expect to increase the number of procedures required for analysis.
Since the bit number M of S is the number of output bits of group g is L [g] (L [g] -1) / 2,
M = L [0] (L [0] -1) / 2 + ... + L [G-1] (L [G-1] -1) / 2 ... [Formula 2]
It becomes. The effective number of bits N as device specific information considering [Equation 1] for this M bit is
N = log (L [0]!) / Log (2) +… + log (L [G-1]!) / Log (2) ... [Formula 3]
It becomes. If the output bits are not independent between devices, a value smaller than N is considered as the effective number of bits.

The error correction unit 300 shown in FIG. 9 receives a bit string S that is device-specific information from the order information mapping unit 420 at the time of initial setting, performs encoding by the encoding unit 900, generates parity or syndrome, and stores it in the parity memory 910. Hold. When generating the unique information, the decoding unit 920 performs decoding using this parity.
It is assumed that the physical information will change due to deterioration of the device elements due to the usage time and environment, and if the unique information is used as a secret key or ID, the same output can be obtained even if such aged deterioration occurs. It is desirable to be able to In the conversion to the bit string shown in FIG. 8, since the inversion of the adjacent order information coincides with the inversion in the bit string, the error correction unit can efficiently cope with the change due to the aging deterioration of the order information. This coping method is described below.

As shown in FIG. 9, the error correction unit 300 prepares an encoding unit 900, a parity memory 910, a decoding unit 920, and an error information management unit 930. The error information management unit 930 holds error information including a counter corresponding to the position of a bit for which correction processing has been performed when generating unique information. A memory for storing error information may be shared with the parity memory 910 in some cases.
The error information management unit 930 inverts the corresponding bit of the output bit string of the order information mapping unit for a bit position larger than the threshold value for which the counter value is determined in the error information when generating the unique information. Thereafter, the decoding unit 920 performs decoding.
The error information management unit 930 updates the error information according to the error correction processing result (corrected bit position) when generating the unique information. This update process increases the counter value when the bit position registered in the error information management unit 930 is corrected, and decreases the counter value when the bit position is not corrected. If the corrected bit position is not registered, new registration is executed.

In the present embodiment, it is possible to reduce the probability that the influence of noise appears in the output bit string by appropriately grouping the generation circuits in the initial setting, and output generation based on the mapping of the order information of the generation circuits in the group is also performed. This makes it possible to increase the number of effective bits as device-specific information.
To increase the effective number of bits, generate an output that includes all the rank information based on the physical information in the group, and different order information with a small inversion of the order, that is, the order information that is likely to occur as an error is the Hamming distance. This contributes to the ability to reduce the amount of syndrome and parity in error correction. Although the size of the output bit string generated in the present embodiment is larger than the effective number of bits, it can be compressed to an appropriate length by a hash function and used as an encryption secret key.

The device specific information generating apparatus of this embodiment has the same configuration as that shown in FIG.
When the device physical information generation circuit of the device physical information generation unit 120 is configured with a ring oscillator, the physical information becomes the frequency, and the number of times 0 and 1 are inverted within a certain time at the output of the ring oscillator is counted. The measured value can be used as physical information. In the case of other oscillation circuits, physical information can be measured similarly.
First, an example of the group generation process S600 in the present example will be described.
Assume that the number of physical information generation circuits is 8, and the physical information of the generation circuits 0,..., 7 (0, 1 inversion count value in the case of a ring oscillator) is as follows.
D [0] = 100, D [1] = 115, D [2] = 95, D [3] = 83, D [4] = 105, D [5] = 108, D [6] = 120, D [7] = 92
When a group is configured such that the upper limit of the group size is 3 and the threshold value Delta = 10 or more D is separated from such a device physical information generation unit, group generation is performed as follows.
(1) Generation of group 0:
• Generator 0 is a member of group 0.

       • Determine whether generator circuit 1 is added to group 0. Since the difference between D [0] and D [1] is 15 and the threshold value Delta = 10 or more, the generation circuit 1 becomes a member of the group 0.

       • Determine whether generator circuit 2 is added to group 0. The difference between D [2] and D [0], D [1] is 5 and 20, respectively, and the difference from D [0] is less than the threshold Delta = 10. Don't be.

• Determine whether generator circuit 3 is added to group 0. The difference between D [3], D [0], and D [1] is 17 and 32, respectively, and both are greater than or equal to the threshold Delta = 10, so that the generation circuit 2 is a member of group 0. • Since group 0 has reached the upper limit of group size 3, group 0 is determined by generation circuits 0, 1, and 3.
In the generation of the group 1, since the group configuration is performed except for the generation circuits 0, 1, 3 which are already members of the group 0, the configuration of the group 1 starts from the generation circuit 2 which is not yet a member of the group.
Generation of group 1 is as follows.
(2) Generation of group 1:
• Generator 2 is a member of Group 1.

       -The generation circuit 3 which is a member of the group 0 determines whether to skip and add the generation circuit 4 to the group 1. Since the difference between D [2] and D [4] is 10 and the threshold value Delta = 10 or more, the generation circuit 4 is a member of group 1.

       • Determine whether generator circuit 5 is added to group 1. The difference between D [5], D [2], and D [4] is 10 and 3, respectively, and the difference with D [4] is less than the threshold Delta = 10, so the generation circuit 5 is a member of group 1 Don't be.

• Determine whether generator circuit 6 is added to group 1. The difference between D [6], D [2], and D [4] is 25 and 15, respectively, and both are threshold values Delta = 10 or more, so the generation circuit 6 is a member of group 0.
• Since group 1 has reached the upper limit of 3 for group size, group 1 is determined by generators 2, 4, and 6.

(3) Generation of group 2:
Group 2 starts from generating circuit 5 which is not a member of groups 0 and 1, and is configured in the same manner as groups 0 and 1, and is determined by generating circuits 5 and 7.
The group structure examination for all the generating circuits is completed as described above, and the following group list is registered in the group memory 700.
Group number Member
0 0, 1, 3
1 2, 4, 6
2 5, 7
Next, an execution example of output bits for each group of the order information mapping unit 420 shown in FIG. 7 will be shown. Let size g [g] of group g = 6. The physical information of the generator circuits 1, 2, 3, 4, and 5 that make up the group
D [1] = 100, D [2] = 120, D [3] = 90, D [4] = 110, D [5] = 80
And If the ring oscillator of FIG. 2 is used, this value is a value that relatively represents the frequency of the ring oscillator measured by the counter. At this time, generating the output bit string S for this group according to FIG. 8 is as follows:
Initial state S = empty series
j = 2, i = 1 (D [1] <D [2]): S ← S || 0 = 0
j = 3, i = 1 (D [1]> D [3]): S ← S || 1 = 01
i = 2 (D [2]> D [3]): S ← S || 1 = 011
j = 4, i = 1 (D [1] <D [4]): S ← S || 0 = 0110
i = 2 (D [2]> D [4]): S ← S || 1 = 01101
i = 3 (D [3] <D [4]): S ← S || 0 = 011010
j = 5, i = 1 (D [1]> D [5]): S ← S || 1 = 0110101
i = 2 (D [2]> D [5]): S ← S || 1 = 01101011
i = 3 (D [3]> D [5]): S ← S || 1 = 011010111
i = 4 (D [4]> D [5]): S ← S || 1 = 0110101111
That means
(A) D [5] <D [3] <D [1] <D [4] <D [2]
When this relationship is established, S = 0101101111 is an output bit string.
This mapping realizes the property that the minimum number of inversions and the Hamming distance between the output bit strings coincide with each other in order to invert the adjacent ranks between the order information. For example, considering the order information of (B) and (C) different from (A), the output bit string is as follows:
(B) D [5] <D [3] <D [4] <D [1] <D [2]: S = 0111101111
(C) D [3] <D [2] <D [4] <D [1] <D [5]: S = 1111000000
The Hamming distance of the output bit strings of (A) and (B) is 1, but is 7 in (A) and (C). When (A) is set in the initial setting, (B) is likely to occur because D [1] and D [4] are only inverted, but the probability of occurrence of the order (C) is very small. it is conceivable that. In this way, by considering the mapping from the ordered set to the bit string shown in FIG. 8, a bit string having a small Hamming distance is assigned to the ordered set that is likely to generate an error. The reliability of PUF output can be improved without increasing the number.
In the error correction unit 300 corresponding to the aging of the device, whether or not to invert before the correction process, the maximum value of the number of error information records consisting of a combination of the correction bit position and the counter value stored in the error information management unit 930 The threshold value of the counter value for determining whether or not is an implementation parameter. The maximum value of the number of records is considered to be one guideline about twice the number of errors that can be corrected. In addition, in the case of control to increase / decrease the counter value according to whether the counter value is corrected or not, if the error occurrence probability of the order information does not change, the counter value has an exponential distribution. Become. For example, a setting in which the counter value is 1 to 16 and the threshold value is 8 is conceivable.

FIG. 10 shows an example of an authentication system using the device specific information generation apparatus of this embodiment. The host device 1010 performs an authentication process when connected to the application device 1000, and passes application data only to the application device that has passed the authentication. For example, the host device 1010 is a PC main body, and the application device 1000 is configured by hardware and software inside the PC that performs content processing. The host device at the time of initial setting and at the time of executing the authentication process may be different.
The application apparatus 1000 includes an authentication apparatus 1020 that includes the device specific information generation apparatus 400 of the present embodiment. FIG. 10 shows a configuration in which authentication is performed using a system key set from the host device 1010. At the initial setting, the host device 1010 uses the device unique information generated by the unique information generation device 400 and the hash function unit 310. The sent system key is masked and held in the nonvolatile memory 1030. Mask processing can typically be realized by addition (exclusive OR). In the authentication process during application execution, the authentication device 1020 temporarily generates a system key from the device specific information generated by the specific information generation device 400 and the hash function unit 310 and the information stored in the memory 1030 at the time of initial setting. The host device 1010 sends challenge data to the application device 1000, and the application device 1000 returns a response to the challenge data calculated by the encryption function part (or hash function processing with key) 1040 using the generated secret key. The host device 1010 executes authentication of the application device 1000.
Note that the device-specific information generation apparatus of the present embodiment can be realized in whole or in part by software using a computer, except for the device physical information generation circuit of the device physical information generation unit. For example, the operations of FIG. 6 and FIG. 8 showing the operation flow of the group setting unit 410 and the order information mapping unit 420 shown in FIG. 4 are described by a program, and this program is stored in a storage unit such as a ROM or a hard disk for calculation. The function of the device specific information generating apparatus according to the present embodiment can be realized by a program by storing information necessary for the above in a memory such as a RAM and causing the CPU to operate the program.

A part or all of the above embodiment can be described as in the following supplementary notes, but is not limited to the following configuration.
(Appendix 1)
A device physical information generation unit having a plurality of physical information generation circuits;
A group setting unit that groups the plurality of generation circuits as an initial setting operation;
For each group, a pair of generation circuits belonging to the group is compared based on the physical information generated by the device physical information generation unit, and an output bit string for the group is generated by concatenating bits determined according to the comparison result. An order information mapping unit to perform,
A device-specific information generating apparatus comprising:
(Appendix 2)
In the device-specific information generation device according to attachment 1,
The group setting unit
A control unit for selecting a generation circuit of the device physical information generation unit;
A physical information determination unit that determines whether the generation circuit is a member of a group that is being generated based on physical information obtained from the generation circuit specified by the control unit;
A memory for holding an index of a generation circuit constituting a group being generated;
A device-specific information generating apparatus comprising:
(Appendix 3)
In the device-specific information generation device according to attachment 2,
The physical information determination unit sets a threshold for the difference in physical information of the generation circuits in the group,
A device specific information generation apparatus, characterized in that a group is generated such that a difference in physical information of generation circuits in a group exceeds the threshold.
(Appendix 4)
In the device-specific information generation device according to attachment 3,
A device-specific information generating apparatus, wherein a lower limit of the difference in physical information is set by the threshold and a threshold that is an upper limit of the difference in physical information is set.
(Appendix 5)
In the device specific information generation apparatus according to attachment 3 or 4,
A device-specific information generating apparatus, wherein the threshold is dynamically set.
(Appendix 6)
In the device specific information generating apparatus according to any one of appendices 1 to 5,
The order information mapping unit includes:
A memory for storing group information generated by the group setting unit;
An index reading unit for performing processing of reading an index of a generation circuit from the memory;
A physical information comparison unit that compares the physical information corresponding to the pair of indexes and outputs bits;
A buffer for storing bits output from the physical information comparison unit;
A device-specific information generating apparatus comprising:
(Appendix 7)
In the device specific information generating apparatus according to any one of appendices 1 to 5,
The order information mapping unit includes:
A device-specific information generation method characterized in that a constant value is held for each device, and the constant value is added to the generated bit string and output.
(Appendix 8)
In the device specific information generation apparatus according to attachment 6,
An error correction unit for processing the output of the order information mapping unit;
The error correction unit holds a pair of a bit position and a counter subjected to correction processing at the time of generating unique information, and when a bit at a position held on the memory is corrected by error correction processing at the time of generating unique information. The device-specific information generation apparatus includes an error information management unit that updates the counter and, when the counter value is sufficiently large, inverts the value of the bit position and then executes an error correction process.
(Appendix 9)
Grouping multiple physical information generation circuits as an initial setting operation,
For each group, compare the pair of physical information generation circuits belonging to the group based on the generated physical information,
A device specific information generation method of a device specific information generation apparatus, wherein an output bit string for the group is generated by concatenating bits determined according to the magnitude of a comparison result.
(Appendix 10)
In the host device and application device authentication system,
The application apparatus includes a device specific information generation apparatus according to appendix 1,
At the time of initial setting, the application apparatus masks the private key sent from the host apparatus with the device specific information generated based on the device specific information generation apparatus and holds it in the memory. An authentication system, characterized in that the secret key is generated using device specific information generated by an information generation device and a value held in the memory.

  The present invention can be applied to a network device, a terminal, or the like that is required to firmly prevent leakage of a secret key or device ID used for encryption or authentication.

100, 1020 Authentication device
110, 400 Unique information generator
120 Device physical information generator
130 Physical information mapping part
200 ring oscillator
210 multiplexer
220 counter
230, 720 comparator
300 Error correction section
310 Hash function part
410 Group setting section
420 Order information mapping part
500 control unit
510 Physical information judgment unit
520, 700, 910, 1030 memory
600-690 Group setting process flow
710 Index reading section
730 buffers
800-860 Sequence information mapping process flow
600-650, 700-720 Group setting process flow
900 Coding part
920 Decoder
930 Error Information Management Department
1000 Application equipment
1010 Host device
1040 Encryption function part

Claims (8)

A device physical information generation unit having a plurality of physical information generation circuits;
A group setting unit that groups the plurality of generation circuits as an initial setting operation for generating device-specific information ;
In each group, the device physical information generating unit in comparing pairs of generator belonging to the group based on generated physical information, said by concatenating bits determined according to the magnitude of the physical information is the result of the comparison and order information mapping unit for mapping the sequence information and generate output bit string as the device-specific information for the group,
Bei to give a,
The group setting unit
A control unit for selecting a generation circuit of the device physical information generation unit;
When determining whether to make the generation circuit a member of the group that is generating based on the physical information obtained from the generation circuit selected by the control unit, a threshold for the difference in physical information of the generation circuit in the group is set. A physical information determination unit configured to generate a group so that the difference exceeds the threshold;
A holding memory for holding an index of a generating circuit constituting the group being generated;
Device-specific information generating apparatus characterized by having a. In the device specific information generating apparatus according to claim 1 ,
A device-specific information generating apparatus, wherein a lower limit of the difference in physical information is set by the threshold and a threshold that is an upper limit of the difference in physical information is set. In the device specific information generating apparatus according to claim 1 or 2 ,
A device-specific information generating apparatus, wherein the threshold is dynamically set. In the device specific information generating apparatus according to any one of claims 1 to 3 ,
The order information mapping unit includes:
A memory for storing group information generated by the group setting unit;
An index reading unit for performing processing of reading an index of a generation circuit from the memory;
A physical information comparison unit that compares the physical information corresponding to the index pair and outputs a bit; and
A buffer for storing bits output from the physical information comparison unit;
A device-specific information generating apparatus comprising: In the device specific information generation method using the device specific information generation apparatus according to any one of claims 1 to 4 ,
The order information mapping unit of the device specific information generating apparatus is
Device-specific information generation method maintains a constant value for each device, adding and outputting the constant value to the generated output bit stream, it is characterized. In the device specific information generating apparatus according to claim 4 ,
An error correction unit for processing the output of the order information mapping unit;
The error correction unit holds a pair of a bit position and a counter value that have been corrected when the device specific information is generated, and the bit at the position held in the memory is corrected by the error correction process when the device specific information is generated. device was the case updates the counter value, if the counter value is larger than a predetermined value, characterized in that it comprises an error information management unit for executing an error correction processing after inverting the value of the bit position Unique information generation device. In a device specific information generation method of a device specific information generation apparatus including a device physical information generation unit having a plurality of physical information generation circuits,
And line Cormorant step grouping of the plurality of physical information generating circuit as the initial setting operation for the device-specific information generation,
Comparing for each of the groups, a pair of physical information generating circuit belonging to the group based on the physical information generated by the device physical information generating unit,
Performing a mapping of the sequence information and generate output bit string as the device-specific information for the group by concatenating bits determined according to the magnitude of the physical information which is the result of the comparison,
With
In the step of performing the grouping, when determining whether to make the physical information generation circuit a member of the group being generated based on the physical information obtained from the selected physical information generation circuit, the physical information in the group A device specific information generation method for a device specific information generation apparatus, characterized in that a threshold is set for a difference in physical information of a generation circuit, and a group is generated so that the difference exceeds the threshold . In the host device and application device authentication system,
The application apparatus includes the device specific information generation apparatus according to claim 1,
The application device at the time of initial setting is stored in the memory by masking the secret key sent from said host device in device-specific information generated by the device-specific information generating device, the device specific information generating said application device when the application execution authentication system wherein generating the private key, and wherein the using the information held and generated device-specific information device to the memory.

Images