WO2013160032A1 - Procédé de détermination de l'originalité d'un élément structural - Google Patents

Procédé de détermination de l'originalité d'un élément structural Download PDF

Info

Publication number
WO2013160032A1
WO2013160032A1 PCT/EP2013/055893 EP2013055893W WO2013160032A1 WO 2013160032 A1 WO2013160032 A1 WO 2013160032A1 EP 2013055893 W EP2013055893 W EP 2013055893W WO 2013160032 A1 WO2013160032 A1 WO 2013160032A1
Authority
WO
WIPO (PCT)
Prior art keywords
component
identifier
signature
generated
originality
Prior art date
Application number
PCT/EP2013/055893
Other languages
German (de)
English (en)
Inventor
Marcel Schumm
Jamshid Shokrollahi
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2013160032A1 publication Critical patent/WO2013160032A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the invention relates to a method for determining the originality of a component, in particular an electronic component.
  • the invention further relates to a method for protecting a component against counterfeiting.
  • the calculation of the component-specific security code takes advantage of the fact that components are never completely identical physically.
  • the security code is usually generated using a measurement circuit that, for example, generates a characteristic clock signal that depends on the exact material composition of the component. Specially designed for this purpose
  • POUs physical non-clonable functions
  • Reliability of this method depends, among other things, on the minimum distance of the selected code.
  • the object of the invention is to provide a method for determining the originality of a component, in which individual properties of the component are used for the recognition of originality, but no exclusive access to secret data is necessary. This task is accomplished by a procedure for determining the originality of a component
  • Component solved by a component assigned to the signature with a public key is verified.
  • a current identifier is generated, for example from a so-called "PUF" value (physical, nonclonable function, English, "physical unclonable function”). If the currently generated identifier matches an identifier generated to create the signature, the originality of the component is deduced.
  • the signature here corresponds to a codeword that has a private key
  • a private key of the manufacturer of the component generated. This signature can be verified by anyone in possession of the public key associated with the private key.
  • Encrypt with the private key restored. This can be ensured by the fact that the private key and the associated public key are keys generated with each other.
  • the signature is preferably generated in that, depending on the at least one component-specific property of the component, a PUF value is generated by means of a PUF and a codeword is then formed from this.
  • This code word represents the identifier.
  • the identifier is now signed with a private key, for example a private key of the manufacturer.
  • the signature is based on the same code word that is specific to this component. If the code is selected, it is ensured that the same code word is always generated for this component by means of the PUF. Since the signature has been generated by encrypting with the private key, it is ensured that the identifier generated when testing for originality of the component corresponds only to the identifier generated for the creation of the signature, if it is an original component.
  • the signature is a
  • the signature incompletely contains the information contained in the identifier.
  • An advantage of the method according to the invention is that only a secret key must be present, by means of which in principle all signatures of all components of the manufacturer can be generated. This private key remains with the manufacturer of the component. This spying the key is almost impossible. To determine the originality of a specific component, only the public key that is accessible to everyone is necessary. The signature can be applied to the component itself.
  • the originally generated identifier from which the signature has been formed also publicly, for example, together with the component passed. If the identifier and the signature formed therefrom are directly available together with the component, it can be determined immediately whether the signature is a signature generated by an authorized device, in particular the manufacturer, in which it verifies with the public key becomes. Only if this results in the identifier, or if the identifier and the signature correspond to each other, it is an authorized signature.
  • the existing mechanisms in the component for generating a current identifier for example
  • Activation of the PUF must be determined whether the component is a forgery. If this test does not indicate a forgery, then the PUF can be used to generate a current identifier and to compare it with the specified data.
  • the signature and / or the identifier are mounted directly on the component. It is particularly advantageous if this is done in machine-readable form, for example as a bar code or as a two-dimensional code. For a machine implementation of the method is favored. However, it is also an alphanumeric form possible.
  • the object is also achieved by a method for protecting a component from counterfeiting by generating a value dependent on at least one component-specific property of the component by means of a physical, non-clonable function (PUF) and determining an identifier assigned to this value and the Identifier is signed with a private key.
  • the signature thus formed using the identifier is assigned to the component in machine-readable form.
  • Components equipped in this way can be checked for their originality by using the public key and generating a current PUF value or a current identifier, without the need for forwarding secret data.
  • mechanical components can likewise be protected or verified against counterfeiting.
  • variations in machined dimensions of a mechanical component such as by casting or forging, may be considered “non-clonable" and used in the process.
  • FIG. 1 is a schematically illustrated component; a flowchart with method steps for the creation of the signature according to a possible embodiment;
  • FIG. 3 is a flowchart of a method for determining the originality of a component according to a possible embodiment;
  • FIG. 4 shows a flow chart of the method according to the invention for
  • the method according to the invention is suitable for a large number of different types of components, in particular for machine components and for electronic components.
  • a component exemplified in FIG. 1 it is designed as an electronic component, for example as an embedded system.
  • the component 1 comprises a housing 2 and a circuit board 3 arranged therein, on which electronic components are arranged.
  • the component 4 includes, for example, in a known manner, a measuring circuit and a ring oscillator, which generates a clock frequency.
  • a PUF value is generated as a function of this measured value.
  • This PUF value can then be queried, for example by means of a suitable interface.
  • a code word or an identifier is generated in the component 4 from the PUF value, which is then output via suitable interfaces.
  • the signature 6 and the signature 6 are mounted in the exemplary embodiment shown in Figure 1, the signature 6 and the signature 6
  • Identification 7 visible in machine-readable form attached as a bar code.
  • the PUF value which is generated by means of the component 4, is read. This corresponds to step 101 of the flowchart shown in FIG.
  • a codeword is formed from the PUF value.
  • a suitable code is used, it being ensured that the distance of the individual code words has a size, so that deviations in the measurements in the preparation of the PUF values that are not due to the specific properties of the component 1, but, for example, to instantaneous
  • this signature 6 is converted into a machine-readable form, for example into a barcode.
  • this signature 6 is applied to the component 1, for example in the form of the sticker 5.
  • the identifier generated in step 102 7 or one of these identifier 7 corresponding or formed from this identifier 7 string converted into a machine-readable code and also on the Component 1 are readably attached.
  • FIG. 3 shows a possible realization of the method according to the invention in the form of a flowchart.
  • a current PUF value is determined by a suitable activation of the function group 4.
  • a code word or a current identifier analogous to the method step described in FIG. 2 in step 102 is created from this PUF value.
  • the component 6 associated with the component 1 and, for example, in the form of a label or sticker 5 on the component 1 attached signature 6 and the identifier 7 are read. This is preferably done by mechanical help, for example by means of a suitable scanner.
  • the signature 6 is verified by means of the public key. Since the public key to the private key with which the signature 6 has been formed is symmetrical, or the two keys have been generated with each other, an original one must be used
  • Component 1 the identified in step 204 by verifying the signature 6 or verified identifier 7 with the current identifier formed in step 202. This match is checked in step 205. Only if there is a match is it concluded that the component 1 is original in step 206. Otherwise, in a step 207, the originality is denied. As is clear from the embodiment shown in Figure 3, is for checking a component 1 on originality with the invention
  • the manufacturer of the component. 1 Only the public key must be available for validation or verification. Characterized in that the originally generated identifier 7 (step 102) has been encrypted with the private key, so that the signature 6 has been clearly formed from the original identifier 7 of the component 1, a falsification of this component 1 can be easily recognized. If the component 1 were to be changed or if the component 1 were a forgery, then the determination of the current identifier (steps 201 and 202), which takes place during the checking of the originality of the component 1, would no longer be identical to the original one Identification 7. A forgery of the signature 6, for example, by replacing the sticker 5, is not possible because the signature 6 is valid only if it is with the private
  • step 205 the values determined in steps 202 and 204 would not match.
  • the method according to the invention offers the possibility of also applying the identification 7 to the component 1. This allows further tests. So can the
  • FIG. 4 shows a flowchart of a further possible embodiment of the method according to the invention.
  • the method begins in a step 301, in which first the PUF value is determined.
  • the codeword or a current identifier is determined from the determined current PUF value.
  • the identifier 7 attached to the component 1 is read.
  • the identifier 7 read in the step 303 is compared with the currently generated identifier (step 302). If these identifiers do not match, the component 1 is qualified as a counterfeit and branches to step 308. The two agree
  • the signature 6 is read in a step 305 and by verifying the signature 6 with the public key (of the manufacturer) the original identifier is reconstructed or the identifier 7 attached to the component 1 is verified.
  • the original identifier is compared with the current identifier formed in step 302. If these identifiers match, or if the identifier 7 affixed to the component 1 has been verified by means of the signature 6 as originating from the manufacturer, the originality of the component 1 is concluded in the step 307, otherwise the program branches to the step 308 and the originality of the Component 1 is not recognized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de détermination de l'originalité d'un élément structural (1) dont au moins une propriété individuelle est mise à contribution pour la reconnaissance de son originalité, sans qu'un accès exclusif à des données secrètes ne soit nécessaire. Ledit procédé selon la présente invention consiste à vérifier une signature (6), attribuée à l'élément structural (1), avec une clé publique. En fonction d'au moins une propriété spécifique de l'élément structural (1), on génère un indicatif actuel, c'est-à-dire par exemple une valeur PUF. Dans le cas où l'indicatif actuellement généré de la signature vérifiée (6) correspond, l'originalité de l'élément structural (1) est conclue. La signature (6) correspond ici à un mot de code qui est chiffré avec une clé privée, par exemple avec une clé privée du fabricant de l'élément structural (1).
PCT/EP2013/055893 2012-04-24 2013-03-21 Procédé de détermination de l'originalité d'un élément structural WO2013160032A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102012206726.4 2012-04-24
DE201210206726 DE102012206726A1 (de) 2012-04-24 2012-04-24 Verfahren zum Feststellen der Originalität eines Bauteils

Publications (1)

Publication Number Publication Date
WO2013160032A1 true WO2013160032A1 (fr) 2013-10-31

Family

ID=48045444

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/055893 WO2013160032A1 (fr) 2012-04-24 2013-03-21 Procédé de détermination de l'originalité d'un élément structural

Country Status (2)

Country Link
DE (1) DE102012206726A1 (fr)
WO (1) WO2013160032A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015225651A1 (de) 2015-12-17 2017-06-22 Robert Bosch Gmbh Verfahren und Vorrichtung zum Übertragen einer Software
DE102017209436A1 (de) 2017-06-02 2018-12-06 Robert Bosch Gmbh Verfahren und Vorrichtung zum Authentisieren eines Gerätes

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006120643A1 (fr) * 2005-05-11 2006-11-16 Koninklijke Philips Electronics N.V. Authentification de billets de banque ou d'autres objets physiques
WO2007116355A2 (fr) * 2006-04-11 2007-10-18 Koninklijke Philips Electronics N.V. Detection d'attaque avec des puf de nappage
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
DE102010038703B3 (de) * 2010-07-30 2012-01-26 Robert Bosch Gmbh Verfahren zur Erzeugung eines Herausforderungs-Antwort-Paars in einer elektrischen Maschine sowie elektrische Maschine
US20120075481A1 (en) * 2010-09-27 2012-03-29 Jamshid Shokrollahi Method for authenticating a charge-coupled device (CCD)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
WO2006120643A1 (fr) * 2005-05-11 2006-11-16 Koninklijke Philips Electronics N.V. Authentification de billets de banque ou d'autres objets physiques
WO2007116355A2 (fr) * 2006-04-11 2007-10-18 Koninklijke Philips Electronics N.V. Detection d'attaque avec des puf de nappage
DE102010038703B3 (de) * 2010-07-30 2012-01-26 Robert Bosch Gmbh Verfahren zur Erzeugung eines Herausforderungs-Antwort-Paars in einer elektrischen Maschine sowie elektrische Maschine
US20120075481A1 (en) * 2010-09-27 2012-03-29 Jamshid Shokrollahi Method for authenticating a charge-coupled device (CCD)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015225651A1 (de) 2015-12-17 2017-06-22 Robert Bosch Gmbh Verfahren und Vorrichtung zum Übertragen einer Software
US10404718B2 (en) 2015-12-17 2019-09-03 Robert Bosch Gmbh Method and device for transmitting software
DE102017209436A1 (de) 2017-06-02 2018-12-06 Robert Bosch Gmbh Verfahren und Vorrichtung zum Authentisieren eines Gerätes

Also Published As

Publication number Publication date
DE102012206726A1 (de) 2013-10-24

Similar Documents

Publication Publication Date Title
EP3108610B1 (fr) Procédé et système d'établissement et vérification de validité de certificats d'appareil
DE102011004978B4 (de) Verfahren, Steuerungseinrichtung und System zum Nachweis von Verletzungen der Authentzität von Anlagenkomponenten
EP1099197B1 (fr) Dispositif pour fournir des donnees de sortie en reaction a des donnees d'entree, procede de verification d'authenticite, et procede de transfert code d'informations
WO2008086958A1 (fr) Procédé et dispositif pour sécuriser un document avec une représentation de signature insérée et des données biométriques dans un système informatique
EP2473954B1 (fr) Procédé permettant de vérifier qu'un article est un article original du fabricant de l'article
WO2016034555A1 (fr) Procédé et système d'authentification pour l'enregistrement d'une caractéristique de sécurité aléatoire
DE202016105474U1 (de) Vorrichtung zur manipulationssicheren Registrierung von Messwerten
EP3417395A1 (fr) Détermination de l'authenticité d'un appareil à l'aide d'un certificat d'autorisation
DE102019134677A1 (de) Kopplung von vorrichtungen an eine authentifizierungsvorrichtung durch sensor-fingerabdrücke
DE102018212098A1 (de) Verfahren zum Betrieb eines blockchainbasierten Produktschutzsystems und blockchainbasiertes Produktschutzsystem
WO2013160032A1 (fr) Procédé de détermination de l'originalité d'un élément structural
DE102007041370B4 (de) Chipkarte, elektronisches Gerät, Verfahren zur Herstellung einer Chipkarte und Verfahren zur Inbenutzungnahme einer Chipkarte
WO2019096491A1 (fr) Procédé et dispositif permettant l'authentification de produits, en particulier des dispositifs fabriqués industriellement et produit programme informatique
DE102007034527B4 (de) Verfahren und System zur Kennzeichnung einer Ware als Originalware eines Warenherstellers
DE102005030657B3 (de) Codierverfahren und Codiereinrichtung zum Sichern eines Zählerstands eines Zählwerks vor einer nachträglichen Manipulation, sowie Prüfverfahren und Prüfeinrichtung zum Prüfen einer Authentizität eines Zählerstands eines Zählwerks
WO2011072952A1 (fr) Dispositif et procédé pour accorder des droits d'accès à une fonctionnalité de maintenance
EP2822805B1 (fr) Plaque signalétique électronique conçue pour des appareils de mesure
DE102007051787A1 (de) Identitätsbasierte Produktsicherung
DE102007036212A1 (de) Identitätsbasierte Produktsicherung
EP1533937B1 (fr) Procédé d'authentification d'un objet
EP3901715B1 (fr) Procédé de vérification de l'origine authentique des modules électroniques d'un appareil de terrain modulaire de la technique de l'automatisation
EP1652131B1 (fr) Procede d'emission d'un support de donnees portable.
DE112011104943T5 (de) Informationsverarbeitungsgerät und Informationsverarbeitungsprogramm
DE102007049151B4 (de) Verfahren zur Durchführung einer automotiven Anwendung
DE102011003393A1 (de) Verfahren und Prüfgerät zur Prüfung eines Objekts

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13713791

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 13713791

Country of ref document: EP

Kind code of ref document: A1