WO2013160032A1 - Procédé de détermination de l'originalité d'un élément structural - Google Patents
Procédé de détermination de l'originalité d'un élément structural Download PDFInfo
- Publication number
- WO2013160032A1 WO2013160032A1 PCT/EP2013/055893 EP2013055893W WO2013160032A1 WO 2013160032 A1 WO2013160032 A1 WO 2013160032A1 EP 2013055893 W EP2013055893 W EP 2013055893W WO 2013160032 A1 WO2013160032 A1 WO 2013160032A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- component
- identifier
- signature
- generated
- originality
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Definitions
- the invention relates to a method for determining the originality of a component, in particular an electronic component.
- the invention further relates to a method for protecting a component against counterfeiting.
- the calculation of the component-specific security code takes advantage of the fact that components are never completely identical physically.
- the security code is usually generated using a measurement circuit that, for example, generates a characteristic clock signal that depends on the exact material composition of the component. Specially designed for this purpose
- POUs physical non-clonable functions
- Reliability of this method depends, among other things, on the minimum distance of the selected code.
- the object of the invention is to provide a method for determining the originality of a component, in which individual properties of the component are used for the recognition of originality, but no exclusive access to secret data is necessary. This task is accomplished by a procedure for determining the originality of a component
- Component solved by a component assigned to the signature with a public key is verified.
- a current identifier is generated, for example from a so-called "PUF" value (physical, nonclonable function, English, "physical unclonable function”). If the currently generated identifier matches an identifier generated to create the signature, the originality of the component is deduced.
- the signature here corresponds to a codeword that has a private key
- a private key of the manufacturer of the component generated. This signature can be verified by anyone in possession of the public key associated with the private key.
- Encrypt with the private key restored. This can be ensured by the fact that the private key and the associated public key are keys generated with each other.
- the signature is preferably generated in that, depending on the at least one component-specific property of the component, a PUF value is generated by means of a PUF and a codeword is then formed from this.
- This code word represents the identifier.
- the identifier is now signed with a private key, for example a private key of the manufacturer.
- the signature is based on the same code word that is specific to this component. If the code is selected, it is ensured that the same code word is always generated for this component by means of the PUF. Since the signature has been generated by encrypting with the private key, it is ensured that the identifier generated when testing for originality of the component corresponds only to the identifier generated for the creation of the signature, if it is an original component.
- the signature is a
- the signature incompletely contains the information contained in the identifier.
- An advantage of the method according to the invention is that only a secret key must be present, by means of which in principle all signatures of all components of the manufacturer can be generated. This private key remains with the manufacturer of the component. This spying the key is almost impossible. To determine the originality of a specific component, only the public key that is accessible to everyone is necessary. The signature can be applied to the component itself.
- the originally generated identifier from which the signature has been formed also publicly, for example, together with the component passed. If the identifier and the signature formed therefrom are directly available together with the component, it can be determined immediately whether the signature is a signature generated by an authorized device, in particular the manufacturer, in which it verifies with the public key becomes. Only if this results in the identifier, or if the identifier and the signature correspond to each other, it is an authorized signature.
- the existing mechanisms in the component for generating a current identifier for example
- Activation of the PUF must be determined whether the component is a forgery. If this test does not indicate a forgery, then the PUF can be used to generate a current identifier and to compare it with the specified data.
- the signature and / or the identifier are mounted directly on the component. It is particularly advantageous if this is done in machine-readable form, for example as a bar code or as a two-dimensional code. For a machine implementation of the method is favored. However, it is also an alphanumeric form possible.
- the object is also achieved by a method for protecting a component from counterfeiting by generating a value dependent on at least one component-specific property of the component by means of a physical, non-clonable function (PUF) and determining an identifier assigned to this value and the Identifier is signed with a private key.
- the signature thus formed using the identifier is assigned to the component in machine-readable form.
- Components equipped in this way can be checked for their originality by using the public key and generating a current PUF value or a current identifier, without the need for forwarding secret data.
- mechanical components can likewise be protected or verified against counterfeiting.
- variations in machined dimensions of a mechanical component such as by casting or forging, may be considered “non-clonable" and used in the process.
- FIG. 1 is a schematically illustrated component; a flowchart with method steps for the creation of the signature according to a possible embodiment;
- FIG. 3 is a flowchart of a method for determining the originality of a component according to a possible embodiment;
- FIG. 4 shows a flow chart of the method according to the invention for
- the method according to the invention is suitable for a large number of different types of components, in particular for machine components and for electronic components.
- a component exemplified in FIG. 1 it is designed as an electronic component, for example as an embedded system.
- the component 1 comprises a housing 2 and a circuit board 3 arranged therein, on which electronic components are arranged.
- the component 4 includes, for example, in a known manner, a measuring circuit and a ring oscillator, which generates a clock frequency.
- a PUF value is generated as a function of this measured value.
- This PUF value can then be queried, for example by means of a suitable interface.
- a code word or an identifier is generated in the component 4 from the PUF value, which is then output via suitable interfaces.
- the signature 6 and the signature 6 are mounted in the exemplary embodiment shown in Figure 1, the signature 6 and the signature 6
- Identification 7 visible in machine-readable form attached as a bar code.
- the PUF value which is generated by means of the component 4, is read. This corresponds to step 101 of the flowchart shown in FIG.
- a codeword is formed from the PUF value.
- a suitable code is used, it being ensured that the distance of the individual code words has a size, so that deviations in the measurements in the preparation of the PUF values that are not due to the specific properties of the component 1, but, for example, to instantaneous
- this signature 6 is converted into a machine-readable form, for example into a barcode.
- this signature 6 is applied to the component 1, for example in the form of the sticker 5.
- the identifier generated in step 102 7 or one of these identifier 7 corresponding or formed from this identifier 7 string converted into a machine-readable code and also on the Component 1 are readably attached.
- FIG. 3 shows a possible realization of the method according to the invention in the form of a flowchart.
- a current PUF value is determined by a suitable activation of the function group 4.
- a code word or a current identifier analogous to the method step described in FIG. 2 in step 102 is created from this PUF value.
- the component 6 associated with the component 1 and, for example, in the form of a label or sticker 5 on the component 1 attached signature 6 and the identifier 7 are read. This is preferably done by mechanical help, for example by means of a suitable scanner.
- the signature 6 is verified by means of the public key. Since the public key to the private key with which the signature 6 has been formed is symmetrical, or the two keys have been generated with each other, an original one must be used
- Component 1 the identified in step 204 by verifying the signature 6 or verified identifier 7 with the current identifier formed in step 202. This match is checked in step 205. Only if there is a match is it concluded that the component 1 is original in step 206. Otherwise, in a step 207, the originality is denied. As is clear from the embodiment shown in Figure 3, is for checking a component 1 on originality with the invention
- the manufacturer of the component. 1 Only the public key must be available for validation or verification. Characterized in that the originally generated identifier 7 (step 102) has been encrypted with the private key, so that the signature 6 has been clearly formed from the original identifier 7 of the component 1, a falsification of this component 1 can be easily recognized. If the component 1 were to be changed or if the component 1 were a forgery, then the determination of the current identifier (steps 201 and 202), which takes place during the checking of the originality of the component 1, would no longer be identical to the original one Identification 7. A forgery of the signature 6, for example, by replacing the sticker 5, is not possible because the signature 6 is valid only if it is with the private
- step 205 the values determined in steps 202 and 204 would not match.
- the method according to the invention offers the possibility of also applying the identification 7 to the component 1. This allows further tests. So can the
- FIG. 4 shows a flowchart of a further possible embodiment of the method according to the invention.
- the method begins in a step 301, in which first the PUF value is determined.
- the codeword or a current identifier is determined from the determined current PUF value.
- the identifier 7 attached to the component 1 is read.
- the identifier 7 read in the step 303 is compared with the currently generated identifier (step 302). If these identifiers do not match, the component 1 is qualified as a counterfeit and branches to step 308. The two agree
- the signature 6 is read in a step 305 and by verifying the signature 6 with the public key (of the manufacturer) the original identifier is reconstructed or the identifier 7 attached to the component 1 is verified.
- the original identifier is compared with the current identifier formed in step 302. If these identifiers match, or if the identifier 7 affixed to the component 1 has been verified by means of the signature 6 as originating from the manufacturer, the originality of the component 1 is concluded in the step 307, otherwise the program branches to the step 308 and the originality of the Component 1 is not recognized.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de détermination de l'originalité d'un élément structural (1) dont au moins une propriété individuelle est mise à contribution pour la reconnaissance de son originalité, sans qu'un accès exclusif à des données secrètes ne soit nécessaire. Ledit procédé selon la présente invention consiste à vérifier une signature (6), attribuée à l'élément structural (1), avec une clé publique. En fonction d'au moins une propriété spécifique de l'élément structural (1), on génère un indicatif actuel, c'est-à-dire par exemple une valeur PUF. Dans le cas où l'indicatif actuellement généré de la signature vérifiée (6) correspond, l'originalité de l'élément structural (1) est conclue. La signature (6) correspond ici à un mot de code qui est chiffré avec une clé privée, par exemple avec une clé privée du fabricant de l'élément structural (1).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102012206726.4 | 2012-04-24 | ||
DE201210206726 DE102012206726A1 (de) | 2012-04-24 | 2012-04-24 | Verfahren zum Feststellen der Originalität eines Bauteils |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013160032A1 true WO2013160032A1 (fr) | 2013-10-31 |
Family
ID=48045444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2013/055893 WO2013160032A1 (fr) | 2012-04-24 | 2013-03-21 | Procédé de détermination de l'originalité d'un élément structural |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102012206726A1 (fr) |
WO (1) | WO2013160032A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015225651A1 (de) | 2015-12-17 | 2017-06-22 | Robert Bosch Gmbh | Verfahren und Vorrichtung zum Übertragen einer Software |
DE102017209436A1 (de) | 2017-06-02 | 2018-12-06 | Robert Bosch Gmbh | Verfahren und Vorrichtung zum Authentisieren eines Gerätes |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006120643A1 (fr) * | 2005-05-11 | 2006-11-16 | Koninklijke Philips Electronics N.V. | Authentification de billets de banque ou d'autres objets physiques |
WO2007116355A2 (fr) * | 2006-04-11 | 2007-10-18 | Koninklijke Philips Electronics N.V. | Detection d'attaque avec des puf de nappage |
US7681103B2 (en) | 2002-04-16 | 2010-03-16 | Massachusetts Institute Of Technology | Reliable generation of a device-specific value |
DE102010038703B3 (de) * | 2010-07-30 | 2012-01-26 | Robert Bosch Gmbh | Verfahren zur Erzeugung eines Herausforderungs-Antwort-Paars in einer elektrischen Maschine sowie elektrische Maschine |
US20120075481A1 (en) * | 2010-09-27 | 2012-03-29 | Jamshid Shokrollahi | Method for authenticating a charge-coupled device (CCD) |
-
2012
- 2012-04-24 DE DE201210206726 patent/DE102012206726A1/de not_active Withdrawn
-
2013
- 2013-03-21 WO PCT/EP2013/055893 patent/WO2013160032A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7681103B2 (en) | 2002-04-16 | 2010-03-16 | Massachusetts Institute Of Technology | Reliable generation of a device-specific value |
WO2006120643A1 (fr) * | 2005-05-11 | 2006-11-16 | Koninklijke Philips Electronics N.V. | Authentification de billets de banque ou d'autres objets physiques |
WO2007116355A2 (fr) * | 2006-04-11 | 2007-10-18 | Koninklijke Philips Electronics N.V. | Detection d'attaque avec des puf de nappage |
DE102010038703B3 (de) * | 2010-07-30 | 2012-01-26 | Robert Bosch Gmbh | Verfahren zur Erzeugung eines Herausforderungs-Antwort-Paars in einer elektrischen Maschine sowie elektrische Maschine |
US20120075481A1 (en) * | 2010-09-27 | 2012-03-29 | Jamshid Shokrollahi | Method for authenticating a charge-coupled device (CCD) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015225651A1 (de) | 2015-12-17 | 2017-06-22 | Robert Bosch Gmbh | Verfahren und Vorrichtung zum Übertragen einer Software |
US10404718B2 (en) | 2015-12-17 | 2019-09-03 | Robert Bosch Gmbh | Method and device for transmitting software |
DE102017209436A1 (de) | 2017-06-02 | 2018-12-06 | Robert Bosch Gmbh | Verfahren und Vorrichtung zum Authentisieren eines Gerätes |
Also Published As
Publication number | Publication date |
---|---|
DE102012206726A1 (de) | 2013-10-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3108610B1 (fr) | Procédé et système d'établissement et vérification de validité de certificats d'appareil | |
DE102011004978B4 (de) | Verfahren, Steuerungseinrichtung und System zum Nachweis von Verletzungen der Authentzität von Anlagenkomponenten | |
EP1099197B1 (fr) | Dispositif pour fournir des donnees de sortie en reaction a des donnees d'entree, procede de verification d'authenticite, et procede de transfert code d'informations | |
WO2008086958A1 (fr) | Procédé et dispositif pour sécuriser un document avec une représentation de signature insérée et des données biométriques dans un système informatique | |
EP2473954B1 (fr) | Procédé permettant de vérifier qu'un article est un article original du fabricant de l'article | |
WO2016034555A1 (fr) | Procédé et système d'authentification pour l'enregistrement d'une caractéristique de sécurité aléatoire | |
DE202016105474U1 (de) | Vorrichtung zur manipulationssicheren Registrierung von Messwerten | |
EP3417395A1 (fr) | Détermination de l'authenticité d'un appareil à l'aide d'un certificat d'autorisation | |
DE102019134677A1 (de) | Kopplung von vorrichtungen an eine authentifizierungsvorrichtung durch sensor-fingerabdrücke | |
DE102018212098A1 (de) | Verfahren zum Betrieb eines blockchainbasierten Produktschutzsystems und blockchainbasiertes Produktschutzsystem | |
WO2013160032A1 (fr) | Procédé de détermination de l'originalité d'un élément structural | |
DE102007041370B4 (de) | Chipkarte, elektronisches Gerät, Verfahren zur Herstellung einer Chipkarte und Verfahren zur Inbenutzungnahme einer Chipkarte | |
WO2019096491A1 (fr) | Procédé et dispositif permettant l'authentification de produits, en particulier des dispositifs fabriqués industriellement et produit programme informatique | |
DE102007034527B4 (de) | Verfahren und System zur Kennzeichnung einer Ware als Originalware eines Warenherstellers | |
DE102005030657B3 (de) | Codierverfahren und Codiereinrichtung zum Sichern eines Zählerstands eines Zählwerks vor einer nachträglichen Manipulation, sowie Prüfverfahren und Prüfeinrichtung zum Prüfen einer Authentizität eines Zählerstands eines Zählwerks | |
WO2011072952A1 (fr) | Dispositif et procédé pour accorder des droits d'accès à une fonctionnalité de maintenance | |
EP2822805B1 (fr) | Plaque signalétique électronique conçue pour des appareils de mesure | |
DE102007051787A1 (de) | Identitätsbasierte Produktsicherung | |
DE102007036212A1 (de) | Identitätsbasierte Produktsicherung | |
EP1533937B1 (fr) | Procédé d'authentification d'un objet | |
EP3901715B1 (fr) | Procédé de vérification de l'origine authentique des modules électroniques d'un appareil de terrain modulaire de la technique de l'automatisation | |
EP1652131B1 (fr) | Procede d'emission d'un support de donnees portable. | |
DE112011104943T5 (de) | Informationsverarbeitungsgerät und Informationsverarbeitungsprogramm | |
DE102007049151B4 (de) | Verfahren zur Durchführung einer automotiven Anwendung | |
DE102011003393A1 (de) | Verfahren und Prüfgerät zur Prüfung eines Objekts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13713791 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13713791 Country of ref document: EP Kind code of ref document: A1 |