WO2021214663A1 - Method, system and chip for centralised authentication - Google Patents

Method, system and chip for centralised authentication Download PDF

Info

Publication number
WO2021214663A1
WO2021214663A1 PCT/IB2021/053261 IB2021053261W WO2021214663A1 WO 2021214663 A1 WO2021214663 A1 WO 2021214663A1 IB 2021053261 W IB2021053261 W IB 2021053261W WO 2021214663 A1 WO2021214663 A1 WO 2021214663A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
integrated circuit
centralized
registration system
end node
Prior art date
Application number
PCT/IB2021/053261
Other languages
French (fr)
Inventor
Jeroen Mathias Doumen
Casparus Anthonius Henricus Juffermans
Pieter Werner Hooijmans
Original Assignee
Sandgrain B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sandgrain B.V. filed Critical Sandgrain B.V.
Priority to EP21751864.6A priority Critical patent/EP4140092A1/en
Publication of WO2021214663A1 publication Critical patent/WO2021214663A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/20Initialising; Data preset; Chip identification

Definitions

  • the present invention relates to an authentication system, an integrated circuit, an end node device and a security method for centralized authentication.
  • MCU Microcontroller units
  • HW hardware
  • SW software
  • IC cost typically cost a few dollar cents, which multiplies by a factor four for the final assembled module or package sales price.
  • Elements that increase the IC cost are the MCU infrastructure and the programmable on-chip memories. Typical elements that increase the IC cost are:
  • - Secure MCUs are expensive, either as in-house development or as purchased IP, e.g. as ARMTM Secure Cores;
  • MCUs are complex functions, and although the core is relatively small in advanced technology, it requires all kind of peripheral functionality to make it work properly: communication busses, memories (usually a combination of multiple specific memories, like RAM, ROM, Flash), start-on and advanced power management circuitry. So, the total function is much bigger, and requires serious design effort;
  • NVM Non-Volatile Memory
  • flash memory is expensive technology features, requiring - depending upon the size of the baseline CMOS node - 10 to 12 additional mask layers in production. This can be a cost adder of typically 35 to 30% compared to non-flash baseline technology wafer cost;
  • BE Back End
  • the present invention recognizes as a fundamental problem that security requirements are highest at the end nodes of the system, and in particular in the devices (ICs) that are used by the consumers at very high volume, hence the system element that is most vulnerable to hacking. At the consumer side volumes are highest, so cost sensitivity is also highest. Because verification of security is typically done locally in the end node, once a device gets hacked or copied at user level, it cannot be identified as such by the system and misuse essentially goes undetected. Because the verification relies entirely on the end node device being authentic, hacked and copied devices can be deployed in large numbers undetected.
  • authentication method do exist and may in general be typified as comprising the requesting by a verifying device an identifier from an end node device and verifying in a centralized code registration system, the identifier received from the end node device,
  • a verifying device an identifier from an end node device and verifying in a centralized code registration system, the identifier received from the end node device
  • US patent publication 20150106282 is directed to a presently underlying problem, in that it indicates that “such genuine product certification technology has a problem in that, when certification information used for genuine product certification is copied and genuine product certification of counterfeits is performed, the counterfeits may be recognized as genuine products.”
  • This disclosure then relates to a device for performing genuine product certification is used in conjunction with a certification information unit, which unit “may receive the certification identification information including at least one piece of the certification chip identification information, the product identification information, and the certification verification information of the verification target product from the device for performing genuine product certification”.
  • the solution as here proposed requires, at least hints towards a solution in which the target product should be a state machine, at indicating that “when the product identification information of the verification target product 300 is not managed by the device for determining a counterfeit 100, the genuine product certification information and the certification identification information are compared as illustrated in FIG. 4. Therefore, it is possible to determine a counterfeit”.
  • the disclosure indicates that example embodiments “provide a method of determining a counterfeit that can accurately determine a counterfeit by analyzing genuine product certification of a verification target product based on state information of a device”.
  • Variations on this known concept can also be known from further publications like US20080282209 and US20170180369.
  • the identifier means in practice lays a capability burden onto end node devices which eventually turn out often if not in most of the cases to be way too complicated or costly in order to establish a viable authentication means for an immense amount of relatively simply constructed end node devices, which devices may e.g. form a security threat by way of forming a de facto back-door entrance, or which devices may be desired to economically form a reliable identifier within an asset management system such as may be the case with exchangeable PCB boards within complex machine or systems. It is hence an object to arrive at an at least alternative, preferably also economic form of an authentication method, more in particular enabling extensive use in relatively simple if not relatively cheap end node devices such as so-called HOT devices.
  • the present invention hence in general aims to alleviate the security and cost draw backs identified in the background.
  • the present invention is particularly useful - but not limited to - the Internet-of- Things (IoT), including the IoT at consumer level which has not been largely adopted yet due to the existing security and cost concerns. IoT has had a modest start in industrial applications, where hacking is much lower as risk than at consumer level. It is another object of the present invention to improve upon essentially outdated MCU-based solutions as are in general known for application in e.g. so-called edge node devices.
  • IoT Internet-of- Things
  • the present invention while departing from the known authentication system and method comprising defined by requesting by a verifying device of an identifier from an end node device, and verifying the same in a centralized code registration system, the identifier received from the end node device, enables identification and security solutions that are much cheaper at the high- volume customer or user end of the chain, shift complex security functionality away from those end nodes, and does not require access to state information of an end node to be in the form of a state machine in order to establish an identification and authentication method .
  • an authentication method and system which comprises storing, in a centralized code registration system, an identification code representative of an identifier of an integrated circuit.
  • storing means the action of putting data in a data storage or having data stored in a data storage available for use.
  • the identifier can be hard-coded in the integrated circuit.
  • the identifier can be a bit-code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits.
  • the method can further comprise requesting, by a verifying device, the identifier from the integrated circuit via an end node device.
  • the method and system can further comprise reading, by the end node device, the identifier from the integrated circuit and transmitting the identifier to the centralized code registration system.
  • the method and system can further comprise verifying, in the centralized code registration system, the identifier received from the end node device against the stored identification code to obtain and output a verification result.
  • the method and system can herein comprise the step of transcription of the received identifier into an identification code, and verifying in the centralized code registration system, the thus obtained identification code against the stored identification code in order to obtain and output a verification result.
  • Such transcription be composed of, at least involve a known per se technique such as a look-up table and a cryptographic technique.
  • the method can further comprise transmitting the identifier to the centralized code registration system via the verifying device.
  • the identifier has then typically been received in the verifying device from the end node device.
  • the present invention relates to improving the known authentication system and method by including the identifier hard coded in the integrated circuit in a manner where the identifier is a bit-code of predefined length, storing (100), in the centralized code registration system (3), an identification code, unique within a set of at least potential identification codes and representative of the identifier of an integrated circuit (4, 4a, 4b, 4c, 4d), reading, by the end node device, the identifier from the integrated circuit, and transmitting the identifier to the centralized code registration system; performing a processing step involving transcription of the received identifier into an identification code, and verifying in the centralized code registration system, the identification code against the stored identification code to obtain and output a verification result.
  • hardcoding of an identity is included as means of hampering ease of copying the ID by way of including the same in a semiconductor device
  • the hardcoding of an identifier is allowed, and for security reasons even preferred to be performed in a simplest possible chip embodiment by way of including security measures, normally extensively applied in and end or edge node, in a centralized data and identification system, i.e. effectively a central computing platform.
  • the central system collects contextual data, either by itself, e.g. by intelligent review of the number and frequency of requested ID-checks and/or from the verifying device which may add e.g. geographical information to the identifier as received from the integrated circuit.
  • the identification result is output as verification result.
  • the latter as being more than an ID check only, may to some as it were be regarded as a rudimentary form of an authentication method.
  • the integrated circuit for storing the identifier may be kept simple and small as possible, thereby allowing widespread application thereof in the simplest and/or remotest of end nodes, therewith enabling at least a basic form of protection for such nodes, as it were enabling backdoor protection in IOT.
  • An advantage of having the identifier coding integrated circuit simple as possible, is that it does not allow any chance of running a program thereon which might be used for e.g., spoofing, thereby further enhancing security within the identification if not authentication system as proposed.
  • the verification result can be at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
  • the verifying device can transmit at least a part of the contextual data to the centralized code registration system.
  • the method can further comprise transmitting the verification result from the centralized code registration system to the verifying device and/or the end node device.
  • the authentication method can comprise storing, in the centralized code registration system, the identification code together with a vendor identification code.
  • the vendor identification code can be indicative for a system owner of an asset that is associated with the identification code.
  • the method can further comprise transmitting, from the end node device, a vendor identifier to the centralized code registration system together with the identifier.
  • the method can further comprise verifying, in the centralized code registration system, the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
  • the authentication method can further comprise registering, in the centralized code registration system, the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
  • the verification result obtained by the authentication method is indicative of the authenticity of the identifier.
  • the authentication method enables a basic security system.
  • an authentication system comprising a plurality of end node devices, a verifying device and a centralized registration system.
  • Each end node device can comprise an integrated circuit.
  • the integrated circuit can comprise an identifier that is hard-coded in the integrated circuit.
  • the identifier can be a bit- code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits.
  • the centralized code registration system can be arranged to store an identification code representative of the identifier of the integrated circuit.
  • the verifying device can be configured to request the identifier from the integrated circuit via the end node device.
  • the end node device can be configured to read the identifier from the integrated circuit and transmit the identifier to the centralized code registration system.
  • the centralized code registration system can be configured to verify the identifier received from the end node device against the stored identification code to obtain and output a verification result.
  • verification device can be configured to transmit the identifier to the centralized code registration system. The identifier has then typically been received in the verifying device from the end node device.
  • the verification result can be at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
  • the verifying device can be configured to transmit at least a part of the contextual data to the centralized code registration system.
  • the centralized code registration system is configured to transmit the verification result to the verifying device and/or the end node device.
  • the centralized code registration system can be arranged to store the identification code together with an vendor identification code.
  • the vendor identification code can be indicative for a system owner of an asset that is associated with the identification code.
  • the end node device can be configured to transmit a vendor identifier to the centralized code registration system together with the identifier.
  • the centralized code registration system can be configured to verify the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
  • the verifying device may be a separate device that is communicatively connected to the centralized code registration system and/or the end node device.
  • the verifying device may be a part of the centralized code registration system.
  • the verifying device may be a part of an asset that includes the end node device.
  • the verification result obtained by the authentication system is indicative of the authenticity of the identifier.
  • the authentication system enables a basic security system.
  • the integrated circuit can comprise a read-only register comprising the identifier and one or more interfaces for reading the identifier from the register and outputting the identifier.
  • the functionality of the integrated circuit can be limited to providing the identifier upon request.
  • the centralized code registration system can comprise an electronic database system for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored in the electronic database system upon implementation of the identifier in the integrated circuit.
  • the electronic database can be secured by at least one of restricted access, data encryption or being located in a secured environment.
  • the centralized code registration system can be configured to register the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
  • the identifier can be a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
  • the centralized registration system can be implemented as a cloud service.
  • the plurality of end node devices can include Internet-of-Things devices.
  • an integrated circuit comprising an identifier that is hard-coded in the integrated circuit.
  • the identifier can be a bit-code of predefined length.
  • the integrated circuit can be for use in an authentication system having one or more of the above described features.
  • the integrated circuit can comprise an SPI (Serial Peripheral Interface) and control logic for obtaining the identifier from the read-only register on a request received via the control logic.
  • the integrated circuit can further comprise one or more voltage inputs, such as VDDD, VSSD, VDDIO and VSSIO.
  • the integrated circuit can further comprise one or more signal inputs, such as MOSI (Master Output Slave Input), SCLK (Serial CloCK) and CSN (Chip Select Not).
  • the integrated circuit can further comprise a signal output, such as MISO (Master Input Slave Output) for outputting the identifier.
  • the integrated circuit can be miniature S08-packaged, SSOP8- packaged, TSSOP8-packaged or 8WLCSP-packaged for board-level applications for board- level applications.
  • the integrated circuit can be RF-ID compatible.
  • the integrated circuit can be integrated in a multi-chip package.
  • the integrated circuit can be integrated as IP block in a larger IC.
  • an end node device comprising an integrated circuit as described above.
  • the end node device can be configured to read the identifier from the integrated circuit and transmit the identifier to the centralized code registration system.
  • the authentication method and system of the present invention advantageously enable a secure and cost efficient solution which allows the long targeted wide deployment of secure end nodes in logistics chains, e.g. retail, medicine, industrial, defense, and/or in the consumer Internet-of- Things.
  • the authentication system is scalable over orders of magnitude, from tens to billions of nodes.
  • the availability of coding space is no problem at all (e,g, 10 38 in case of 128 bit identifiers) and the end nodes can be so small and cheap that they allow deployment in very large numbers.
  • the authentication system allows putting individual electronic identifiers at a level not attainable today. Think of tagging all individual products in a supermarket or store, all elements in complex logistics chains (e.g. aircraft or car assembly) or all ICs (by embedding an IC inside a larger IC package).
  • Owners of the identification system can choose at which level they want to uniquely code their products.
  • E.g. high turn-over goods (beer bottles or cans, food) could be coded by production batches with codes that have a time-limited validity. This is yet another scalability factor of the present invention.
  • the authentication method and system of the present invention may be used as a connected electronic bar code. But whereas todays printed bar codes are identical for all instantiations of the same product, the identities in the ICs are electronic and can, if chosen so, be different at individual product level. The usage of the identities in the ICs may be tracked through a cloud connection, allowing for “big data” analysis and possible interaction with the end node device to take security measures.
  • the centralized code registration system may be distributed among multiple servers or multiple networked computers while functioning as a centralized system.
  • the system enables owners/users to set up a secure data information system on the use of their products.
  • FIG. 1 shows an exemplary authentication system according to an aspect of the invention
  • FIG. 2 shows and exemplary IC according to an aspect of the invention
  • FIGs. 3a-3d show exemplary end node devices including ICs according to an aspect of the invention.
  • FIGs 3e-3f show exemplary assets including ICs according to an aspect of the invention.
  • FIG. 4 shows a time sequence diagram of an exemplary method of the invention.
  • the figures are intended for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.
  • FIG. 1 shows an exemplary authentication system 1 according to an aspect of the invention.
  • the authentication system 1 may include end node devices 2a, 2b each containing an IC 4a, 4b embedded with a unique identifier.
  • the authentication system 1 may further include a verifying device 5 for requesting the identifier from the end node device.
  • the authentication system 1 may further include a centralized code registration system 3, typically comprising an electronic database system 31.
  • the IC 4a, 4b is typically linked to an asset.
  • the asset is e.g. an electronic device like a peripheral device, an industrial device or a medical device, or any taggable good like packing material or consumer goods.
  • the assets have in common that they are identifiable by the identifier. It is possible that the end node device itself is the asset.
  • Querying of an IC 4a, 4b for its identifier may result in sending the identifier to the centralized code registration system 3, and the centralized code registration system 3 providing a verification result indicative of an authentication result.
  • the identifier is typically transmitted to the centralized code registration system 3 after a request from the verifying device 5.
  • the identifier may be transmitted from the end node device 2a, 2b to the centralized code registration system 3, via the verifying device 5, and/or via any other intermediate communication device (not shown).
  • the unique identifier may be embedded in the IC 4a, 4b as a bit-code of predefined order of magnitude, hard coded in the IC 4a, 4b, typically in the form of a register and an interface for reading out the code, e.g. as shown in the IC 4 of FIG. 2.
  • a non-limiting example of an identifier is a 128-bit code. These 128 bits allow the unique identification of 10 38 unique elements. It will be understood that identifiers may be defined using any other number of bits, such as 64, 80, 96, 128, 512, 1024 or any other number of bits.
  • the identifier bits may be hard coded in the IC 4, 4a, 4b, so there are no options to re-write or modify the identifiers.
  • FIG. 2 shows an exemplary IC 4 according to an aspect of the present invention.
  • the IC 4 may include a ROM register 41, e.g. a 128-bit (16x8) ROM embedding a 128-bit identifier.
  • the IC 4 includes an interface, here embodied in the form of a Serial Peripheral Interface (SPI) and control logic for outputting the identifier on a request received via the Control logic.
  • the IC 4 may include voltage inputs VDDD, VSSD, VDDIO and VSSIO.
  • the IC 4 may further include signal inputs MOSI (Master Output Slave Input), SCLK (Serial CloCK) and CSN (Chip Select Not).
  • the IC 4 may further include signal output MISO (Master Input Slave Output).
  • the IC 4 is not limited to having SPI-based interfaces.
  • Other non-limiting examples of interfaces that may be used in the IC 4 are serial interface like I2C or I2S, 3-wire, 1-wire, USB or a classical 13,56MHz RF-ID contactless interface.
  • the IC 4 is not limited to 16x8 ROM registers and that any other read-only register may be used for storing identifiers of any bit length.
  • FIGs. 3a-3d show exemplary end node devices 2a-2d with embedded ICs 4a-4d according to the present invention.
  • FIG. 3a shows an exemplary miniature S08-packaged IC 4a for board-level applications, which may be similar to the IC 4 of FIG. 2.
  • the IC 4a may be used for authentication on board/system level. Any other suitable packaging may be used, e.g. SSOP8, TSSOP8, 8WLCSP, various leadless packages.
  • FIG. 3b shows an exemplary RF-ID compatible IC 4b, which may be used for object authentication. Most or all of the RF-ID functionality may be implemented in the end node device 2b interfacing with the IC 4b.
  • Fig. 3c shows an exemplary more advanced integrated solutions wherein an IC 4c is integrated in a multi-chip package.
  • the IC 4c may be used for authentication of (big) other ICs.
  • FIG. 3d shows an exemplary more advanced integrated solution wherein an IC 4d is integrated as IP block in a larger IC.
  • the IC 4d may be used for authentication of the larger IC.
  • the hardware of the IC 4, 4a-4d is preferably made as simple and cheap as possible.
  • the function provided by the IC 4, 4a-4d may be limited to outputting the identifier upon request, such as provided by the exemplary IC 4 of FIG. 2.
  • the end node device 2, 2a-2d is typically configured to retrieve the identifier - preferably a unique identifier - from the IC 4, 4a-4d. This is typically triggered by a request hereto from a verifying device 5, which may be wirelessly or wiredly communicatively connected to the end node device 2, 2a-2d.
  • the identifier is transmitted to the centralized code registration system 3 to authenticate the identifier. Further security measures in the end node device 2, 2a, 2b may be minimized or even discarded.
  • the identifier is typically linked to an asset or article to which the end node device 2, 2a-2d is attached or linked.
  • the identification code that is stored in the centralized code registration system 3 may be stored together with a vendor identification code, enabling an identifier and vendor identifier combination, both typically obtained by the end node device 2, 2a-2d, to be checked against an expected identification code and vendor identification code combination stored in the centralized code registration system 3.
  • the centralized registration system 3 may return a negative verification result to the end node device 2, 2a, 2b, indicative of a failed authentication.
  • the centralized registration system 3 may block the identification code from any future use, resulting in future verification results for this identification code to be negative by default.
  • FIG. 3e shows a non-limiting exemplary asset 6a that includes an end node device, e.g. the end node device 2b of FIG. 3b.
  • the asset 6a may be a non-electronic asset.
  • the identify stored in the IC 4b may be wirelessly requested by verifying device 5a, e.g. using RF-ID or any other suitable wireless communication technology.
  • the identity received in the verifying device 5a may be transmitted to a centralized code registration system 3 for verification.
  • FIG. 3f shows another non-limiting exemplary asset 6b that includes an end node device, e.g. the end node device 2a of FIG. 3 a.
  • the asset 6b may be an electronic asset.
  • the identify stored in the IC 4a may be requested by verifying device 5b, which in this example is a part of the asset 6b but may be external to the asset 6b.
  • the identity received in the verifying device 5b may be transmitted to a centralized code registration system 3 for verification.
  • An identifier may be generated before or during the production process of ICs 4, 4a- 4d. This is illustrated in FIG. 1 as the code generation service that generates the identifiers and stores the generated identifiers or identification codes representative of the identifiers in database 31 of the centralized registration system 3. The generated identifiers may be transmitted to the IC Manufacturing (Foundries) as a unique customer and ID encoding instructions.
  • the ICs 4, 4a-4d are preferably manufactured in a cost efficient manner, typically involving a lithography back-end processes followed by a so-called mid-end lithographic process step.
  • the dies on a wafer 5 may be prepared to a common design, e.g. in a CMOS based, front end lithographic operation typically applying masked lithographic equipment.
  • a wafer based maskless lithographic operation may manipulate a predefined CMOS based IC for encoding each die of a wafer with the identifier - preferably a unique identifier - generated by the code generation service.
  • the implementation of the identifier in the mid-end lithographic process step advantageously allows commonly known and cost effective front end processes to remain unmodified.
  • the mid-end lithographic process step may be integrated as a maskless lithography operation, which is found to be very suitable for uniquely encoding IC based electronic devices. In such a set-up maximum advantage may be taken from cost reduction as has over the past decades been effected in so called front-end chap manufacturing fab's or so called foundries.
  • the authentication system 1 may be transferred to the centralized code registration system 3, which is preferably implemented in the cloud.
  • Every application system e.g. retail, may have a database 31 with the registered identification codes ICs 4, 4a-4d that have been produced and as many associated data labels as are required (dates, type of product, manufacturer, etcetera). These data labels may be stored as or together with vendor identification codes in the database 31.
  • the identifier may be sent to the database system 31 for verification of its validity, possibly with a simple “Yes” (or other indication of a positive verification result) or “No” (or other indication of a negative verification result) as outcome.
  • the database system 31 may advantageously take the context of verification requests into account in processing the current verification request. Examples hereof are a number of requests made in a predefined time interval, the total number of requests made, time of the request, location of the request, and etcetera. Contextual information may be transmitted as contextual data from the verifying device 5 to the centralized code registration system 3 and/or generated in the centralized code registration system 3. Part or all of the contextual data may be generated in the end node device 2, 2a-2d.
  • FIG. 4 shows an exemplary method according to an aspect of the invention, in the form of a time-sequence diagram.
  • an identification code representative of an identifier of an IC 4, 4a-4d may be stored in the centralized code registration system 3, typically in an electronic database system 31 of the centralized code registration system 3. This is typically done before or during the manufacturing process of the IC 4, 4a-4d.
  • the end node device 2, 2a-2d may read 102 the identifier from the IC 4, 4a-4d after a request 101 from the verifying device 5.
  • the identifier may be transmitted to the centralized code registration system 3, typically via the verifying device (step 103).
  • the centralized code registration system 3 may verify the received identifier against the corresponding stored identification code to obtain a verification result.
  • the verification result may be transmitted from the centralized code registration system 3 to the verification system 5, additionally or alternatively to the end node device 2, 2a-2d or any other device that may use the verification result.

Abstract

An authentication method comprising requesting (101), by a verifying device (5), an identifier from an end node device (2); verifying (105), in a centralized code registration system, the identifier received from the end node device; including the identifier hard coded in the integrated circuit in a manner where the identifier is a bit-code of predefined length, storing (100), in the code registration system (3), an identification code, unique within a set of identification codes and representative of the identifier of an integrated circuit (4, 4a, 4b, 4c, 4d); reading (102), the identifier from the integrated circuit, and transmitting (103) the identifier to the centralized code registration system; performing a processing step involving transcription of the received identifier into an identification code; and verifying in the centralized code registration system, the identification code against the stored identification code to obtain and output a verification result.

Description

METHOD, SYSTEM AND CHIP FOR CENTRALISED AUTHENTICATION
TECHNICAL FIELD
[0001] The present invention relates to an authentication system, an integrated circuit, an end node device and a security method for centralized authentication.
BACKGROUND ART
[0002] Over the last three decades, integrated circuit (IC)-based identification and security- based technologies and associated devices have reached a broad set of applications. Well- known examples are public transport ticketing, smart card conditional access systems for TV subscriptions, SIM cards in mobile phones, electronic passports, banking or credit cards, and labeling for tracking and managing logistic flows and transport. Volumes associated with these applications run in the billions of ICs per year. However, there are potentially many more applications that could use these technologies, that could further multiply these volumes by several orders of magnitude, so indeed hundreds of billions or trillions of IC’s. So far this is not happening for two fundamental reasons: security and cost.
[0003] A main problem in the world of identification and security is hacking. Existing identification and security applications are typically built around so-called secure microcontrollers. Microcontroller units (MCU) are required for functions like authentication or security key generation, and storing of the relevant data in such a way that it is not accessible for intruders. Because MCUs typically operate under an operating system and a specific program, e.g. firmware program, to execute the required functions, they are typically a combined hardware (HW) and software (SW) solution.
[0004] Known systems have as a major drawback that they can be hacked. This in practice means reverse engineering the function of the device by analyzing its HW and/or SW behavior, resulting in the discovery of e.g. a secret (cryptographic) key as typically required in these known systems and stored in a memory. In a worst case scenario the memory content of the device is altered, e.g. by increasing the amount of credits on a transit card or changing the balance on a bank card. Although suppliers of these ICs and systems implement measures to make their ICs robust to hacking, in the end most systems are vulnerable and can be hacked, albeit at often high technological effort. [0005] The other problem with existing security solutions is related to cost. With high- volume applications of IC related security solutions, an obvious requirement is to have the IC cost as low as possible. Today’s ICs typically cost a few dollar cents, which multiplies by a factor four for the final assembled module or package sales price. Elements that increase the IC cost are the MCU infrastructure and the programmable on-chip memories. Typical elements that increase the IC cost are:
- Secure MCUs are expensive, either as in-house development or as purchased IP, e.g. as ARM™ Secure Cores;
- MCUs are complex functions, and although the core is relatively small in advanced technology, it requires all kind of peripheral functionality to make it work properly: communication busses, memories (usually a combination of multiple specific memories, like RAM, ROM, Flash), start-on and advanced power management circuitry. So, the total function is much bigger, and requires serious design effort;
- The simplest identification products don’t require re-programmable memories or keys. But even so, during manufacturing of the IC the code needs somehow be written in its memory. In most cases thus is done using One Time Programmable Read Only Memories (OTP -ROM), but these IP blocks are big, and require high voltage supply, making them large and thus expensive;
- More complex identification and security ICs have programmable key or data storage, which requires re-programmable Non-Volatile Memory (NVM), often also referred to as flash memory. But flash memories are expensive technology features, requiring - depending upon the size of the baseline CMOS node - 10 to 12 additional mask layers in production. This can be a cost adder of typically 35 to 30% compared to non-flash baseline technology wafer cost;
- Identification and security ICs have a complex Back End (BE) process in the assembly and packaging fab, since every ICs requires pre-programming with its secure SW and - in case of non-programmable ICs - the embedded keys or identifiers.
[0006] The present invention recognizes as a fundamental problem that security requirements are highest at the end nodes of the system, and in particular in the devices (ICs) that are used by the consumers at very high volume, hence the system element that is most vulnerable to hacking. At the consumer side volumes are highest, so cost sensitivity is also highest. Because verification of security is typically done locally in the end node, once a device gets hacked or copied at user level, it cannot be identified as such by the system and misuse essentially goes undetected. Because the verification relies entirely on the end node device being authentic, hacked and copied devices can be deployed in large numbers undetected.
[0007] For many years these main factors block the originally predicted full global proliferation of identification and security solutions. And it is one of the main reasons for the delayed implementation of the Intemet-of-Things (IoT) at consumer level.
[0008] The reason that the Identification and Security IC solutions of today are not optimal for tomorrow's requirements, is that they are essentially based on 25-year old concepts. At the time the internet and the cloud did not exist, and security had to be provided by an embedded MCU-based IC in the end node, in those days a real breakthrough.
[0009] Yet, authentication method do exist and may in general be typified as comprising the requesting by a verifying device an identifier from an end node device and verifying in a centralized code registration system, the identifier received from the end node device, One example of such system is provided by US patent publication 20150106282, which is directed to a presently underlying problem, in that it indicates that “such genuine product certification technology has a problem in that, when certification information used for genuine product certification is copied and genuine product certification of counterfeits is performed, the counterfeits may be recognized as genuine products.” This disclosure then relates to a device for performing genuine product certification is used in conjunction with a certification information unit, which unit “may receive the certification identification information including at least one piece of the certification chip identification information, the product identification information, and the certification verification information of the verification target product from the device for performing genuine product certification”.
[0010] Furthermore, the solution as here proposed requires, at least hints towards a solution in which the target product should be a state machine, at indicating that “when the product identification information of the verification target product 300 is not managed by the device for determining a counterfeit 100, the genuine product certification information and the certification identification information are compared as illustrated in FIG. 4. Therefore, it is possible to determine a counterfeit”. In further elaboration as an example of the here proposed solution, the disclosure indicates that example embodiments “provide a method of determining a counterfeit that can accurately determine a counterfeit by analyzing genuine product certification of a verification target product based on state information of a device”. [0011] Variations on this known concept can also be known from further publications like US20080282209 and US20170180369. These publications represent alternative embodiments however equally to the pre-described embodiment require the target product, end node device in terms of the present invention, to be a state machine. In case of the first alternative publication e.g., the target device is upon request required to provide test type data in addition to its ID. In case of the second alternative publication, the authentication method requires the target devices to avail of an intrinsic chip identification module, in itself a quite complex system, hampering widespread application in a vast amount of often relatively cheap and simple devices like so called IOT end nodes. More in particular the latter known solution proposes the presence of a PUF device, here embodied using ring oscillators rather than somewhat more generally known s-ram chips.
[0012] With such requirement of a target or end node device being capable of providing information in addition to an identifier, the identifier means in practice lays a capability burden onto end node devices which eventually turn out often if not in most of the cases to be way too complicated or costly in order to establish a viable authentication means for an immense amount of relatively simply constructed end node devices, which devices may e.g. form a security threat by way of forming a de facto back-door entrance, or which devices may be desired to economically form a reliable identifier within an asset management system such as may be the case with exchangeable PCB boards within complex machine or systems. It is hence an object to arrive at an at least alternative, preferably also economic form of an authentication method, more in particular enabling extensive use in relatively simple if not relatively cheap end node devices such as so-called HOT devices.
SUMMARY OF THE INVENTION
[0013] The present invention hence in general aims to alleviate the security and cost draw backs identified in the background. The present invention is particularly useful - but not limited to - the Internet-of- Things (IoT), including the IoT at consumer level which has not been largely adopted yet due to the existing security and cost concerns. IoT has had a modest start in industrial applications, where hacking is much lower as risk than at consumer level. It is another object of the present invention to improve upon essentially outdated MCU-based solutions as are in general known for application in e.g. so-called edge node devices.
[0014] The present invention, while departing from the known authentication system and method comprising defined by requesting by a verifying device of an identifier from an end node device, and verifying the same in a centralized code registration system, the identifier received from the end node device, enables identification and security solutions that are much cheaper at the high- volume customer or user end of the chain, shift complex security functionality away from those end nodes, and does not require access to state information of an end node to be in the form of a state machine in order to establish an identification and authentication method .
[0015] According to an aspect of the invention an authentication method and system is proposed which comprises storing, in a centralized code registration system, an identification code representative of an identifier of an integrated circuit. Herein, storing means the action of putting data in a data storage or having data stored in a data storage available for use. The identifier can be hard-coded in the integrated circuit. The identifier can be a bit-code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits. The method can further comprise requesting, by a verifying device, the identifier from the integrated circuit via an end node device. The method and system can further comprise reading, by the end node device, the identifier from the integrated circuit and transmitting the identifier to the centralized code registration system. The method and system can further comprise verifying, in the centralized code registration system, the identifier received from the end node device against the stored identification code to obtain and output a verification result. More specifically the method and system can herein comprise the step of transcription of the received identifier into an identification code, and verifying in the centralized code registration system, the thus obtained identification code against the stored identification code in order to obtain and output a verification result. Such transcription be composed of, at least involve a known per se technique such as a look-up table and a cryptographic technique.
[0016] In an embodiment, the method can further comprise transmitting the identifier to the centralized code registration system via the verifying device. The identifier has then typically been received in the verifying device from the end node device.
[0017] Hence, in particular, the present invention relates to improving the known authentication system and method by including the identifier hard coded in the integrated circuit in a manner where the identifier is a bit-code of predefined length, storing (100), in the centralized code registration system (3), an identification code, unique within a set of at least potential identification codes and representative of the identifier of an integrated circuit (4, 4a, 4b, 4c, 4d), reading, by the end node device, the identifier from the integrated circuit, and transmitting the identifier to the centralized code registration system; performing a processing step involving transcription of the received identifier into an identification code, and verifying in the centralized code registration system, the identification code against the stored identification code to obtain and output a verification result.
[0018] In applying a method in accordance with the present invention, hardcoding of an identity is included as means of hampering ease of copying the ID by way of including the same in a semiconductor device, Furthermore the hardcoding of an identifier is allowed, and for security reasons even preferred to be performed in a simplest possible chip embodiment by way of including security measures, normally extensively applied in and end or edge node, in a centralized data and identification system, i.e. effectively a central computing platform. The central system collects contextual data, either by itself, e.g. by intelligent review of the number and frequency of requested ID-checks and/or from the verifying device which may add e.g. geographical information to the identifier as received from the integrated circuit. In conjunction with the contextual data, the identification result is output as verification result. The latter, as being more than an ID check only, may to some as it were be regarded as a rudimentary form of an authentication method. With the burden of security check or security control being shifted to a central point in the solution according to the present invention, the integrated circuit for storing the identifier may be kept simple and small as possible, thereby allowing widespread application thereof in the simplest and/or remotest of end nodes, therewith enabling at least a basic form of protection for such nodes, as it were enabling backdoor protection in IOT. An advantage of having the identifier coding integrated circuit simple as possible, is that it does not allow any chance of running a program thereon which might be used for e.g., spoofing, thereby further enhancing security within the identification if not authentication system as proposed.
[0019] In an embodiment, the verification result can be at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
[0020] In an embodiment, the verifying device can transmit at least a part of the contextual data to the centralized code registration system.
[0021] In an embodiment, the method can further comprise transmitting the verification result from the centralized code registration system to the verifying device and/or the end node device.
[0022] In an embodiment, the authentication method can comprise storing, in the centralized code registration system, the identification code together with a vendor identification code. The vendor identification code can be indicative for a system owner of an asset that is associated with the identification code. The method can further comprise transmitting, from the end node device, a vendor identifier to the centralized code registration system together with the identifier. The method can further comprise verifying, in the centralized code registration system, the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
[0023] In an embodiment, the authentication method can further comprise registering, in the centralized code registration system, the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
[0024] The verification result obtained by the authentication method is indicative of the authenticity of the identifier. As such the authentication method enables a basic security system.
[0025] According to an aspect of the invention an authentication system is proposed comprising a plurality of end node devices, a verifying device and a centralized registration system. Each end node device can comprise an integrated circuit. The integrated circuit can comprise an identifier that is hard-coded in the integrated circuit. The identifier can be a bit- code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits. The centralized code registration system can be arranged to store an identification code representative of the identifier of the integrated circuit. The verifying device can be configured to request the identifier from the integrated circuit via the end node device. The end node device can be configured to read the identifier from the integrated circuit and transmit the identifier to the centralized code registration system. The centralized code registration system can be configured to verify the identifier received from the end node device against the stored identification code to obtain and output a verification result.
[0026] In an embodiment, verification device can be configured to transmit the identifier to the centralized code registration system. The identifier has then typically been received in the verifying device from the end node device.
[0027] In an embodiment, the verification result can be at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
[0028] In an embodiment, the verifying device can be configured to transmit at least a part of the contextual data to the centralized code registration system.
[0029] In an embodiment, the centralized code registration system is configured to transmit the verification result to the verifying device and/or the end node device.
[0030] In an embodiment, the centralized code registration system can be arranged to store the identification code together with an vendor identification code. The vendor identification code can be indicative for a system owner of an asset that is associated with the identification code. The end node device can be configured to transmit a vendor identifier to the centralized code registration system together with the identifier. The centralized code registration system can be configured to verify the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
[0031] The verifying device may be a separate device that is communicatively connected to the centralized code registration system and/or the end node device. The verifying device may be a part of the centralized code registration system. The verifying device may be a part of an asset that includes the end node device.
[0032] The verification result obtained by the authentication system is indicative of the authenticity of the identifier. As such the authentication system enables a basic security system.
[0033] The following are embodiments of the authentication method and the authentication system. [0034] In an embodiment, the integrated circuit can comprise a read-only register comprising the identifier and one or more interfaces for reading the identifier from the register and outputting the identifier.
[0035] In an embodiment, the functionality of the integrated circuit can be limited to providing the identifier upon request.
[0036] In an embodiment, the centralized code registration system can comprise an electronic database system for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored in the electronic database system upon implementation of the identifier in the integrated circuit.
[0037] In an embodiment, the electronic database can be secured by at least one of restricted access, data encryption or being located in a secured environment.
[0038] In an embodiment, the centralized code registration system can be configured to register the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default. [0039] In an embodiment, the identifier can be a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
[0040] In an embodiment, the centralized registration system can be implemented as a cloud service.
[0041] In an embodiment, the plurality of end node devices can include Internet-of-Things devices.
[0042] According to an aspect of the invention an integrated circuit is proposed comprising an identifier that is hard-coded in the integrated circuit. The identifier can be a bit-code of predefined length. The integrated circuit can be for use in an authentication system having one or more of the above described features.
[0043] In an embodiment, the integrated circuit can comprise an SPI (Serial Peripheral Interface) and control logic for obtaining the identifier from the read-only register on a request received via the control logic. The integrated circuit can further comprise one or more voltage inputs, such as VDDD, VSSD, VDDIO and VSSIO. The integrated circuit can further comprise one or more signal inputs, such as MOSI (Master Output Slave Input), SCLK (Serial CloCK) and CSN (Chip Select Not). The integrated circuit can further comprise a signal output, such as MISO (Master Input Slave Output) for outputting the identifier. [0044] In an embodiment, the integrated circuit can be miniature S08-packaged, SSOP8- packaged, TSSOP8-packaged or 8WLCSP-packaged for board-level applications for board- level applications.
[0045] In an embodiment, the integrated circuit can be RF-ID compatible.
[0046] In an embodiment, the integrated circuit can be integrated in a multi-chip package.
[0047] In an embodiment, the integrated circuit can be integrated as IP block in a larger IC.
[0048] According to an aspect of the invention an end node device is proposed comprising an integrated circuit as described above. The end node device can be configured to read the identifier from the integrated circuit and transmit the identifier to the centralized code registration system.
[0049] According to an aspect of the invention a use of an integrated circuit having one or more of the above described features of the integrated circuit is proposed in an authentication system having one or more of the above described features of the authentication system.
[0050] The authentication method and system of the present invention advantageously enable a secure and cost efficient solution which allows the long targeted wide deployment of secure end nodes in logistics chains, e.g. retail, medicine, industrial, defense, and/or in the consumer Internet-of- Things.
[0051] The authentication method and system of the present invention have several advantages.
[0052] There is no security vulnerability at end node devices through the simple use of the identifier stored in the IC. Cost are reduced since authentication means are performed centralized. No authentication measures are needed at the end node device.
[0053] The authentication system is scalable over orders of magnitude, from tens to billions of nodes. The availability of coding space is no problem at all (e,g, 1038 in case of 128 bit identifiers) and the end nodes can be so small and cheap that they allow deployment in very large numbers.
[0054] The authentication system allows putting individual electronic identifiers at a level not attainable today. Think of tagging all individual products in a supermarket or store, all elements in complex logistics chains (e.g. aircraft or car assembly) or all ICs (by embedding an IC inside a larger IC package).
[0055] Owners of the identification system can choose at which level they want to uniquely code their products. E.g. high turn-over goods (beer bottles or cans, food) could be coded by production batches with codes that have a time-limited validity. This is yet another scalability factor of the present invention.
[0056] The authentication method and system of the present invention may be used as a connected electronic bar code. But whereas todays printed bar codes are identical for all instantiations of the same product, the identities in the ICs are electronic and can, if chosen so, be different at individual product level. The usage of the identities in the ICs may be tracked through a cloud connection, allowing for “big data” analysis and possible interaction with the end node device to take security measures.
[0057] The centralized code registration system may be distributed among multiple servers or multiple networked computers while functioning as a centralized system.
[0058] The system enables owners/users to set up a secure data information system on the use of their products.
[0059] Aspects and embodiments of the invention are further described in the following description and in the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
[0060] Embodiments will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:
[0061] FIG. 1 shows an exemplary authentication system according to an aspect of the invention;
[0062] FIG. 2 shows and exemplary IC according to an aspect of the invention;
[0063] FIGs. 3a-3d show exemplary end node devices including ICs according to an aspect of the invention;
[0064] FIGs 3e-3f show exemplary assets including ICs according to an aspect of the invention;
[0065] FIG. 4 shows a time sequence diagram of an exemplary method of the invention. [0066] The figures are intended for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.
DESCRIPTION OF EMBODIMENTS [0067] FIG. 1 shows an exemplary authentication system 1 according to an aspect of the invention. The authentication system 1 may include end node devices 2a, 2b each containing an IC 4a, 4b embedded with a unique identifier. The authentication system 1 may further include a verifying device 5 for requesting the identifier from the end node device. The authentication system 1 may further include a centralized code registration system 3, typically comprising an electronic database system 31.
[0068] The IC 4a, 4b is typically linked to an asset. The asset is e.g. an electronic device like a peripheral device, an industrial device or a medical device, or any taggable good like packing material or consumer goods. The assets have in common that they are identifiable by the identifier. It is possible that the end node device itself is the asset.
[0069] Querying of an IC 4a, 4b for its identifier may result in sending the identifier to the centralized code registration system 3, and the centralized code registration system 3 providing a verification result indicative of an authentication result. The identifier is typically transmitted to the centralized code registration system 3 after a request from the verifying device 5. The identifier may be transmitted from the end node device 2a, 2b to the centralized code registration system 3, via the verifying device 5, and/or via any other intermediate communication device (not shown).
[0070] The unique identifier may be embedded in the IC 4a, 4b as a bit-code of predefined order of magnitude, hard coded in the IC 4a, 4b, typically in the form of a register and an interface for reading out the code, e.g. as shown in the IC 4 of FIG. 2. A non-limiting example of an identifier is a 128-bit code. These 128 bits allow the unique identification of 1038 unique elements. It will be understood that identifiers may be defined using any other number of bits, such as 64, 80, 96, 128, 512, 1024 or any other number of bits. The identifier bits may be hard coded in the IC 4, 4a, 4b, so there are no options to re-write or modify the identifiers.
[0071] FIG. 2 shows an exemplary IC 4 according to an aspect of the present invention.
The IC 4 may include a ROM register 41, e.g. a 128-bit (16x8) ROM embedding a 128-bit identifier. The IC 4 includes an interface, here embodied in the form of a Serial Peripheral Interface (SPI) and control logic for outputting the identifier on a request received via the Control logic. The IC 4 may include voltage inputs VDDD, VSSD, VDDIO and VSSIO. The IC 4 may further include signal inputs MOSI (Master Output Slave Input), SCLK (Serial CloCK) and CSN (Chip Select Not). The IC 4 may further include signal output MISO (Master Input Slave Output).
[0072] It will be understood that the IC 4 is not limited to having SPI-based interfaces. Other non-limiting examples of interfaces that may be used in the IC 4 are serial interface like I2C or I2S, 3-wire, 1-wire, USB or a classical 13,56MHz RF-ID contactless interface. Moreover, it will be understood that the IC 4 is not limited to 16x8 ROM registers and that any other read-only register may be used for storing identifiers of any bit length.
[0073] FIGs. 3a-3d show exemplary end node devices 2a-2d with embedded ICs 4a-4d according to the present invention.
[0074] FIG. 3a shows an exemplary miniature S08-packaged IC 4a for board-level applications, which may be similar to the IC 4 of FIG. 2. The IC 4a may be used for authentication on board/system level. Any other suitable packaging may be used, e.g. SSOP8, TSSOP8, 8WLCSP, various leadless packages.
[0075] FIG. 3b shows an exemplary RF-ID compatible IC 4b, which may be used for object authentication. Most or all of the RF-ID functionality may be implemented in the end node device 2b interfacing with the IC 4b.
[0076] Fig. 3c shows an exemplary more advanced integrated solutions wherein an IC 4c is integrated in a multi-chip package. The IC 4c may be used for authentication of (big) other ICs.
[0077] FIG. 3d shows an exemplary more advanced integrated solution wherein an IC 4d is integrated as IP block in a larger IC. The IC 4d may be used for authentication of the larger IC.
[0078] The hardware of the IC 4, 4a-4d is preferably made as simple and cheap as possible. Hereto, the function provided by the IC 4, 4a-4d may be limited to outputting the identifier upon request, such as provided by the exemplary IC 4 of FIG. 2.
[0079] The end node device 2, 2a-2d is typically configured to retrieve the identifier - preferably a unique identifier - from the IC 4, 4a-4d. This is typically triggered by a request hereto from a verifying device 5, which may be wirelessly or wiredly communicatively connected to the end node device 2, 2a-2d.
[0080] The identifier is transmitted to the centralized code registration system 3 to authenticate the identifier. Further security measures in the end node device 2, 2a, 2b may be minimized or even discarded. [0081] The identifier is typically linked to an asset or article to which the end node device 2, 2a-2d is attached or linked. Hereto the identification code that is stored in the centralized code registration system 3 may be stored together with a vendor identification code, enabling an identifier and vendor identifier combination, both typically obtained by the end node device 2, 2a-2d, to be checked against an expected identification code and vendor identification code combination stored in the centralized code registration system 3.
[0082] In case the identifier and vendor identifier are used at the end node device 2, 2a-2d in a non-authorized combination, the centralized registration system 3 may return a negative verification result to the end node device 2, 2a, 2b, indicative of a failed authentication.
[0083] Alternatively or additionally, in case of a negative verification result the centralized registration system 3 may block the identification code from any future use, resulting in future verification results for this identification code to be negative by default.
[0084] FIG. 3e shows a non-limiting exemplary asset 6a that includes an end node device, e.g. the end node device 2b of FIG. 3b. The asset 6a may be a non-electronic asset. The identify stored in the IC 4b may be wirelessly requested by verifying device 5a, e.g. using RF-ID or any other suitable wireless communication technology. The identity received in the verifying device 5a may be transmitted to a centralized code registration system 3 for verification.
[0085] FIG. 3f shows another non-limiting exemplary asset 6b that includes an end node device, e.g. the end node device 2a of FIG. 3 a. The asset 6b may be an electronic asset. The identify stored in the IC 4a may be requested by verifying device 5b, which in this example is a part of the asset 6b but may be external to the asset 6b. The identity received in the verifying device 5b may be transmitted to a centralized code registration system 3 for verification.
[0086] An identifier may be generated before or during the production process of ICs 4, 4a- 4d. This is illustrated in FIG. 1 as the code generation service that generates the identifiers and stores the generated identifiers or identification codes representative of the identifiers in database 31 of the centralized registration system 3. The generated identifiers may be transmitted to the IC Manufacturing (Foundries) as a unique customer and ID encoding instructions.
[0087] The ICs 4, 4a-4d are preferably manufactured in a cost efficient manner, typically involving a lithography back-end processes followed by a so-called mid-end lithographic process step. In the back-end process the dies on a wafer 5 may be prepared to a common design, e.g. in a CMOS based, front end lithographic operation typically applying masked lithographic equipment. In the subsequent mid-end process step, a wafer based maskless lithographic operation may manipulate a predefined CMOS based IC for encoding each die of a wafer with the identifier - preferably a unique identifier - generated by the code generation service.
[0088] The implementation of the identifier in the mid-end lithographic process step advantageously allows commonly known and cost effective front end processes to remain unmodified. The mid-end lithographic process step may be integrated as a maskless lithography operation, which is found to be very suitable for uniquely encoding IC based electronic devices. In such a set-up maximum advantage may be taken from cost reduction as has over the past decades been effected in so called front-end chap manufacturing fab's or so called foundries.
[0089] Advantageously, in the authentication system 1 according to the present invention, most or all security may be transferred to the centralized code registration system 3, which is preferably implemented in the cloud. Every application system, e.g. retail, may have a database 31 with the registered identification codes ICs 4, 4a-4d that have been produced and as many associated data labels as are required (dates, type of product, manufacturer, etcetera). These data labels may be stored as or together with vendor identification codes in the database 31. When an IC 4, 4a-4d is queried for its identifier, the identifier may be sent to the database system 31 for verification of its validity, possibly with a simple “Yes” (or other indication of a positive verification result) or “No” (or other indication of a negative verification result) as outcome.
[0090] The database system 31 may advantageously take the context of verification requests into account in processing the current verification request. Examples hereof are a number of requests made in a predefined time interval, the total number of requests made, time of the request, location of the request, and etcetera. Contextual information may be transmitted as contextual data from the verifying device 5 to the centralized code registration system 3 and/or generated in the centralized code registration system 3. Part or all of the contextual data may be generated in the end node device 2, 2a-2d.
[0091] Hackers may want to try to replicate or falsify end node devices. Duplication of an end node 2, 2a-2d with IC 4, 4a-4d in an authentication system 1 according to the present invention no longer makes any sense, because this may immediately be detected, and the identity/identification code be blocked for use. Although the identifiers can in principle be public - there is nothing to hide - they may be encrypted during communication with the centralized code registration system 3, which may be implemented as a cloud server 3. In other words, hacking the end node 2, 2a-2d does not make any sense, all security processing takes place in the cloud server 3. The IC end node thus acts as a hardware anchor (e.g. to attach the code to a physical device) in an otherwise centralized secure system 3. So, although the end nodes 2, 2a-2d could be hacked (e.g. copied), the system 1 remains secure. [0092] FIG. 4 shows an exemplary method according to an aspect of the invention, in the form of a time-sequence diagram. In step 100 an identification code representative of an identifier of an IC 4, 4a-4d may be stored in the centralized code registration system 3, typically in an electronic database system 31 of the centralized code registration system 3. This is typically done before or during the manufacturing process of the IC 4, 4a-4d. The end node device 2, 2a-2d may read 102 the identifier from the IC 4, 4a-4d after a request 101 from the verifying device 5. In steps 103 and 104 the identifier may be transmitted to the centralized code registration system 3, typically via the verifying device (step 103). In step 105 the centralized code registration system 3 may verify the received identifier against the corresponding stored identification code to obtain a verification result. In step 106 the verification result may be transmitted from the centralized code registration system 3 to the verification system 5, additionally or alternatively to the end node device 2, 2a-2d or any other device that may use the verification result.

Claims

1. An authentication method comprising: requesting (101), by a verifying device (5), an identifier from an end node device (2); verifying (105), in a centralized code registration system, the identifier received from the end node device, wherein the method further comprises including the identifier hard coded in the integrated circuit in a manner where the identifier is a bit-code of predefined length, storing (100), in the centralized code registration system (3), an identification code, unique within a set of at least potential identification codes and representative of the identifier of an integrated circuit (4, 4a, 4b, 4c, 4d); reading (102), by the end node device, the identifier from the integrated circuit, and transmitting (103) the identifier to the centralized code registration system; performing a processing step involving transcription of the received identifier into an identification code; and verifying in the centralized code registration system, the identification code against the stored identification code to obtain and output a verification result.
2. The authentication method according to claim 1, wherein transmitting (103, 104) the identifier to the centralized code registration system via the verifying device.
3. The authentication method according to any one of the preceding claims, wherein the verification result is at least partly based on contextual data, the contextual data including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
4. The authentication method according to claim 3, wherein the verifying device generates and transmits at least a part of the contextual data to the centralized code registration system.
5. The authentication method according to any one of the preceding claims, further comprising transmitting (106) the verification result from the centralized code registration system to the verifying device and/or the end node device.
6. The authentication method according to any one of the preceding claims, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interface (MISO) for reading the identifier from the register and outputting (102) the identifier.
7. The authentication method according to any one of the preceding claims, wherein the functionality of the integrated circuit is limited to providing (102) the identifier upon request (101).
8. The authentication method according to any one of the preceding claims, wherein the centralized code registration system comprises an electronic database system (31) for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored (100) in the electronic database system upon implementation in the integrated circuit.
9. The authentication method according to claim 5, wherein the electronic database is secured by at least one of restricted access, data encryption or being located in a secured environment.
10. The authentication method according to any one of the preceding claims, comprising: storing, in the centralized code registration system, the identification code together with a vendor identification code, the vendor identification code being indicative for a system owner of an asset (6a, 6b) that is associated with the identification code; transmitting, from the end node device, a vendor identifier to the centralized code registration system together with the identifier, verifying, in the centralized code registration system, the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
11. The authentication method according to any one of the preceding claims, further comprising registering, in the centralized code registration system, the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
12. The authentication method according to any one of the preceding claims, wherein the identifier is a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
13. The authentication method according to any one of the preceding claims, wherein the centralized registration system is implemented as a cloud service.
14. The authentication method according to any one of the preceding claims, wherein the plurality of end node devices include Intemet-of- Things devices.
15. A method of manufacturing an integrated circuit (4, 4a, 4b, 4c, 4d), the integrated circuit for use in an authentication method according to any one of the claims 1-10, the method comprising: generating an identifier in a centralized registration system (3), wherein the identifier is a bit-code of predefined length; storing (100), in the centralized code registration system, an identification code representative of the identifier; and providing the identifier to an IC manufacturing facility, wherein the identifier is hard coded in the integrated circuit.
16. An authentication system (1) comprising a plurality of end node devices (2, 2a, 2b), a verifying device (5) and a centralized registration system (3), wherein each end node device comprises an integrated circuit (4, 4a, 4b, 4c, 4d) comprising an identifier hard-coded in the integrated circuit, wherein the identifier is a bit- code of predefined length, wherein the centralized code registration system is arranged to store an identification code representative of the identifier of the integrated circuit, wherein the verifying device is configured to request the identifier from the integrated circuit via the end node device, wherein the end node device is configured to read the identifier from the integrated circuit and transmit the identifier to the centralized code registration system, and wherein the centralized code registration system is configured to verify the identifier received from the end node device against the stored identification code to obtain and output a verification result.
17. The authentication system according to claim 16, wherein the verifying device is configured to receive the identifier from the end node device and transmit the received identifier to the centralized code registration system.
18. The authentication system according to any one of the claims 16-18, wherein the verification result is at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made.
19. The authentication system according to claim 18, wherein the verifying device is configured to transmit at least a part of the contextual data to the centralized code registration system.
20. The authentication system according to any one of the claims 16-19, wherein the centralized code registration system is configured to transmit the verification result to the verifying device and/or the end node device.
21. The authentication system according to any one of the claims 16-20, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interfaces (MISO) for reading the identifier from the register and outputting the identifier.
22. The authentication system according to any one of the claims 16-21, wherein the functionality of the integrated circuit is limited to providing the identifier upon request.
23. The authentication system according to any one of the claims 16-22, wherein the centralized code registration system comprises an electronic database system (31) for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored in the electronic database system upon implementation of the identifier in the integrated circuit.
24. The authentication system according to claim 23, wherein the electronic database is secured by at least one of restricted access, data encryption or being located in a secured environment.
25. The authentication system according to any one of the claims 16-24, wherein the centralized code registration system is arranged to store the identification code together with a vendor identification code, the vendor identification code being indicative for a system owner of an asset (6a, 6b) that is associated with the identification code, wherein the end node device is configured to transmit an vendor identifier to the centralized code registration system together with the identifier, and wherein the centralized code registration system is configured to verify the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
26. The authentication system according to any one of the claims 16-25, wherein centralized code registration system is configured to register the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
27. The authentication system according to any one of the claims 16-26, wherein the identifier is a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
28. The authentication system according to any one of the claims 16-27, wherein the centralized registration system is implemented as a cloud service.
29. The authentication system according to any one of the claims 16-28, wherein the plurality of end node devices include Intemet-of- Things devices.
30. An integrated circuit (4, 4a, 4b, 4c, 4d) comprising an identifier hard-coded in the integrated circuit, wherein the identifier is a bit-code of predefined length, for use in the authentication system (1) according to any one of the claims 16-29.
31. The integrated circuit according to claim 30, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interfaces (MISO) for reading the identifier from the register and outputting the identifier.
32. The integrated circuit (4, 4a) according to any one of the claims 30-31, comprising: an SPI (Serial Peripheral Interface) and control logic for obtaining the identifier from the read-only register on a request received via the control logic; one or more voltage inputs (VDDD, VSSD, VDDIO, VSSIO); one or more signal inputs (MOSI, SCLK, CSN); and a signal output (MISO) for outputting the identifier.
33. The integrated circuit (4, 4a) according to any one of the claims 30-32, wherein the integrated circuit is one of: miniature S08-packaged, SSOP8-packaged, TSSOP8-packaged or 8WLCSP- packaged for board-level applications;
RF-ID compatible; integrated in a multi-chip package; integrated as IP block in a larger IC.
34. An end node device (2, 2a, 2b) comprising the integrated circuit (4, 4a, 4b, 4c, 4d) according to any one of the claims 30-33, wherein the end node device is configured to read the identifier from the integrated circuit and transmit the identifier for authentication in the centralized code registration system (3).
35. Use of an integrated circuit (4, 4a, 4b, 4c, 4d) according to any one of the claims 30- 33 in an authentication system (1) according to any one of the claims 16-29.
PCT/IB2021/053261 2020-04-20 2021-04-20 Method, system and chip for centralised authentication WO2021214663A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP21751864.6A EP4140092A1 (en) 2020-04-20 2021-04-20 Method, system and chip for centralised authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063012305P 2020-04-20 2020-04-20
US63/012,305 2020-04-20

Publications (1)

Publication Number Publication Date
WO2021214663A1 true WO2021214663A1 (en) 2021-10-28

Family

ID=76708361

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/053261 WO2021214663A1 (en) 2020-04-20 2021-04-20 Method, system and chip for centralised authentication

Country Status (3)

Country Link
EP (1) EP4140092A1 (en)
NL (1) NL1044006B1 (en)
WO (1) WO2021214663A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080282209A1 (en) 2007-05-07 2008-11-13 Brent Alan Anderson System for and Method of Verifying IC Authenticity
US20150106282A1 (en) 2013-10-15 2015-04-16 Penta Security Systems Inc. Device for determining counterfeit and method thereof
US20170180369A1 (en) 2015-12-18 2017-06-22 International Business Machines Corporation Dynamic intrinsic chip identification

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080282209A1 (en) 2007-05-07 2008-11-13 Brent Alan Anderson System for and Method of Verifying IC Authenticity
US20150106282A1 (en) 2013-10-15 2015-04-16 Penta Security Systems Inc. Device for determining counterfeit and method thereof
US20170180369A1 (en) 2015-12-18 2017-06-22 International Business Machines Corporation Dynamic intrinsic chip identification

Also Published As

Publication number Publication date
NL1044006A (en) 2021-10-27
NL1044006B1 (en) 2021-11-23
EP4140092A1 (en) 2023-03-01

Similar Documents

Publication Publication Date Title
Islam et al. Enabling ic traceability via blockchain pegged to embedded puf
US9740847B2 (en) Method and system for authenticating a user by means of an application
TWI395448B (en) Information processing device, information processing method, program and communication system
EP3690691B1 (en) Method for rfid tag authentication
CN112232795B (en) Transaction processing method, device, equipment and system
US20100291896A1 (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
US9734091B2 (en) Remote load and update card emulation support
CN105009154A (en) Method for mutual authentication for payment device
WO2005076204A1 (en) Smart card for containing plural issuer security domain and method for installing plural issuer security domain in a smart card
EP2955872B1 (en) Method for configuring a secure element, key derivation program, computer program product and configurable secure element
US10007815B2 (en) Production method, RFID transponder, authentication method, reader device and computer program product
CN108519905A (en) Information processing equipment and method, IC chip and storage medium
Boehm et al. Holistic tracking of products on the blockchain using NFC and verified users
US10257697B2 (en) Systems and methods for product activation
CN103235995A (en) Electronic anti-counterfeiting and logistics management system based on NFC (near field communication) mobile phone
US20130318638A1 (en) Method for Programming a Mobile End Device Chip
NL1044006B1 (en) Method, system and chip for centralised authentication
NL2025375B1 (en) Method, system and chip for centralised authentication
US9749303B2 (en) Method for personalizing a secure element, method for enabling a service, secure element and computer program product
CN102222243A (en) Information processing device, information processing method, and program
CN115935391A (en) Card manufacturing method, card issuing method, device, medium, and program product for IC card
NL2025695B1 (en) Centralized handling of ic identification codes
NL1044044B1 (en) Centralized handling of ic identification codes
TWI765158B (en) Certification Management System
KR20180123026A (en) Information processing apparatus and information processing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21751864

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2021751864

Country of ref document: EP

Effective date: 20221121