Authenticated device and authentication method
The authentication device uses multiple one-dimensional sensors with unique physical variations to generate secure response data, addressing vulnerabilities in conventional systems by ensuring reliable and unpredictable authentication.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- OSAKA UNIVERSITY
- Filing Date
- 2024-12-04
- Publication Date
- 2026-06-16
Smart Images

Figure 2026097518000001_ABST
Abstract
Description
[Technical Field]
[0001] This invention relates to a device to be authenticated, etc., used when authenticating a sensor device. [Background technology]
[0002] Patent Document 1 discloses an authentication system using a CMOS (Complementary-Metal-Oxide-Semiconductor) image sensor PUF (Physically-unclonable-function) in which light-receiving elements are arranged in a two-dimensional manner. [Prior art documents] [Patent Documents]
[0003] [Patent Document 1] Patent No. 7031326 [Overview of the project] [Problems that the invention aims to solve]
[0004] The present invention aims to provide an authenticated device, etc., that can generate a signature based on PUF using a one-dimensional sensor that detects a single physical quantity. [Means for solving the problem]
[0005] An authentication device according to one aspect of the present invention is an authentication device that is to be authenticated, comprising: a receiving unit that receives challenge data for authentication from an external device; a plurality of sensor devices having a plurality of measurement circuits for measuring the environment around the authentication device and generating a plurality of measurement values; a first generation unit that generates response data by processing the challenge data received by the receiving unit using the plurality of measurement values generated by the plurality of sensor devices; a second generation unit that generates a representative value for the plurality of measurement values as a sensing result by performing statistical processing on the plurality of measurement values generated by the plurality of sensor devices; and a transmission unit that transmits the generated response data and the sensing result to the external device, wherein each of the plurality of sensor devices is a measurement circuit including a one-dimensional sensor that detects a single physical quantity.
[0006] A method for being authenticated according to one aspect of the present invention is a method for being authenticated performed by an authenticated device to be authenticated, wherein the authenticated device comprises a plurality of sensor devices having a plurality of measurement circuits for measuring the environment around the authenticated device and generating a plurality of measurement values, each of the plurality of sensor devices being a measurement circuit including a one-dimensional sensor, and the method for being authenticated includes: a receiving step of receiving challenge data for performing authentication from an external device; a first generating step of generating response data by processing the challenge data received in the receiving step using the plurality of measurement values generated by the plurality of sensor devices; a second generating step of generating a representative value for the plurality of measurement values as a sensing result by performing statistical processing on the plurality of measurement values generated by the plurality of sensor devices; and a transmission step of transmitting the generated response data and the sensing result to the external device. [Effects of the Invention]
[0007] According to the authentication device of the present invention, a signature based on PUF can be generated even when using a one-dimensional sensor. [Brief explanation of the drawing]
[0008] [Figure 1] FIG. 1 is a diagram for explaining problems of a conventional cyber-physical system. [Figure 2] FIG. 2 is a diagram for explaining the outline of the present invention. [Figure 3] FIG. 3 is a block diagram showing the configuration of an authentication system according to an embodiment. [Figure 4] FIG. 4 is a diagram showing an example of a response map included in an authentication device. [Figure 5] FIG. 5 is a schematic diagram showing an example of a detailed configuration of an authentication target device. [Figure 6] FIG. 6 is a diagram for explaining the processing flow until an authentication target device measures the surrounding environment and generates response data. [Figure 7] FIG. 7 is a diagram showing the detailed processing flow shown in (a) of FIG. 6 in a circuit diagram of a sensor device. [Figure 8] FIG. 8 is a diagram showing an example of a specific circuit diagram of a first current generation circuit and a second current generation circuit. [Figure 9] FIG. 9 is a diagram showing an example of a specific circuit diagram of a first converter and a second converter. [Figure 10] FIG. 10 is a diagram showing an example of a specific circuit diagram of a multiplexer. [Figure 11] FIG. 11 is a diagram showing an example of a specific circuit diagram of a 3-bit comparator. [Figure 12] FIG. 12 is a diagram for explaining the processing flow when a second generation unit generates a representative value from the ratio of 16 patterns of digital codes. [Figure 13] FIG. 13 is a diagram showing the variation in the ratio of 16 patterns of digital codes and the variation in the representative value generated by the second generation unit. [Figure 14] FIG. 14 is a sequence diagram showing the operation of an authentication system according to an embodiment. [Figure 15]Figure 15 shows an example of a specific semiconductor chip layout in the device being certified. [Figure 16] Figure 16 shows an example of measurement results obtained from four different semiconductor chips. [Figure 17] Figure 17 shows the results of the analysis based on the measurement results obtained in Figure 16. [Modes for carrying out the invention]
[0009] [1. Findings that formed the basis of this invention] First, the inventor's perspective is explained below.
[0010] Figure 1 illustrates the challenges of conventional cyber-physical systems. A one-dimensional sensor (sensor device) comprising one transducer and one analog-to-digital converter (ADC) converts a single physical energy (E), such as temperature, humidity, and sound, into digital data. Specifically, the transducer converts the physical energy (E) into analog data, such as current or voltage values, and the ADC converts the analog data converted by the transducer into digital data. Conventional authentication systems can protect this converted digital data using various encryption technologies. However, encryption technologies are ineffective against attacks from malicious third parties in the real world. For example, if a malicious third party tamperes with analog data, conventional cyber-physical systems cannot detect that an attack by a third party has occurred, and therefore cannot prevent it with encryption technology.
[0011] In light of the above, the inventor has come up with the present invention, which is a highly secure authentication device capable of generating a signature based on PUF using multiple one-dimensional sensors that detect a single physical quantity.
[0012] The following will provide a detailed description of the authentication system according to the embodiment, with reference to the drawings.
[0013] The embodiments described below are all comprehensive or specific examples. The numerical values, shapes, materials, components, arrangement and connection configurations of components, steps, and the order of steps shown in the following embodiments are examples only and are not intended to limit the scope of the claims. Furthermore, among the components related to the following embodiments, those components that are not described in the independent claim representing the highest-level concept will be described as optional components.
[0014] Furthermore, each figure is a schematic diagram and not necessarily a strictly accurate representation. Also, the same component is denoted by the same reference numeral in each figure.
[0015] [2. Overview] First, I will explain the outline of the present invention. Figure 2 is a diagram illustrating the outline of the present invention.
[0016] As shown in Figure 2, the present invention provides multiple one-dimensional sensors (sensor devices) that detect a single physical quantity such as temperature, each comprising one transducer and one AD converter (i.e., a measurement circuit), and these multiple one-dimensional sensors are arranged in parallel. In other words, the arrangement of multiple one-dimensional sensors in parallel gives them a spatial extent.
[0017] Here, each of the multiple one-dimensional sensors has variations that are irreversibly generated during manufacturing, that is, physical characteristics that are difficult to replicate. In other words, each of the multiple one-dimensional sensors has a physically hard-to-replicate function (hereinafter also referred to as PUF). A physically hard-to-replicate function is a function that outputs a value unique to the device by utilizing physical characteristics that are difficult to replicate. In other words, a physically hard-to-replicate function is a function in which the relationship between input and output is physically difficult to replicate. Therefore, the measured value (output) that each of the multiple one-dimensional sensors generates by measuring the surrounding environment (input) is an output obtained by the physically hard-to-replicate function.
[0018] In this invention, a device to be authenticated, equipped with multiple one-dimensional sensors as described above, receives challenge data for authentication from an authentication device (hereinafter also referred to as an external device). The device to be authenticated generates response data by processing the received challenge data using multiple measurement values generated by the multiple one-dimensional sensors, and sends it back to the authentication device. In other words, the device to be authenticated generates response data unique to the device to be authenticated by utilizing spatial variability and the PUF (Positive Unit of Function) that each of the multiple one-dimensional sensors possesses.
[0019] The authentication device then compares the generated response data with a pre-stored response map corresponding to the device being authenticated, and authenticates the device being authenticated. In this way, the authentication device only communicates with devices that have been successfully authenticated, thus avoiding communication with devices owned by malicious third parties.
[0020] [3. Authentication System Configuration] The configuration of the authentication system 100 according to the embodiment will be described below. Figure 3 is a block diagram showing the configuration of the authentication system 100 according to the embodiment. As shown in Figure 3, the authentication system 100 according to the embodiment includes an authentication device 1 and an authentication device 2. The authentication device 1 and the authentication device 2 are configured to communicate with each other via a network N1, such as the Internet. Communication between the authentication device 1 and the authentication device 2 may be via wired communication or wireless communication.
[0021] [3-1. Authenticated Device] In this embodiment, the device to be authenticated 1 comprises a plurality of sensor devices 3. The device to be authenticated 1 also comprises a receiving unit 11, a first generation unit 12, a second generation unit 13, and a transmitting unit 14. The device to be authenticated 1 has a program and memory, and the functions of each of the above-mentioned parts of the device to be authenticated 1 are realized, for example, by a processor executing a program stored in memory. In this embodiment, the device to be authenticated 1 is, as an example, an information terminal such as a smartphone or a tablet terminal.
[0022] The multiple sensor devices 3 have multiple measurement circuits for measuring the environment around the device to be authenticated 1 and generating multiple measurement values. Each of the multiple sensor devices 3 is a measurement circuit that includes a one-dimensional sensor that detects a single physical quantity, such as a temperature sensor, a humidity sensor, or an acceleration sensor. In this embodiment, the multiple sensor devices 3 are arranged in parallel. Furthermore, as already mentioned, each of the multiple sensor devices 3 has variations that occur irreversibly during manufacturing. As a result, the multiple sensor devices 3 generate multiple measurement values that include spatial variations in each measurement circuit and variations in the inherent physical characteristics of each measurement circuit. In other words, each of the multiple measurement values includes characteristic values that vary in each of the multiple sensor devices 3.
[0023] The receiving unit 11 receives challenge data (hereinafter also referred to as external challenge data) transmitted from the authentication device 2 (hereinafter also referred to as external device 2) via the network N1. The challenge data is data that the authentication device 2 transmits to the device to be authenticated 1 in order to authenticate whether the device to be authenticated 1 is a legitimate terminal that has been registered in advance.
[0024] The first generation unit 12 generates response data by processing the challenge data received by the receiving unit 11 using multiple measurement values generated by the multiple sensor devices 3. In this embodiment, the response data is 1-bit data represented by 0 or 1. As explained above, the multiple measurement values generated by the multiple sensor devices 3 include characteristic values that vary from one sensor device to the other, so it can be said that the response data generated by the first generation unit 12 also includes characteristic values that vary from one sensor device to the other. An example of response data generation will be explained later in [4. Detailed Configuration of the Authenticated Device].
[0025] The second generation unit 13 generates a representative value as a sensing result by applying statistical processing to the multiple measurement values generated by the multiple sensor devices 3. In other words, the second generation unit 13 generates a representative value (sensing result) that suppresses the variability of the multiple measurement values by applying a specific statistical processing to the multiple measurement values. Specifically, the representative value generated by the second generation unit 13 may be the average value of the multiple measurement values or the median value of the multiple measurement values. Furthermore, as explained above, the multiple measurement values generated by the multiple sensor devices 3 include characteristic values that vary among each of the multiple sensor devices 3, so it can be said that the sensing result generated by the second generation unit 13 also includes characteristic values that vary among each of the multiple sensor devices 3. An example of the generation of sensing results will be explained later in [5. Generation of Sensing Results and Internal Challenge Data].
[0026] The transmitting unit 14 transmits the response data generated by the first generation unit 12 and the sensing results generated by the second generation unit 13 to the authentication device 2 via the network N1. The transmitting unit 14 may transmit the response data and sensing results to the authentication device 2 simultaneously as a single packet, or it may transmit them to the authentication device 2 in separate packets.
[0027] [3-2. Authentication Devices] In this embodiment, the authentication device 2 is a server. As shown in Figure 3, the authentication device 2 comprises a transmission unit 21, a reception unit 22, an information processing unit 23, and an authentication unit 24. The authentication device 2 has a processor and memory, and the functions of each of the above-mentioned parts of the authentication device 2 are realized, for example, by the processor executing a program stored in the memory.
[0028] The transmission unit 21 transmits the challenge data to an external terminal (including the authenticated device 1) via the network N1.
[0029] The receiving unit 22 receives response data and sensing results transmitted from an external terminal (including the authenticated device 1) via the network N1.
[0030] The information processing unit 23 selects the challenge data that the transmission unit 21 will send to an external terminal. In this embodiment, the information processing unit 23 selects one type of challenge data from 256 × 24 types of challenge data and has the transmission unit 21 send the selected challenge data.
[0031] The authentication unit 24 authenticates an external terminal (i.e., the device to be authenticated 1) based on the challenge data transmitted by the transmission unit 21, the response data received by the reception unit 22, and the sensing results. In this embodiment, the authentication unit 24 authenticates whether the external terminal is a legitimate terminal that has been registered in advance by comparing the response data with the challenge data, the sensing results, and a pre-registered response map. Figure 4 shows an example of a response map that the authentication device 2 has.
[0032] As shown in Figure 4, the Response Map is a map of response data (1-bit data, either 0 or 1) that is uniquely determined by the Sensing Result and Challenge data. In this embodiment, one response data is defined for each combination of 256 × 24 types of Challenge data and Sensing Result indicating temperature information between 0 and 100°C.
[0033] As explained above, the response data contains characteristic values that vary from one of the multiple sensor devices 3 to another. Therefore, the response map shown in Figure 4 is a unique map used to authenticate a specific device 1 to be authenticated. For example, in order for the authentication device 2 to authenticate multiple devices 1 to be authenticated, a response map corresponding to each of the multiple devices 1 to be authenticated must be registered in advance.
[0034] As described above, the authentication unit 24 compares the challenge data transmitted by the transmission unit 21, the sensing results received by the reception unit 22, and the response map to the response data received by the reception unit 22. In other words, the authentication unit 24 compares the response data obtained from the response map, which corresponds to the challenge data and sensing results, with the response data received by the reception unit 22. Then, if the responses match, the authentication unit 24 determines that the external terminal is a legitimate terminal, and if the responses do not match, it determines that the external terminal is an unauthorized terminal.
[0035] [4. Detailed configuration of the authenticated device] The detailed configuration of the device to be authenticated 1 is described below. Figure 5 is a schematic diagram showing an example of the detailed configuration of the device to be authenticated 1.
[0036] As shown in Figure 5, the device to be authenticated 1 (Sensor System) has four sensor devices (4×ADC+Front-end) 3, a first generation unit (PUF Logic) 12, and a second generation unit (Average) 13. Although four sensor devices 3 are shown in the example in Figure 5, the device to be authenticated 1 is within the scope of this disclosure as long as it has two or more sensor devices 3.
[0037] Figure 5 shows the general processing flow from when the device under authentication 1 measures the surrounding environment to when it generates response data and sensing results. First, the processing flow from when the device under authentication 1 generates sensing results will be explained. Four sensor devices 3 measure the environment around the device under authentication 1 and generate multiple measurement values. The second generation unit 13 performs statistical processing (Deviation Recovery) on the multiple measurement values generated by the four sensor devices 3 to generate a representative value for the multiple measurement values (for example, the average or median of the multiple measurement values) as a sensing result. When generating the sensing result, the second generation unit 13 also generates a representative value for the multiple measurement values as internal challenge data and outputs it to the first generation unit 12.
[0038] Next, the process flow for the authentication device 1 to generate response data will be explained. Four sensor devices 3 measure the environment around the authentication device 1 and generate multiple measurement values. The first processing unit (Pickup) 121 of the first generation unit 12 uses the challenge data (External Challenge) received by the receiving unit 11 to output some of the measurement values from the multiple measurement values generated by the four sensor devices 3. Then, the second processing unit (4×Comparing) 122 of the first generation unit 12 generates response data based on the some measurement values output by the first processing unit 121 and the internal challenge data output by the second generation unit 13.
[0039] The above explanation outlines the general processing flow from when the authenticated device 1 measures the surrounding environment to when it generates response data and sensing results. Below, we will explain a more detailed processing flow from when the authenticated device 1 measures the surrounding environment to when it generates response data and sensing results, and provide specific circuit examples to realize this processing.
[0040] Figure 6 is a diagram illustrating the processing flow from when the device to be authenticated 1 measures the surrounding environment to when it generates response data. Figure 6(a) is a detailed diagram showing the processing flow from when the sensor device 3 shown in Figure 5 measures the surrounding environment to when the device to be authenticated 1 generates two measured values. Figure 6(b) is a detailed diagram showing the processing flow from when the first generation unit 12 shown in Figure 5 processes the challenge data using multiple measured values generated by the four sensor devices 3 to when it generates response data. Figure 7 is a diagram showing the detailed processing flow shown in Figure 6(a) using a circuit diagram of the sensor device 3.
[0041] [4-1. Detailed Configuration Examples and Specific Circuit Examples of Sensor Devices] As shown in Figures 6(a) and 7, each sensor device 3 comprises a converter (CFC) 31, a counter 32, and a first current generation circuit (I PTAT )33 and the second current generation circuit (I CTAT The device comprises a 34 and an adder circuit 35. More specifically, the converter 31 has a first converter (CFC) 311 and a second converter (CFC) 312, and the counter 32 has a first counter (Counter) 321 and a second counter (Counter) 322. The following describes each component in accordance with the operation flow of the sensor device 3.
[0042] The first current generation circuit 33 is a circuit that generates a larger current as the temperature around the sensor device 3 rises. In other words, the first current generation circuit 33 generates a current I that is proportional to the rise in temperature around the sensor device 3. PTAT This is a circuit that generates a current I. In contrast, the second current generation circuit 34 is a circuit that generates a smaller current as the temperature around the sensor device 3 rises. In other words, the second current generation circuit 34 generates a current I that is inversely proportional to the rise in temperature around the sensor device 3. CTAT This is a circuit that generates [something].
[0043] In FIG. 8, an example of a specific circuit diagram of the first current generation circuit 33 and the second current generation circuit 34 is shown. Specifically, when the blank portion surrounded by the broken line is configured by the circuit diagram (for PTAT) in the left diagram above, the overall circuit diagram shown in FIG. 8 is the specific circuit diagram of the first current generation circuit 33. On the other hand, when the blank portion surrounded by the broken line is configured by the circuit diagram (for CTAT) in the right diagram above, the overall circuit diagram shown in FIG. 8 is the circuit diagram of the second current generation circuit 34.
[0044] Returning to the descriptions in FIGS. 6(a) and FIG. 7, the adder circuit 35 shown in FIG. 7 adds the current I PTAT generated by the first current generation circuit 33 and the current I CTAT generated by the second current generation circuit 34 to generate a current I ZTAT (see FIG. 6(a)) that does not depend on the temperature change around the sensor device 3.
[0045] The first converter 311 shown in FIG. 7 is a circuit that converts the current I PTAT generated by the first current generation circuit 33 into a frequency f PTAT and outputs it. In other words, the first converter 311 is a circuit that outputs a frequency f PTAT proportional to the temperature rise around the sensor device 3. On the other hand, the second conversion circuit 312 is a circuit that converts the current I ZTAT generated by the adder circuit 35 into a frequency f ZTAT and outputs it. In other words, the second converter 312 is a circuit that outputs a frequency f ZTAT that does not depend on the temperature change around the sensor device 3. FIG. 9 is a diagram showing an example of a specific circuit diagram of the first converter 311 and the second converter 312.
[0046] As shown in FIG. 9, the first converter 311 and the second converter 312 have the same circuit composed of four inverters 313a to 313d and a NAND gate 313e. That is, in the embodiment, the first converter 311 having the four inverters 313a to 313d and the NAND gate 313e converts the current I PTAT into a frequency f PTATThe second converter 312, which has four inverters 313a to 313d and a NAND gate 313e, converts and outputs the current I ZTAT frequency f ZTAT Convert and output.
[0047] Returning to the explanation in Figure 6(a) and Figure 7, the first counter 321 shown in Figure 7 is the frequency f output by the first converter 311. PTAT This circuit counts the number of pulses based on and outputs a digital code Dp (Digital Code). The second counter 322 counts the frequency f output by the second converter 312. ZTAT This circuit counts the number of pulses based on a given value and outputs a digital code Dz. In this embodiment, the second counter 322 stops counting up to a certain value and outputs the digital code Dz at the time it stops. The first counter 321 outputs the digital code Dp at the time when the second counter 322 wants to stop counting. In other words, the digital code Dp output by the first counter 321 and the digital code Dz output by the second counter 322 correspond to the measured values generated by the sensor device 3.
[0048] In this embodiment, the first counter 321 and second counter 322 of each of the four sensor devices 3 (3a to 3d) output digital codes Dp and Dz. Specifically, when the second counter 322 of sensor device 3a counts up to a certain value and outputs digital code Dz, the first counter 321 of each of the four sensor devices 3a to 3d outputs digital code Dp. In other words, the four sensor devices 3 output four patterns of digital code Dp for one type of digital code Dz, so 16 combinations of digital codes [Dp, Dz] are output.
[0049] Based on the above explanation, the sensor device 3 receives a current I proportional to the temperature. PTAT and a temperature-independent current I ZTAT This sensor measures the ambient temperature around the device being authenticated 1 by making a relative comparison with [another device].
[0050] [4-2. Detailed Configuration Example and Specific Circuit Example of the First Generation Unit] As shown in Figure 6(b), the first generation unit 12 comprises a first processing unit 121 and a second processing unit 122. More specifically, the first processing unit 121 has a multiplexer (MUX) 121a, and the second processing unit 122 has a 3-bit comparator 122a and an arithmetic unit (XOR) 122b.
[0051] In this embodiment, the first processing unit 121 outputs a first signal indicating three values from 16 patterns of digital codes [Dp, Dz] output by the four sensor devices 3. Specifically, the multiplexer 121a uses the challenge data (External Challenge) received by the receiving unit 11 to output a first signal indicating three values from the ratio (Dp / Dz) of the 16 patterns of digital codes [Dp, Dz]. In other words, the multiplexer 121a outputs a first signal indicating three values by performing multiplexing dependent on the challenge data for multiple measured values generated by multiple sensor devices 3. Note that the multiplexer 121a only needs to output a first signal indicating a smaller number of values from multiple patterns of digital codes [Dp, Dz]. Figure 10 shows an example of a specific circuit diagram of the multiplexer 121a.
[0052] As shown in Figure 10, the multiplexer 121a comprises four first multiplexers (4:1 MUX) 121b and one second multiplexer (4:3) 121c. In this embodiment, an example is shown in which the multiplexer 121a comprises four first multiplexers 121b and one second multiplexer 121c, but any circuit configuration is acceptable as long as it can output a first signal that represents three values from the ratio (Dp / Dz) of 16 patterns of digital code [Dp, Dz].
[0053] Each of the four first multiplexers 121b is a multiplexer that takes four inputs and outputs one. In this embodiment, the four first multiplexers 121b output intermediate signals that represent four values from the ratio (Dp / Dz) of 16 patterns of digital codes [Dp,Dz].
[0054] The second multiplexer 121c is a multiplexer that outputs a first signal representing three values from the four intermediate signals representing the four values output by the four first multiplexers 121b.
[0055] Returning to the explanation in Figure 6(b), in this embodiment, the second processing unit 122 outputs 1 bit response data from the first signal output by the first processing unit 121 (second multiplexer 121c). Specifically, the second processing unit 122 includes a 3-bit comparator 122a and an arithmetic unit (XOR) 122b.
[0056] The 3-bit comparator 122a compares the three values indicated by the output first signal and converts them into a second signal indicating the comparison result. Figure 11 shows an example of a specific circuit diagram of the 3-bit comparator 122a.
[0057] As shown in Figure 11, the 3-bit comparator 122a outputs 2-bit data (O0 and O1) by comparing the magnitudes of three input values (labeled A, B, and C in Figure 11). Figure 11 shows the Truth Table used by the 3-bit comparator 122a when comparing the magnitudes of three values in this embodiment. In other words, the 3-bit comparator 122a determines which of the magnitude relationships shown in the table above the magnitude relationship of the three input values corresponds to, and outputs the corresponding 2-bit data (i.e., the second signal).
[0058] In this embodiment, the reason the second processing unit 122 is equipped with a 3-bit comparator 122a is to ensure the stability of the output data (O0 and O1). Specifically, the second processing unit 122 compares the magnitudes of the ratios (Dp / Dz) of digital codes (in other words, compares the magnitudes of the oscillation frequencies), but if the values of the ratios (Dp / Dz) of the digital codes being compared are close, the output data (O0 and O1) becomes unstable. Therefore, the second processing unit 122 uses a 3-bit comparator 122a that can determine whether one value is greater or less than the other two values. In other words, the second processing unit 122 stabilizes the output data by providing redundancy.
[0059] Returning to the explanation in Figure 6(b), the arithmetic unit 122b outputs response data (1 bit data) based on the second signal output by the 3-bit comparator 122a and the representative value (Internal Challenge) generated by the second generation unit 13. In this embodiment, the arithmetic unit 122b generates response data by applying an exclusive OR (XOR) operation to the second signal. In this embodiment, the second processing unit 122 comprises two arithmetic units 122b. The second processing unit 122 has a configuration of two layers of arithmetic units 122b, and generates 1 bit response data based on the 2-bit second signal and the representative value generated by the second generation unit 13.
[0060] [5. Generation of sensing results and internal challenge data] The following describes the processing flow when the second generation unit 13 performs statistical processing on multiple measured values (in this embodiment, the ratio of 16 patterns of digital codes) generated by the four sensor devices 3 to generate a representative value for the multiple measured values.
[0061] Figure 12 is a diagram illustrating the processing flow when the second generation unit 13 generates a representative value from the ratio of 16 patterns of digital codes. Figure 12(a) shows the ratio of 16 patterns of digital codes (16 f) generated by the four sensor devices 3. PTAT / fZTAT This figure shows an example of the measurement results of Combinations. Figure 12(b) shows an example of an intermediate result generated by the second generation unit 13 by performing calibration (Gain & Offset Calibrated) on the measurement result shown in Figure 12(a). Figure 12(c) shows an example of a representative value generated by the second generation unit 13 by applying statistical processing (Deviation Recovered) to the intermediate result shown in Figure 12(b). In Figures 12(a) to 12(c), the horizontal axis is the measured temperature (Temperature, °C), and the vertical axis is the ratio of the digital code (Temperature Code).
[0062] As shown in Figure 12(a), each of the 16 digital code ratios shows a monotonically increasing tendency with increasing temperature. The range of the 16 digital code ratios is from 1000 to 2800. Furthermore, the ratios of the 16 digital code ratios show considerable variation, with a difference of approximately 1000 between the ratio of the digital code showing the maximum value and the ratio showing the minimum value at a particular temperature (0-100°C).
[0063] As shown in Figure 12(b), the variation in the ratios of the 16 digital code patterns is smaller than the variation in the ratios of the 16 digital code patterns shown in Figure 12(a). Furthermore, by performing calibration on the measurement results shown in Figure 12(a) by the second generation unit 13, the range of the digital code ratios is compressed from 1200 to 2400.
[0064] As shown in Figure 12(c), the second generation unit 13 generates representative values by applying statistical processing to the intermediate results shown in Figure 12(b). In this embodiment, the second generation unit 13 generates the average or median of the intermediate results shown in Figure 12(b) as representative values. The second generation unit 13 also outputs the generated representative values as sensing results and internal challenge data.
[0065] Furthermore, the degree to which variability is reduced by the second generation unit 13 performing statistical processing on multiple measured values generated by the four sensor devices 3 to generate a representative value for the multiple measured values will be explained below.
[0066] Figure 13 shows the variation in the ratios of 16 patterns of digital codes and the variation in representative values generated by the second generation unit 13. Figure 13(a) shows the variation in the ratios of 16 patterns of digital codes. Figure 13(b) shows the variation in representative values generated by the second generation unit 13. In Figures 13(a) and 13(b), the horizontal axis is the measured temperature (Temperature, °C), and the vertical axis is the inaccuracy of the measured temperature relative to the actual temperature (Inaccuracy, °C). The inaccuracy of the measured temperature relative to the actual temperature refers to the difference between the actual temperature of the environment in which the device under authentication 1 is located and the measured temperature measured by the sensor device 3.
[0067] As shown in Figure 13(a), the variation in the ratios of the 16 digital code patterns is large, and the inaccuracy for each temperature ranges from a maximum of -3.97 to 3.96. On the other hand, as shown in Figure 13(b), the variation in the representative values generated by the second generation unit 13 is small, and the inaccuracy for each temperature ranges from a maximum of -1.54 to 1.76.
[0068] [6. Operation of the Authentication System] The following describes an example of the operation of the authentication system 100 according to the embodiment. Figure 14 is a sequence diagram showing the operation of the authentication system 100 according to the embodiment.
[0069] First, the device to be authenticated 1 sends an authentication request to the authentication device 2 in order to start the authentication of the device to be authenticated 1 (S11). When the authentication device 2 receives the authentication request, it generates challenge data in order to perform the authentication of the device to be authenticated 1 (S12) and sends the challenge data to the device to be authenticated 1 (S13).
[0070] The device under authentication 1 generates multiple measurement values using multiple sensor devices 3 (S14). The device under authentication 1 generates response data by processing the challenge data received in step S13 using the multiple measurement values generated by the multiple sensor devices 3 (S15). The device under authentication 1 also generates a representative value for the multiple measurement values as a sensing result by performing statistical processing on the multiple measurement values generated by the multiple sensor devices 3 (S16). The device under authentication 1 then transmits the generated response data and sensing result to the authentication device 2 (S17).
[0071] The authentication device 2 authenticates the device under authentication 1 based on the challenge data transmitted to the device under authentication 1, the response data and sensing results received from the device under authentication 1, and the response map (S18).
[0072] [7. Specific implementation examples and measurement results on semiconductor chips] The following describes a specific implementation example of the certified device 1 described above when it is mounted on a semiconductor chip (specifically, a CMOS), and the measurement results obtained from the said semiconductor chip.
[0073] First, we will explain a specific implementation example when the device to be certified 1 is mounted on a semiconductor chip (hereinafter also referred to as a semiconductor substrate). Figure 15 is a diagram showing an example of a specific semiconductor chip layout of the device to be certified 1.
[0074] As shown in Figure 15, the semiconductor chip has multiple sensor devices (Channel 0 to Channel 3, and 2 Dummy Channels) 3, and a first generation unit 12 and a second generation unit 13 (Peripheral Logic) mounted on it. Also in Figure 15, the arrangement of the measurement circuit Channel 0 is shown. Specifically, the first converter (f PTAT )311 and the second converter (f ZTAT )312, first counter 321 and second counter 322 (2 Counters), and first current generation circuit (I PTAT)33 and the second current generation circuit (I CTAT )34 is shown. The arrangement of the remaining measurement circuits (Channel 1 to Channel 3) is the same as that of measurement circuit Channel 0.
[0075] The multiple sensor devices 3 have multiple dummy circuits (2 Dummy Channels) 36 that are not used to measure multiple measurement values that depend on the environment surrounding the device to be authenticated 1. The multiple dummy circuits 36 are arranged so as to sandwich the multiple measurement circuits (Channel 0 to Channel 3) in a plan view with respect to the semiconductor substrate. In this embodiment, the multiple dummy circuits 36 have four measurement circuits. Each of these four measurement circuits is the same as measurement circuit Channel 0. In this embodiment, one of the dummy circuits 36, which is located above measurement circuits Channel 0 and Channel 2, has two measurement circuits arranged on it. The other dummy circuit 36, which is located below measurement circuits Channel 1 and Channel 3, has the remaining two measurement circuits arranged on it.
[0076] The advantages of having multiple sensor devices 3 with multiple dummy circuits 36 will be explained. As shown in Figure 15, the two dummy circuits 36 are arranged in a plan view with respect to the semiconductor substrate so as to sandwich the multiple measurement circuits (Channel 0 to Channel 3). In other words, the two dummy circuits 36 are located closer to the outer edge of the semiconductor substrate than the multiple measurement circuits (Channel 0 to Channel 3). The digital codes output by each of the multiple dummy circuits 36 located in such a location tend to have large variations even at the same temperature, resulting in low reproducibility. On the other hand, the digital codes output by each of the multiple measurement circuits (Channel 0 to Channel 3) arranged in a plan view with respect to the semiconductor substrate so as to sandwich the multiple dummy circuits 36 tend to have small variations at the same temperature, resulting in high reproducibility. In this way, since the multiple sensor devices 3 generate multiple measurement values using the multiple measurement circuits sandwiched between the multiple dummy circuits 36, the multiple sensor devices 3 can output highly stable digital codes (Dp and Dz). As a result, the device being authenticated 1 can achieve high reproducibility of the generated response data and sensing results.
[0077] Furthermore, the advantages of having multiple measurement circuits arranged in parallel with multiple sensor devices 3 will be explained. Having multiple measurement circuits arranged in parallel with multiple sensor devices 3 offers three main advantages.
[0078] In this embodiment, the multiple sensor devices 3 may have multiple measurement circuits, each containing a one-dimensional sensor that is smaller in size and operates at lower power than a conventional one-dimensional sensor, in order to generate multiple measurement values including variations. In other words, the multiple sensor devices 3 may have multiple measurement circuits, each containing a one-dimensional sensor that is less efficient in terms of measurement accuracy than a conventional one-dimensional sensor. The area required when the above-mentioned low-performance one-dimensional sensor measurement circuit is mounted on a semiconductor chip is smaller than the area required when a conventional one-dimensional sensor measurement circuit (hereinafter also referred to as a conventional measurement circuit) is mounted on a semiconductor chip. Furthermore, the power consumed by the above-mentioned low-performance one-dimensional sensor measurement circuit is smaller than the power consumed by a conventional one-dimensional sensor measurement circuit. Therefore, since each of the multiple measurement circuits in the multiple sensor devices 3 has the above-mentioned characteristics, the area required when the multiple measurement circuits arranged in parallel are mounted on a semiconductor chip is not significantly different from the area required when a conventional measurement circuit is mounted on a semiconductor chip, and the power consumed by the multiple measurement circuits arranged in parallel is not significantly different from the power consumed by a conventional measurement circuit. Furthermore, multiple sensor devices 3 having the above-described measurement circuit have the advantage of being able to output multiple measurement values with large variations (specifically, the ratio of digital codes) as an intermediate value, and generate unique response data for each of the multiple sensor devices 3 using this intermediate value. In addition, since multiple sensor devices 3 having the above-described measurement circuit apply statistical processing to the intermediate value with large variations to generate sensing results, there is an advantage that the accuracy of the sensing results output by the multiple sensor devices 3 does not differ significantly from the accuracy of the measurement data output by a conventional sensor device with a measurement circuit.
[0079] Next, we will explain the measurement results obtained from the semiconductor chips mentioned above. Figure 16 shows an example of measurement results obtained from four different semiconductor chips. Figure 16 is a plot of response data obtained from each semiconductor chip (Chip0 to Chip3) (Response Map in 4 Devices). In Figure 16, the response data generated by each semiconductor chip is plotted for 256 × 24 challenge data at 0-100°C.
[0080] As shown in Figure 16, the overall randomness of the response data generated by each of the four semiconductor chips is approximately 50%. The ideal value for the randomness of response data is 50%, and the closer the randomness of the response data is to this ideal value, the higher the unpredictability of the response data. In other words, the authenticated device 1 according to this embodiment can generate response data that is difficult for a malicious third party to predict.
[0081] Figure 17 shows the results of the analysis based on the measurement results obtained in Figure 16. Figure 17(a) shows the specificity of the response data generated by the four semiconductor chips. In Figure 17(a), the horizontal axis is the measurement temperature (Temperature, °C), and the vertical axis is the specificity (Uniqueness, %). Figure 17(b) shows the repeatability of the response data generated by the four semiconductor chips. In Figure 17(a), the horizontal axis is the measurement temperature (Temperature, °C), and the vertical axis is the specificity (Repeatability, %).
[0082] As shown in Figure 17(a), the specificity of the response data generated by the four semiconductor chips averaged 99.35%. This demonstrates that each of the four semiconductor chips generated response data that could be identified by the authentication device 2 under the same challenge data and temperature conditions. Furthermore, as shown in Figure 17(b), the reproducibility of the response data generated by the four semiconductor chips averaged 95.00%. This demonstrates that each of the four semiconductor chips generated the same response data multiple times under the same challenge data and temperature conditions. Based on these experimental results, the reliability of the authentication device 1 according to this embodiment was confirmed.
[0083] [8. Advantages] The advantages of the authentication system 100 according to this embodiment will be described below. As described above, the device to be authenticated 1 according to this embodiment generates multiple measurement results with variations in the intermediate process of generating response data and sensing results by arranging multiple sensor devices 3 in parallel and spreading them out spatially. As a result, the device to be authenticated 1 can generate and output its own unique response data and sensing results by utilizing the spatial variations and the PUFs that each of the multiple sensor devices 3 possesses. Therefore, the device to be authenticated 1 according to this embodiment can generate a signature based on PUF even when using a one-dimensional sensor (i.e., sensor device 3) that detects a single physical quantity.
[0084] [9. Variant] Although the authentication system of the present invention has been described above based on embodiments, the present invention is not limited to these embodiments. As long as they do not depart from the spirit of the present invention, various modifications to these embodiments that can be conceived by those skilled in the art, as well as other forms constructed by combining some of the components of these embodiments, are also included within the scope of the present invention.
[0085] For example, in the above embodiment, a process executed by one processing unit may be executed by another processing unit. Furthermore, the order of multiple processes may be changed, or multiple processes may be executed in parallel.
[0086] Furthermore, the communication method between devices in the above embodiment is not particularly limited. In addition, relay devices (not shown) may be involved in the communication between devices.
[0087] Furthermore, the order of processing described in the flowchart of the above embodiment is just one example. The order of multiple processing steps may be changed, and multiple processing steps may be executed in parallel.
[0088] Furthermore, although the authentication device was implemented by a single device in the above embodiment, it may be implemented by multiple devices. For example, if the authentication device is implemented by multiple devices, the components of the authentication device may be distributed among the multiple devices in any way.
[0089] Furthermore, in the above embodiment, each component may be implemented by hardware. For example, each component may be a circuit (or integrated circuit). These circuits may form a single circuit as a whole, or they may be separate circuits. Also, each of these circuits may be a general-purpose circuit or a dedicated circuit.
[0090] Furthermore, some or all of the functions of the authentication system according to the above embodiment may be realized by a processor such as a CPU executing a program.
[0091] Some or all of the components constituting each of the above devices may consist of detachable IC cards or standalone modules attached to each device. The IC card or module is a computer system composed of a microprocessor, ROM, RAM, etc. The IC card or module may include a highly functional LSI. The microprocessor operates according to a computer program, thereby enabling the IC card or module to achieve its function. The IC card or module may also be tamper-resistant.
[0092] Furthermore, the general or specific embodiments of this disclosure may be implemented as a system, apparatus, method, integrated circuit, computer program, or recording medium such as a computer-readable CD-ROM. They may also be implemented in any combination of systems, apparatus, methods, integrated circuits, computer programs, and recording media.
[0093] For example, the invention may be implemented as an authentication method executed by a computer, or as a program for causing a computer to execute such an authentication method. Furthermore, the invention may be implemented as a computer-readable, non-temporary recording medium on which such a program is recorded. The invention may also be a program product containing such a program.
[0094] (summary) As described above, the device to be authenticated 1 according to the first embodiment is a device to be authenticated 1 comprising: a receiving unit 11 that receives challenge data for authentication from an external device 2; a plurality of sensor devices 3 having a plurality of measurement circuits for measuring the environment around the device to be authenticated 1 and generating a plurality of measurement values; a first generation unit 12 that generates response data by processing the challenge data received by the receiving unit 11 using the plurality of measurement values generated by the plurality of sensor devices 3; a second generation unit 13 that generates a representative value for the plurality of measurement values as a sensing result by performing statistical processing on the plurality of measurement values generated by the plurality of sensor devices 3; and a transmission unit 14 that transmits the generated response data and sensing results to the external device 2, wherein each of the plurality of sensor devices 3 is a measurement circuit including a one-dimensional sensor that detects a single physical quantity.
[0095] According to this, since the device to be authenticated 1 is equipped with multiple sensor devices 3, it generates multiple measurement results with variations in the intermediate process of generating response data and sensing results. As a result, the device to be authenticated 1 can utilize spatial variations and the PUFs that each of the multiple sensor devices 3 possess to generate and output its own unique response data and sensing results. Therefore, the device to be authenticated 1 according to this embodiment can generate a signature based on PUF even if it uses a one-dimensional sensor (i.e., sensor device 3) that detects a single physical quantity.
[0096] Furthermore, in the second embodiment of the authenticated device 1, in the first embodiment, the authenticated device 1 is mounted on a semiconductor substrate, and the multiple sensor devices 3 have multiple dummy circuits 36 that are not used to measure multiple measurement values that depend on the surrounding environment, and the multiple dummy circuits 36 are arranged so as to sandwich the multiple measurement circuits in a plan view with respect to the semiconductor substrate.
[0097] According to this, multiple sensor devices 3 generate multiple measurement values using multiple measurement circuits sandwiched between multiple dummy circuits 36, so that multiple sensor devices 3 can output a highly stable digital code. As a result, the device being authenticated 1 can increase the reproducibility of the response data and sensing results it generates.
[0098] Furthermore, in the authenticated device 1 according to the third embodiment, the second generation unit 13 generates the average value of the multiple generated measurement values as a sensing result, in the first or second embodiment.
[0099] According to this, the device being authenticated 1 generates the average value of multiple measured values as the sensing result, which can reduce the variation in the sensing results output to the external device 2.
[0100] Furthermore, in the authentication device 1 according to the fourth embodiment, in any one embodiment of the first to third embodiments, the first generation unit 12 includes a multiplexer 121a that outputs a first signal indicating three values by performing multiplexing dependent on challenge data on a plurality of generated measurement values, a 3-bit comparator 122a that converts the three values indicated by the output first signal into a second signal indicating the comparison result by comparing them, and an arithmetic unit 122b that generates response data based on the converted second signal and the generated representative value.
[0101] According to this, the output of the response data generated by the first generation unit 12 can be stabilized.
[0102] Furthermore, in the fifth embodiment of the authenticated device 1, in any one embodiment of the first to fourth embodiments, each of the multiple sensor devices 3 is a measurement circuit including a temperature sensor.
[0103] According to this, the device being authenticated 1 can generate response data and sensing results from multiple measured values obtained using a temperature sensor and output them to an external device 2.
[0104] Furthermore, the authentication method according to the sixth embodiment is an authentication method performed by an authentication device 1 to be authenticated, wherein the authentication device 1 comprises a plurality of sensor devices 3 having a plurality of measurement circuits for measuring the environment around the authentication device 1 and generating a plurality of measurement values, each of the plurality of sensor devices 3 being a measurement circuit including a one-dimensional sensor, and the authentication method includes a receiving step (S13) of receiving challenge data for authentication from an external device 2, a first generation step (S15) of generating response data by processing the challenge data received in the receiving step (S13) using a plurality of measurement values generated by the plurality of sensor devices 3, a second generation step (S16) of generating a representative value for the plurality of measurement values as a sensing result by performing statistical processing on the plurality of measurement values generated by the plurality of sensor devices 3, and a transmission step (S17) of transmitting the generated response data and sensing result to the external device 2.
[0105] According to this, since the device to be authenticated 1 is equipped with multiple sensor devices 3, the authentication method generates multiple measurement results with variations in the intermediate process of generating response data and sensing results. As a result, the authentication method can utilize spatial variations and use the PUFs that each of the multiple sensor devices 3 possess to generate and output unique response data and sensing results for the device to be authenticated 1. Therefore, the device to be authenticated 1 according to this embodiment can generate a signature based on PUF even if it uses a one-dimensional sensor (i.e., sensor device 3) that detects a single physical quantity. [Industrial applicability]
[0106] The present invention is applicable to systems and methods for authenticating sensor devices. [Explanation of Symbols]
[0107] 1. Authenticated device 11 Receiving unit 12 1st generation part 121 First Processing Unit 121a multiplexer 121b 1st multiplexer 121c 2nd multiplexer 122 Second Processing Unit 122a 3-bit comparator 122b Arithmetic unit 13 Second generation part 14. Transmitter 2 Authentication device 21 Transmitter 22 Receiving section 23 Information Processing Department 24 Authentication Department 3 Sensor devices 31 Converters 311 First Converter 312 Second Converter 313a, 313b, 313c, 313d Inverter 313e NAND gate 32 counters 321 First counter 322 Second counter 33. First Current Generating Circuit 34. Second current generation circuit 35 Adding Circuit 36 Dummy Circuit 100 Authentication Systems N1 Network
Claims
1. A device to be authenticated, A receiving unit that receives challenge data for authentication from an external device, Multiple sensor devices having multiple measurement circuits for measuring the environment surrounding the device to be certified and generating multiple measurement values, A first generation unit generates response data by processing the challenge data received by the receiving unit using the multiple measurement values generated by the multiple sensor devices, A second generation unit generates a representative value for the multiple measured values as a sensing result by performing statistical processing on the multiple measured values generated by the multiple sensor devices, The system includes a transmission unit that transmits the generated response data and the sensing results to the external device. Each of the aforementioned plurality of sensor devices is a measurement circuit that includes a one-dimensional sensor for detecting a single physical quantity. Authenticated device.
2. The device to be certified is mounted on a semiconductor substrate, The aforementioned plurality of sensor devices have a plurality of dummy circuits that are not used to measure the plurality of measurement values that depend on the surrounding environment, The plurality of dummy circuits are arranged so as to sandwich the plurality of measurement circuits in a plan view with respect to the semiconductor substrate. The device to be authenticated according to claim 1.
3. The second generation unit generates the average value of the multiple measured values that have been generated as the sensing result. The device to be authenticated according to claim 1.
4. The first generation unit is, A multiplexer that outputs a first signal showing three values by performing multiplexing on the generated plurality of measured values, which depends on the challenge data, A 3-bit comparator that compares the three values indicated by the output first signal and converts them into a second signal indicating the comparison result, The system comprises a calculator that generates the response data based on the converted second signal and the generated representative value, The device to be authenticated according to claim 1.
5. Each of the aforementioned plurality of sensor devices is a measurement circuit including a temperature sensor. The device to be authenticated according to any one of claims 1 to 4.
6. A method of authentication performed by a device to be authenticated, The device to be authenticated comprises a plurality of sensor devices having a plurality of measurement circuits for measuring the environment surrounding the device to be authenticated and generating a plurality of measured values. Each of the aforementioned plurality of sensor devices is a measurement circuit including a one-dimensional sensor, The authentication method is A receiving step in which challenge data for authentication is received from an external device, A first generation step involves processing the challenge data received in the reception step using the multiple measurement values generated by the multiple sensor devices to generate response data. A second generation step involves performing statistical processing on the multiple measurement values generated by the multiple sensor devices to generate a representative value for the multiple measurement values as a sensing result. The process includes a transmission step of transmitting the generated response data and the sensing result to the external device, Authentication method.