Physically difficult-to-replicate functions
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- NCHAIN LICENSING AG
- Filing Date
- 2026-01-23
- Publication Date
- 2026-06-16
Smart Images

Figure 2026097799000001_ABST
Abstract
Claims
1. A computer implementation method for enabling one or more verifiers to verify the identity of a target party or a target including the target party's device, wherein the method, in a setup phase, The steps include storing in a data store the response data for each of the sets of responses resulting from the setup party inputting each set of one or more challenges into a PUF module that includes a physically hard-to-replicate function, i.e., a PUF, and generating the one or more responses based on the PUF, A step of storing instructions for the set of challenges in the data store, wherein the instructions do not include the values of each of the challenges in the set, but rather include the master challenge from which the set of challenges can be derived by applying a derivation function to the master challenge; A computer implementation method comprising the step of making available to the one or more verifiers to verify the identity of the target in a subsequent verification phase, wherein the respective response data for each response includes the respective response or data derived therefrom.
2. The method according to claim 1, wherein the data store is implemented in a third-party computer device.
3. The method according to claim 1 or 2, performed by a trusted third party.
4. The method according to claim 3, dependent on claim 2, wherein the third-party computer equipment is the trusted third-party computer equipment.
5. The method according to claim 3 or 4, wherein the setup party is the target party, the method includes the step of receiving a response or the set of response data from the target party, and the storing step includes the step of storing the response data in the data store based on the step received from the target party.
6. The method according to claim 5, comprising the initial step of generating the set of challenges or master challenge to enable the target party to generate the set of responses and sending it to the target party.
7. The method according to claim 5, wherein the set of challenges is generated by the target party, and the method includes the step of receiving the set of challenges or the master challenge from the target party and storing the master challenge in the data store.
8. The method according to claim 2, or any one of claims 3 to 7 dependent thereon, wherein the setup party is the target party, the method is performed by the target party, and the target party performs the step of storing the response data and master challenge by submitting the response or the set of response data and the master challenge to the third-party computer equipment.
9. The method of claim 7 or 8, comprising the step of establishing a secure channel between a target party and a trusted third party based on a shared secret shared between the target party and the trusted third party, wherein the receipt or submission of the master challenge or set of challenges between the target party and the trusted third party is performed over the secure channel.
10. The method according to claim 9, wherein the submission includes transmitting the set of responses or response data to the third-party system over a network.
11. The method according to claim 3, or any one of claims 4 to 10 that are dependent thereon, wherein the setup party is the trusted third party that performs the setup on behalf of the target party and then transmits the PUF module to the target party, enabling the target party to respond to challenges from the one or more verifiers.
12. The method according to claim 1 or 2, wherein the data store is a public peer-to-peer public medium.
13. The method according to claim 12, wherein the peer-to-peer public medium is a blockchain.
14. The method according to any one of claims 1 to 13, wherein the master challenge includes identification data, which includes or is derived from one or more pieces of identification information relating to the identity of the target.
15. The method according to claim 14, wherein the identification data includes or is generated from a combination of multiple pieces of identification information of the target party.
16. The method according to claim 14 or 15, comprising the step of determining the master challenge data based on obtaining the one or more pieces of identification information, performed by a trusted third party.
17. The method according to claim 16, wherein the acquisition includes the step of receiving one or more pieces of identification information from the target party.
18. The method according to claim 14 or 15, wherein the method is performed by the target party, and the storage of the master challenge includes the step of the target party determining the master challenge and transmitting it to be stored in the data store, or transmitting at least one of the one or more identification pieces to a trusted third party to cause the trusted third party to generate the master challenge and store it in the data store.
19. The method of claim 17 or 18, comprising the step of establishing a secure channel between the target party and a trusted third party based on a shared secret shared between the target party and the trusted third party, wherein the receiving or transmission of the identification information between the target party and the trusted third party is performed over the secure channel.
20. The method according to any one of claims 1 to 19, wherein the target is one of a plurality of targets in which the data store stores corresponding sets of response data and master challenges, and each master challenge enables the derivation of each set of challenges so that it can be used when validating the corresponding target.
21. The method according to claim 20, wherein each master challenge includes identification data of the corresponding target.
22. The method according to any one of claims 1 to 21, wherein the derivation function derives the set of challenges in an ordered form, and each of the response data is stored in association with an identifier that designates one different challenge from the challenges in the order, and thus maps each different response data to each different challenge in the set of challenges that can be derived from the master challenge.
23. The method according to any one of claims 1 to 22, wherein the challenges in the set are derivable in a chaining manner, the first challenge in the set of challenges is derivable by applying the derivation function to the master challenge, and each consecutive challenge in the set is derivable by applying the derivation function to a preceding challenge in the set.
24. The method according to any one of claims 1 to 22, wherein the challenges in the set are derivable in a hierarchical manner, a first subset of the set of challenges is derivable by applying the derivation function to the master challenge, and each of one or more consecutive subsets is derivable by applying the derivation function to one of the challenges further up in the hierarchy.
25. The method according to any one of claims 1 to 24, wherein the derived function or its instructions are also stored in the data store, thereby making the derived function or its instructions available to the one or more verifiers.
26. The method according to any one of claims 1 to 25, wherein the derived function is known in advance to at least one of the verifiers and does not need to be made available to or instructed to be made available to the at least one verifier.
27. The method according to any one of claims 1 to 26, wherein the one or more verifiers are multiple verifiers.
28. The method according to any one of claims 1 to 27, wherein the set of challenges is a plurality of challenges and the set of responses is a plurality of responses.
29. The method according to claim 28, wherein the step of storing the response data makes only one or more respective subsets available to each of the verifiers, and different subsets are made available to different verifiers among the verifiers.
30. The method according to claim 29, wherein the subsets are mutually exclusive.
31. The method according to any one of claims 1 to 30, wherein each of the response data records includes an explicit value of the respective response.
32. The method according to claim 31, wherein the value of the response data record is stored in the data store only in encrypted form.
33. The method according to claim 32, wherein each of one or more subsets of the response data record is individually encrypted, and each subset requires a different decryption key to decrypt.
34. The method according to claim 33, at least dependent on claim 29, wherein the different subsets are made available to different verifiers by distributing different decryption keys among the decryption keys to different verifiers.
35. The method according to any one of claims 1 to 30, wherein each of the response data includes only a proof of the respective response and not an explicit value of the response, and the proof includes a transformation of the respective response that does not disclose the response but enables a verifier to verify the identity of the target by performing the same transformation on further instances of the respective response returned by the target and comparing them with the proof.
36. The method according to claim 35, wherein the conversion includes hashing or double hashing.
37. The PUF module comprises a PUF, interface logic, and a deterministic transformation function, the interface logic being - Receive the aforementioned set of challenges, - A base challenge is input to the PUF to generate the corresponding primary response. The method according to any one of claims 1 to 36, wherein the generation of the set of responses is caused by inputting each of the received sets of challenges together with the generated base response into the conversion function, the conversion function being a function of the respective challenges from the received sets and the generated base response.
38. Memory including one or more memory units, A computer device comprising a processing unit including one or more processing units, wherein the memory stores code configured to be executed on the processing unit, and the code is configured to perform the method according to any one of claims 1 to 37 when it is on the processing unit.
39. A computer program that is embodied on a non-temporary computer-readable medium and is configured to perform the method described in any one of claims 1 to 37 when executed on one or more processors.
40. A computer implementation method in which a verifier verifies the identity of a target, including the target party or the target party's device, wherein the verifier, A step of accessing one response data from a set of response data records from a data store, each including either a) a value of a response obtained as a result of inputting a challenge to a PUF module including a physically hard-to-replicate function, i.e., a PUF, associated with the target, or b) a proof including a transformation of the response. The steps include: accessing a master challenge from the data store and deriving at least one challenge from the set of challenges by applying a derivation function to the master challenge; The steps include sending a request to the target that includes the at least one challenge to the target, and receiving further instances of the response in response thereto, A computer implementation method comprising the steps of performing a comparison and verifying the identity of the target, provided that the result of the comparison is a match, wherein the comparison includes, a) the stored value of the response matches the further instance, and b) the proof matches the same transformation applied to the further instance.
41. The method of claim 40, wherein the application of the derived function includes the step of applying the derived function on the verifier's computer equipment.
42. The method of claim 40, wherein the data store is implemented on a third-party computer device, and the application of the derived function includes the step of the verifier requesting the derived function to be applied on the third-party computer device.
43. Memory including one or more memory units, A computer device comprising a processing unit including one or more processing units, wherein the memory stores code configured to be arranged to run on the processing unit, and the code is configured to perform the method according to claim 40, 41, or 42 when it is on the processing unit.
44. A computer program that is embodied on a non-temporary computer-readable medium and is configured to perform the method described in claim 40, 41, or 42 when executed on one or more processors.