WO2006067739A2 - Method and device for key generation and proving authenticity - Google Patents

Method and device for key generation and proving authenticity Download PDF

Info

Publication number
WO2006067739A2
WO2006067739A2 PCT/IB2005/054330 IB2005054330W WO2006067739A2 WO 2006067739 A2 WO2006067739 A2 WO 2006067739A2 IB 2005054330 W IB2005054330 W IB 2005054330W WO 2006067739 A2 WO2006067739 A2 WO 2006067739A2
Authority
WO
WIPO (PCT)
Prior art keywords
node
random number
representative value
verification
measurement
Prior art date
Application number
PCT/IB2005/054330
Other languages
French (fr)
Other versions
WO2006067739A3 (en
Inventor
Pim T. Tuyls
Jasper Goseling
Boris Skoric
Geert J. Schrijen
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to JP2007547761A priority Critical patent/JP2008526078A/en
Priority to EP05850888A priority patent/EP1832036A2/en
Publication of WO2006067739A2 publication Critical patent/WO2006067739A2/en
Publication of WO2006067739A3 publication Critical patent/WO2006067739A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to the generation of keys for use in security systems, and in particular relates to the generation of keys from, for example, biometric identifiers or physical uncloneable functions (PUFs).
  • biometric identifiers or physical uncloneable functions (PUFs).
  • PEFs physical uncloneable functions
  • biometric identifiers such as fingerprints, iris patterns, voice data and gait data. Since biometric identifiers cannot be lost or forgotten, in the way that computer passwords, for example, can be forgotten, biometrics have the potential to offer higher security and more convenience for users.
  • a PUF is a function that is realized by a physical system, such that the function is easy to evaluate but the physical system is hard to characterize.
  • the physical system is designed such that it interacts in a complicated way with stimuli, called challenges, and leads to unique but unpredictable responses.
  • an optical PUF consists of a physical structure comprising some randomly distributed scattering material.
  • the optical PUF produces a unique response, in the form of a speckle pattern.
  • One or more challenge-response pairs can then be used to identify the PUF.
  • Physical identifiers such as biometrics or optical PUFs can be used for the derivation of cryptographic keys.
  • the protocol used by the user and the verifier usually consists of two phases, an enrolment phase and an application phase.
  • the verifier measures the biometrics of the user (or alternatively obtains some challenge-response pairs from the user's PUF), derives a representative value to be used as a key from the measurement (or as challenge-response pairs for proving authenticity), and stores the representative value for use during the application phase.
  • the verifier also stores reference information that helps the user to derive the same representative value (and hence the same key) during the application phase.
  • a new (noisy) measurement of the biometrics is made (or the response of the PUF to certain challenges is detected), and the reference information of the verifier is used by the user to derive the same representative value from the noisy measurement of the biometric (or response).
  • the user and the verifier communicate over a public (authenticated) channel.
  • the convenience for the users comes from the fact that they are not required to remember passwords or store additional secret keys.
  • biometrics and PUFs are uncloneable, the derivation and use of the same key by the user (thereby allowing the verifier to decrypt data encrypted using the user's key) means that the verifier can be sure that the intended user (or the original PUF) is present during the application phase.
  • fuzzy key generation offers the advantages described above, there are some problems.
  • biometric identifiers can inadvertently be left in many places. For example, fingerprints can be left on any surface that is touched, or iris scans can be taken with a camera. This implies that an attacker can easily capture a noisy version of a biometric that is closely related to the template that will be measured at the sensor of the terminal. This information can be used by the attacker to compute an estimate of the key derived from the biometric of a specific user, and hence to decrypt traffic sent between the terminal and verifier.
  • the camera recording the speckle pattern is separated from the card.
  • the camera will contain an unencrypted digital representation of the speckle pattern. This means that an attacker might attack the camera to obtain information on the speckle pattern recorded and hence on the key derived from the speckle pattern.
  • the attacker may have complete access to the card containing the PUF for a limited period of time, for example he might steal the card from the user and later return it. In this situation the attacker will be able to measure some challenge-response pairs of the PUF.
  • a method of deriving a key for encrypting or authenticating data sent between a first node and a second node comprising determining a representative value from a measurement of a physical identifier of a user; generating a random number; and combining the representative value and the random number to provide an encryption key.
  • the present invention provides a way to use measurement information derived from a physical identifier for key generation meanwhile limiting the amount of information related to said physical identifier exposed to an attacker observing communications encrypted with said encryption key.
  • an encryption key unintentionally a small amount of information related to the actual encryption key leaks to an attacker.
  • an independent, easily renewable, value that is not derived from the encryption key the information related to the physical identifier is further obfuscated from the attacker.
  • an attacker might obtain information related to the encryption key by analyzing data encrypted with said encryption key, this encryption key is based on the combination of both the information from the physical identifier as well as the random number. Therefore an attacker can no longer simply isolate the information derived from the physical identifier. By renewing the random number often, security can be further improved.
  • the step of determining a representative value from a measurement of a physical identifier of a user comprises obtaining a measurement of a biometric identifier of the user.
  • the step of determining a representative value from a measurement of a physical identifier further comprises using a secret extraction code to extract the representative value from the measurement.
  • the key is derived at the first node, and the step of determining the representative value from the measurement of a physical identifier further comprises selecting the secret extraction code from a collection of secret extraction codes in response to secret extraction code identity data provided to the first node by the second node.
  • the secret extraction code identity data is derived and stored in the second node during a verification phase.
  • the step of determining a representative value from a measurement of a physical identifier of a user comprises challenging a physical uncloneable function of a user and measuring the response.
  • the step of determining a representative value from a measurement of a physical identifier further comprises deriving the representative value from the measured response and helper data provided to the first node by the second node.
  • the step of challenging the physical uncloneable function comprises applying at least one challenge selected from a set of challenges.
  • a method of deriving keys for encrypting or authenticating data sent between a first node and a second node, the second node having a second representative value determined from a measurement of a physical identifier of a user stored in a memory comprising: generating a common random number for the first and second nodes; in the first node: determining a first representative value from a measurement of a physical identifier of a user; combining the first representative value and the common random number to provide an encryption key; and in the second node: combining the second representative value stored in the memory of the second node and the common random number to provide an encryption key.
  • the step of generating the common random number for the first and second nodes comprises: generating the random number in the first node; and securely transmitting the generated random number from the first node to the second node.
  • the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number in the first node, and, in the second node, decrypting the encrypted random number.
  • the first node has a public key for the second node stored in a memory thereof
  • the second node has a corresponding secret key stored in the memory of the second node
  • the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number using the stored public key of the second node, and, in the second node, decrypting the encrypted random number using the stored secret key of the second node.
  • the step of generating a common random number for the first and second nodes comprises using a session key generation protocol.
  • the step of determining a first representative value from a measurement of a physical identifier of a user comprises obtaining a measurement of a biometric identifier of the user.
  • the step of determining a first representative value from a measurement of a physical identifier further comprises using a secret extraction code to extract the first representative value from the measurement.
  • the step of determining the first representative value from the measurement of a physical identifier further comprises selecting the secret extraction code from a collection of secret extraction codes in response to secret extraction code identity data provided to the first node by the second node.
  • the secret extraction code identity data is derived and stored in the second node during a verification phase.
  • the step of determining a first representative value from a measurement of a physical identifier of a user comprises challenging a physical uncloneable function of a user and measuring the response.
  • the step of determining a first representative value from a measurement of a physical identifier further comprises deriving the first representative value from the measured response and helper data provided to the first node by the second node.
  • the step of challenging the physical uncloneable function comprises applying at least one challenge selected from a set of challenges.
  • a node comprising means for obtaining a measurement of a physical identifier of a user of the node; means for determining a representative value from the measurement; means for generating a random number; and means for combining the representative value and the random number to provide an encryption key.
  • the means for obtaining a measurement of a physical identifier of a user comprises means for obtaining a measurement of a biometric identifier.
  • the node further comprises: a memory having a collection of secret extraction codes stored therein; and means for receiving secret extraction code identity data from the verification node; wherein the means for determining a representative value from the measurement is adapted to determine the representative value using one of the secret extraction codes stored in the memory and the measurement of the biometric identifier, wherein the selection of the secret extraction code is made on the basis of secret extraction code identity data received from the verification node.
  • the means for obtaining a measurement of a physical identifier of a user comprises means for challenging a physical uncloneable function of a user and measuring the response.
  • the node further comprises: a memory having a collection of challenges stored therein; and means for receiving challenge identity data from the verification node; wherein the means for obtaining a measurement of a physical identifier is adapted to challenge the physical uncloneable function of the user using at least one of the challenges stored in the memory, wherein the selection of the or each challenge is made on the basis of the challenge identity data received from the verification node.
  • the node further comprises: means for receiving helper data from the verification node; wherein the means for determining a representative value from the measurement is adapted to determine the representative value using the measured response and helper data received from the verification node.
  • the node further comprises: means for transmitting the generated random number from the node to a verification node.
  • the means for transmitting the generated random number from the node to the verification node is further adapted to encrypt the random number before transmission from the node to the verification node.
  • the node further comprises: a memory the memory having a public key for the verification node stored therein; wherein the means for transmitting the generated random number from the node to the verification node is further adapted to encrypt the random number using the stored public key of the verification node.
  • the means for generating a random number is adapted to generate the random number using a session key generation protocol.
  • a smart card for use with a reader, the smart card comprising a physical uncloneable function; and a processor chip; wherein the processor chip is adapted to receive a measurement of the physical uncloneable function from the reader; determine a representative value from the measurement; generate a random number; and combine the representative value and the random number to provide an encryption key.
  • the processor chip is adapted to determine a representative value from the measurement using helper data received from the verification node.
  • a verification node comprising a memory containing a plurality of representative values, each representative value being associated with a particular user; means for receiving a user identity from a user node; means for retrieving a representative value from the memory in response to the received user identity; processing means for combining the retrieved representative value with a random number to provide an encryption key.
  • the memory further contains secret extraction code identity data associated with each of the representative values; the means for retrieving being further adapted to retrieve the associated secret extraction code identity data from the memory; and the verification node further comprises means for transmitting the retrieved secret extraction code identity data to the user node.
  • the memory further contains challenge identity data associated with each of the representative values, wherein each user has a plurality of challenges and representative values associated therewith; the means for retrieving being further adapted to retrieve the associated challenge identity data from the memory; and the verification node further comprises means for transmitting the retrieved challenge identity data to the user node.
  • the memory further contains helper data associated with each of the representative values; the means for retrieving being further adapted to retrieve the associated helper data from the memory; and wherein the means for transmitting is further adapted to transmit the retrieved helper data to the user node.
  • the random number is received from the user node by the means for receiving.
  • the random number received from the user node is encrypted; and the means for receiving is further adapted to decrypt the encrypted random number.
  • the memory further contains a secret key for the verification node and the random number received from the user node is encrypted using a public key of the verification node; and the means for receiving is adapted to decrypt the encrypted random number using the secret key.
  • the processing means is adapted to generate the random number using a session key generation protocol.
  • a node for proving authenticity for use in an authentication system can prove that it is authentic by generating a particular encryption key based on a measured representative value and transmitting that to a verification node. The verification node can subsequently verify whether the generated encryption key corresponds to an encryption key generated using a particular representative value recorded during the enrolment process of the node and the random number.
  • the node comprising: means for obtaining a measurement of a physical identifier of the node; means for determining a representative value from the measurement; means for obtaining a random number; and means for combining the representative value and the random number to provide an encryption key.
  • the means for obtaining a measurement of a physical identifier of the node and the means for determining a representative value from the measurement are in accordance with their equivalents as discussed during the third aspect of the invention.
  • the means for obtaining a random number are configured to receive said random number from said accompanying verification node.
  • this random number is received from the verification node.
  • the random number will be used in the generation of an encryption key for use in authentication. It is possible to transmit the random number to the node in the clear this will provide an attacker with a plain text that could be used for attacking the system. For security reasons the random number could be encrypted e.g. using the public key of the node. In an encrypted form, allowing the node to decrypt said random number for further use by the node.
  • the random number could be sent by the verification node in an unencrypted format, thereby reducing security of the authentication process.
  • the verification node should also provide a challenge for said physical uncloneable function.
  • the node further comprises means for transmitting an identity, when a biometry is used this could be the identity of the user, alternatively in case of a physical uncloneable function this could be a unique identifier associated with said function.
  • proof of authenticity involving a node could proceed as follows.
  • a node fitted with a physical uncloneable function is brought in proximity of a verification node, using a wireless communication channel the verification node requests a unique node identifier from the node.
  • the verification node retrieves a challenge from a database associated with said node identifier.
  • the verification node generates a random number and transmits the random number and said challenge to the node, optionally this data is encrypted first.
  • the challenge and random number are received, and subsequently decrypted.
  • Various conventional methods of encryption can be envisaged ranging from usage of private and public keys to an earlier established session key between both nodes.
  • the node challenges the physical uncloneable function, measures its response and determines a representative value from the measurement.
  • an encryption key is generated at the node, for example by encrypting the random number with the representative value, or by cryptographically hashing both the random number and the representative value. In doing so the node enables the verification node to ascertain validity of said encryption key, whereas attackers do not obtain information with respect to the representative value.
  • a node according to the sixth aspect of the invention could be used advantageously for proving authenticity of a computer program.
  • This proof of authenticity can be used as a prerequisite for granting a party authorization for use of or installation of said program on a computing platform.
  • a biometric could be used instead. Such an embodiment would enable the use of biometric data for proving authenticity of a user, thereby allowing only an authorized user to generate the key for using or installing a computer program.
  • This invention could be used in an equally advantageous fashion for proving authenticity of physical objects such as CDs, DVDs, documents (e.g. a passport), badges, tags, and tokens. Based on said proof access is granted provided the correct biometric is presented to the verification node by the user.
  • a verification node that receives a generated encryption key generated by a node for verifying that the node is authentic.
  • Such a verification node can be used in conjunction with a node according to the sixth aspect of the invention to form a system for proving authentication.
  • a verification node according to the seventh aspect of the invention comprises: means for receiving an identity from a node; means for obtaining a random number; means for retrieving a representative value associated with said identity; means for receiving an encryption key from a node; processing means for verifying whether the encryption key as received from the node can also be generated using the retrieved representative value and the random; and authenticating the node based on the outcome of said verifying.
  • the random number should be chosen anew every time a device is authenticated, furthermore by selecting a new challenge and therefore a new response for each authentication security is further increased.
  • a verification node will receive the identity of the node that is being authenticated. Based on this identity the verification node will attempt to retrieve a challenge response pair from a database.
  • This database could be stored in memory of the verification node, or could be stored on a central file server comprising challenge response data for a plurality of nodes. In fact these challenge response pairs could even be provided by said node, provided that the verification node can establish authenticity of the challenge response pairs, e.g. by verifying a signature from a trusted third party.
  • the verification node selects a challenge response pair for said node.
  • the verification node will generate the random number, thereby allowing the verifier to control the random number generator, and facilitating low cost nodes that do not require an expensive secure random number generator.
  • the verification node will transmit said challenge and random number to the node, in certain embodiments the random number will be encrypted in other embodiments it can be unencrypted.
  • the node will subsequently generate an encryption key that is sent to the verification node.
  • the verification node will receive said encryption key generated at the node.
  • the processing means will use the retrieved representative value and the random value in order to verify whether the node that generated the received encryption key was authentic.
  • the verification process at the verification node applies the same procedure followed at the node that generated said received encryption key, in doing so the verification node will generate a further encryption key for example by encrypting the random number with the representative value available at the verification node. Subsequently both generated encryption keys could be compared.
  • the verification node could verify authenticity by decrypting rather than encrypting. In doing so the verification node could use the representative value available at the verification node to decrypt the received encryption key generated at the node, and subsequently match the resulting output with the random number available at the verification node.
  • Even more alternative solutions can be envisaged, such as the generation of an encryption key by employing a cryptographic hash function. For example by hashing both the random number and the representative value available at both the node and the verification node, and subsequently comparing these.
  • the verification process establishes whether the verification node could generate the same encryption key based on the retrieved representative value and the random number, thereby establishing whether the node is authenticated. The result of this verification can be used to grant authorization to a party.
  • a particularly advantageous verification node is a verification node that functions as a trusted platform module or TPM verifying authenticity of computer programs on a computing platform.
  • TPM Trusted Platform Module
  • the verification node is a trusted platform module (TPM).
  • TPM trusted platform module
  • the verification node will obtain the representative value from the computer program in an encrypted format. Using e.g. a device key of the verification node (TPM) the verification node can decrypt this representative value. The resulting representative value is then used as presented earlier for challenging e.g.
  • this seventh aspect effectively binds the content of a computer program to a representative value derived from the biometrics of a person, or the measurement of a physical uncloneable function. As the latter are substantially harder to copy, replicate, or forge, if possible at all, this effectively presents a valuable content protection mechanism.
  • an authentication system comprising a node as described above and a verification node as described above.
  • an authentication system comprising a smart card as described above and a verification node as described above.
  • Fig. 1 is a flow chart illustrating the steps in the method according to the invention
  • Fig. 2 is a flow chart showing a preferred method according to the invention in a system that uses biometric identifiers
  • Fig. 3 is a flow chart showing a preferred method according to the invention in a system that uses physical uncloneable functions
  • Fig. 4 is a schematic diagram of a system for performing the method of Fig. 2
  • Fig. 5 is a schematic diagram of a system for performing the method of Fig. 3;
  • Fig. 6 is a flow chart showing a preferred method according to the invention of authenticating a node by a verification node
  • Fig. 7 is a schematic diagram of a system for authentication of a node by a verification node according to the invention.
  • the same reference numeral refers to a similar element, or an element that performs a similar function.
  • the verifier derives "helper data" from the measurement of the physical identifier during the enrolment phase and sends this helper data to the user's terminal during the application phase.
  • helper data allows the terminal to determine the same key as the verifier from a noisy measurement of the physical identifier.
  • the invention will be described mainly in relation to a method of deriving a key for encrypting data, it will be appreciated that the invention also relates to a method of deriving a key for authenticating data. Consequently, although the derived key is referred to herein as an "encryption key", it will be appreciated that the encryption key is also suitable for use as an authentication key.
  • Figure 1 shows a method of deriving a key for encrypting or authenticating data sent between first and second nodes according to the invention.
  • a representative value is determined from a measurement of a physical identifier of a user.
  • the step comprises obtaining a measurement of the biometric identifier, for example by scanning the fingerprint or iris, and using a secret extraction code selected from a collection of codes to extract the representative value from the measurement.
  • Secret extraction codes allow representative values to be derived from biometric identifiers, and in particular allow the same representative value to be derived from slightly different measurements of the same biometric identifier.
  • Various different secret extraction codes are available, each extracting a different representative value from a particular biometric identifier.
  • the step comprises challenging the physical uncloneable function and measuring the response.
  • the representative value is derived (using a secret extraction code for the challenge or challenges used) from the measured response, which will be unique for that physical uncloneable function and the particular challenge or challenges used.
  • the second node In order for a first node to derive the same representative value from the measurement of the biometric identifier or response from the physical uncloneable function as that derived and stored at a second node during the enrolment phase, the second node provides the first node with helper data. Where secret extraction codes are used, the helper data allows the first node to select the appropriate secret extraction code.
  • the step of determining a representative value from a measurement of a physical identifier is performed both by the verifier (which may be the second node with which the first node communicates, or a separate entity designed to provide the derived representative value and helper data to the second node) during the enrolment phase, and by the first node during the application phase.
  • the verifier which may be the second node with which the first node communicates, or a separate entity designed to provide the derived representative value and helper data to the second node
  • the invention strengthens the key derivation protocol by generating a random number during the application phase and combining the generated random number with the representative value.
  • the random number is generated.
  • the first node generates the random number and provides it to the second node.
  • the second node may generate the random number and provide it to the first node.
  • the smart card may comprise a chip that is able to generate the random number.
  • the reader in the first node for the smart card may generate the random number.
  • a new random number may be generated each time that the first node initiates a new communication session with the second node (i.e. each time that the application phase is started), or alternatively a new random number may be generated periodically to further increase security during longer communication sessions.
  • the generated random number must be provided to the other node. This must be done securely otherwise an attacker can obtain the random number and hence determine the key being used during the communication session.
  • the random number is provided to the other node using a public key encryption protocol. That is, the node that generates the random number is provided with a public key for the other node, which is used to encrypt the random number for transmission to the other node. The other node is provided with a corresponding secret key, which is used to decrypt the encrypted random number.
  • the first and second node may run a session key generation protocol to determine a random session key.
  • a session key generation protocol could be used in which the first and second nodes share a public key g.
  • the first node chooses x at random and sends g x to the second node.
  • the second node chooses y at random and sends g y to the first node.
  • the session key generation protocol is performed in an authenticated way.
  • a public key encryption protocol can be used to authenticate transmissions between the nodes during the session key generation protocol.
  • step 105 an encryption key is derived by combining the representative value determined in step 101 with the generated random number. Step 105 is performed both by the first node on the representative value determined during the application phase and by the second node on the representative value determined by the second node (or separate verifier) during the enrolment phase.
  • the encryption keys derived by the first and second nodes will be the same, allowing communications encrypted using the key of one node and received by the other node to be decrypted and read.
  • Figure 2 shows a preferred implementation of the method according to the invention in a system that uses biometric identifiers.
  • the sensors in the first node are tamper resistant (i.e. it is not possible to eavesdrop on the events or readings inside the sensor), and that the sensor can detect artificially constructed biometrics.
  • the communication line between the sensor in the first node and the second node is susceptible to eavesdropping. Therefore, in this preferred implementation, a public key encryption protocol is used in which the first node has a public key pk of the second node, and the second node has a corresponding secret key sk.
  • the first node comprises a random number generator producing random numbers (in bit form).
  • the method starts at step 201 where a user identity, such as a user name, is entered into a first node by a user.
  • step 203 the user presents their biometric identifier to a sensor in the first node, and the sensor measures the biometric identifier.
  • step 205 the user identity is transmitted from the first node to the second node, preferably using the public key encryption protocol.
  • step 207 a database in the second node is accessed and the representative value and helper data associated with the received user identity is retrieved.
  • step 209 the retrieved helper data is transmitted to the first node.
  • the first node uses the received helper data to extract a representative value from the measurement of the biometric identifier.
  • the first node generates a random bit string.
  • the first node transmits the random bit string to the second node using the public key encryption protocol.
  • step 217 the first node combines the random bit string and the determined representative value to derive an encryption key.
  • step 219 the second node combines the random bit string, received from the first node in step 215, and the representative value, retrieved in step 207, to derive another encryption key.
  • both nodes will be able to decrypt and read data encrypted using the encryption key of the other node.
  • the encryption system used to provide the random bit string to the second node does not allow the attacker to find out any information about the random bit string (i.e. the encrypted random bit string does not leak any information about the random bit string itself).
  • the attacker can only guess the random bit string.
  • the attacker may have a noisy version of the biometric identifier and also the helper data that is sent from the second node to the first node. Even assuming that the noisy version of the biometric identifier is sufficiently close to the version used to derive the stored representative value so that the same representative value can be determined from the noisy version of the biometric identifier and the helper data, the probability of correctly guessing the encryption key (assuming that the representative value is random) is bounded by max ⁇ 1/ (]f i J , 2 ' ⁇ which becomes small if
  • Figure 3 shows a preferred implementation of the method according to the invention in a system that uses an optical physical uncloneable function in a smart card.
  • the camera in the reader first node
  • the camera in the reader is susceptible to eavesdropping.
  • the communication line between the reader and the second node is also susceptible to eavesdropping. Therefore, an encryption protocol is used which, in this preferred implementation, is a public key encryption protocol.
  • the chip in the smart card has a public key pk of the second node stored therein, and the second node has a corresponding secret key sk.
  • the chip also comprises a random number generator that produces random numbers (in bit form).
  • the method starts at step 301 where the smart card is inserted into the reader.
  • a user identity such as a username
  • stored on the smart card is transmitted to the second node.
  • a database in the second node is accessed using the received user identity and a representative value and helper data, both associated with a particular challenge and the user, are retrieved.
  • step 307 the helper data and the challenge associated with the helper data are sent to the reader and the smart card.
  • steps 309 and 311 the reader challenges the physical uncloneable function according to the received challenge and measures the response. This response is passed to the chip in the smart card.
  • step 313 a representative value is computed by the chip in the smart card using the measured response and the helper data.
  • step 315 the chip uses the random number generator to generate a random bit string.
  • step 317 the smart card, via the reader, transmits the random bit string to the second node using the public key encryption protocol.
  • step 319 the chip in the smart card combines the random bit string and the determined representative value to derive an encryption key.
  • step 321 the second node combines the random bit string and the retrieved representative value to derive another encryption key.
  • the second node sends a random message to the smart card via the reader.
  • the smart card encrypts the random message using the derived encryption key and sends it back to the second node.
  • the second node decrypts the encrypted message using the encryption key derived therein and checks whether the decrypted message is the same as the random message sent to the reader and smart card. If it is the same, the smart card is authenticated and the transaction may continue, but if it does not, the transaction is stopped.
  • the random bit string can be generated by the chip at the start of the method.
  • Figure 4 shows a system for performing the method shown in Figure 2.
  • the system 401 comprises a first node 403 and a second node 405.
  • the first node 401 comprises a means for obtaining a measurement of a physical identifier in the form of a sensor 407 for example such as a camera or a fingerprint reader, a random number generator 409, a memory 411 and a communication module 413, each connected to a processor 415.
  • a sensor 407 for example such as a camera or a fingerprint reader
  • a random number generator 409 for example such as a camera or a fingerprint reader
  • a memory 411 for example such as a camera or a fingerprint reader
  • a communication module 413 each connected to a processor 415.
  • the second node 405 comprises a memory 417 and means for receiving a user identity and a random number from the first node 403 in the form of a communication module 419 connected to a processor 421.
  • the sensor 407 obtains a measurement of a biometric identifier, Y, of a user and passes the measurement to the processor 415.
  • the processor 415 uses the measurement and helper data received via the communication module 413 from the second node 405 to determine a representative value.
  • the random number generator 409 generates a random number and the processor 415 combines the random number and the representative value to provide an encryption key.
  • the processor 415 is also adapted to transmit the random number, using the communication module 413, to the second node 405.
  • the memory 411 has a number of secret extraction codes stored therein and the processor 415 uses a secret extraction code indicated by the helper data received from the second node 405 to determine the representative value.
  • the memory 411 has a public key for the second node 405 stored therein, and this public key is used to encrypt the random number before transmission to the second node 405.
  • the processor 421 is adapted to retrieve a representative value stored in the memory 417 that is associated with a particular user and to combine the retrieved value with a random number received via the communication module 419 from the first node 403 to provide an encryption key.
  • the memory 417 also comprises a secret key for the second node 405 that is used in a public key encryption protocol.
  • FIG. 5 shows a system for performing the method of Figure 3.
  • the system 501 comprises a first node 503 and a second node 505.
  • the first node 503 comprises a smart card 507 inserted into a reader 509.
  • the smart card 507 comprises an optical physical uncloneable function 511 and a processor chip 513.
  • the reader 509 comprises a sensor 515 and a communication module 517 connected to a processor 519.
  • the second node 505 comprises a memory 521 and a communication module 523 connected to a processor 525.
  • the sensor 515 obtains a response from the optical physical uncloneable function 511 to a challenge set by the second node 505.
  • the sensor 515 passes the measured response to the processor chip 513 via the communication module 517.
  • the processor chip 513 uses the measured response and helper data received via the communication module 517 from the second node 505 to determine a representative value.
  • the processor chip 513 also comprises a random number generator 527 that generates a random number that is combined with the representative value by the processor chip 513 to provide an encryption key.
  • the processor chip 513 is also adapted to transmit the random number, via the communication module 517, to the second node 505.
  • the processor chip 513 has a public key for the second node 505 stored therein, and this public key is used to encrypt the random number before transmission to the second node 505.
  • the processor 525 is adapted to retrieve a representative value stored in the memory 521 that is associated with a particular user and to combine the retrieved value with a random number received via the communication module 523 from the reader 509 to provide an encryption key.
  • the memory 521 also comprises a secret key for the second node 505 that is used in a public key encryption protocol.
  • Figure 6 shows a preferred method for authentication of a node with an associated identity by a verification node. The method of authentication is based on the fact that both the node and the verification node can generate the same encryption key.
  • the verification node can challenge the node to generate a particular encryption key that the node with the associated identity can generate.
  • the verification node can verify whether the encryption key generated by that node is correct.
  • the verification node can compute an encryption key in an analogous fashion, or may analyze the encryption key received from said node using the retrieved representative value and the random number available at the verification node.
  • the verification node When a node is brought into proximity of a verification node, the verification node will, using a wireless communication channel obtain an identity of said node in step 601.
  • the received identity is used by the verification node to retrieve a representative value, a challenge, and helper data associated with the node with said identity in step 602.
  • helper data could be stored together with the challenge data, the helper data could also be stored locally on the node. When the helper data is stored on the node this will require storage on the node, however, there is no need for retrieving said helper data by the verification node.
  • the verification node further generates a random number in step 603.
  • the verification node now transmits the challenge, the helper data, and said random number to the node in step 604.
  • the challenge is presented to the physically uncloneable function in step 309, and the response to the challenge is measured in step 311. Subsequently a representative value is generated using the helper data and the response in step 313.
  • the verification node receives said encryption key in step 606, and verifies whether the encryption key generated by the node corresponds to the expected encryption key in step 607. By means of this verification the verification node establishes whether the node is authentic in step 608. Optionally the verification node could authorize a party based on the authentication in step 609.
  • the node will encrypt the random number with the measured representative value in order to generate an encryption key.
  • the verification node will encrypt the random number with the retrieved representative value and compare both encryption results, based on this comparison the verification node can authenticate the node.
  • the node will encrypt the random number with the measured representative value, but instead the verification node will decrypt the received encryption key generated by node using the retrieved representative value in order to obtain the random number encrypted at the node.
  • the decryption result can now be compared with the random value at the verification node, based on this comparison the verification node can authenticate the node.
  • the node will generate an encryption key by applying a cryptographic hash on at least the measured representative value and the random number.
  • the resulting encryption key is sent to the verification node.
  • the verification node will form a similar hash using the random number and the retrieved representative value.
  • FIG. 7 shows a system for authentication of a node.
  • the system comprises a verification node 720 that functions as a Trusted Platform Module or TPM.
  • TPM Trusted Platform Module
  • the system is used for proving authenticity of a computer program that is distributed on a data carrier 730.
  • a node 710 for proving authenticity of said computer program
  • this node could be a tag that is embedded in the manual of the computer program, or in the jewel case in which the data carrier is shipped.
  • the system comprises a node 710 and a verification node 720, and a data carrier 730.
  • This particular authentication system is based on the fact that both the node 710 and the verification node 720 can generate the same encryption key.
  • the verification node can challenge the node 710 to generate an encryption key that only the actual node 710 can generate by using said physical uncloneable function. In turn the verification node can verify whether the encryption key generated by the node 710 is correct.
  • the node 710 comprises a physical uncloneable function 711 and a sensor 713 and a communication module 712 connected to a processor 714.
  • the verification node 720 comprises a data carrier reader 723, a communication module 721, and a random number generator all connected to a processor 722.
  • the communication modules 712 and 721 are configured for communicating over a wireless channel.
  • a wireless communication channel could be based on RF, or IR receivers and transmitters.
  • Alternative implementations using wired communication channels could also be envisaged.
  • the verification node 720 is a TPM that can be used to authenticate the node 710.
  • the data carrier 730 comprises a representative value of the physically uncloneable function 711. This representative value could have been established during enrolment of said node 710.
  • the representative value is stored in an encrypted form on said data carrier.
  • the verification node 720 can retrieve the encrypted representative value from the data carrier by means of the data carrier reader 723.
  • the encrypted representative value can subsequently be decrypted e.g. using a device key of the verification node 720 (TPM) resulting in a retrieved representative value.
  • the data carrier may also comprise challenges and helper data related to said physically uncloneable function.
  • the verification node 710 When the node 710 is brought into proximity of the verification node 720, the verification node 710 will request an identity from the node 710. In turn the node 710 will provide the verification node with said identity. Based on this identity the verification node can subsequently retrieve a representative value, a challenge, and helper data from the data carrier 730.
  • the node 710 is provided with a challenge by the verification node 720.
  • the verification node provides the node 710 with a random number.
  • the processor 714 of the node 710 can use the public key for decrypting said random number.
  • the physical uncloneable function 711 is challenged and its response is measured by the sensor 713.
  • the sensor 713 passes the measured response to the processor 714.
  • the processor 714 uses the measured response and helper data received via the communication module 712 from the verification node 720 to determine a representative value.
  • the processor 714 further generates an encryption key by combining the representative value based on the measured physical identifier with the random number received from the verification node 720. Said encryption key can be subsequently communicated with the verification node 720.
  • the encryption key is used for data encryption in addition to authentication the encryption key shall be transmitted in a secure manner.
  • the encryption key is only used for authenticating the node 710 and each time a device is authenticated using a new random number no further encryption is needed for transmitting the encryption key to the verification node 720.
  • Security can be further improved selecting a new challenge (resulting in a new representative value) every time a node is authenticated.
  • the verification node 720 uses the retrieved representative value and the random number for verifying whether the node 710 indeed generated the requested encryption key.
  • the system in Figure 7 uses a physical uncloneable function a similar approach could be employed in a system based on biometrics.
  • a computer program to be linked to a measured representative value derived from the biometrics of a user, thereby allowing said user to install or use said computer program.
  • the present invention allows the distribution of a computer program on a carrier comprising a representative value for authentication of said computer program.
  • the computer program could be encrypted with a (further) key derived from said biometrics.
  • FIG. 7 depicts a data carrier 730 in the form of a disc
  • the present invention is not limited to computer programs distributed using such data carriers. Representative values could also be distributed on other media such as flash memories, or embedded in computer programs that are downloaded from e.g. the Internet or a file-server.

Abstract

There is provided a method of deriving a key for encrypting or authenticating data sent between first and second nodes, the method comprising determining a representative value from a measurement of a physical identifier of a user; generating a random number; and combining the representative value and the random number to provide an encryption key. The present invention further provides a node, and a verification node as well as a system for authentication of a node by a verification node. Said system applying encryption key generation according to the present invention. The invention further provides a computer program product comprising a representative value of a node for use in authenticating said computer program product.

Description

Method and device for key generation and proving authenticity
The present invention relates to the generation of keys for use in security systems, and in particular relates to the generation of keys from, for example, biometric identifiers or physical uncloneable functions (PUFs).
There is increasing demand for more reliable and convenient security systems, and there is interest in the use of biometric identifiers, such as fingerprints, iris patterns, voice data and gait data. Since biometric identifiers cannot be lost or forgotten, in the way that computer passwords, for example, can be forgotten, biometrics have the potential to offer higher security and more convenience for users.
Some of the same advantages of a biometric identification system can also be achieved by the use of physical uncloneable functions (PUFs). A PUF is a function that is realized by a physical system, such that the function is easy to evaluate but the physical system is hard to characterize. The physical system is designed such that it interacts in a complicated way with stimuli, called challenges, and leads to unique but unpredictable responses. For example, an optical PUF consists of a physical structure comprising some randomly distributed scattering material. Thus, in response to a particular challenge, for example in the form of input laser light having particular properties, the optical PUF produces a unique response, in the form of a speckle pattern. One or more challenge-response pairs can then be used to identify the PUF.
Physical identifiers, such as biometrics or optical PUFs can be used for the derivation of cryptographic keys. In particular, consider the situation where a user wants to communicate over a private channel with a verifier, or consider the situation where a verifier wants to establish authenticity of a product before granting authorization for use of said product. The protocol used by the user and the verifier usually consists of two phases, an enrolment phase and an application phase.
During the enrolment phase, the verifier measures the biometrics of the user (or alternatively obtains some challenge-response pairs from the user's PUF), derives a representative value to be used as a key from the measurement (or as challenge-response pairs for proving authenticity), and stores the representative value for use during the application phase. The verifier also stores reference information that helps the user to derive the same representative value (and hence the same key) during the application phase.
During the application phase, a new (noisy) measurement of the biometrics is made (or the response of the PUF to certain challenges is detected), and the reference information of the verifier is used by the user to derive the same representative value from the noisy measurement of the biometric (or response). In order to correctly derive keys from noisy measurements, the user and the verifier communicate over a public (authenticated) channel.
The convenience for the users comes from the fact that they are not required to remember passwords or store additional secret keys. In addition, since biometrics and PUFs are uncloneable, the derivation and use of the same key by the user (thereby allowing the verifier to decrypt data encrypted using the user's key) means that the verifier can be sure that the intended user (or the original PUF) is present during the application phase.
Although this type of key generation (known as "fuzzy key generation") offers the advantages described above, there are some problems.
Firstly, biometric identifiers can inadvertently be left in many places. For example, fingerprints can be left on any surface that is touched, or iris scans can be taken with a camera. This implies that an attacker can easily capture a noisy version of a biometric that is closely related to the template that will be measured at the sensor of the terminal. This information can be used by the attacker to compute an estimate of the key derived from the biometric of a specific user, and hence to decrypt traffic sent between the terminal and verifier.
In the case of optical PUFs, the camera recording the speckle pattern is separated from the card. In addition, the camera will contain an unencrypted digital representation of the speckle pattern. This means that an attacker might attack the camera to obtain information on the speckle pattern recorded and hence on the key derived from the speckle pattern. Finally, the attacker may have complete access to the card containing the PUF for a limited period of time, for example he might steal the card from the user and later return it. In this situation the attacker will be able to measure some challenge-response pairs of the PUF.
There is therefore a need to provide a key generation protocol that allows the generation of keys from a physical identifier that reduces the amount of information being revealed related to the measurement of said physical identifier. According to a first aspect of the present invention, there is provided a method of deriving a key for encrypting or authenticating data sent between a first node and a second node, the method comprising determining a representative value from a measurement of a physical identifier of a user; generating a random number; and combining the representative value and the random number to provide an encryption key.
The present invention provides a way to use measurement information derived from a physical identifier for key generation meanwhile limiting the amount of information related to said physical identifier exposed to an attacker observing communications encrypted with said encryption key. When using an encryption key unintentionally a small amount of information related to the actual encryption key leaks to an attacker. By using an independent, easily renewable, value that is not derived from the encryption key the information related to the physical identifier is further obfuscated from the attacker. Although an attacker might obtain information related to the encryption key by analyzing data encrypted with said encryption key, this encryption key is based on the combination of both the information from the physical identifier as well as the random number. Therefore an attacker can no longer simply isolate the information derived from the physical identifier. By renewing the random number often, security can be further improved.
Preferably, the step of determining a representative value from a measurement of a physical identifier of a user comprises obtaining a measurement of a biometric identifier of the user.
Preferably, the step of determining a representative value from a measurement of a physical identifier further comprises using a secret extraction code to extract the representative value from the measurement. Preferably, the key is derived at the first node, and the step of determining the representative value from the measurement of a physical identifier further comprises selecting the secret extraction code from a collection of secret extraction codes in response to secret extraction code identity data provided to the first node by the second node.
Preferably, the secret extraction code identity data is derived and stored in the second node during a verification phase.
Alternatively, the step of determining a representative value from a measurement of a physical identifier of a user comprises challenging a physical uncloneable function of a user and measuring the response. Preferably, the step of determining a representative value from a measurement of a physical identifier further comprises deriving the representative value from the measured response and helper data provided to the first node by the second node.
Preferably, the step of challenging the physical uncloneable function comprises applying at least one challenge selected from a set of challenges.
According to a second aspect of the present invention, there is provided a method of deriving keys for encrypting or authenticating data sent between a first node and a second node, the second node having a second representative value determined from a measurement of a physical identifier of a user stored in a memory, the method comprising: generating a common random number for the first and second nodes; in the first node: determining a first representative value from a measurement of a physical identifier of a user; combining the first representative value and the common random number to provide an encryption key; and in the second node: combining the second representative value stored in the memory of the second node and the common random number to provide an encryption key.
Preferably, the step of generating the common random number for the first and second nodes comprises: generating the random number in the first node; and securely transmitting the generated random number from the first node to the second node.
Preferably, the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number in the first node, and, in the second node, decrypting the encrypted random number.
Preferably, the first node has a public key for the second node stored in a memory thereof, and the second node has a corresponding secret key stored in the memory of the second node, and wherein the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number using the stored public key of the second node, and, in the second node, decrypting the encrypted random number using the stored secret key of the second node.
Alternatively, the step of generating a common random number for the first and second nodes comprises using a session key generation protocol. Preferably, the step of determining a first representative value from a measurement of a physical identifier of a user comprises obtaining a measurement of a biometric identifier of the user. Preferably, the step of determining a first representative value from a measurement of a physical identifier further comprises using a secret extraction code to extract the first representative value from the measurement.
Preferably, the step of determining the first representative value from the measurement of a physical identifier further comprises selecting the secret extraction code from a collection of secret extraction codes in response to secret extraction code identity data provided to the first node by the second node.
Preferably, the secret extraction code identity data is derived and stored in the second node during a verification phase. Alternatively, the step of determining a first representative value from a measurement of a physical identifier of a user comprises challenging a physical uncloneable function of a user and measuring the response.
Preferably, the step of determining a first representative value from a measurement of a physical identifier further comprises deriving the first representative value from the measured response and helper data provided to the first node by the second node.
Preferably, the step of challenging the physical uncloneable function comprises applying at least one challenge selected from a set of challenges.
Preferably, the method in the first node further comprising the step of transmitting a user identity to the second node. According to a third aspect of the invention, there is provided a node comprising means for obtaining a measurement of a physical identifier of a user of the node; means for determining a representative value from the measurement; means for generating a random number; and means for combining the representative value and the random number to provide an encryption key. Preferably, the means for obtaining a measurement of a physical identifier of a user comprises means for obtaining a measurement of a biometric identifier.
Preferably, the node further comprises: a memory having a collection of secret extraction codes stored therein; and means for receiving secret extraction code identity data from the verification node; wherein the means for determining a representative value from the measurement is adapted to determine the representative value using one of the secret extraction codes stored in the memory and the measurement of the biometric identifier, wherein the selection of the secret extraction code is made on the basis of secret extraction code identity data received from the verification node. Alternatively, the means for obtaining a measurement of a physical identifier of a user comprises means for challenging a physical uncloneable function of a user and measuring the response.
Preferably, the node further comprises: a memory having a collection of challenges stored therein; and means for receiving challenge identity data from the verification node; wherein the means for obtaining a measurement of a physical identifier is adapted to challenge the physical uncloneable function of the user using at least one of the challenges stored in the memory, wherein the selection of the or each challenge is made on the basis of the challenge identity data received from the verification node. Preferably, the node further comprises: means for receiving helper data from the verification node; wherein the means for determining a representative value from the measurement is adapted to determine the representative value using the measured response and helper data received from the verification node.
Preferably, the node further comprises: means for transmitting the generated random number from the node to a verification node.
Preferably, the means for transmitting the generated random number from the node to the verification node is further adapted to encrypt the random number before transmission from the node to the verification node.
Preferably, the node further comprises: a memory the memory having a public key for the verification node stored therein; wherein the means for transmitting the generated random number from the node to the verification node is further adapted to encrypt the random number using the stored public key of the verification node.
Alternatively, the means for generating a random number is adapted to generate the random number using a session key generation protocol. According to a fourth aspect of the present invention, there is provided a smart card for use with a reader, the smart card comprising a physical uncloneable function; and a processor chip; wherein the processor chip is adapted to receive a measurement of the physical uncloneable function from the reader; determine a representative value from the measurement; generate a random number; and combine the representative value and the random number to provide an encryption key.
Preferably, the processor chip is adapted to determine a representative value from the measurement using helper data received from the verification node.
According to a fifth aspect of the present invention, there is provided a verification node, comprising a memory containing a plurality of representative values, each representative value being associated with a particular user; means for receiving a user identity from a user node; means for retrieving a representative value from the memory in response to the received user identity; processing means for combining the retrieved representative value with a random number to provide an encryption key. Preferably, the memory further contains secret extraction code identity data associated with each of the representative values; the means for retrieving being further adapted to retrieve the associated secret extraction code identity data from the memory; and the verification node further comprises means for transmitting the retrieved secret extraction code identity data to the user node. Alternatively, the memory further contains challenge identity data associated with each of the representative values, wherein each user has a plurality of challenges and representative values associated therewith; the means for retrieving being further adapted to retrieve the associated challenge identity data from the memory; and the verification node further comprises means for transmitting the retrieved challenge identity data to the user node.
Preferably, the memory further contains helper data associated with each of the representative values; the means for retrieving being further adapted to retrieve the associated helper data from the memory; and wherein the means for transmitting is further adapted to transmit the retrieved helper data to the user node. Preferably, the random number is received from the user node by the means for receiving.
Preferably, the random number received from the user node is encrypted; and the means for receiving is further adapted to decrypt the encrypted random number.
Preferably, the memory further contains a secret key for the verification node and the random number received from the user node is encrypted using a public key of the verification node; and the means for receiving is adapted to decrypt the encrypted random number using the secret key.
Alternatively, the processing means is adapted to generate the random number using a session key generation protocol. According to an sixth aspect of the invention, there is provided a node for proving authenticity for use in an authentication system. A node can prove that it is authentic by generating a particular encryption key based on a measured representative value and transmitting that to a verification node. The verification node can subsequently verify whether the generated encryption key corresponds to an encryption key generated using a particular representative value recorded during the enrolment process of the node and the random number.
The node comprising: means for obtaining a measurement of a physical identifier of the node; means for determining a representative value from the measurement; means for obtaining a random number; and means for combining the representative value and the random number to provide an encryption key.
The means for obtaining a measurement of a physical identifier of the node and the means for determining a representative value from the measurement are in accordance with their equivalents as discussed during the third aspect of the invention. Preferably in a node according to the sixth aspect of the invention the means for obtaining a random number are configured to receive said random number from said accompanying verification node.
Preferably this random number is received from the verification node. The random number will be used in the generation of an encryption key for use in authentication. It is possible to transmit the random number to the node in the clear this will provide an attacker with a plain text that could be used for attacking the system. For security reasons the random number could be encrypted e.g. using the public key of the node. In an encrypted form, allowing the node to decrypt said random number for further use by the node.
Alternatively the random number could be sent by the verification node in an unencrypted format, thereby reducing security of the authentication process.
In case the node according to the sixth aspect is fitted with a physical uncloneable function for measuring the physical identifier, the verification node should also provide a challenge for said physical uncloneable function.
Preferably the node further comprises means for transmitting an identity, when a biometry is used this could be the identity of the user, alternatively in case of a physical uncloneable function this could be a unique identifier associated with said function.
In a particular embodiment proof of authenticity involving a node according to this sixth aspect of the invention could proceed as follows. A node fitted with a physical uncloneable function is brought in proximity of a verification node, using a wireless communication channel the verification node requests a unique node identifier from the node. Based on the node identifier submitted by the node, the verification node retrieves a challenge from a database associated with said node identifier. In addition the verification node generates a random number and transmits the random number and said challenge to the node, optionally this data is encrypted first. At the node that is proving authenticity, the challenge and random number are received, and subsequently decrypted. Various conventional methods of encryption can be envisaged ranging from usage of private and public keys to an earlier established session key between both nodes. After decryption the node challenges the physical uncloneable function, measures its response and determines a representative value from the measurement. Next an encryption key is generated at the node, for example by encrypting the random number with the representative value, or by cryptographically hashing both the random number and the representative value. In doing so the node enables the verification node to ascertain validity of said encryption key, whereas attackers do not obtain information with respect to the representative value.
A node according to the sixth aspect of the invention could be used advantageously for proving authenticity of a computer program. This proof of authenticity can be used as a prerequisite for granting a party authorization for use of or installation of said program on a computing platform. Although the above example emphasizes the use of a node fitted with a physical uncloneable function, a biometric could be used instead. Such an embodiment would enable the use of biometric data for proving authenticity of a user, thereby allowing only an authorized user to generate the key for using or installing a computer program.
This invention could be used in an equally advantageous fashion for proving authenticity of physical objects such as CDs, DVDs, documents (e.g. a passport), badges, tags, and tokens. Based on said proof access is granted provided the correct biometric is presented to the verification node by the user.
According to a seventh aspect of the invention, there is provided a verification node that receives a generated encryption key generated by a node for verifying that the node is authentic. Such a verification node can be used in conjunction with a node according to the sixth aspect of the invention to form a system for proving authentication. A verification node according to the seventh aspect of the invention comprises: means for receiving an identity from a node; means for obtaining a random number; means for retrieving a representative value associated with said identity; means for receiving an encryption key from a node; processing means for verifying whether the encryption key as received from the node can also be generated using the retrieved representative value and the random; and authenticating the node based on the outcome of said verifying. For optimum security the random number should be chosen anew every time a device is authenticated, furthermore by selecting a new challenge and therefore a new response for each authentication security is further increased.
Preferably a verification node will receive the identity of the node that is being authenticated. Based on this identity the verification node will attempt to retrieve a challenge response pair from a database. This database could be stored in memory of the verification node, or could be stored on a central file server comprising challenge response data for a plurality of nodes. In fact these challenge response pairs could even be provided by said node, provided that the verification node can establish authenticity of the challenge response pairs, e.g. by verifying a signature from a trusted third party.
Preferably the verification node selects a challenge response pair for said node.
Preferably the verification node will generate the random number, thereby allowing the verifier to control the random number generator, and facilitating low cost nodes that do not require an expensive secure random number generator. Preferably the verification node will transmit said challenge and random number to the node, in certain embodiments the random number will be encrypted in other embodiments it can be unencrypted. The node will subsequently generate an encryption key that is sent to the verification node.
Preferably the verification node will receive said encryption key generated at the node.
Preferably the processing means will use the retrieved representative value and the random value in order to verify whether the node that generated the received encryption key was authentic.
Preferably the verification process at the verification node applies the same procedure followed at the node that generated said received encryption key, in doing so the verification node will generate a further encryption key for example by encrypting the random number with the representative value available at the verification node. Subsequently both generated encryption keys could be compared.
Alternatively the verification node could verify authenticity by decrypting rather than encrypting. In doing so the verification node could use the representative value available at the verification node to decrypt the received encryption key generated at the node, and subsequently match the resulting output with the random number available at the verification node. Even more alternative solutions can be envisaged, such as the generation of an encryption key by employing a cryptographic hash function. For example by hashing both the random number and the representative value available at both the node and the verification node, and subsequently comparing these. The verification process establishes whether the verification node could generate the same encryption key based on the retrieved representative value and the random number, thereby establishing whether the node is authenticated. The result of this verification can be used to grant authorization to a party.
A particularly advantageous verification node is a verification node that functions as a trusted platform module or TPM verifying authenticity of computer programs on a computing platform. ("Trusted Platform Module (TPM) based Security on Notebook PCs" White Paper by Sundeep Bajikar, Mobile Platforms Group, Intel Corporation, June 20, 2002. (http://developerjntel.com/design/mobile/platlbrm/ downloads/Trusted Platform Module White Paper.pdf). Preferably the verification node is a trusted platform module (TPM). The verification node will obtain the representative value from the computer program in an encrypted format. Using e.g. a device key of the verification node (TPM) the verification node can decrypt this representative value. The resulting representative value is then used as presented earlier for challenging e.g. a token that is distributed in conjunction with said computer program. In doing so this seventh aspect effectively binds the content of a computer program to a representative value derived from the biometrics of a person, or the measurement of a physical uncloneable function. As the latter are substantially harder to copy, replicate, or forge, if possible at all, this effectively presents a valuable content protection mechanism.
According to a eighth aspect of the invention, there is provided an authentication system comprising a node as described above and a verification node as described above.
According to a ninth aspect of the invention, there is provided an authentication system comprising a smart card as described above and a verification node as described above. The invention will now be described, by way of example, with reference to the following drawings, in which:
Fig. 1 is a flow chart illustrating the steps in the method according to the invention; Fig. 2 is a flow chart showing a preferred method according to the invention in a system that uses biometric identifiers;
Fig. 3 is a flow chart showing a preferred method according to the invention in a system that uses physical uncloneable functions;
Fig. 4 is a schematic diagram of a system for performing the method of Fig. 2; Fig. 5 is a schematic diagram of a system for performing the method of Fig. 3;
Fig. 6 is a flow chart showing a preferred method according to the invention of authenticating a node by a verification node; and
Fig. 7 is a schematic diagram of a system for authentication of a node by a verification node according to the invention. Throughout the drawings, the same reference numeral refers to a similar element, or an element that performs a similar function.
The invention will now be described with reference to a system in which representative values are derived from physical identifiers of a user using the method described in "New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates" by J.P. Linnartz and P. Tuyls, AVBPA 2003. According to this method, the verifier derives "helper data" from the measurement of the physical identifier during the enrolment phase and sends this helper data to the user's terminal during the application phase. This helper data allows the terminal to determine the same key as the verifier from a noisy measurement of the physical identifier.
However, it will be appreciated by a person skilled in the art that the present invention may be applied to systems that use other methods of key generation.
It will also be appreciated that the present invention can be applied to a system that generates symmetric or asymmetric keys.
Although the invention will be described mainly in relation to a method of deriving a key for encrypting data, it will be appreciated that the invention also relates to a method of deriving a key for authenticating data. Consequently, although the derived key is referred to herein as an "encryption key", it will be appreciated that the encryption key is also suitable for use as an authentication key.
Figure 1 shows a method of deriving a key for encrypting or authenticating data sent between first and second nodes according to the invention.
In step 101, a representative value is determined from a measurement of a physical identifier of a user.
Where the physical identifier is a biometric identifier, for example a fingerprint or iris, the step comprises obtaining a measurement of the biometric identifier, for example by scanning the fingerprint or iris, and using a secret extraction code selected from a collection of codes to extract the representative value from the measurement.
Secret extraction codes (as described in "Capacity and Examples of Template Protecting Biometric Authentication Systems" by P. Tuyls and J. Goseling, BiOAW 2004) allow representative values to be derived from biometric identifiers, and in particular allow the same representative value to be derived from slightly different measurements of the same biometric identifier. Various different secret extraction codes are available, each extracting a different representative value from a particular biometric identifier.
Alternatively, where the physical identifier is a physical uncloneable function, the step comprises challenging the physical uncloneable function and measuring the response. The representative value is derived (using a secret extraction code for the challenge or challenges used) from the measured response, which will be unique for that physical uncloneable function and the particular challenge or challenges used.
In order for a first node to derive the same representative value from the measurement of the biometric identifier or response from the physical uncloneable function as that derived and stored at a second node during the enrolment phase, the second node provides the first node with helper data. Where secret extraction codes are used, the helper data allows the first node to select the appropriate secret extraction code.
It will be appreciated that the step of determining a representative value from a measurement of a physical identifier is performed both by the verifier (which may be the second node with which the first node communicates, or a separate entity designed to provide the derived representative value and helper data to the second node) during the enrolment phase, and by the first node during the application phase.
In order to overcome the problems associated with noisy biometric identifiers (such as fingerprints on a glass) being obtained or the temporary acquisition of a physical uncloneable function by an attacker, the invention strengthens the key derivation protocol by generating a random number during the application phase and combining the generated random number with the representative value.
In step 103, the random number is generated. Preferably, the first node generates the random number and provides it to the second node. Alternatively, the second node may generate the random number and provide it to the first node.
Where the physical identifier is a physical uncloneable function contained on a smart card, the smart card may comprise a chip that is able to generate the random number. Alternatively, the reader in the first node for the smart card may generate the random number.
A new random number may be generated each time that the first node initiates a new communication session with the second node (i.e. each time that the application phase is started), or alternatively a new random number may be generated periodically to further increase security during longer communication sessions. As described above, the generated random number must be provided to the other node. This must be done securely otherwise an attacker can obtain the random number and hence determine the key being used during the communication session.
Preferably, the random number is provided to the other node using a public key encryption protocol. That is, the node that generates the random number is provided with a public key for the other node, which is used to encrypt the random number for transmission to the other node. The other node is provided with a corresponding secret key, which is used to decrypt the encrypted random number.
Although the public key encryption protocol is preferable, it will be appreciated that many other protocols may be used to securely provide the random number to the other node.
As an alternative to generating the random number in one node and securely transmitting it to the other node, the first and second node may run a session key generation protocol to determine a random session key. For example, a Diffie-Hellmann session key generation protocol could be used in which the first and second nodes share a public key g. The first node chooses x at random and sends gx to the second node. The second node chooses y at random and sends gy to the first node. Both nodes compute a common random number gxy = (gx)y = (gy)x.
In order to defeat a "man in the middle" attack, it is preferred that the session key generation protocol is performed in an authenticated way. For example, a public key encryption protocol can be used to authenticate transmissions between the nodes during the session key generation protocol.
In step 105, an encryption key is derived by combining the representative value determined in step 101 with the generated random number. Step 105 is performed both by the first node on the representative value determined during the application phase and by the second node on the representative value determined by the second node (or separate verifier) during the enrolment phase.
If the representative value derived by the first node matches the representative value derived by the second node, then the encryption keys derived by the first and second nodes will be the same, allowing communications encrypted using the key of one node and received by the other node to be decrypted and read.
Figure 2 shows a preferred implementation of the method according to the invention in a system that uses biometric identifiers. In this preferred implementation, it is assumed that the sensors in the first node are tamper resistant (i.e. it is not possible to eavesdrop on the events or readings inside the sensor), and that the sensor can detect artificially constructed biometrics.
The communication line between the sensor in the first node and the second node is susceptible to eavesdropping. Therefore, in this preferred implementation, a public key encryption protocol is used in which the first node has a public key pk of the second node, and the second node has a corresponding secret key sk. The first node comprises a random number generator producing random numbers (in bit form).
The method starts at step 201 where a user identity, such as a user name, is entered into a first node by a user.
In step 203, the user presents their biometric identifier to a sensor in the first node, and the sensor measures the biometric identifier.
In step 205, the user identity is transmitted from the first node to the second node, preferably using the public key encryption protocol.
In step 207, a database in the second node is accessed and the representative value and helper data associated with the received user identity is retrieved. In step 209, the retrieved helper data is transmitted to the first node.
In step 211, the first node uses the received helper data to extract a representative value from the measurement of the biometric identifier. In step 213, the first node generates a random bit string. In step 215, the first node transmits the random bit string to the second node using the public key encryption protocol.
In step 217, the first node combines the random bit string and the determined representative value to derive an encryption key. In step 219, the second node combines the random bit string, received from the first node in step 215, and the representative value, retrieved in step 207, to derive another encryption key.
If the representative value, determined in the first node from the measurement of the biometric identifier in step 211, is the same as the representative value stored in the database of the second node, then both nodes will be able to decrypt and read data encrypted using the encryption key of the other node.
If the representative values are different then the encryption or authentication keys derived by each node will be different, thereby preventing either node from being able to decrypt and read data encoded using the encryption key of the other node. An attacker who obtains a noisy measurement of the biometric identifier
(which might be quite similar to the measurement of the biometric identifier made during the enrolment phase) does not have any information on the encryption key used during that application phase, provided that the encryption system used to provide the random bit string to the second node does not allow the attacker to find out any information about the random bit string (i.e. the encrypted random bit string does not leak any information about the random bit string itself).
As an attacker that has a noisy version of the biometric identifier does not know the random bit string (i.e. he cannot eavesdrop on what happens inside the sensor) and he cannot derive this information from the encrypted bit string transmitted from the first node to the second node in step 215, the attacker can only guess the random bit string.
The attacker may have a noisy version of the biometric identifier and also the helper data that is sent from the second node to the first node. Even assuming that the noisy version of the biometric identifier is sufficiently close to the version used to derive the stored representative value so that the same representative value can be determined from the noisy version of the biometric identifier and the helper data, the probability of correctly guessing the encryption key (assuming that the representative value is random) is bounded by max { 1/ (]fi J , 2'^} which becomes small if |S| » \I\, where S is the representative value and / is the random bit string. Figure 3 shows a preferred implementation of the method according to the invention in a system that uses an optical physical uncloneable function in a smart card. In this preferred implementation, it is assumed that the camera in the reader (first node), which records the response from the challenge to the physical uncloneable function, is susceptible to eavesdropping.
The communication line between the reader and the second node is also susceptible to eavesdropping. Therefore, an encryption protocol is used which, in this preferred implementation, is a public key encryption protocol. Thus the chip in the smart card has a public key pk of the second node stored therein, and the second node has a corresponding secret key sk. The chip also comprises a random number generator that produces random numbers (in bit form).
The method starts at step 301 where the smart card is inserted into the reader. In step 303, a user identity, such as a username, stored on the smart card is transmitted to the second node. In step 305, a database in the second node is accessed using the received user identity and a representative value and helper data, both associated with a particular challenge and the user, are retrieved.
In step 307, the helper data and the challenge associated with the helper data are sent to the reader and the smart card. In steps 309 and 311 the reader challenges the physical uncloneable function according to the received challenge and measures the response. This response is passed to the chip in the smart card.
In step 313, a representative value is computed by the chip in the smart card using the measured response and the helper data. In step 315, the chip uses the random number generator to generate a random bit string.
In step 317, the smart card, via the reader, transmits the random bit string to the second node using the public key encryption protocol.
In step 319, the chip in the smart card combines the random bit string and the determined representative value to derive an encryption key.
In step 321, the second node combines the random bit string and the retrieved representative value to derive another encryption key.
To verify that the correct smart card is present, the second node sends a random message to the smart card via the reader. The smart card encrypts the random message using the derived encryption key and sends it back to the second node. The second node decrypts the encrypted message using the encryption key derived therein and checks whether the decrypted message is the same as the random message sent to the reader and smart card. If it is the same, the smart card is authenticated and the transaction may continue, but if it does not, the transaction is stopped.
It is noted that an attacker who eavesdrops on the reader or on the channel between the reader and the smart card and hence captures the challenge, helper data and the response, can compute the representative value but not the encryption key.
In a modified method according to the invention, the random bit string can be generated by the chip at the start of the method.
It should be noted that it is not possible for an attacker to produce a fake card with a physical uncloneable function that provides the same challenge-response pairs as the original physical uncloneable function, since the physical uncloneable function is, by definition, uncloneable. Figure 4 shows a system for performing the method shown in Figure 2. The system 401 comprises a first node 403 and a second node 405.
The first node 401 comprises a means for obtaining a measurement of a physical identifier in the form of a sensor 407 for example such as a camera or a fingerprint reader, a random number generator 409, a memory 411 and a communication module 413, each connected to a processor 415.
The second node 405 comprises a memory 417 and means for receiving a user identity and a random number from the first node 403 in the form of a communication module 419 connected to a processor 421.
The sensor 407 obtains a measurement of a biometric identifier, Y, of a user and passes the measurement to the processor 415. The processor 415 uses the measurement and helper data received via the communication module 413 from the second node 405 to determine a representative value.
The random number generator 409 generates a random number and the processor 415 combines the random number and the representative value to provide an encryption key.
The processor 415 is also adapted to transmit the random number, using the communication module 413, to the second node 405. In a preferred embodiment, the memory 411 has a number of secret extraction codes stored therein and the processor 415 uses a secret extraction code indicated by the helper data received from the second node 405 to determine the representative value.
In another preferred embodiment, the memory 411 has a public key for the second node 405 stored therein, and this public key is used to encrypt the random number before transmission to the second node 405.
In the second node 405, the processor 421 is adapted to retrieve a representative value stored in the memory 417 that is associated with a particular user and to combine the retrieved value with a random number received via the communication module 419 from the first node 403 to provide an encryption key.
In a preferred embodiment, the memory 417 also comprises a secret key for the second node 405 that is used in a public key encryption protocol.
Figure 5 shows a system for performing the method of Figure 3. The system 501 comprises a first node 503 and a second node 505. The first node 503 comprises a smart card 507 inserted into a reader 509. The smart card 507 comprises an optical physical uncloneable function 511 and a processor chip 513. The reader 509 comprises a sensor 515 and a communication module 517 connected to a processor 519.
The second node 505 comprises a memory 521 and a communication module 523 connected to a processor 525. The sensor 515 obtains a response from the optical physical uncloneable function 511 to a challenge set by the second node 505. The sensor 515 passes the measured response to the processor chip 513 via the communication module 517. The processor chip 513 uses the measured response and helper data received via the communication module 517 from the second node 505 to determine a representative value. The processor chip 513 also comprises a random number generator 527 that generates a random number that is combined with the representative value by the processor chip 513 to provide an encryption key.
The processor chip 513 is also adapted to transmit the random number, via the communication module 517, to the second node 505. In a preferred embodiment, the processor chip 513 has a public key for the second node 505 stored therein, and this public key is used to encrypt the random number before transmission to the second node 505.
In the second node 505, the processor 525 is adapted to retrieve a representative value stored in the memory 521 that is associated with a particular user and to combine the retrieved value with a random number received via the communication module 523 from the reader 509 to provide an encryption key.
In a preferred embodiment, the memory 521 also comprises a secret key for the second node 505 that is used in a public key encryption protocol. Figure 6 shows a preferred method for authentication of a node with an associated identity by a verification node. The method of authentication is based on the fact that both the node and the verification node can generate the same encryption key. The verification node can challenge the node to generate a particular encryption key that the node with the associated identity can generate. The verification node can verify whether the encryption key generated by that node is correct. The verification node can compute an encryption key in an analogous fashion, or may analyze the encryption key received from said node using the retrieved representative value and the random number available at the verification node.
When a node is brought into proximity of a verification node, the verification node will, using a wireless communication channel obtain an identity of said node in step 601.
The received identity is used by the verification node to retrieve a representative value, a challenge, and helper data associated with the node with said identity in step 602. Although the helper data could be stored together with the challenge data, the helper data could also be stored locally on the node. When the helper data is stored on the node this will require storage on the node, however, there is no need for retrieving said helper data by the verification node.
The verification node further generates a random number in step 603.
The verification node now transmits the challenge, the helper data, and said random number to the node in step 604.
The challenge is presented to the physically uncloneable function in step 309, and the response to the challenge is measured in step 311. Subsequently a representative value is generated using the helper data and the response in step 313.
Now that a representative value is established at the node it is combined with the random number into an encryption key and send to the verification node in step 605.
The verification node receives said encryption key in step 606, and verifies whether the encryption key generated by the node corresponds to the expected encryption key in step 607. By means of this verification the verification node establishes whether the node is authentic in step 608. Optionally the verification node could authorize a party based on the authentication in step 609.
In one method according to the invention the node will encrypt the random number with the measured representative value in order to generate an encryption key. In turn the verification node will encrypt the random number with the retrieved representative value and compare both encryption results, based on this comparison the verification node can authenticate the node.
In a second method according to the invention the node will encrypt the random number with the measured representative value, but instead the verification node will decrypt the received encryption key generated by node using the retrieved representative value in order to obtain the random number encrypted at the node. The decryption result can now be compared with the random value at the verification node, based on this comparison the verification node can authenticate the node.
In yet a further method the node will generate an encryption key by applying a cryptographic hash on at least the measured representative value and the random number.
The resulting encryption key is sent to the verification node. In turn the verification node will form a similar hash using the random number and the retrieved representative value.
Subsequently both hashes can be compared and based on this comparison the verification node can authenticate the node. Figure 7 shows a system for authentication of a node. The system comprises a verification node 720 that functions as a Trusted Platform Module or TPM. The system is used for proving authenticity of a computer program that is distributed on a data carrier 730.
Associated with said data carrier is a node 710 for proving authenticity of said computer program, this node could be a tag that is embedded in the manual of the computer program, or in the jewel case in which the data carrier is shipped.
The system comprises a node 710 and a verification node 720, and a data carrier 730. This particular authentication system is based on the fact that both the node 710 and the verification node 720 can generate the same encryption key. The verification node can challenge the node 710 to generate an encryption key that only the actual node 710 can generate by using said physical uncloneable function. In turn the verification node can verify whether the encryption key generated by the node 710 is correct.
The node 710 comprises a physical uncloneable function 711 and a sensor 713 and a communication module 712 connected to a processor 714. The verification node 720 comprises a data carrier reader 723, a communication module 721, and a random number generator all connected to a processor 722.
The communication modules 712 and 721 are configured for communicating over a wireless channel. Such a wireless communication channel could be based on RF, or IR receivers and transmitters. Alternative implementations using wired communication channels could also be envisaged.
As indicated earlier the verification node 720 is a TPM that can be used to authenticate the node 710. To this end the data carrier 730 comprises a representative value of the physically uncloneable function 711. This representative value could have been established during enrolment of said node 710. The representative value is stored in an encrypted form on said data carrier. The verification node 720 can retrieve the encrypted representative value from the data carrier by means of the data carrier reader 723. The encrypted representative value can subsequently be decrypted e.g. using a device key of the verification node 720 (TPM) resulting in a retrieved representative value. In addition the data carrier may also comprise challenges and helper data related to said physically uncloneable function.
When the node 710 is brought into proximity of the verification node 720, the verification node 710 will request an identity from the node 710. In turn the node 710 will provide the verification node with said identity. Based on this identity the verification node can subsequently retrieve a representative value, a challenge, and helper data from the data carrier 730.
Once a challenge is obtained the node 710 is provided with a challenge by the verification node 720. In addition the verification node provides the node 710 with a random number. In turn the processor 714 of the node 710 can use the public key for decrypting said random number.
Subsequently the physical uncloneable function 711 is challenged and its response is measured by the sensor 713. The sensor 713 passes the measured response to the processor 714. The processor 714 uses the measured response and helper data received via the communication module 712 from the verification node 720 to determine a representative value.
The processor 714 further generates an encryption key by combining the representative value based on the measured physical identifier with the random number received from the verification node 720. Said encryption key can be subsequently communicated with the verification node 720. In case the encryption key is used for data encryption in addition to authentication the encryption key shall be transmitted in a secure manner. In case the encryption key is only used for authenticating the node 710 and each time a device is authenticated using a new random number no further encryption is needed for transmitting the encryption key to the verification node 720. Security can be further improved selecting a new challenge (resulting in a new representative value) every time a node is authenticated. The verification node 720 in turn uses the retrieved representative value and the random number for verifying whether the node 710 indeed generated the requested encryption key. Although the system in Figure 7 uses a physical uncloneable function a similar approach could be employed in a system based on biometrics. Such an embodiment allows a computer program to be linked to a measured representative value derived from the biometrics of a user, thereby allowing said user to install or use said computer program. Furthermore the present invention allows the distribution of a computer program on a carrier comprising a representative value for authentication of said computer program. Optionally the computer program could be encrypted with a (further) key derived from said biometrics. Although the representation in Figure 7 depicts a data carrier 730 in the form of a disc, the present invention is not limited to computer programs distributed using such data carriers. Representative values could also be distributed on other media such as flash memories, or embedded in computer programs that are downloaded from e.g. the Internet or a file-server.
It will be appreciated that the word "comprising" does not exclude other elements or steps, that "a" or "an" does not exclude a plurality, and that a single processor or other unit may fulfill the functions of several means recited in the claims. Furthermore, the presence of reference signs in the claims shall not be construed as limiting the scope of the claims.

Claims

CLAIMS:
1. A method of deriving a key for encrypting or authenticating data sent between a first node and a second node, the method comprising: determining a representative value from a measurement of a physical identifier; - generating a random number; and combining the representative value and the random number to provide an encryption key.
2. A method as claimed in claim 1, wherein the physical identifier is a physical identifier of a user.
3. A method as claimed in claim 2, wherein the step of determining a representative value from a measurement of a physical identifier comprises obtaining a measurement of abiometric identifier of the user.
4. A method as claimed in claim 3, wherein the step of determining a representative value from a measurement of a physical identifier further comprises using a secret extraction code to extract the representative value from the measurement.
5. A method as claimed in claim 4, wherein the key is derived at the first node, and the step of determining the representative value from the measurement of a physical identifier further comprises selecting the secret extraction code from a collection of secret extraction codes in response to secret extraction code identity data provided to the first node by the second node.
6. A method as claimed in claim 5, wherein the secret extraction code identity data is derived and stored in the second node during a verification phase.
7. A method as claimed in claim 1, wherein the step of determining a representative value from a measurement of a physical identifier comprises challenging a physical uncloneable function and measuring the response.
8. A method as claimed in claim 7, wherein the step of determining a representative value from a measurement of a physical identifier further comprises deriving the representative value from the measured response and helper data provided to the first node by the second node.
9. A method as claimed in claim 7 or 8, wherein the step of challenging the physical uncloneable function comprises applying at least one challenge selected from a set of challenges.
10. A method of deriving keys for encrypting or authenticating data sent between a first node and a second node, the second node having a second representative value determined from a measurement of a physical identifier stored in a memory, the method comprising: generating a common random number for the first and second nodes; in the first node: - determining a first representative value from a measurement of a physical identifier of a user;
- combining the first representative value and the common random number to provide an encryption key; and in the second node: - combining the second representative value stored in the memory of the second node and the common random number to provide an encryption key.
11. A method as claimed in claim 10, wherein the physical identifier is a physical identifier of a user.
12. A method as claimed in claim 10, wherein the step of generating the common random number for the first and second nodes comprises: generating the random number in the first node; and securely transmitting the generated random number from the first node to the second node.
13. A method as claimed in claim 12, wherein the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number in the first node, and, in the second node, decrypting the encrypted random number.
14. A method as claimed in claim 13, wherein the first node has a public key for the second node stored in a memory thereof, and the second node has a corresponding secret key stored in the memory of the second node, and wherein the step of securely transmitting the generated random number from the first node to the second node comprises encrypting the random number using the stored public key of the second node, and, in the second node, decrypting the encrypted random number using the stored secret key of the second node.
15. A method as claimed in claim 10, wherein the step of generating a common random number for the first and second nodes comprises using a session key generation protocol.
16. A node, comprising: means for obtaining a measurement of a physical identifier of the node; means for determining a representative value from the measurement; means for obtaining a random number; and means for combining the representative value and the random number to provide an encryption key.
17. A node as claimed in claim 16, wherein the physical identifier is a physical identifier of a user.
18. A node as claimed in claim 16, wherein the means for obtaining the random number comprises means for generating the random number.
19. A node as claimed in claim 16, the node further comprising means to transmit an identity.
20. A node as claimed in claim 16, the node further comprising: a physical uncloneable function; and means for receiving a challenge from a verification node.
21. A node as claimed in claim 16, wherein the means for obtaining the random number are configured to receive the random number from a verification node.
22. A node as claimed in claim 21, wherein said means for receiving a random number from the verification node are configured to receive and decrypt an encrypted random number received from the verification node.
23. Use of a node as claimed in claim 16, for proving authenticity of a computer program.
24. A smart card for use with a reader, the smart card comprising: a physical uncloneable function; and a processor chip; wherein the processor chip is adapted to: - receive a measurement of the physical uncloneable function from the reader;
- determine a representative value from the measurement;
- generate a random number; and
- combine the representative value and the random number to provide an encryption key.
25. A verification node, comprising: means for receiving an identity and encryption key from a node; means for obtaining a random number means for retrieving a representative value associated with said identity; and - processing means for verifying whether the encryption key as received from the node can also be generated using the retrieved representative value and the random number.
26. A verification node as claimed in claim 25, wherein said processing means are configured to combine the retrieved representative value with a random number to provide an encryption key.
27. A verification node as claimed in claim 25, wherein the means for retrieving a representative value associated with said identity comprises; a memory containing a plurality of representative values, each representative value being associated with a particular user; means for retrieving a representative value from the memory in response to the received user identity.
28. A verification node as claimed in claim 25, wherein the processing means are further configured to authenticate the node based on the outcome of the verifying.
29. A verification node as claimed in claim 28, the verification node further comprising: means to obtain a challenge associated with said identity; and means to transmit said challenge to said node.
30. A verification node as claimed in claim 25, the verification node further comprising means to authorize a party based on the outcome of the verifying.
31. A verification node as claimed in claim 25, the verification node further comprising: - means for generating a random number; and means for transmitting said random number to said node;
32. A verification node as claimed in claim 31, the means for transmitting said random number further configured to encrypt the random number before transmission.
33. A verification node as claimed in claim 25, wherein the verification node is a trusted platform module.
34. A verification node as claimed in claim 25, wherein the means for retrieving the representative value associated with said identity is configured to retrieve said representative value from a computer program.
35. A verification node as claimed in claim 34, wherein said computer program is distributed on a data carrier.
36. A verification node as claimed in claim 25, wherein said means for retrieving the representative value is arranged to extract the representative value from encrypted data.
37. An authentication system, comprising a node as claimed in claim 16 and a verification node as claimed in claim 25.
38. An authentication system comprising a smart card as claimed in claim 24 and a verification node as claimed in claim 25.
39. A computer program product comprising program code means stored on a computer readable medium, the medium comprising a representative value of a node according to claim 16 for use in authenticating said computer program product.
PCT/IB2005/054330 2004-12-22 2005-12-20 Method and device for key generation and proving authenticity WO2006067739A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2007547761A JP2008526078A (en) 2004-12-22 2005-12-20 Method and apparatus for key generation and authentication approval
EP05850888A EP1832036A2 (en) 2004-12-22 2005-12-20 Method and device for key generation and proving authenticity

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP04106865 2004-12-22
EP04106865.1 2004-12-22
EP05106189 2005-07-07
EP05106189.3 2005-07-07

Publications (2)

Publication Number Publication Date
WO2006067739A2 true WO2006067739A2 (en) 2006-06-29
WO2006067739A3 WO2006067739A3 (en) 2007-03-15

Family

ID=36498944

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/054330 WO2006067739A2 (en) 2004-12-22 2005-12-20 Method and device for key generation and proving authenticity

Country Status (4)

Country Link
EP (1) EP1832036A2 (en)
JP (1) JP2008526078A (en)
KR (1) KR20070095908A (en)
WO (1) WO2006067739A2 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008085567A (en) * 2006-09-27 2008-04-10 Ricoh Co Ltd Encrypting device, method and program, decrypting device, method and program, and recording medium
WO2008065596A1 (en) * 2006-11-28 2008-06-05 Koninklijke Philips Electronics N.V. A method of generating arbitrary numbers given a seed
US7564345B2 (en) 2004-11-12 2009-07-21 Verayo, Inc. Volatile device keys and applications thereof
WO2010035202A1 (en) * 2008-09-26 2010-04-01 Koninklijke Philips Electronics N.V. Authenticating a device and a user
WO2010116310A1 (en) * 2009-04-10 2010-10-14 Koninklijke Philips Electronics N.V. Device and user authentication
WO2012018326A1 (en) * 2010-08-04 2012-02-09 Research In Motion Limited Method and apparatus for providing continuous authentication based on dynamic personal information
FR2988197A1 (en) * 2012-03-19 2013-09-20 Morpho GENERATION AND IDENTITY VERIFICATION METHOD WITH THE UNICITY OF A CARRIER-OBJECT COUPLE
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
GB2507988A (en) * 2012-11-15 2014-05-21 Univ Belfast Authentication method using physical unclonable functions
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions
WO2014131557A1 (en) * 2013-02-28 2014-09-04 Siemens Aktiengesellschaft Generating a key using biometric data, and a puf
GB2522971A (en) * 2013-12-11 2015-08-12 Ibm Unclonable ID based chip-to-chip communication
US9330270B2 (en) 2011-07-27 2016-05-03 Fujitsu Limited Encryption processing device and authentication method
WO2016171899A1 (en) * 2015-04-24 2016-10-27 Microsoft Technology Licensing, Llc Biometric public key comprising a biometric code
EP2727277B1 (en) * 2011-08-23 2017-05-17 Siemens Aktiengesellschaft System and method for the secure transmission of data

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5770026B2 (en) * 2011-06-20 2015-08-26 ルネサスエレクトロニクス株式会社 Semiconductor device
JP6789222B2 (en) 2014-10-13 2020-11-25 イントリンシツク・イー・デー・ベー・ベー Cryptographic device with non-duplicate physical functions
JP6853934B2 (en) * 2017-01-19 2021-04-07 ブリルニクスジャパン株式会社 Solid-state image sensor, solid-state image sensor drive method, and electronic equipment
DE102017118520A1 (en) 2017-08-14 2019-02-14 Huf Hülsbeck & Fürst Gmbh & Co. Kg tire valve

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000054455A1 (en) * 1999-03-11 2000-09-14 Tecsec, Incorporated Voice and data encryption method using a cryptographic key split combiner

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000054455A1 (en) * 1999-03-11 2000-09-14 Tecsec, Incorporated Voice and data encryption method using a cryptographic key split combiner

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BOYEN X: "Reusable Cryptographic Fuzzy Extractors" 11TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'04), ACM PRESS, [Online] 29 October 2004 (2004-10-29), pages 82-91, XP002409134 Washington, DC, USA ISBN: 1-58113-961-6 Retrieved from the Internet: URL:http://ai.stanford.edu/~xb//ccs04/> [retrieved on 2006-11-27] *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7564345B2 (en) 2004-11-12 2009-07-21 Verayo, Inc. Volatile device keys and applications thereof
US7839278B2 (en) 2004-11-12 2010-11-23 Verayo, Inc. Volatile device keys and applications thereof
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
JP2008085567A (en) * 2006-09-27 2008-04-10 Ricoh Co Ltd Encrypting device, method and program, decrypting device, method and program, and recording medium
US8594326B2 (en) 2006-11-28 2013-11-26 Koninklijke Philips N.V. Method of generating arbitrary numbers given a seed
WO2008065596A1 (en) * 2006-11-28 2008-06-05 Koninklijke Philips Electronics N.V. A method of generating arbitrary numbers given a seed
CN101542431B (en) * 2006-11-28 2011-11-23 皇家飞利浦电子股份有限公司 A method and system of generating arbitrary numbers given a seed
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions
WO2010035202A1 (en) * 2008-09-26 2010-04-01 Koninklijke Philips Electronics N.V. Authenticating a device and a user
US9158906B2 (en) 2008-09-26 2015-10-13 Koninklijke Philips N.V. Authenticating a device and a user
WO2010116310A1 (en) * 2009-04-10 2010-10-14 Koninklijke Philips Electronics N.V. Device and user authentication
US9031231B2 (en) 2009-04-10 2015-05-12 Koninklijke Philips N.V. Device and user authentication
WO2012018326A1 (en) * 2010-08-04 2012-02-09 Research In Motion Limited Method and apparatus for providing continuous authentication based on dynamic personal information
US9342677B2 (en) 2010-08-04 2016-05-17 Blackberry Limited Method and apparatus to provide continuous authentication based on dynamic personal information
US9330270B2 (en) 2011-07-27 2016-05-03 Fujitsu Limited Encryption processing device and authentication method
US9680643B2 (en) 2011-08-23 2017-06-13 Siemens Aktiengesellschaft System and method for the secure transmission of data
EP2727277B1 (en) * 2011-08-23 2017-05-17 Siemens Aktiengesellschaft System and method for the secure transmission of data
WO2013140078A1 (en) * 2012-03-19 2013-09-26 Morpho Method for identity generation and verification indicating the uniqueness of a carrier-object pair
FR2988197A1 (en) * 2012-03-19 2013-09-20 Morpho GENERATION AND IDENTITY VERIFICATION METHOD WITH THE UNICITY OF A CARRIER-OBJECT COUPLE
GB2507988A (en) * 2012-11-15 2014-05-21 Univ Belfast Authentication method using physical unclonable functions
WO2014131557A1 (en) * 2013-02-28 2014-09-04 Siemens Aktiengesellschaft Generating a key using biometric data, and a puf
US9219722B2 (en) 2013-12-11 2015-12-22 Globalfoundries Inc. Unclonable ID based chip-to-chip communication
GB2522971B (en) * 2013-12-11 2016-06-15 Ibm Challenge and response based authentication of a node in an electronic communications system using features intrinsic to the node
GB2522971A (en) * 2013-12-11 2015-08-12 Ibm Unclonable ID based chip-to-chip communication
WO2016171899A1 (en) * 2015-04-24 2016-10-27 Microsoft Technology Licensing, Llc Biometric public key comprising a biometric code
US10136310B2 (en) 2015-04-24 2018-11-20 Microsoft Technology Licensing, Llc Secure data transmission

Also Published As

Publication number Publication date
WO2006067739A3 (en) 2007-03-15
EP1832036A2 (en) 2007-09-12
KR20070095908A (en) 2007-10-01
JP2008526078A (en) 2008-07-17

Similar Documents

Publication Publication Date Title
EP1832036A2 (en) Method and device for key generation and proving authenticity
AU2016353324B2 (en) Public/private key biometric authentication system
US10728027B2 (en) One-time passcodes with asymmetric keys
US9887989B2 (en) Protecting passwords and biometrics against back-end security breaches
US6185316B1 (en) Self-authentication apparatus and method
US8046589B2 (en) Renewable and private biometrics
Bhargav-Spantzel et al. Privacy preserving multi-factor authentication with biometrics
US8838990B2 (en) Bio-cryptography: secure cryptographic protocols with bipartite biotokens
KR100876003B1 (en) User Authentication Method Using Biological Information
US7623659B2 (en) Biometric non-repudiation network security systems and methods
US9384338B2 (en) Architectures for privacy protection of biometric templates
JPWO2007094165A1 (en) Identification system and program, and identification method
JP2018521417A (en) Safety verification method based on biometric features, client terminal, and server
KR20190122655A (en) Update of Biometric Data Template
CN101124767A (en) Method and device for key generation and proving authenticity
US7272245B1 (en) Method of biometric authentication
Itakura et al. Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures
KR100986980B1 (en) Biometric authentication method, client and server
JP2006293473A (en) Authentication system and authentication method, terminal device, and authentication device
CN117424709B (en) Login method and device of terminal device and readable storage medium
JP2009282945A (en) Biometric authentication method and system
Ranganath Cloud Data Security through Hybrid Verification Technique Based on Cryptographic Hash Function
JP2004272551A (en) Certificate for authentication and terminal equipment
JP2003283492A (en) Authentication device
KR100608579B1 (en) Home network device to enable automatic take owership, home network system and method using this

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005850888

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007547761

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 1020077013945

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 200580044128.7

Country of ref document: CN

Ref document number: 2722/CHENP/2007

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2005850888

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2005850888

Country of ref document: EP