• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    An authentication method comprising: storing, in a centralized code registration system (3), an identification code representative of an identifier of an integrated circuit (4a, 4b), wherein 5 the identifier is hard-coded in the integrated circuit and wherein the identifier is a bit-code of predefined length; requesting, by a verifying device (5), the identifier from the integrated circuit via an end node device (2); reading, by the end node device, the identifier from the integrated circuit and transmitting the identifier to the centralized code registration system; and verifying, in the centralized code registration system, the identifier received from the end 10 node device against the stored identification code to obtain and output a verification result. [+FIG. ij 1044006
    公开号:NL1044006A
    申请号:NL1044006
    申请日:2021-04-20
    公开日:2021-10-27
    发明作者:Casparus Anthonius Henricus Juffermans Ir;Ir Pieter Werner Hooijmans Dr;Drs Jeroen Mathlas Doumen Dr
    申请人:Sandgrain B V;
    IPC主号:
    专利说明:

    [0002] [0002] Over the last three decades, integrated circuit (1C)-based identification and security- based technologies and associated devices have reached a broad set of applications, Well- known examples are public transport ticketing, smart card conditional access systems for TV subscriptions, SIM cards in mobile phones, electronic passports, banking or credit cards, and labeling for tracking and managing logistic flows aud transport, Volames associated with these applications run in the billions of ICs per year. However, there are potentially many more applications that could use these technologies, that could further multiply these volumes by several orders of magnitude, so indeed hundreds of billions or trillions of IC's. So far this is not happening for two fundamental reasons: security and cost, [00031 A main problem in the world of identification and security is hacking. Existing identification and security applications are typically built around so-called secure microcontrollers, Microcontroller units (MCU) ars required for fonctions lke authentication or security key generation, and storing of the relevant data in such a way that it is not accessible for intruders. Because MCUs typically operate under an operating system and a specific program, e.g. firmware program, to execute the required fimctions, they are typically a combined hardware (HW) and software (SW) solntion. foo04] Known systems have as a major drawback that they can be hacked, This in practice 28 means reverse engineering the function of the device by analyzing its HW and/or SW behavior, resulting in the discovery of e.g. a secret (eryptographie) key as typically required in these known systems and stored in a memory. In a worst case scenario the memory content of the device is altered, e.g. by increasing the amount of credits on a transit card or changing the balance on a bank card. Although suppliers of these ICs and systems implement measures to make their ICs robust to hacking, in the end most systems are vulnerable and can be hacked, albeit at often high technological effort.
    [0005] [0005] The other problem with existing security solutions is related to cost. With high- volume applications of IC related security solutions, an obvious requirement is to have the IC cost as low as possible. Today's IC's typically cost a few dollar cents, which multiplies by a factor four for the final assembled module or package sales price. Elements that increase the IC cost are the MCU infrastructure and the programmable on-chip memories. Typical elements that increase the IC cost are: ~ Secure MCUs are expensive, either as in-house development or as purchased IP, e.g. as ARM™ Secure Cores; - MCUs are complex functions, and although the core is relatively small in advanced technology, it requires all kind of peripheral functionality to make it work properly: communication busses, memories (usually a combination of multiple specific memories, like RAM, ROM, Flash), start-on and advanced power management circuitry. So, the total function is much bigger, and requires serious design effort; «The simplest identification products don’t require re-programmable memories or keys. But even so, during manufacturing of the IC the code needs somehow be written in its memory. In most cases thus is done using One Time Programmable Read Only Memories (OTP-ROM), but these IP blocks are big, and require high voltage supply, making them large and thus expensive; ~ More complex identification and security ICs have programmable key or data storage, which requires re-programmnable Non-Volatile Memory (NVM), often also referred to as flash memory. But flash memories are oxpensive technology features, requiring — depending upon the size of the baseline CMOS node - 10 to 12 additional mask layers in production. This can be a cost adder of typically 35 to 30% compared to non~flash baseline technology wafer cost; - Identification and security ICs have a complex Back End (BE) process in the assembly and packaging fab, since gvery ICs requires pre-programming with its secure SW and ~ in case of non-programmable ICs — the embedded keys or identifiers.
    [0097] [0097] For many years these main factors block the originally predicted full global proliferation of identification and security solutions. And it is one of the main reasons for the delayed implementation of the Internet-of Things (ToT) at consumer level,
    [0008] [0008] The reason that the Identification and Security IC solutions of today are not optimal for tomorrow's requirements, is that they are essentially based on 25-year old concepts, At the time the internet and the cloud did not exist, and security had to be provided by an embedded MCU-based IC in the end node, in those days a real breakthrough.
    [0009] [0009] Yet, authentication method do exist and may in general be typified as comprising the requesting by a verifying device an identifier from an end node device and verifying ina centralized code registration system, the identifier received from the end node device, One example of such system is provided by US patent publication 20150106282, which is directed to a presently underlying problem, in that if indicates that “such genuine product certification technology has a problem in that, when certification information used for genuine product certification is copied and genuine product certification of counterfeits is performed, the counterfeits may be recognized as genuine products.” This disclosure then relates to a device for performing genuine product certification is used in conjunction with a certification information unit, which unit “ray receive the certification identification information including at least one pigee of the certification chip identification information, the product identification information, and the certification verification information of the verification target product from the device for performing genuine product certification”.
    [0011] [0011] Variations on this known concept can also be known from further publications like US20080282209 and US20179180369, These publications represent alternative embodiments however equally to the pre-described embodiment require the target product, end node device in terms of the present invention, to be a state machine. In case of the first alternative publication e.g., the target device is upon request regaired to provide test type data in addition to its ID. In case of the second altemative publication, the authentication method requires the target devices to avail of an intrinsic chip identification module, in itself a quite complex system, hampering widespread application in a vast amount of often relatively cheap and simple devices like so called IOT end nodes. More in particular the latter known solution proposes the presence of a PUF device, here embodied using ring oscillators rather than somewhat more generally known s-ram chips. fooi2] With such requirement of a target or end node device being capable of providing information in addition to an identifier, the identifier means in practice lays a capability burden onto end node devices which eventually tun out often if not in most of the cases to be way too complicated or costly in order to establish a viable authentication means for an immense amount of relatively simply constructed end node devices, which devices may e.g. form a security threat by way of forming a de facto back-door entrance, or which devices may be desired to economically form a reliable identifier within an asset management system such as may be the case with exchangeable PCB boards within complex machine ov systenus. It is hence an object to arrive at an at least alternative, preferably also economic form of an authentication method, more in particular enabling extensive use in relatively simple if not relatively cheap end node devices such as so-called HOT devices.SUMMARY OF THE INVENTION
    [0013] [0013] The present invention hence in general aims to alleviate the security and cost draw backs identified in the background. The present invention is particularly useful ~ but not Hmited to ~ the Internet-of-Things (Io), including the IoT at consumer level which has not been largely adopted vet due to the existing security and cost concerns. oT has had a modest start in industrial applications, where hacking is much lower as risk than at consumer level, It
    [0014] [0014] The present invention, while departing from the known authentication system and method comprising defined by requesting by a verifying device of an identifier from an end S node device, and verifying the same in a centralized code registration system, the identifier received from the end node device, enables identification and security solutions that are much cheaper at the high-volume customer or user end of the chain, shift complex security functionality away from those end nodes, and does not require access to state information of an end node to be in the form of a state machine in order to establish an identification and authentication method
    [0015] [0015] According to an aspect of the invention an authentication method and system is proposed which comprises storing, in a centralized code registration system, an identification code representative of an identifier of an integrated circuit, Herein, storing means the action of putting data in a data storage or having data stored in a data storage available for use. The identifier can be hard-coded in the integrated circuit. The identifier can be a bit-code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits, The method can further comprise requesting, by a verifying device, the identifier from the integrated circuit via an end node device. The method and system can further comprise reading, by the end node device, the identifier from the integrated circuit and transmitting the identifier to the centralized code registration system. The method and system: can further comprise verifying, in the centralized code registration system, the identifier received from the end node device against the stored identification code to obtain and output a verification result. More specifically the method and system can herein comprise the step of transcription of the received identifier into an identification code, and verifying in the centralized code registration system, the thus obtained identification code against the stored identification code in order to obtain and output a verification result. Such transcription be composed of, at least involve a known per se technique such as a look-up table and a cryptographic technique. foots] In an embodiment, the method can further comprise transmitting the identifier to the centralized code registration system via the verifying device. The identifier has then typically been received in the verifying device from the end node device, 00171 Hence, in particular, the present invention relates to improving the known authentication system and method by including the identifier hard coded in the mtegrated
    [0020] [0020] In an embodiment, the verifying device can transmit at least a part of the contextual data to the centralized code registration system, 3 [00211 In an embodiment, the method can further comprise transmitting the verification result from the centralized code registration system to the verifying device and/or the end node device.
    [0024] [0024] The verification result obtained by the authentication method is indicative of the authenticity of the identifier. As such the authentication method enables a basic security system.
    [925] [925] According to an aspect of the invention an authentication system is proposed comprising a plurality of end node devices, a verifying device and a centralized registration system. Each end node device can comprise au integrated circuit. The integrated circuit can comprise av identifier that is hard-coded in the integrated cirouit. The identifier can be a bit- code of predefined length, e.g. 64, 80, 96, 128, 256, 512 or 1024 bits. The centralized code registration system can be arranged to store an identification code representative of the identifier of the integrated circuit, The verifying device can be configured to request the identifier from the integrated circuit via the end node device. The end node device can be configured to read the identifier from the integrated circuit and transmit the identifier to the
    [0025] [0025] In an embodiment, verification device can be configured to transmit the identifier to 3 the centralized code registration system. The identifier has then typically been received in the verifying device from the end node device,
    [0027] [0027] In an embodiment, the verification result can be at least partly based on contextual data, the contextual data preferably including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made. [00281 In an embodiment, the verifying device can be configured to transmit at least a part of the contextual data to the centralized code registration system, 100297 In an embodiment, the centralized code registration system is configured to transmit the verification result to the verifying device and/or the end node device.
    [0030] [0030] In an embodiment, the centralized code registration system can be arranged to store the identification code together with an vendor identification codes, The vendor identification code can be indicative for a system owner of an asset that is associated with the identification code. The end node devies can be configured to transmit a vendor identifier to the centralized code registration system together with the identifier. The centralized code registration system can be configured to verify the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result. 0031] The verifying device may be a separate device that is comnwunicatively connected to the centralized code registration system and/or the end node device, The verifying device may be a part of the centralized code registration system. The verifying device may be a part of an asset that includes the end node device. {00321 The verification result obtained by the authentication system is indicative of the authenticity of the identifier, As such the authentication system enables a basic security system. [00331 The following are embodiments of the authentication method and the authentication system,
    [0036] [0036] In an embodiment, the centralized code registration system can comprise an electronic database system for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored in the electronic database system upon implementation of the identifier in the integrated circuit.
    [9037] [9037] In an embodiment, the electronic database can be secured by at least one of restricted access, data encryption or being located in a secured environment, 10038] In an embodiment, the centralized code registration system can be configured to register the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
    [0040] [0040] In an embodiment, the centralized registration system can be implemented as a cloud service. 0941] In an embodiment, the plurality of end node devices can include Internet-of-Things devices.
    [0042] [0042] According to an aspect of the invention an integrated circuit is proposed comprising an identifier that is hard-coded in the integrated civenit. The identifier can be a bit-code of predefined length, The integrated circuit can be for use in an authentication system having one or more of the above described features.
    [0047] [0047] In an embodiment, the integrated circuit can be Integrated as IP block in a larger IC.
    [0048] [0048] According to an aspect of the invention an ond node device is proposed comprising an integrated circuit as described above. The end node device can be configured to read the identifier from the integrated circuit and transnut the identifier to the centralized code registration systent.
    [0052] [0052] There is no security vulnerability at end node devices through the simple use of the identifier stored in the IC. Cost are reduced since authentication means are performed centralized. No authentication measures are needed at the end node device,
    [0053] [0053] The authentication system is scalable over orders of magnitude, from tens io billions of nodes. The availability of coding space is no problem at all (e.g, 10° in case of 128 bit identifiers) and the end nodes can be so small and cheap that they allow deployment in very large numbers.
    [0054] [0054] The authentication system allows putting individual electronic identifiers at a level not attainable today. Think of tagging all individual products in a supermarket or store, all elements in complex logistics chains {e.g. aircraft or car assembly) or all ICs (by embedding an IC inside a larger IC package).
    [0089] [0089] Aspects and embodiments of the invention zee further described in the following description and in the claims.
    [0061] [0061] FIG. 1 shows an exemplary authentication system according to an aspect of the invention; oo62j FIG, 2 shows and exemplary IC according ia an aspect of the invention;
    [0653] [0653] FlGe. 3a-3d show exemplary end node devices including ICs according to an aspect of the invention;
    [0964] [0964] FIGs 3e-3{ show exemplary assets including ICs according to an aspect of the vention; [00651 FIG. 4 shows a time sequence diagram of an exemplary method of the invention. roosa] The figures are intended for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.DESCRIPTION OF EMBODIMENTS
    [0670] [0670] The unigue identifier may be embedded in the IC 4a, 4b as a bit-code of predefined order of magnitude, hard coded in the IC da, db, typically in the form of a register and an interface for reading out the code, e.g. as shown in the IC 4 of FIG. 2. A non-limiting example of an identifier is a 128-bit code. These 128 bits allow the unique identification of 10° unique elements. It will be understood that identifiers may be defined using any other number of bits, such as 64, 80, 96, 128, 512, 1024 or any other number of bits. The identifier bits may be hard coded in the IC 4, 4a, 4b, so there are no options to re-write or modify the 23 identifiers. foor] FIG. 2 shows an exemplary IC 4 according to an aspect of the present invention. The IC 4 may include a ROM register 41, e.g. a 128-bit (16x8) ROM embedding a 128-bit identifier. The IC 4 includes an interface, here embodied in the form of a Serial Peripheral Interface (SPI) and control logic for outputting the identifier on a request received via the Control logic. The IC 4 may include voltage inputs VDDD, VSSD, VEDIO and VSSIO. The IC 4 may further include signal inputs MOST (Master Output Slave Input), SCLK (Serial
    [0074] [0074] FIG. 3a shows an exemplary miniature SO8-packaged IC da for board-level applications, which may be similar to the IC 4 of FIG. 2. The IC 4a may be used for authentication on board/system level, Any other suitable packaging may be used, e.g. SSOPS, TSSOPS, BWLCSP, various leadless packages.
    [0075] [0075] FIG. 3b shows an exemplary RF-ID compatible IC 4b, which may be used for object authentication, Most or all of the RF-ID functionality may be implemented in the end node device 2b interfacing with the IC db,
    [0076] [0076] Fig. Je shows an exemplary more advanced integrated solutions wherein an IC 4c is integrated in a multi-chip package. The IC 4e may be used for authentication of (big) other ICs.
    [0077] [0077] FIG. 3d shows an exemplary more advanced integrated solution wherein an IC dd is integrated as IP block in a larger IC. The IC dd may be used for authentication of the larger IC.
    [0078] [0078] The hardware of the IC 4, 4a-4d is preferably made as simple and cheap as possible, Hereto, the function provided by the IC 4, 4a-4d may be limited to outputting the identifier upon request, such as provided by the exemplary IC 4 of FIG. 2.
    [0979] [0979] The end node device 2, 2a-2d is typically configured to retrieve the identifier - preferably a unique identifier - from the IC 4, 4a-4d. This is typically triggered by a request hereto from a verifying device $, which may be wirelessly or wiredly communicatively connected to the end node device 2, 2a-2d.
    [0083] [0083] Alternatively or additionally, in case of a negative verification result the centralized registration system 3 may block the identification code from any future use, resulting in fature verification resulis for this identification code to be negative by default. oerd} FIG, Je shows a non-limiting exemplary asset 6a that includes an end node device, e.g. the end node device 2b of FIG, 3b. The asset 6a may be a non-electronic asset. The identify stored in the IC 4b may be wirelessly requested by verifying device 5a, e.g. using RF-ID or any other suitable wireless comununication technology, The identity received in the verifying device Sa may be transmitted to a centralized code registration system 3 for verification.
    [0086] [0086] An identifier may be generated before or during the production process of ICs 4, 4a- 4d. This is illustrated in FIG. 1 as the code generation service that generates the identifiers and stores the generated identifiers or identification codes representative of the identifiers in database 31 of the centralized registration system 3. The generated identifiers may be transmitted to the IC Manufacturing (Foundries) as a unique customer and ID encoding instructions.
    [0089] [0089] Advaniageously, in the authentication system 1 according to the present invention, mostor all security may be transferred to the centralized code registration system 3, which is preferably implemented in the cloud. Every application system, e.g. retail, may have a database 31 with the registered identification codes ICs 4, da-dd that have been produced and as many associated data labels as are required (dates, type of product, wandacturer, etcetera). These data labels may be stored as or together with vendor identification codes in the database 31. When an IC 4, 4a-44d is queried for its identifier, the identifier may be sent to the database system 31 for verification of its validity, possibly with a simple “Yes” (or other indication of a positive verification result) or “No” (or other indication of a negative verification result) as outcome, [00907 The database system 31 may advantageously take the context of verification requests into account in processing the current verification request. Examples hereof ate a mumber of requests made in a predefined time interval, the total number of requests made, time of the request, location of the request, and ctcetera, Contextual information may be transmitted as contextual data from the verifying device § to the centralized code registration system 3 and/or generated in the centralized code registration system 3, Part or all of the contextual data may be generated in the end node device 2, 2a-2d.
    [0091] [0091] Hackers may want to try to replicate or falsify end node devices. Duplication of an end node 2, 2a-2d with IC 4, 4a-4d in an authentication system 1 according to the present invention no longer makes any sense, because this may immediately be detected, and the identity/identification code be blocked for use. Although the identifiers can in principle be public - there is nothing to hide - they may be encrypted during communication with the centralized code registration system 3, which may be implemented as a cloud server 3. In § other words, hacking the end node 2, 2a-2d does not make any sense, all security processing takes place in the cloud server 3, The IC end node thus acts as a hardware anchor (e.g. to attach the code to a physical device) in an otherwise centralized secure system 3. So, although the end nodes 2, 2a-24d could be hacked (e.g. copied), the system 1 remains secure.
    [0092] [0092] FIG. 4 shows an exemplary method according to an aspect of the invention, in the form of a time-sequence diagram. In step 100 an identification code representative of an identifier of an IC 4, 43-4d may be stored in the centralized code registration system 3, typically in an electronic database system 31 of the centralized code registration system 3. This is typically done before or during the manufacturing process of the IC 4, 4a-4d. The end node device 2, 2a-2d may read 102 the identifier from the IC 4, 4a-4d after a request 101 from the verifying device 5. In steps 103 and 104 the identifier may be transmitted to the centralized code registration system 3, typically via the verifying device (step 103). In step 105 the centralized code registration system 3 may verify the received identifier against the corresponding stored identification code to obtain a verification result, In step 106 the verification result may be transmitted from the centralized code registration system 3 to the verification system 5, additionally or alternatively to the end node device 2, 22-2d or any other device that may use the verification result.
    -17-
    CLAUSES i. An authentication method comprising: requesting (101), by a verifying device (8), an identifier from an ond node device (2); verifying (105), in a centralized code registration system, the identifier received from the end node device, wherein the method further comprises including the identifier hard coded in the integrated circu! in a manner where the identifier is a bit-code of predefined length, storing (100), in the centralized code registration system (3), an identification code, unique within a set of at least potential identification codes and representative of the identifier of an integrated circuit (4, 4a, 4b, de, 4d); reading (102), by the end node device, the identifier from the integrated circuit, and transmitting (103) the identifier to the centralized code registration system; performing a processing step involving transcription of the received identifier into an identification code; and verifying in the centralized code registration system, the identification code against the stored identification code to obtain and output a verification result.
    2 The authentication method according to claim 1, wherein transmitting (103, 104) the identifier to the centralized code registration system via the verifying device.
    3. The authentication method according to any one of the preceding claims, wherein the verification result is at least partly based on contextual data, the contextual data including one or more of a number of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made, 4, The authentication method according to claim 3, wherein the verifying device generates and transmits at least a part of the contextual data to the centralized code registration system,
    -18-
    3. The authentication method according to any one of the preceding claums, further comprising transmitting {106} the verification result from the centralized code registration system to the verifying device and/or the end node device, S 6 The authentication method according to any one of the preceding claims, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interface (MISO) for reading the identifier from the register and outputting (102) the identifier.
    7. The authentication method according to any one of the preceding claus, wherein the functionality of the integrated circuit is limited to providing (102) the identifier upon request (161).
    8. The authentication method according to any one of the preceding claims, wherein the centralized code registration system comprises an electronic database system (31) for storing the identifiers of zach of the integrated circuits, wherein the identifier has been stored (100) in the electronic database system upon implementation in the integrated circuit.
    9. The authentication method according to claim 5, wherein the electronic database is secured by at least one of restricted access, data encryption or being located in a secured environment.
    10. The authentication method according to any one of the preceding claims, comprising: storing, in the centralized code registration system, the identification code together with a vendor identification code, the vendor identification code being indicative for a system owner of an asset (Ha, 6b) that is associated with the identification code; transmitting, from the end node device, a vendor identifier to the centralized code registration system together with the identifier, verifying, in the centralized code registration system, the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
    ~19- Il. The suthentication method according to any one of the preceding claims, further comprising registering, in the centralized code registration system, the identification code as being invalid in case the verification result is negative, resulting in future verification results for this identification code to be negative by default.
    12. The anthentication method according to any one of the preceding claims, wherein the identifier is a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
    13. The authentication method according io any one of the preceding claims, wherein the centralized registration system is implemented as a cloud service. 14, The authentication method according to any one of the preceding claims, wherein the plurality of end node devices include Internet-of-Things devices.
    1$. A method of manufacturing an integrated circuit (4, da, 4b, 4e, 4d), the integrated circuit for use in an authentication method according to any one of the claims 1-19, the method comprising: generating an identifier in a centralized registration system (3), wherein the identifier is a bit-code of predefined length; storing (100), in the centralized code registration system, an identification code representative of the identifier; and providing the identifier to an IC manufacturing facility, wherein the identifier is hard- coded in the integrated circuit.
    16. An authentication system (1) comprising a plurality of end node devices (2, 2a, 2b), a verifying device (5) and a centralized registration system (3), wherein each end node device comprises an integrated circuit (4, 4a, 4b, 4c, 4d) comprising an identifier hard-coded in the integrated circuit, wherein the identifier is a bit- code of predefined length, wherein the centralized code registration system is arranged to store an identification cade representative of the identifier of the integrated circuit,
    “20- wherein the verifying device is configured to request the identifier from the integrated cirenit via the end node device, wherein the end node device is configured to read the identifier frotn the integrated circuit and transmit the identifier to the centralized code registration system, and wherein the centralized code registration system is configured to verify the identifier received from the end nade device against the stored identification code to obtain and output a verification result.
    17. The authentication system according to claim 16, wherein the verifying device is configured to receive the identifier from the end node device and transmit the received identifier to the centralized code registration system.
    18. The authentication system according to any one of the claims 16-18, wherein the verification result is at least partly based on contextual data, the contextual data preferably including one or more of a munber of verifying requests made in a predefined time interval, a total number of verifying requests made, a time of a verifying request, a geographical location of the integrated circuit, a geographical location from where a verifying request is made, 19, The authentication system according to claim 18, wherein the verifying device is configured to transmit at least a part of the contextual data to the centralized code registration system.
    20. The authentication system according to any one of the claims 16-19, wherein the 23 centralized code registration system is configured to transmit the verification result to the verifying device and/or the end node device.
    21. The anthentication system according to any one of the claims 16-20, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interfaces (MISO) for reading the identifier from the register and outputting the identifier.
    21e
    22. The authentication system according to any one of the claims 16-21, wherein the functionality of the integrated circuit is limited to providing the identifier upon request. 23, The authentication system according to any one of the claims 16-22, wherein the 3 centralized code registration system comprises an electronic database system (31) for storing the identifiers of each of the integrated circuits, wherein the identifier has been stored in the electronic database system upon implementation of the identifier in the integrated circuit.
    24. The authentication system according to claim 23, wherein the electronic database is secured by at least one of restricted access, data encryption or being located in a secured environment.
    25. The authentication system according to any one of the claims 16-24, wherein the centralized code registration system is arranged to store the identification code together with a vendor identification code, the vendor identification code being indicative for a system owner of an asset (6a, 6b) that is associated with the identification code, wherein the end node device is configured to transmit an vendor identifier to the centralized code registration system together with the identifier, and wherein the centralized code registration system is configured to verify the identifier and the vendor identifier received from the end node device against the identification code and the vendor identification code to obtain the verification result.
    26. The authentication system according to any one of the claims 16-25, wherein centralized code registration system is configured to register the identification code as being invalid in case the verification result is negative, resulting in futore verification results for this identification code to be negative by default.
    27. The authentication system according to any ons of the claims 16-26, wherein the identifier is a unique identifier used only once amongst the integrated circuits in the plurality of end node devices.
    “32
    28. The authentication system according to any one of the claims 16-27, wherein the centralized registration system is implemented as a cloud service,
    29. The authentication system according to any one of the claims 16-28, wherein the phuality of end node devices include Internet-of-Things devices. 30, An integrated circuit (4, da, 4b, de, 4d) comprising an identifier hard-coded in the integrated circuit, wherein the identifier is a bit-code of predefined length, for use in the authentication system (1) according to any one of the claims 16-29.
    31 The integrated circuit according to claim 30, wherein the integrated circuit comprises a read-only register (41) comprising the identifier and an interfaces (MISO) for reading the identifier from the register and outputting the identifier.
    32. The integrated circuit (4, 48) according to any one of the claims 30-31, comprising: an SPI (Serial Peripheral Interface) and control logie for obtaining the identifier from the read-only register on a request received via the control logic; one or more voltage inputs (VDD, VSSD, VDDIO, VSSIO) one or more signal inputs (MOS, SCLK, CSN): and a signal output (MISO) for outputting the identifier. 33, The integrated circuit (4, 4a) according to any one of the claims 30-32, wherein the integrated eirouit is one off miniature SOB-packaged, SSOP&-packaged, TSSOPS-packaged or SWLUSP- packaged for board-level applications; RE-1D compatible; integrated in a multi-chip package; integrated as IP block in a larger IC. 34, An end node device (2, 2a, 2b) comprising the integrated circuit (4, da, 4b, de, 4d) according to any one of the claims 30-33, wherein the ond node device is configured to read
    “23 the identifier from the integrated circuit and transmit the identifier for authentication In the centralized code registration system (3).
    35. Use of an integrated circuit (4, 4a, 4b, 4c, 4d) according to any one of the claims 30- $ 33 in an authentication system {1) according to any one of the claims 16-29.
    权利要求:
    Claims (1)
    [1]
    Fe
    CONCLUSIONS l. Authentication methods comprising: querying § (101) an identifier by the verified device {3} via an end node device (2); verifying (105) the coordinated code registration system of the identifier received from the terminal node device, characterized in that the identifier is hard-coded ts in the integrated circuit, and a bit code of predefined length; stored in a centralized code registration system (3) is an identifier (100) representative of an integrated circuit identifier (4, 4a, 4b, dc, 4d); reading {102} by the end node device from a identifier from the integrated circuit, and transmitting it (103) to the centralized code recording system; wherein the received identifier is verified against the stored authentication code to obtain a verification result, wherein the verification result is based at least in part on contextual data collected and registered by the central registration system. Authentication method according to claim 1, wherein the identifier is sent to the authenticated code registration system via the authentication device is sent (103, 194).
    An authentication method according to any one of the preceding claims, wherein the contextual data includes one or more of a number of authentication requests made in a predefined time interval, eco total number of authentication requests made, a time of a authentication request, a geographic location of the integrated circuit, and geographic location from which a verification request was made,
    “35
    The authentication method of claim 3, wherein the verification device transmits at least some of the contextual data to the centralized code registration system,
    An authentication method according to any one of the preceding claims, further comprising transmitting (106) the verification result from the centralized code recording system to the verification device and/or the end node device,
    An authentication method according to any preceding claim, wherein the integrated circuit comprises a read-only register (41) including the identifier and an interface (MISO) for reading the identifier from the register and executing (102) the 1 identifier,
    An authentication method according to any preceding claim, wherein the functionality of the integrated circuit is limited to providing (102) the identifier on request (101),
    An authentication method according to any one of the preceding claims, wherein the centralized code registration system comprises an electronic database system (31) for storing the identifiers of each of the integrated circuits, the identifier being stored (100) in the electronic database system upon implementation in the integrated circuit. circuit.
    The authentication method of claim 5, wherein the electronic database is secured by at least one of restricted access, data encryption or by being in a secure environment.
    An authentication method according to any preceding claim comprising: storing, in the centralized code registration system, the identification code together with a supplier identification code, the supplier identification code being indicative of a system owner of a feature (6a, 6b) associated with the identification code ;
    sending, from the terminal node device, together with the identifier a supplier identifier to the centralized code registration system, verifying, in the centralized code registration system, the identifier and supplier identifier received from the terminal node device against the identification code and the supplier identification code to obtain the verification resulfate.
    An authentication method according to any one of the preceding claims, further comprising registering, in the centralized code registration system, the identifier code as invalid in case the verification result is negative, resulting in future verification results for this identifier code being negative by default.
    An authentication method according to any preceding claim, wherein the identifier is a unique identifier used only once in the integrated circuits in the plurality of terminal node devices.
    An authentication method according to any one of the preceding claims, wherein the vented registration system is implemented as a cloud service. i4, Authentication method according to any one of the preceding claims, wherein the security of terminal node devices comprises devices for the Internet of Things, IS. A method of manufacturing an integrated circuit (4, 4a, db, de, 4d) wherein the integrated circuit is suitable for use in an authentication method according to any one of claims 1-10, the method comprising: generating an identifier in an centralized registration system (3) wherein the identifier is a bit code of predefined length; storing (100) in the centralized code registration system an identification code representative of the identifier; and making the identifier available to an IC manufacturing facility, the identifier being hard-coded into the integrated circuit.
    „17
    18. Authentication system (1) comprising a plurality of end node devices (2, Za, 2b), an authentication device (5) and a centralized registration system (3),
    An authentication system according to claim 16, wherein the authentication device is configured to receive the identifier from the cind node device and transmit the received identifier to the centralized code registration system,
    An authentication system according to any one of claims 16-18, wherein the verification result is based at least in part on contextual data, the contextual data preferably comprising one or more of a number of verification requests made in a predefined time interval, a total number of made verification requests, a time of a verification request, a geographic location of the integrated circuit, a geographic location from which a verification request was made.
    The authentication system of claim 18, wherein the authentication device is configured to send at least a portion of the contextual data to the centralized code registration system,
    An authentication system according to any one of claims 16-19, wherein the centralized code registration system is configured to send the authentication result to the authentication device and/or the end node device,
    The authentication system of any one of claims 16-20, wherein the integrated circuit comprises a read-only register (41) including the identifier and an interface (MISO) for reading the identifier from the register and executing ( 102} of the identifier,
    An authentication system according to any one of claims 16-21, wherein the functionality of the integrated circuit is limited to provide the identifier on request.
    An authentication system according to any one of claims 16-22, wherein the centralized code registration system comprises an electronic database system (31) for storing the identifiers of each of the integrated circuits, the identifier being stored in the electronic database system upon implementation of the identifier in the integrated circuit.
    An authentication system according to claim 23, wherein the electronic database is secured by at least one of restricted access, data encryption or by being in a secure environment. 19
    The authentication system of any one of claims 16 to 24, wherein the centralized code logging system is arranged to store the identifier code together with a vendor identifier code, the vendor identifier code being indicative of a system owner of a feature (62, 6b) associated with the identifier code, wherein the end node device is configured to transmit a supplier identifier together with the identifier to the centralized code logging system, One wherein the centralized code registration system is configured to verify the identifier and supplier identifier received from the end node device and supplier identifier against the identifier code and the verification result identifier code to to obtain,
    An authentication system according to any one of claims 16 to 25, wherein the centralized coding system is configured to register the identifier code as invalid in the event that the verification result is negative, resulting in future verification results for this identifier code being negative by default.
    An authentication system according to any one of claims 16-26, wherein the identifier is a unique identifier used only once in the integrated circuits in the plurality of terminal node devices.
    230.
    An authentication system according to any one of claims 16-27, wherein the centralized registration system is implemented as a cloud service,
    An authentication system according to any one of claims 16-28, wherein the plurality of terminal node devices comprise IoT devices.
    An integrated circuit (4, 4a, 4b, 4c, 4d) comprising a hard coded identifier in the integrated circuit, the identifier being a bit code of predefined length, for use in the authentication system (1) according to any one of claims 16 -29. 3L Integrated circuit according to coupon 30 wherein the integrated circuit comprises a read-only register (41) that includes the identifier and an interface (MISO) for reading the identifier from the register and outputting the identifier.
    An integrated circuit (4, 4a) according to any one of claims 30 to 31, comprising: a Serial Peripheral Interface (SPI) and control logic for obtaining the identifier of the read-only register at a request received through the control logic; one or more voltage inputs (VDDD, VSSD, VDDIO, VSSIO) one or more signal inputs (MOSI, SCLK, CSN}; and a signal output (MISO) for outputting the identifier 33, Integrated circuit (4, 4a) according to any one of claims 30-32, wherein the integrated circuit is one of: miniature SOS packaged, SSOPS packaged, TSSOPS packaged or SWLLSP packaged for board-level applications; integrated as an IP block in a larger IC.
    An end node device (2, Za, 2b) comprising the integrated circuit (4, 4a, 4b, dc, 4d) according to any one of claims 30-33, wherein the end node device is 1044006 |
    <30. configured to read the identifier from the integrated circuit fc and transmit the identifier for authentication in the centralized encoder registration system (3). & 35 Use of an integrated circuit (4, da, 4h, do, 4d) according to any one of claims 30-33 in a zen authentication system {1} according to any one of claims 16-29,
    类似技术:
    公开号 | 公开日 | 专利标题
    US10832210B2|2020-11-10|Tracking assets with a blockchain
    US9740847B2|2017-08-22|Method and system for authenticating a user by means of an application
    CN101599130A|2009-12-09|Signal conditioning package, information processing method, program and communication system
    CN105009154A|2015-10-28|Method for mutual authentication for payment device
    US10257697B2|2019-04-09|Systems and methods for product activation
    CN111401871B|2020-09-08|Transaction processing method, device, equipment and system
    CN108519905A|2018-09-11|Information processing equipment and method, IC chip and storage medium
    CN100418110C|2008-09-10|Method to grant modification rights for a smart card
    EP2955872B1|2016-10-12|Method for configuring a secure element, key derivation program, computer program product and configurable secure element
    Lehtonen et al.2009|Serialized TID numbers-A headache or a blessing for RFID crackers?
    CN102375941A|2012-03-14|Method and system for validating chip validity by utilizing graphical chip
    CN111737686B|2020-12-04|Processing method, device and equipment of block chain data
    CN111382980B|2021-09-10|Logistics management method, device, equipment and system based on block chain
    US10007815B2|2018-06-26|Production method, RFID transponder, authentication method, reader device and computer program product
    Boehm et al.2017|Holistic tracking of products on the blockchain using NFC and verified users
    NL1044006B1|2021-11-23|Method, system and chip for centralised authentication
    NL2025375B1|2021-10-26|Method, system and chip for centralised authentication
    CN111371559B|2021-07-27|Material inventory data providing method, device and system based on block chain
    CN104200247A|2014-12-10|Method, device and terminal for processing personalized data
    US9749303B2|2017-08-29|Method for personalizing a secure element, method for enabling a service, secure element and computer program product
    NL2025695B1|2022-01-13|Centralized handling of ic identification codes
    JP2017034663A|2017-02-09|Printable, writable article for tracking counterfeit and diverted products
    NL1044044A|2021-12-01|Centralized handling of ic identification codes
    TW202046150A|2020-12-16|Authentication Management System which is managed by blockchain
    CN113221192A|2021-08-06|Block chain-based digital asset processing method and device
    同族专利:
    公开号 | 公开日
    NL1044006B1|2021-11-23|
    WO2021214663A1|2021-10-28|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20080282209A1|2007-05-07|2008-11-13|Brent Alan Anderson|System for and Method of Verifying IC Authenticity|
    US20150106282A1|2013-10-15|2015-04-16|Penta Security Systems Inc.|Device for determining counterfeit and method thereof|
    US20170180369A1|2015-12-18|2017-06-22|International Business Machines Corporation|Dynamic intrinsic chip identification|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    US202063012305P| true| 2020-04-20|2020-04-20|
    [返回顶部]