CN-116671063-B - Authentication method and entity

Abstract

An authentication method 20 comprises-sending 22 by an entity 12 to a chip 14 at least one request for obtaining data, -receiving 26 by the entity data from the chip, and-authenticating by the entity a family related to the chip based on the received data.

Inventors

• Y. Tigra
• A. belzati
• B. Duval

Assignees

• 泰雷兹数字安全法国简易股份公司

Dates

Publication Date

20260505

Application Date

20211222

Priority Date

20201223

Claims (7)

1. 1. A method of authentication, the method comprising: transmitting, by an entity, at least one request to acquire data to a chip; receiving data from the chip by the entity, and Identifying, by the entity, families associated with the chip based on the received data, The method further comprises the steps of: a) Transmitting, by the entity, a request to the chip for obtaining a response to a challenge, the request including or accompanied by the challenge; b) Generating, by the chip, a response using the challenge; c) Receiving, by the entity, the response from the chip as a request response; d) Repeating the steps of a) receiving a request, b) generating a response, and c) transmitting the response at least a predetermined threshold number of times; e) Determining, by the entity, a probability distribution of a response based on the response; f) Detecting by the entity whether the probability distribution of the response matches a predetermined reference probability distribution, and G) If the probability distribution of the response matches the reference probability distribution, then the family associated with the chip is identified by the entity, Wherein the chip comprises at least one physically unclonable function PUF element, the at least one PUF element providing at least part of the response.
2. 2. The method of claim 1, wherein the challenge comprises a set of at least one value associated with at least one predetermined parameter.
3. 3. The method of claim 2, wherein the at least one parameter comprises at least one element of a group comprising: -a predetermined clock; -a predetermined current; -a predetermined voltage.
4. 4. The method of claim 1, wherein the chip comprises at least one random access memory, RAM, element that provides at least a portion of the response.
5. 5. The method of claim 1, wherein the chip comprises at least one trigger element that provides at least a portion of the response.
6. 6. The method of claim 1, wherein the chip family identification comprises identification of at least one element from the group comprising: a wafer to which the chip belongs; a manufacturing factory in which the chip is manufactured; A company that purchased the chip; A product integrating the chip; the country in which the chip was manufactured.
7. 7. An authentication entity, the entity configured to: Transmitting at least one request for acquiring data to the chip; Receiving data from the chip, and Identifying families associated with the chip based on the received data, The entity is further configured to: a) Transmitting, by the entity, a request to the chip for obtaining a response to a challenge, the request including or accompanied by the challenge; b) Generating, by the chip, a response using the challenge; c) Receiving, by the entity, the response from the chip as a request response; d) Repeating the steps of a) receiving a request, b) generating a response, and c) transmitting the response at least a predetermined threshold number of times; e) Determining, by the entity, a probability distribution of a response based on the response; f) Detecting by the entity whether the probability distribution of the response matches a predetermined reference probability distribution, and G) If the probability distribution of the response matches the reference probability distribution, then the family associated with the chip is identified by the entity, Wherein the chip comprises at least one physically unclonable function PUF element, the at least one PUF element providing at least part of the response.

Description

Authentication method and entity Technical Field The present invention relates generally to authentication methods. The invention also relates to authenticating an entity. Background It is known to authenticate a chip with a physically unclonable function (or PUF) by sending a challenge to the chip and receiving a corresponding response back. The chip can only be authenticated if the response is a predetermined reference response. However, this prior art solution means that during production of the chip or personalization thereof, all responses are registered in the database for all chips before the chips thus registered can be authenticated. Furthermore, since such operations mean online real-time registration, such registration needs to be performed in a secure manner using a secure environment during time-critical steps. There is a need for a solution that allows to reduce the time required to perform such an authentication and thus to reduce the corresponding costs. Disclosure of Invention The present invention addresses the above-described need by providing an authentication method. According to the invention, the method comprises: -sending, by an entity, at least one request for obtaining data to a chip; -receiving data from said chip by said entity, and -Authenticating, by the entity, a family (family) associated with the chip based on the received data. The principle of the invention is that a group or family of N chips is authenticated by an entity such as a server. N is greater than or equal to 2. Instead of using a mapping of chips to one identification chip, there is a mapping of N chips to the same family. Thus, no registration of individual reference data allowing authentication of the relevant chip is required. Only one chip per family may be required to identify all chips of that family. This greatly reduces the time required to produce or personalize the relevant chip. Unlike the prior art solutions described above, the solution of the present invention does not require registering one or more reference responses for each chip to authenticate the chip. Unlike the prior art solutions described above, the solution of the present invention allows to reduce the time and the corresponding costs of manufacturing or personalizing the chips of a given family. According to another aspect, the invention is an authentication entity. According to the invention, the entity is configured to: -sending at least one request for obtaining data to the chip; -receiving data from said chip, and -Identifying families related to the chip based on the received data. The entity may comprise a local chip host device and/or a (remote) server. Drawings Additional features and advantages of the invention will become apparent from the detailed description of preferred embodiments thereof, which is given by way of illustrative, but non-limiting example, in connection with the accompanying drawings of which: fig. 1, in particular a simplified diagram according to the invention, with a server and a chip as entities, the server being adapted to send a request to the chip to obtain data, to receive data from the chip as a response to the request, and to identify families related to the chip based on the received data; FIG. 2 is a message flow between the server and the chip of FIG. 1, such that the server determines a probability distribution of the response based on the response and identifies families associated with the chip based on the probability distribution of the response, and Fig. 3 shows an example of a specific reference gaussian probability distribution of the response provided by the chip, such that the server of fig. 2 identifies families associated with the chip, according to an embodiment of the invention. Detailed Description The case where the authentication method of the present invention is implemented by a server and a chip as an entity is considered hereinafter. The invention has no limitation on the chip type. The chip may or may not be included in the secure element (or SE). In this description, a SE is a smart object that includes chip(s) that protect access to stored and/or processed data as tamper-resistant component(s) and that are intended to communicate data with external device(s) (e.g., SE host device). The SE may comprise a chip incorporated in the device, such as a secure partition, or a chip communicatively coupled to the device as the SE host device and included in a smart card (or another medium). The SE may be fixed to its host device or may be removable from its host device. As removable SE, SE may include a secure removable module (or SRM), a smart dongle of the USB ("Universal Serial Bus" abbreviation, universal serial bus ") type, a card of the (micro) secure digital (or SD) type or a card of the multimedia type (or MMC), or any format card to be coupled to a host device. The examples described below are of course for illustrative purposes only and are not to be construed as limitin