Unique identity (UID) is an identifier that is generally stored on each chip. With this UID, chips can generate an internal secret as a seed for key generation or root key and an external plaintext number for chip identification or product series number. UID can also be used as the device s identity for authentication and authorization algorithms, which includes protection of a device or content from unauthorized access or cloning. However, UID through injection runs the risk of leaked secrets and product cloning.
PUFsecurity provides another methodology for chip UID to contain unique secrets. PUFuid will extract a NeoPUF value as the UID, which is all done inside the chip. In comparison with conventional UID generation through the key-injection process, PUFuid significantly reduces cost and eliminates the risk of secret exposure during the injection process.
Generating chip secrets with inborn root-of-trust: PUFuid
The normal process to generate a UID is called key injection, which has three major steps: enrollment, authentication and provisioning. The main goals for a UID is to uniquely identify and reliably authenticate each chip, to track a chip and to create an audit trail that establishes its origin. To keep the secret UID safe, with the key injection method, an expensive security facility and a standard set of operating procedures are required in order to perform this process.
Unlike key injection, PUFuid extracts an embedded NeoPUF value to use as the chip s unique identity. NeoPUF s value varies from chip to chip due to the native variations that arise during the manufacturing of chips. NeoPUF is virtually impossible to be cloned or predicted. Therefore, it can be viewed as a chip s fingerprint. Derived from this unique fingerprint, PUFuid provides each chip with its own unique secret to protect selected data and a plaintext number UID for authentication when passed to the server. Therefore, a conversation between a server and a chip is distinct from every other chip that interacts with the server.