Puf Based Method and System for Cloud Authentication without Any Passwords and Smartcards

Simple SummaryContent extracted from patent full text and abstract with AI.

This invention describes a method and system for authenticating devices in a network, particularly for cloud services, without relying on passwords or smartcards. The core idea is to use the device's inherent hardware properties—specifically, a Physically Unclonable Function (PUF)—to create a unique, unclonable fingerprint. By generating and storing challenge-response pairs during a secure enrollment phase, a device can later prove its identity to a server via remote authentication without transmitting or storing any secret keys or reusable credentials.

Use CasesContent extracted from patent full text and abstract with AI.

• Secure authentication for cloud-connected IoT devices without passwords or smartcards.
• Enterprise or personal device login in environments vulnerable to password theft or device cloning.
• Device attestation in industrial control systems, making sure only authorized hardware connects to protected networks.
• Authentication for remote access to corporate resources without traditional credential management.
• Protection of embedded systems, medical devices, or payment terminals from hardware and software attacks.

BenefitsContent extracted from patent full text and abstract with AI.

• Eliminates risks associated with password-based authentication, such as password theft or phishing.
• Removes reliance on smartcards or external hardware tokens, reducing cost and complexity.
• Prevents replay and cloning attacks by using unique, one-time or short-lived challenge-response pairs tied to hardware.
• No static secret is stored on the device, making extraction via hardware attack or malware much more difficult.
• Reduces administrative overhead related to credential management, password resets, and provisioning of smartcards.

Technical Classifications (CPCs)

Inventors & Applicants

Patent Abstract

The invention relates to a method for remote authentication of a device via a network connection with the device, the method comprising two phases: an enrollment phase carried out whilst the device is in an trusted network environment, wherein a plurality of challenge-response pairs is generated by sending a plurality of challenges from an authentication module to a physically unclonable function in the device and receiving a plurality of respective first responses from the physically unclonable function in response to the plurality of challenges and a remote authentication phase carried out whilst the device is in a not-trusted network environment. The invention further relates to a system, device, and authentication module to carry out the method.