Anti-Cloning Protection

The supply chain assurance certificate provides protection against re-marking of devices. An actual clone, however, would not be detected since the certificate, which is public information, could be copied from a genuine device onto the clone. To make cloning more difficult, the user requires the device to provide proof-of-possession (PoP) of the private key of the ECC key pair, which is certified by the supply chain assurance certificate. This is done either by employing a challenge-response protocol or by having the device digitally sign a nonce and then verifying the signature using the public key. This would then require the clone to have knowledge of the device's private key, which is protected by SRAM-PUF encryption and stored in pNVM. A digital copy of the public certificate alone would no longer be sufficient to prove the device's identity. This protocol thus improves confidence in the authenticity of a device.