US Patent 12095933 PUF-protected pseudo-homomorphic methods to generate session keys

Systems and methods for the generation and use of session keys supporting secure communications between a client and server device are disclosed. The client device has or receives a password, which it hashes a predetermined first number of times. The hashed password is sent as a message digest to a server. The server applies the hashed password to a an array of PUF devices, and receives a response bitstream which is stored. The client later hashes the password a second predetermined number of times, which is less than the first predetermined number, and this second message digest is sent to the server. The server continues to hash the second message digest, generate PUF responses, and compare the result to the initially stored responses. The number of hashes necessary to achieve a match is the session key.