公开(公告)号：US07599488B2

公开(公告)日：2009-10-06

申请号：US11978364

申请日：2007-10-29

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04K3/00 ,  H04L9/00 ,  G06F11/30

CPC分类号： H04L9/0618 ,  G06F1/06 ,  G06F1/266 ,  G06F1/3225 ,  G06F7/00 ,  G06F21/75 ,  G06F21/755 ,  G06F21/77 ,  G06F2207/7223 ,  G06F2207/7266 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G06Q20/382 ,  G06Q20/409 ,  G07F7/08 ,  G07F7/082 ,  G07F7/1008 ,  G09C1/00 ,  H04L9/003 ,  H04L2209/04 ,  H04L2209/08 ,  H04L2209/56 ,  H04L2209/805

摘要： Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

摘要翻译： 从智能卡和其他防篡改加密设备泄露的信息可以进行统计分析，以确定密钥或其他秘密数据。 数据采集​​和分析系统配置有连接的模拟 - 数字转换器，用于测量设备在设备处理期间变化的设备的电力消耗或目标设备的某些其他属性。 当目标设备执行加密操作时，对于每个密码操作记录来自A / D转换器的数据。 然后使用统计分析处理存储的数据，产生整个密钥，或者可以用于加速强力搜索或其他攻击的密钥的部分信息。

公开(公告)号：US09569628B2

公开(公告)日：2017-02-14

申请号：US11387401

申请日：2006-03-23

申请人： Paul C. Kocher ,  Benjamin C. Jun ,  Joshua M. Jaffe

发明人： Paul C. Kocher ,  Benjamin C. Jun ,  Joshua M. Jaffe

IPC分类号： G06F11/30 ,  G06F21/60 ,  G06F21/10 ,  G06F21/72 ,  G06Q20/36 ,  H04L9/08

CPC分类号： G06F21/602 ,  G06F21/10 ,  G06F21/72 ,  G06F2211/007 ,  G06F2221/0753 ,  G06F2221/2101 ,  G06Q20/367 ,  H04L9/0833 ,  H04L2209/127 ,  H04L2209/603

摘要： To prevent piracy, audiovisual content is encrypted prior to transmission to consumers. A low-cost, high-security cryptographic rights module (such as a smartcard) enables devices such as players/displays to decode such content. Security-critical functions may be performed by the cryptographic module in a manner that allows security compromises to be addressed by upgrading or replacing cryptographic modules, thereby avoiding the need to replace or modify other (typically much higher-cost) components. The security module contains cryptographic keys, which it uses to process rights enablement messages (REMs) and key derivation messages (KDMs). From a REM and KDM, the security module derives key data corresponding to content, uses public key and/or symmetric cryptography to re-encrypt the derived key data for another device, and provides the re-encrypted key data to the decoding device. The decoding device then uses cryptographic values derived from the re-encrypted key data to decrypt the content.

摘要翻译： 为了防止盗版，视听内容在传输给消费者之前被加密。 低成本，高安全性的加密权限模块（如智能卡）可使诸如播放器/显示器等设备解码此类内容。 安全关键功能可以由加密模块以允许通过升级或替换加密模块来解决安全危害的方式来执行，从而避免需要替换或修改其他（通常成本更高的成本）组件。 安全模块包含加密密钥，用于处理权限启用消息（REM）和密钥导出消息（KDM）。 从REM和KDM，安全模块导出与内容对应的密钥数据，使用公开密钥和/或对称密码来对另一设备的导出密钥数据进行重新加密，并将重新加密的密钥数据提供给解码设备。 解码装置然后使用从重新加密的密钥数据导出的加密值来解密内容。

公开(公告)号：US07634083B2

公开(公告)日：2009-12-15

申请号：US11643349

申请日：2006-12-21

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： H04L9/0618 ,  G06F1/06 ,  G06F1/266 ,  G06F1/3225 ,  G06F7/00 ,  G06F21/75 ,  G06F21/755 ,  G06F21/77 ,  G06F2207/7223 ,  G06F2207/7266 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G06Q20/382 ,  G06Q20/409 ,  G07F7/08 ,  G07F7/082 ,  G07F7/1008 ,  G09C1/00 ,  H04L9/003 ,  H04L2209/04 ,  H04L2209/08 ,  H04L2209/56 ,  H04L2209/805

摘要： Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

公开(公告)号：US06327661B1

公开(公告)日：2001-12-04

申请号：US09326222

申请日：1999-06-03

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： G06F1214

CPC分类号： H04L63/1441 ,  G06F21/755 ,  G06F2207/7219 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G07F7/082 ,  G07F7/1008 ,  H04K3/825 ,  H04L9/003 ,  H04L9/004 ,  H04L9/0625 ,  H04L2209/08 ,  H04L2209/12 ,  H04L2209/16

摘要： Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. This is generally accomplished by incorporating unpredictable information into the cryptographic processing. Various embodiments of the invention use techniques such as reduction of signal to noise ratios, random noise generation, clock skipping, and introducing entropy into the order of processing operations or the execution path. The techniques may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be deployed in a variety of cryptographic devices.

摘要翻译： 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来保护密码系统免受外部监视攻击的方法和装置。 这通常通过将不可预测的信息合并到密码处理中来实现。 本发明的各种实施例使用诸如降低信噪比，随机噪声产生，时钟跳跃和将熵引入处理操作或执行路径的顺序的技术。 这些技术可以在硬件或软件中实现，可以使用数字和模拟技术的组合，并且可以部署在各种加密设备中。

公开(公告)号：US06278783B1

公开(公告)日：2001-08-21

申请号：US09324798

申请日：1999-06-03

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04K102

CPC分类号： H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

摘要： Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the “standard” DES key K, and M1P {M1} XOR M2P {M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

摘要翻译： 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以防外部监视攻击的方法和装置。 本发明的改进的DES实施方案改为使用两个56位密钥（K1和K2）和两个64位明文消息（M1和M2），每个与排列相关联（即，K1P，K2P和M1P，M2P），使得 K1P {K1} XOR K2P {K2}等于“标准”DES密钥K，M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作期间，优选地通过将新鲜的熵引入到表中比信息泄漏出来更周期地更新表，使得攻击者将不能通过分析测量获得表内容。 该技术可在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：US07787620B2

公开(公告)日：2010-08-31

申请号：US11252898

申请日：2005-10-18

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04L9/22

CPC分类号： H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

摘要： Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P{K1} XOR K2P{K2} equals the “standard” DES key K, and M1P{M1} XOR M2P{M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

摘要翻译： 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以防外部监视攻击的方法和装置。 本发明的改进的DES实施方案改为使用两个56位密钥（K1和K2）和两个64位明文消息（M1和M2），每个与排列相关联（即，K1P，K2P和M1P，M2P），使得 K1P {K1} XOR K2P {K2}等于“标准”DES密钥K，M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作期间，优选地通过将新鲜的熵引入到表中比信息泄漏出来更周期地更新表，使得攻击者将不能通过分析测量获得表内容。 该技术可在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：US07668310B2

公开(公告)日：2010-02-23

申请号：US09930836

申请日：2001-08-15

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04L9/22

CPC分类号： H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

摘要： Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P{K1} XOR K2P {K2} equals the “standard” DES key K, and M1P{M1} XOR M2P{M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

摘要翻译： 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以防外部监视攻击的方法和装置。 本发明的改进的DES实施方案改为使用两个56位密钥（K1和K2）和两个64位明文消息（M1和M2），每个与排列相关联（即，K1P，K2P和M1P，M2P），使得 K1P {K1} XOR K2P {K2}等于“标准”DES密钥K，M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作期间，优选地通过将新鲜的熵引入到表中比信息泄漏出来更周期地更新表，使得攻击者将不能通过分析测量获得表内容。 该技术可在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：US07587044B2

公开(公告)日：2009-09-08

申请号：US10005105

申请日：2001-12-03

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： H04L9/0618 ,  G06F1/06 ,  G06F1/266 ,  G06F1/3225 ,  G06F7/00 ,  G06F21/75 ,  G06F21/755 ,  G06F21/77 ,  G06F2207/7223 ,  G06F2207/7266 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G06Q20/382 ,  G06Q20/409 ,  G07F7/08 ,  G07F7/082 ,  G07F7/1008 ,  G09C1/00 ,  H04L9/003 ,  H04L2209/04 ,  H04L2209/08 ,  H04L2209/56 ,  H04L2209/805

摘要： Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

公开(公告)号：US08879724B2

公开(公告)日：2014-11-04

申请号：US12637565

申请日：2009-12-14

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04L9/00 ,  G06F21/00 ,  G07F7/08 ,  G06Q20/34 ,  G06F21/75 ,  G06F21/55 ,  G06F7/00 ,  G07F7/10 ,  G06F21/77 ,  G06K19/073

CPC分类号： H04L9/0618 ,  G06F1/06 ,  G06F1/266 ,  G06F1/3225 ,  G06F7/00 ,  G06F21/75 ,  G06F21/755 ,  G06F21/77 ,  G06F2207/7223 ,  G06F2207/7266 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G06Q20/382 ,  G06Q20/409 ,  G07F7/08 ,  G07F7/082 ,  G07F7/1008 ,  G09C1/00 ,  H04L9/003 ,  H04L2209/04 ,  H04L2209/08 ,  H04L2209/56 ,  H04L2209/805

摘要： Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

摘要翻译： 从智能卡和其他防篡改加密设备泄露的信息可以进行统计分析，以确定密钥或其他秘密数据。 数据采集​​和分析系统配置有连接的模拟 - 数字转换器，用于测量设备在设备处理期间变化的设备的电力消耗或目标设备的某些其他属性。 当目标设备执行加密操作时，对于每个密码操作记录来自A / D转换器的数据。 然后使用统计分析处理存储的数据，产生整个密钥，或者可以用于加速强力搜索或其他攻击的密钥的部分信息。

公开(公告)号：US07039816B2

公开(公告)日：2006-05-02

申请号：US10695256

申请日：2003-10-27

申请人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

发明人： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC分类号： H04N7/167 ,  H04L9/30

CPC分类号： G06F21/602 ,  G06F21/10 ,  G06F21/72 ,  G06F2211/007 ,  G06F2221/0753 ,  G06F2221/2101 ,  G06Q20/367 ,  H04L9/0833 ,  H04L2209/127 ,  H04L2209/603

摘要： To prevent piracy, audiovisual content is encrypted prior to transmission to consumers. A low-cost, high-security cryptographic rights module (such as a smartcard) enables devices such as players/displays to decode such content. Security-critical functions may be performed by the cryptographic module in a manner that allows security compromises to be addressed by upgrading or replacing cryptographic modules, thereby avoiding the need to replace or modify other (typically much higher-cost) components. The security module contains cryptographic keys, which it uses to process rights enablement messages (REMs) and key derivation messages (KDMs). From a REM and KDM, the security module derives key data corresponding to content, uses public key and/or symmetric cryptography to re-encrypt the derived key data for another device, and provides the re-encrypted key data to the decoding device. The decoding device then uses cryptographic values derived from the re-encrypted key data to decrypt the content.

摘要翻译： 为了防止盗版，视听内容在传输给消费者之前被加密。 低成本，高安全性的加密权限模块（如智能卡）可使诸如播放器/显示器等设备解码此类内容。 安全关键功能可以由加密模块以允许通过升级或替换加密模块来解决安全危害的方式来执行，从而避免需要替换或修改其他（通常成本更高的成本）组件。 安全模块包含加密密钥，用于处理权限启用消息（REM）和密钥导出消息（KDM）。 从REM和KDM，安全模块导出与内容对应的密钥数据，使用公开密钥和/或对称密码来对另一设备的导出密钥数据进行重新加密，并将重新加密的密钥数据提供给解码设备。 解码装置然后使用从重新加密的密钥数据导出的加密值来解密内容。