-
51.发明授权公开(公告)号:US08644500B2
公开(公告)日:2014-02-04
申请号:US12806768
申请日:2010-08-20
申请人: Augustin J. Farrugia , Thomas Icart , Mathieu Ciet
发明人: Augustin J. Farrugia , Thomas Icart , Mathieu Ciet
IPC分类号: H04L29/06
CPC分类号: H04L9/0631 , H04L2209/043 , H04L2209/16
摘要: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature using a block type cipher such as AES implemented for instance in a “whitebox” model with the cipher key either known or unknown at the compilation time. This method is secure for use in entrusted environments, particularly for securing cryptographic keys. The look up tables characteristic of such algorithms are protected against attack here by making all such tables of the same size and indistinguishable, and further by masking the output values of such tables, typically where the tables carry out a permutation function or a logical exclusive OR operation.
摘要翻译: 使用例如在“白盒”模式中实现的诸如AES之类的块类型密码的加密算法的安全性的加密算法的安全性的方法和装置,所述密码算法在编译时具有已知或未知的密码密钥。 这种方法是安全的,用于委托环境,特别是用于保护加密密钥。 这种算法特征的查找表可以通过使所有这些相同尺寸和不可区分的表格进行保护,防止这种攻击,并进一步通过掩蔽这些表的输出值,通常在表执行置换功能或逻辑异或 操作。
-
公开(公告)号:US20130108038A1
公开(公告)日:2013-05-02
申请号:US13308452
申请日:2011-11-30
申请人: Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
发明人: Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
IPC分类号: H04L9/28
CPC分类号: H04L9/0643
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a hash based on the Collatz conjecture. The Collatz conjecture is based on a set of operations for a given number n that are performed iteratively on n, with one operation performed if n is even, and another operation performed if n is odd. Operating on an input value according to the Collatz conjecture for a specified number of iterations produces an output value that can then be used as a hash in a cryptographic function. The hash function performs steps according to the Collatz conjecture, or a modification thereof, on the value n for r iterations, and outputs a resulting hash value. The hash function can apply more complex variations, such as adding multiplication, addition, modulo or other operation(s) in the even and/or odd operations. The hash value can be used to pad blocks of a message.
摘要翻译: 本文公开了用于基于Collatz推测来生成散列的系统,方法和非暂时的计算机可读存储介质。 Collatz猜想基于对n进行迭代执行的给定数量n的一组操作,如果n是偶数,则执行一个操作,并且如果n是奇数则执行另一个操作。 对于指定数量的迭代,根据Collatz推测对输入值进行操作会产生一个输出值,然后可以将其用作加密函数中的散列。 散列函数根据Collatz推测或其修改对r值的n值执行步骤,并输出所得到的散列值。 散列函数可以应用更复杂的变化,例如在偶数和/或奇数运算中添加乘法,加法,模或其他操作。 哈希值可以用于填充消息块。
-
53.发明授权Media storage structures for storing content, devices for using such structures, systems for distributing such structures 有权用于存储内容的媒体存储结构,用于使用这种结构的装置,用于分发这种结构的系统公开(公告)号:US08347098B2
公开(公告)日:2013-01-01
申请号:US11752276
申请日:2007-05-22
IPC分类号: H04L29/06
CPC分类号: G06F21/10
摘要: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.
摘要翻译: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如,在一些实施例中,内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容,没有任何限制。 然而,对于除播放之外的至少一个操作或服务,在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中,系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器,其提供(1)存储内容的媒体存储结构,(2)解密设备限制的内容所需的密码密钥,以及(3)需要的验证参数 验证设备无限制的内容。 在一些实施例中,接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中,该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时,首次播放时或在其他时间对内容进行解密。 然而,一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。
-
公开(公告)号:US08200727B2
公开(公告)日:2012-06-12
申请号:US12031552
申请日:2008-02-14
CPC分类号: G06F7/58 , H04L9/0662 , H04L9/3236 , H04L2209/26 , H04L2209/603
摘要: Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness. This diversity function is for instance double encryption. An anti-replay feature is also included by which the pool of random numbers is subject to a check on each cycle to make sure that there has been no duplication of the input random numbers.
摘要翻译: 用于确保由常规计算机操作系统或电子设备产生的伪随机数的随机性的方法和装置。 在计算机操作系统或电子设备中使用的通常的伪随机数生成器可以被黑客(盗版者)穿透,黑客(盗版者)通过篡改输入的随机数来使用随机数进行加密或其他所谓的安全处理,从而使其不随机。 本方法和装置旨在验证这样的随机数,以确保它们确实是随机的,通过应用适当的随机测试。 只有当值通过测试时,它们才被传递以用于加密或其他过程。 如果测试失败,则会从伪随机数发生器请求一组新的随机数。 这些再次测试。 此外,即使已经通过随机数测试来提高其随机性,也可以将分集函数应用于随机数。 这种分集功能是例如双重加密。 还包括反重播功能,通过该功能,随机数池将在每个周期进行检查,以确保输入随机数没有重复。
-
公开(公告)号:US20100306497A1
公开(公告)日:2010-12-02
申请号:US12475377
申请日:2009-05-29
IPC分类号: G06F12/02
CPC分类号: G06F21/14
摘要: In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion.
摘要翻译: 在计算机软件领域中,对计算机程序的一部分或访问的计算机数据进行混淆(掩蔽或隐藏)的方法和装置。 该方法根据表中每个元素的位置或位置来保护(隐藏)对数据表的访问。 它通过提供描述第一表或表的元素的位置但以变换(修改)的方式来提供中间表。
-
公开(公告)号:US20100058477A1
公开(公告)日:2010-03-04
申请号:US12203036
申请日:2008-09-02
IPC分类号: H04K1/00
CPC分类号: H04L9/0612 , G06F7/00 , G06F21/125 , G06F2207/7252 , H04L9/002 , H04L2209/08 , H04L2209/12 , H04L2209/16
摘要: Disclosed herein are systems, methods, computer readable media and special purpose processors for obfuscating code. The method includes extracting an operation within program code, selecting a formula to perform the equivalent computation as the extracted operation, and replacing the extracted operation with the selected formula. The formula can be selected randomly or deterministically. The extracted operation can be an arithmetic operation or a Boolean operation.
摘要翻译: 本文公开了用于对代码进行混淆的系统,方法,计算机可读介质和专用处理器。 该方法包括提取程序代码内的操作,选择一个公式以执行与提取的操作等效的计算,并用所选公式替换提取的操作。 公式可以随机或确定地选择。 提取的操作可以是算术运算或布尔运算。
-
公开(公告)号:US20100054459A1
公开(公告)日:2010-03-04
申请号:US12203101
申请日:2008-09-02
IPC分类号: H04L9/28
CPC分类号: H04L9/00 , H04L2209/16
摘要: Disclosed herein are methods for obfuscating data on a client, on a server, and on a client and a server. The method on a client device includes receiving input data, storing an operation value in a secure location, performing a modulus obfuscation on the operation value, performing a modulus operation on the operation value and the input data, performing a modulus transformation on the operation value and the input data to obtain client output data, and checking if the client output data matches corresponding server output data. The method on a server device includes receiving input data, performing a modulus transformation on the input data to obtain a result, performing a plain operation on the result and an operation value to obtain server output data, and checking if the server output data matches corresponding client output data from a client device that (1) receives input data, (2) stores an operation value in a secure location, (3) performs a modulus obfuscation on the operation value, (4) performs a modulus operation on the operation value and the input data, and (5) performs a modulus transformation on the operation value and the input data to obtain client output data. In an optional step applicable to both clients and servers, the method further includes authenticating the client input data and the server input data if the server output data matches the client output data. In one aspect, server input data and client input data pertain to a cryptographic key.
摘要翻译: 这里公开了用于在客户端,服务器上以及在客户端和服务器上模糊数据的方法。 客户端装置的方法包括接收输入数据,将操作值存储在安全位置,对运算值进行模糊混淆,对运算值和输入数据进行模运算,对运算值进行模变换 和输入数据,以获取客户端输出数据,并检查客户端输出数据是否匹配相应的服务器输出数据。 服务器装置上的方法包括:接收输入数据,对输入数据进行模数变换,得到结果,对结果执行简单操作,得到操作值,得到服务器输出数据,并检查服务器输出数据是否匹配对应 (1)接收输入数据的客户端输出数据,(2)将操作值存储在安全位置,(3)对运算值进行模糊混淆,(4)对运算值进行模运算 和输入数据,(5)对运算值和输入数据进行模变换,得到客户输出数据。 在适用于客户端和服务器的可选步骤中,如果服务器输出数据与客户端输出数据匹配,则该方法还包括验证客户端输入数据和服务器输入数据。 在一个方面,服务器输入数据和客户端输入数据属于加密密钥。
-
58.发明申请METHOD AND APPARATUS FOR DATA PROTECTION SYSTEM USING GEOMETRY OF FRACTALS OR OTHER CHAOTIC SYSTEMS 审中-公开数据保护系统的使用方法和装置,使用分形或其他混沌系统的几何公开(公告)号:US20100031039A1
公开(公告)日:2010-02-04
申请号:US12031525
申请日:2008-02-14
IPC分类号: H04L9/00
CPC分类号: H04L9/001 , H04L9/3242 , H04L9/3297
摘要: In computer based data security systems which involve entity authenticating or document time stamping or other cases where data is to be derived from a previous state, the necessary linking values are calculated using recursive chaos based equations such as the type used in fractal theory (the Mandelbrot set) or the Lorentz attractor or other similar approaches. In each case a value in each step is calculated using these equations so that each authentication or timestamp or other data derivation is linked to the previous one in a chaotic way. This makes it impossible to calculate any one value in the link series without having the previous value, due to the chaos aspect thereby enhancing security.
摘要翻译: 在基于计算机的数据安全系统中,涉及实体认证或文档时间戳或其他数据将从先前状态导出的情况下,使用递归混沌方程计算所需的链接值,例如分形理论中使用的类型(Mandelbrot 设置)或洛伦兹吸引子或其他类似方法。 在每种情况下,使用这些等式计算每个步骤中的值,使得每个认证或时间戳或其他数据推导以混乱的方式与前一个相关联。 这使得不可能在没有先前值的情况下计算链路序列中的任何一个值,这是由于混乱方面从而增强了安全性。
-
公开(公告)号:US20090271636A1
公开(公告)日:2009-10-29
申请号:US12109283
申请日:2008-04-24
IPC分类号: H04L9/06
CPC分类号: H04L9/0618 , H04L9/0656
摘要: Computer related method and apparatus to transmit a logical value (e.g., 1 or 0) between two entities, such as an operating system and application program, in a secure way in an insecure environment. The logical status is sent by in effect encrypting it using two random numbers, one from each entity, before sending it to the other entity. However the encrypting is much “lighter” (requiring much less computer or circuit resources) than any conventional secure cipher and has a built-in verification feature.
摘要翻译: 计算机相关方法和装置,以安全的方式在不安全的环境中传送诸如操作系统和应用程序的两个实体之间的逻辑值(例如,1或0)。 逻辑状态在发送给另一个实体之前通过实际加密来发送,使用两个随机数,一个来自每个实体。 然而,与任何传统的安全密码相比,加密比“更轻”(需要更少的计算机或电路资源),并具有内置的验证功能。
-
60.发明申请COMBINATION WHITE BOX/BLACK BOX CRYPTOGRAPHIC PROCESSES AND APPARATUS 有权组合白盒/黑盒CRYPTOGRAPHIC PROCESSES AND APPARATUS公开(公告)号:US20090252327A1
公开(公告)日:2009-10-08
申请号:US12061363
申请日:2008-04-02
IPC分类号: H04L9/06
CPC分类号: H04L9/002 , H04L9/3066 , H04L2209/16 , H04L2209/603
摘要: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol. The chief advantage is that even given a limited code size for the cryptographic process, the security of the system is improved by carrying out the more computationally intensive functions more efficiently in the black box portion and executing the less computationally intensive function in the white box portion.
摘要翻译: 用于提高加密算法的安全性的方法和装置,例如解密,加密或数字签名。 提供了一种加密算法和密钥,使得例如在两部分之间进行解密处理。 在第一部分中执行的加密算法的部分被实现在“白盒”模型中,使得即使对于完全访问内部操作,代码执行和用户设备的存储器的用户的攻击也是非常安全的 ,如黑客或攻击者。 算法的剩余部分在第二部分中进行。 由于该第二部分具有放松的安全约束,因此其代码可以使用“黑箱”方法来实现,其中其代码执行可能更有效和更快,而不需要用户设备中的白盒实现的代码混淆。 可以使用委托协议来实现该分区。 主要的优点是,即使给出密码过程的有限的代码大小,通过在黑盒部分中更有效地执行更多的计算密集型函数,并且在白盒部分中执行较少的计算密集型函数来提高系统的安全性 。
-
-
-
-
-
-
-
-
-
搜索结果
174 条记录 (耗时 0.039 秒)
