-
公开(公告)号:US20240137747A1
公开(公告)日:2024-04-25
申请号:US18277530
申请日:2022-02-15
申请人: Irdeto B.V.
发明人: Sheng-Bo XU
IPC分类号: H04W8/20 , H04W12/0431 , H04W12/069
CPC分类号: H04W8/205 , H04W12/0431 , H04W12/069
摘要: There is described a method, at a server system, of providing a mobile network operator (MNO) profile to a client device. The client device has a SIM software application stored thereon so as to provide the client device with a secured software implementation of SIM card functionality. The method comprises: (a) based on a unique identifier of the client device, identifying a unique key, KSIM, of the SIM software application stored on the client device; (b) based on an MNO associated with the client device, identifying an unused MNO profile associated with the MNO; (c) encrypting the identified MNO profile so as to provide an encrypted MNO profile, wherein the encrypting comprises encrypting at least part of the identified MNO profile using KSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
-
公开(公告)号:US20240095593A1
公开(公告)日:2024-03-21
申请号:US18368209
申请日:2023-09-14
申请人: Irdeto B.V.
发明人: Robert DURAND , Philip EISEN , Thomas HICKIE
IPC分类号: G06N20/00
CPC分类号: G06N20/00
摘要: A machine learning model protection method comprising: generating, based on a set of parameters that define a machine learning model, an item of software which, when executed by one or more processors, provides an implementation for the machine learning model; and applying one or more software protection techniques to the item of software.
-
公开(公告)号:US20240045952A1
公开(公告)日:2024-02-08
申请号:US18227589
申请日:2023-07-28
申请人: Irdeto B.V.
发明人: Peter ROELSE
IPC分类号: G06F21/55
CPC分类号: G06F21/554
摘要: A method of protecting an implementation of a neural network against a cloning attack, the neural network configured to generate a result based on an input sample from a predetermined domain of possible samples, the neural network trained to provide functionality corresponding to a subset of the domain, wherein the method comprises: receiving, from a user, a plurality of queries having a corresponding query sample from the domain and, for each query, performing a first test to determine whether or not the corresponding query sample is a member of the subset; performing a second test to identify whether the user is performing a cloning attack against the neural network, wherein the second test identifies that the user is performing a cloning attack against the neural network if a number of queries from the plurality of queries for which the corresponding query sample is determined to not be a member of the subset exceeds a first threshold value; and in response to the second test identifying that the user is performing a cloning attack against the neural network, performing one or more countermeasures for the cloning attack.
-
公开(公告)号:US20230367704A1
公开(公告)日:2023-11-16
申请号:US18144949
申请日:2023-05-09
申请人: Irdeto B.V.
IPC分类号: G06F11/36
CPC分类号: G06F11/3688 , G06F11/3644 , G06F11/3692
摘要: A method for a testing system to perform fuzzy testing of a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed, wherein the mutation process is configured, at least in part, by mutation guidance information; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in the ranked plurality of queues has an associated seed addition criterion and wherein performing each test comprises either (a) adding the test seed to the highest ranked queue in the ranked plurality of queues for which the test seed meets the seed addition criterion associated with that queue; or (b) discarding the test seed if the test seed does not meet the seed addition criterion associated with any of the queues in the ranked plurality of queues; wherein the seed addition criteria are configured so that, if processing of a first test seed by the software system involves execution of, or an execution path approaching, a callable unit of interest and if processing of a second test seed by the software system does not involve execution of, or an execution path approaching, a callable unit of interest, then the queue to which the first test seed is added is of higher rank than the queue to which the second test seed is added, wherein a callable unit is a callable unit of interest if the current number of tests that have resulted in execution of that callable unit is less than the target number of times that callable unit is to be tested.
-
公开(公告)号:US11675880B2
公开(公告)日:2023-06-13
申请号:US17089848
申请日:2020-11-05
申请人: IRDETO B.V.
发明人: Benjamin Geoffrey Gidley , Catherine Chambers , Yaser Eftekhari Roozbehani , Yegui Cai , Yuan Xiang Gu
CPC分类号: G06F21/128 , G06F21/16 , G06F21/54 , G06F21/554 , G06F21/6245 , H04L9/3271 , H04L2209/16 , H04L2209/608
摘要: A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
-
公开(公告)号:US11599651B2
公开(公告)日:2023-03-07
申请号:US16623424
申请日:2018-07-05
申请人: IRDETO B.V.
发明人: Peter Williams , Andrew Williams , Colin Hutchings
摘要: A computer-implemented method, in which an access request in relation to data is received. There is Error Correcting Code (ECC) data relating to the data, and the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. The ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. A first integrity verification verifies the integrity of at least the data. If the first integrity verification procedure fails, an error analysis procedure is performed based on the data and the ECC data. Responsive to generation of corrected data by the error analysis procedure, a second integrity verification verifies the integrity of the corrected data. If the second integrity verification is successful, the access request is allowed using the corrected data.
-
公开(公告)号:US11514159B2
公开(公告)日:2022-11-29
申请号:US17546707
申请日:2021-12-09
申请人: IRDETO B.V.
发明人: Ron Vandergeest
摘要: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
-
公开(公告)号:US20220171697A1
公开(公告)日:2022-06-02
申请号:US17191791
申请日:2021-03-04
申请人: IRDETO B.V.
发明人: Lama MOUKAHAL , Mohammad ZULKERNINE
摘要: A method of fuzzy testing a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in the ranked plurality of queues has an associated seed addition criterion and wherein performing each test comprises either (a) adding the test seed to the highest ranked queue in the ranked plurality of queues for which the test seed meets the seed addition criterion associated with that queue; or (b) discarding the test seed if the test seed does not meet the seed addition criterion associated with any of the queues in the ranked plurality of queues; wherein the seed addition criteria are configured so that, if processing of a first test seed by the software system involves execution of, or an execution path approaching, a callable unit of interest and if processing of a second test seed by the software system does not involve execution of, or an execution path approaching, a callable unit of interest, then the queue to which the first test seed is added is of higher rank than the queue to which the second test seed is added, wherein a callable unit is a callable unit of interest if the current number of tests that have resulted in execution of that callable unit is less than the target number of times that callable unit is to be tested.
-
公开(公告)号:US11316898B2
公开(公告)日:2022-04-26
申请号:US16022020
申请日:2018-06-28
申请人: IRDETO B.V.
摘要: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
-
公开(公告)号:US11263316B2
公开(公告)日:2022-03-01
申请号:US16545925
申请日:2019-08-20
申请人: IRDETO B.V.
摘要: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
-
-
-
-
-
-
-
-
-
搜索结果
168 条记录 (耗时 0.027 秒)
