公开(公告)号：WO9967919A3

公开(公告)日：2000-03-23

申请号：PCT/US9912734

申请日：1999-06-03

Applicant: CRYPTOGRAPHY RES INC

Inventor： KOCHER PAUL C ,  JAFFE JOSHUA M ,  JUN BENJAMIN C

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

Abstract: Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) (100) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the "standard" DES key K (110), and M1P {M1} XOR M2P {M2} equals the "standard" message. During operation (145) of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

Abstract translation: 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以抵抗外部监视攻击的方法和装置。 本发明改进的DES实现代替使用两个56位密钥（K1和K2）（100）和两个64位明文消息（M1和M2），每个与置换相关联（即，K1P，K2P和M1P，M2P ），使得K1P {K1} XOR K2P {K2}等于“标准”DES密钥K（110），并且M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作（145）期间，优选地通过将新鲜熵引入表中来快速地将信息泄漏出来，周期性地更新表，使得攻击者将不能通过分析测量获得表内容。 该技术可以在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：WO9967766A2

公开(公告)日：1999-12-29

申请号：PCT/US9912739

申请日：1999-06-03

Applicant: CRYPTOGRAPHY RES INC ,  JAFFE JOSHUA M ,  KOCHER PAUL C ,  JUN BENJAMIN C

Inventor： JAFFE JOSHUA M ,  KOCHER PAUL C ,  JUN BENJAMIN C

IPC: H04L9/06 ,  G09C1/12

CPC classification number: H04L9/0618 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L63/1441 ,  H04L2209/122

Abstract: Cryptographic devices that leak information about their secrets through externally monitorable characteristics (such as electromagnetic radiation and power consumption) may be vulnerable to attack, and previously-known methods that could address such leaking are inappropriate for smartcards and many other cryptographic applications. Methods and apparatuses are disclosed for performing computations in which the representation of data, the number of system state transitions at each computational step, and the Hamming weights of all operands are independent of computation inputs, intermediate values, or results. Exemplary embodiments implemented using conventional (leaky) hardware elements (such as electronic components, logic gates, etc.) as well as software executing on conventional (leaky) microprocessors are described. Smartcards and other tamper-resistant devices of the invention provide greatly improved resistance to cryptographic attacks involving external monitoring.

Abstract translation: 通过外部可监控特性（如电磁辐射和功耗）泄露其秘密信息的密码设备可能容易受到攻击，而可能解决此类漏洞的先前已知的方法不适用于智能卡和许多其他密码应用。 公开了用于执行计算的方法和装置，其中数据的表示，每个计算步骤的系统状态转换的数量以及所有操作数的汉明权重与计算输入，中间值或结果无关。 描述了使用常规（泄漏）硬件元件（例如电子元件，逻辑门等）实现的示例性实施例以及在常规（泄漏）微处理器上执行的软件。 本发明的智能卡和其他防篡改装置提供了大大提高的抵抗涉及外部监视的密码攻击的能力。

公开(公告)号：WO9967766A8

公开(公告)日：2000-07-27

申请号：PCT/US9912739

申请日：1999-06-03

Applicant: CRYPTOGRAPHY RES INC

Inventor： JAFFE JOSHUA M ,  KOCHER PAUL C ,  JUN BENJAMIN C

IPC: H04L9/06 ,  G09C1/12

CPC classification number: H04L9/0618 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L63/1441 ,  H04L2209/122

Abstract: Cryptographic devices that leak information about their secrets through externally monitorable characteristics (such as electromagnetic radiation and power consumption) may be vulnerable to attack, and previously-known methods that could address such leaking are inappropriate for smartcard and many other cryptographic applications. Methods and apparatuses are disclosed for performing computations in which the representation of data, the number of system state transitions at each computational step, and the Hamming weights of all operands are independent of computation inputs, intermediate values, or results. Exemplary embodiments (figure 6) implemented using conventional hardware elements such as electronic components (611, 613) and logic gates (610, 620, 630, 640) as well as software executing on conventional microprocessors are described.

Abstract translation: 通过外部可监视特性（如电磁辐射和功耗）泄露其秘密信息的密码设备可能容易受到攻击，并且可能解决此类漏洞的先前已知的方法不适用于智能卡和许多其他密码应用。 公开了用于执行计算的方法和装置，其中数据的表示，每个计算步骤的系统状态转换的数量以及所有操作数的汉明权重与计算输入，中间值或结果无关。 描述了使用诸如电子部件（611,613）和逻辑门（610,620,630,640）的常规硬件元件实现的示例性实施例（图6）以及在常规微处理器上执行的软件。

公开(公告)号：WO2005008385A3

公开(公告)日：2005-05-19

申请号：PCT/US2004021621

申请日：2004-07-07

Applicant: CRYPTOGRAPHY RES INC ,  KOCHER PAUL C ,  JAFFE JOSHUA M ,  JUN BENJAMIN C ,  LAREN CARTER C ,  PEARSON PETER K

Inventor： KOCHER PAUL C ,  JAFFE JOSHUA M ,  JUN BENJAMIN C ,  LAREN CARTER C ,  PEARSON PETER K

IPC: G06Q50/00 ,  G06F20060101 ,  G06F1/00 ,  G06F12/14 ,  G06Q30/00 ,  G09C1/00 ,  G11B20/00 ,  G11B20/10 ,  G11B20/12 ,  G11B27/00 ,  H04L9/08 ,  H04L9/30 ,  H04N5/91 ,  H04N5/913

CPC classification number: G06F21/10 ,  G06F9/445 ,  G06F21/64 ,  G06Q50/188 ,  G11B20/00086 ,  G11B20/00115 ,  G11B20/0021 ,  G11B20/00231 ,  G11B20/00246 ,  G11B20/00253 ,  G11B20/00449 ,  G11B20/00818 ,  G11B20/00884 ,  H04L9/0844 ,  H04L9/302 ,  H04L9/3236 ,  H04L9/3249 ,  H04L9/3271 ,  H04L2209/56 ,  H04L2209/60 ,  H04N5/913 ,  H04N21/4181 ,  H04N21/42646 ,  H04N21/4325 ,  H04N21/4405 ,  H04N21/4627 ,  H04N21/8193 ,  H04N21/8358 ,  H04N2005/91342 ,  H04N2005/91364

Abstract: Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disk (200) carries an encrypted digital video title combined with data processing operations (225) that implement the titles security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations (225), access secure non-volatile storage, submit data to CODECs for output (250), and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies. If pirates compromise a player or title, future content can be mastered with security features that, for example, block the attack, revoke pirated media, or use native code to correct player vulnerabilities.

Abstract translation: 通过实现安全逻辑和内容的集成，公开了技术来将责任和控制权从播放器制造者转移到内容作者。 示例性光盘（200）携带加密的数字视频标题，其与实现标题安全策略和解密处理的数据处理操作（225）组合。 播放器设备包括通过解释其处理操作播放内容的处理环境（例如，实时虚拟机）。 播放器还提供程序调用，使得内容代码能够从媒体加载数据，执行网络通信，确定播放环境配置（225），访问安全的非易失性存储，向CODEC提交数据以输出（250）和/或执行加密操作 。 内容可以在解码输出中插入取证水印，以追踪盗版副本。 如果海盗妥协一个玩家或者标题，那么未来的内容就可以掌握安全功能，例如阻止攻击，撤销盗版媒体或使用本机代码纠正播放器漏洞。