| Patent application number | Description | Published |
|---|
| 20080294901 | Media Storage Structures for Storing Content, Devices for Using Such Structures, Systems for Distributing Such Structures - Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content. | 11-27-2008 |
| 20090154704 | Method and apparatus for securing content using encryption with embedded key in content - Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers. | 06-18-2009 |
| 20090208014 | METHOD AND APPARATUS FOR VERIFYING AND DIVERSIFYING RANDOMNESS - Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness. This diversity function is for instance double encryption. An anti-replay feature is also included by which the pool of random numbers is subject to a check on each cycle to make sure that there has been no duplication of the input random numbers. | 08-20-2009 |
| 20090235089 | COMPUTER OBJECT CODE OBFUSCATION USING BOOT INSTALLATION - In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software. This boot loader then selects which particular process to use for the code execution at the time of installation in accordance with the value. This results in different versions of the obfuscated code being provided to each recipient installation, which further enhances security of the code against reverse engineering by hackers. | 09-17-2009 |
| 20090238360 | EXPONENTIATION LADDER FOR CRYPTOGRAPHY - Method and apparatus for data security using exponentiation. This is suitable for public key cryptography authentication and other data security applications using a one-way function. A type of exponentiation is disclosed here where the bits of an exponent value expressed in binary form correspond to a course (path) in a given graph defining the one-way function. This uses an approach called here F sequences. Each value is in a ladder of a sequence of values, as defined from its predecessor values. This ladder satisfies certain algebraic identities and is readily calculated by a computer program or logic circuitry. | 09-24-2009 |
| 20090245506 | FOURIER SERIES BASED AUTHENTICATION/DERIVATION - For purposes of cryptographic authentication, verification and digital signature processes, a derivation function is provided. The derivation function is generated from a Fourier series, using a prime number to compute the initial value in the series. | 10-01-2009 |
| 20090245510 | BLOCK CIPHER WITH SECURITY INTRINSIC ASPECTS - A block cipher or other cryptographic process intended to be efficiently implemented in hardware (circuitry) includes an s-box (substitution operation) which does not require a look up table, but may be implemented solely with Boolean logic operations (logic gates). Also provided is an associated key scheduling process. | 10-01-2009 |
| 20090249068 | CONTENT PROTECTION INFORMATION USING FAMILY OF QUADRATIC MULTIVARIATE POLYNOMIAL MAPS - A computer based method and apparatus to tie content protection information to recipient devices via a family of deterministic permutations of quadratic multivariate polynomial maps used for computing an HMAC (Hash Message Authentication Code) or a signed digest. This allows digital rights management (DRM) systems to customize the protection information (such as an HMAC or signed digest) for audio and video content, whereby such protection information for a piece of content differs for different recipient devices or for types of recipient devices. | 10-01-2009 |
| 20090249108 | SILENT TIME TAMPERING DETECTION - Computers and other electronic devices typically include a timing operation such as a clock in an operating system. It is anticipated that hackers may tamper with this clock. This tampering might be especially advantage in the context of systems which provide for rental of audio and video content, such as movies. Tampering with the system clock on the playing device would allow an extension of the rental period to the detriment of the provider of the rental content. Hence the present method is directed to detecting clock modifications both in terms of time shifting and clock rate tampering. This detection is done using digital signal processing. | 10-01-2009 |
| 20090252327 | COMBINATION WHITE BOX/BLACK BOX CRYPTOGRAPHIC PROCESSES AND APPARATUS - Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol. The chief advantage is that even given a limited code size for the cryptographic process, the security of the system is improved by carrying out the more computationally intensive functions more efficiently in the black box portion and executing the less computationally intensive function in the white box portion. | 10-08-2009 |
| 20090271636 | COMPUTER ENABLED SECURE STATUS RETURN - Computer related method and apparatus to transmit a logical value (e.g., 1 or 0) between two entities, such as an operating system and application program, in a secure way in an insecure environment. The logical status is sent by in effect encrypting it using two random numbers, one from each entity, before sending it to the other entity. However the encrypting is much “lighter” (requiring much less computer or circuit resources) than any conventional secure cipher and has a built-in verification feature. | 10-29-2009 |
| 20090279689 | SYSTEM AND METHOD OF AUTHENTICATION - Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S( | 11-12-2009 |
| 20090279691 | SECURE DISTRIBUTION OF DATA OR CONTENT USING KEYLESS TRANSFORMATION - A computer enabled method and apparatus for encrypting and decrypting data using a keyless transformation cryptographic technique. Data is protected using a keyless (unkeyed) complex mathematical transformation, in contrast to a traditional cryptographic algorithm using a secret key. This approach is resistant to both static analysis (hacking) performed on executable encryption/decryption code, as well as dynamic analysis performed during execution (runtime) of ciphering or deciphering. The method uses a family of asymmetric data transformations based on Galois field polynomials. | 11-12-2009 |
| 20090279696 | SYSTEM AND METHOD OF PERFORMING AUTHENTICATION - Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value y | 11-12-2009 |
| 20090282245 | SECURITY METHOD AND SYSTEM FOR MEDIA PLAYBACK DEVICES - A Digital Rights Management (DRM) system for distribution of digital content such as audio or video uses a method to enhance security of the content from unauthorized access and use, including access by unauthorized players. The method does not necessarily require a token exchange and thereby minimizes storage demands on the server which distributes the digital content. The system generates and distributes keys for decryption of the digital content whereby the keys are unique to a specific player and user account. | 11-12-2009 |
| 20090319769 | DISCRETE KEY GENERATION METHOD AND APPARATUS - A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period. | 12-24-2009 |
| 20100031039 | METHOD AND APPARATUS FOR DATA PROTECTION SYSTEM USING GEOMETRY OF FRACTALS OR OTHER CHAOTIC SYSTEMS - In computer based data security systems which involve entity authenticating or document time stamping or other cases where data is to be derived from a previous state, the necessary linking values are calculated using recursive chaos based equations such as the type used in fractal theory (the Mandelbrot set) or the Lorentz attractor or other similar approaches. In each case a value in each step is calculated using these equations so that each authentication or timestamp or other data derivation is linked to the previous one in a chaotic way. This makes it impossible to calculate any one value in the link series without having the previous value, due to the chaos aspect thereby enhancing security. | 02-04-2010 |
| 20100054459 | SYSTEM AND METHOD FOR MODULUS OBFUSCATION - Disclosed herein are methods for obfuscating data on a client, on a server, and on a client and a server. The method on a client device includes receiving input data, storing an operation value in a secure location, performing a modulus obfuscation on the operation value, performing a modulus operation on the operation value and the input data, performing a modulus transformation on the operation value and the input data to obtain client output data, and checking if the client output data matches corresponding server output data. The method on a server device includes receiving input data, performing a modulus transformation on the input data to obtain a result, performing a plain operation on the result and an operation value to obtain server output data, and checking if the server output data matches corresponding client output data from a client device that (1) receives input data, (2) stores an operation value in a secure location, (3) performs a modulus obfuscation on the operation value, (4) performs a modulus operation on the operation value and the input data, and (5) performs a modulus transformation on the operation value and the input data to obtain client output data. In an optional step applicable to both clients and servers, the method further includes authenticating the client input data and the server input data if the server output data matches the client output data. In one aspect, server input data and client input data pertain to a cryptographic key. | 03-04-2010 |
| 20100054461 | SYSTEMS AND METHODS FOR IMPLEMENTING BLOCK CIPHER ALGORITHMS ON ATTACKER-CONTROLLED SYSTEMS - Systems and methods for an implementation of block cipher algorithms (e.g., AES) use lookup tables to obscure key information, increasing difficulty for those with privileged access to a system performing the AES algorithm to obtain such key information. The implementation encodes round key information into a first plurality of tables (T1), which when used for lookup operations also complete SubBytes operations, and output state in an encoded format. A Shiftrows operation is performed arithmetically on the state output from the T1 table lookups. A second plurality of tables (T2) are used to perform a polynomial multiplication portion of MixColumns to state from Shiftrows, and an XOR portion of MixColumns is performed arithmetically on the columns outputted from using the T2 tables. Encoding from the T1 tables is made to match a decoding built into the T2 tables. Subsets of the T1 tables use the same T2 tables, reducing a memory footprint for the T2 tables. Multiple AES keys can be embedded in different sets of T1 tables that encode for the same set of T2 tables. | 03-04-2010 |
| 20100058477 | SYSTEM AND METHOD FOR REVISING BOOLEAN AND ARITHMETIC OPERATIONS - Disclosed herein are systems, methods, computer readable media and special purpose processors for obfuscating code. The method includes extracting an operation within program code, selecting a formula to perform the equivalent computation as the extracted operation, and replacing the extracted operation with the selected formula. The formula can be selected randomly or deterministically. The extracted operation can be an arithmetic operation or a Boolean operation. | 03-04-2010 |
| 20100098244 | SYSTEM AND METHOD FOR STREAM/BLOCK CIPHER WITH INTERNAL RANDOM STATES - Disclosed herein are systems, methods, and computer readable-media for performing data encryption and decryption using a stream or block cipher with internal random states. The method includes splitting the input data into a predetermined number of blocks and processing each block. The processing includes creating sub-blocks, permuting the sub-blocks, replacing bytes using a lookup table, rotating bits, performing expansion and combining sets of bits. The element of randomness employed in this process allows for the same input to yield the same output, with differing internal states. | 04-22-2010 |
| 20100098255 | SYSTEM AND METHOD FOR A DERIVATION FUNCTION FOR KEY PER PAGE - Disclosed herein are systems, methods and computer-readable media to perform data encryption and decryption using a derivation function to obtain a key per page of data in a white-box environment. The method includes sharing a master key with the sender and receiver, splitting the input data into blocks and sub-blocks, and utilizing a set of keys and a master key to derive a page key. In another aspect of this disclosure, the key validation and shuffling operations are included. This method allows for the derivation of a key instead of storing a predetermined key, thus maintaining system security in a white-box environment. | 04-22-2010 |
| 20100100947 | SCHEME FOR AUTHENTICATING WITHOUT PASSWORD EXCHANGE - Aspects relate to systems and methods implementing a scheme allowing a Verifier (V) to authenticate a Prover (P). The scheme comprises pre-sharing between V and P a graph of nodes. Each node is associated with a polynomial. V sends P data comprising data for selecting a polynomial of the graph, such as traversal data for proceeding from a known node to another node, a time interval, and a number k. P uses the time interval in an evaluation of the polynomial. P then uses the evaluation as a λ in a Poisson distribution, and determines a value related to a probability that a number of occurrences of an event equals k. P sends the determined value to V. V performs a similar determination to arrive at a comparison value. P authenticates V if the separately determined values match, or otherwise meet expectations. The process can be repeated to increase confidence in authentication. | 04-22-2010 |
| 20100111292 | AGGREGATE AND PARALLELIZABLE HASH FUNCTION - A hash provides aggregation properties, and allows distributed and/or concurrent processing. In an example, the hash operates on message M, and produces a multiplicative matrix sequence by substituting a 2×2 matrix A for binary ones and substituting a 2×2 matrix B for binary zeros in M. A and B are selected from SL | 05-06-2010 |
| 20100115230 | HASH FUNCTIONS USING RECURRENCY AND ARITHMETIC - Aspects relate to systems and methods for implementing a hash function using a stochastic and recurrent process, and performing arithmetic operations during the recurrence on portions of a message being hashed. In an example method, the stochastic process is a Galton-Watson process, the message is decomposed into blocks, and the method involves looping for a number of blocks in the message. In each loop, a current hash value is determined based on arithmetic performed on a previous hash value and some aspect of a current block. The arithmetic performed can involve modular arithmetic, such as modular addition and exponentiation. The algorithm can be adjusted to achieve qualities including a variable length output, or to perform fewer or more computations for a given hash. Also, randomizing elements can be introduced into the arithmetic, avoiding a modular reduction until final hash output production. | 05-06-2010 |
| 20100115276 | SYSTEM AND METHOD FOR DERIVATING DETERMINISTIC BINARY VALUES - Disclosed herein are systems, computer-implemented methods, and computer-readable media for deriving a deterministic binary value. The method consists of generating a graph from multiple inputs, formalizing the graph, calculating paths between starting and ending nodes in the graph using a shortest path algorithm and performing a digest operation based on the derived paths to generate a deterministic binary value. In another aspect of this disclosure, authentication is performed utilizing deterministic binary values and a graph-merging function. This method allows for diversity in complexity, thus maintaining security on different computer platforms. | 05-06-2010 |
| 20100115287 | SYSTEM AND METHOD FOR OBFUSCATING CONSTANTS IN A COMPUTER PROGRAM - Disclosed herein are systems, computer-implemented methods, and tangible computer-readable media for obfuscating constants in a binary. The method includes generating a table of constants, allocating an array in source code, compiling the source code to a binary, transforming the table of constants to match Pcode entries in an indirection table so that each constant in the table of constants can be fetched by an entry in the indirection table. A Pcode is a data representation of a set of instructions populating the indirection table with offsets toward the table of constants storing the indirection table in the allocated array in the compiled binary. The method further includes populating the indirection table with offsets equivalent to the table of constants, and storing the indirection table in the allocated array in the compiled binary. Constants can be of any data type. Constants can be one byte each or more than one byte each. In one aspect, the method further includes splitting constants into two or more segments, treating each segment as a separate constant when transforming the table of constants, and generating a function to retrieve and reconstruct the split constants. | 05-06-2010 |
| 20100138654 | SYSTEM AND METHOD FOR AUTHENTICATION BASED ON PARTICLE GUN EMISSIONS - A system, method and computer readable medium are disclosed for authentication. The method includes generating a challenge on a sender based on physical emission properties of a particle gun; transmitting the challenge from the sender to a receiver; receiving the challenge on the receiver; and verifying the authenticity of an entity, such as data, an object or a person, at the receiver by comparing the challenge with a value generated at the receiver. The process of generating the challenge and value is such that it is difficult to retrieve details of the input data based on the output data. | 06-03-2010 |
| 20100153450 | SYSTEM AND METHOD FOR AUTHENTICATION USING A SHARED TABLE AND SORTING EXPONENTIATION - Disclosed herein are systems, computer-implemented methods, and computer-readable media for authentication using a shared table. The method receives an authentication challenge from a first entity including an accumulator with an initial value, lists of elements in a shared table, and a list of sorting algorithms, each sorting algorithm is associated with one of the lists of elements and modified to include embedded instructions operating on the accumulator. The method then generates a temporary table for each list of elements in the shared table by copying elements from the shared table as indicated in each respective list of elements, each temporary table being associated with one sorting algorithm in the list of sorting algorithms. The method sorts each generated temporary table with the associated sorting algorithm, thereby updating the accumulator with the embedded instructions. Finally, the method transmits the updated accumulator to the first entity for verification. | 06-17-2010 |
| 20100281256 | HASH FUNCTION USING A PILING-UP PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by well known tetromino stacking games. Computation of the hash value (digest) is the result of executing such a “piling on” (tetromino stacking game) algorithm using the message as an input (a seed) to a pseudo random number generator which generates the game pieces (shapes) from the resulting random numbers, then executing the game algorithm. | 11-04-2010 |
| 20100281260 | HASH FUNCTION BASED ON POLYMORPHIC CODE - In the field of computer data security, a hash process which is typically keyless and embodied in a computing apparatus is highly secure in terms of being resistant to attack. The hash process uses computer code (software) polymorphism, wherein computation of the hash value for a given message is partly dependent on the content (data) of the message. Hence the computer code changes dynamically while computing each hash value. | 11-04-2010 |
| 20100281459 | SYSTEMS, METHODS, AND COMPUTER-READABLE MEDIA FOR FERTILIZING MACHINE-EXECUTABLE CODE - Disclosed herein are systems, computer-implemented methods, and tangible computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are tangible computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code. | 11-04-2010 |
| 20100304805 | HASH FUNCTION USING A CUE SPORTS GAME PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by well known table “cue sports” games such as billiards, snooker, and pool played on a billiards table involving the players striking one of a plurality of balls with a cue, the struck ball then hitting other balls, the raised sides of the table, and in some cases one or more balls going into pockets in the corners and/or sides of the table. Computation of the hash value (digest) is the result of providing a model (such as expressed in computer code) of such a game algorithm and using the message as an input to the game algorithm, then executing the game algorithm. A state of the game after a “shot” gives the hash digest value. | 12-02-2010 |
| 20100304807 | HASH FUNCTION USING A CUE SPORTS GAME PROCESS - In the computer data security field, cryptographic hash function processes embodied in a computer system and which are typically keyless, but are highly secure. The processes are based on the type of randomness exhibited by well known table “cue sports” games such as billiards, snooker, and pool played on a billiards table involving the players striking one of a plurality of balls with a cue, the struck ball then hitting other balls, the raised sides of the table, and in some cases one or more balls going into pockets in the corners and/or sides of the table. Computation of the hash value (digest) is the result of providing a model (such as expressed in computer code) of such a game algorithm and using the message as an input to the game algorithm, then executing the game algorithm. A state of the game after one or several “shots” gives the hash digest value of the message. | 12-02-2010 |
| 20100304826 | HASH FUNCTION USING A ROULETTE GAME PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by the well known gambling game of roulette played on a roulette wheel involving dropping a ball onto a partitioned spinning wheel. The ball loses momentum and drops into one of the partitions (pockets) of the wheel. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) such a game algorithm using the message as an input to the game algorithm, then executing the game algorithm. A state of the game (the final ball location) after a ball (or several balls) are played gives the hash digest value of the message. | 12-02-2010 |
| 20100306497 | Computer implemented masked representation of data tables - In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion. | 12-02-2010 |
| 20100306541 | HASH FUNCTION USING A CARD SHUFFLING PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of chaos introduction exhibited by a game process such as the well known shuffling of a deck of playing cards. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) a game algorithm that models the actual game such as a playing card shuffling algorithm using the message as an input to the algorithm, then executing the card shuffling algorithm on the input. A state (order) of the modeled deck of cards after a shuffle (or multiple shuffles) gives the hash digest value. | 12-02-2010 |
| 20110040977 | SPONGE AND HASH FUNCTIONS USING A RUBIK'S CUBE PUZZLE PROCESS - The present method is directed, in the computer data security field, to cryptographic sponge and hash function processes which are embodied in a computer system and are typically keyless, but highly secure. The processes are based on the type of randomness exhibited by manipulation of the well known three dimensional Rubik's cube puzzle. Computation of the hash or sponge value (digest) is the result of executing in a model (such as computer code or logic circuitry) an algorithm modeling such a puzzle using the message as an input to the cube puzzle algorithm, then executing the cube puzzle algorithm. A state of the modeled cube puzzle (the final cube puzzle arrangement) after execution gives the sponge or hash digest value of the message. | 02-17-2011 |
| 20110051931 | ENCRYPTION METHOD AND APPARATUS USING COMPOSITION OF CIPHERS - A method and associated apparatus for use in a data distribution process to allow an untrusted intermediary to re-encrypt data for transmission from an originator to a message receiver without revealing the data (message) or the cipher to the intermediary. This method uses a composition of two ciphers for re-encrypting the message at the intermediary, without revealing the plain text message or either cipher to the intermediary. | 03-03-2011 |
| 20110055568 | ZERO-KNOWLEDGE BASED AUTHENTICATION METHOD, SYSTEM, AND APPARATUS - In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host. | 03-03-2011 |
| 20110055576 | HASH FUNCTION USING A HEAP MODELING PROCESS - This discloses, in the computer data security field, a cryptographic hash function process embodied in a computer system and which may be keyless, but is highly secure. The process is based on the type of randomness exhibited by a heap or stack of physical objects such as a heap of pieces of fruit and involves modeling the behavior of such a heap when pieces are removed from the heap. Computation of the hash value (digest) is thereby the result of executing a heap model algorithm using the message as an input to initialize the heap, then executing the heap model algorithm which logically models the process of serially removing objects (pieces of fruit) from the heap at various locations in the modeled heap. | 03-03-2011 |
| 20110055581 | HASH FUNCTION BASED ON PAINTING TECHNIQUES - In the computer data security field, this disclosure is of cryptographic hash function processes embodied in a computer system and which may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by painting or drawing a picture. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a picture painting process using the message as an input to the picture painting algorithm, then executing the algorithm. A state of the resulting picture gives the hash digest value of the message. Message expansion or a derivation function (e.g., a pseudo random number generation process) may be applied to the message prior to execution of the picture painting process, for enhanced security. | 03-03-2011 |
| 20110055582 | HASH FUNCTION USING A DOMINO GAME PROCESS - In the computer data security field, cryptographic hash function processes are embodied in a computer system and may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by the well known game of dominos using a set of tiles arranged by players on a surface. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a domino game using the message as an input to the domino game algorithm, then executing the domino game algorithm. A state of the game algorithm which models the final layout of the pieces (tiles) gives the hash digest value of the message. | 03-03-2011 |
| 20110116624 | SYSTEM AND METHOD FOR DATA OBFUSCATION BASED ON DISCRETE LOGARITHM PROPERTIES - Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic. | 05-19-2011 |
| 20110167407 | SYSTEM AND METHOD FOR SOFTWARE DATA REFERENCE OBFUSCATION - Disclosed herein are systems, methods, and computer-readable storage media for obfuscating software data references. The obfuscation process locates pointers to data within source code and loads the pointers into an ordered set of pools. The process further shuffles the pointers in the ordered set of pools and adds a function within the source code that when executed uses the ordered set of pools to retrieve the data. The obfuscation process utilizes pool entry shuffling, pool chaining shuffling and cross-pointer shuffling. | 07-07-2011 |
