Patent application number | Description | Published |
20150270949 | PROTECTING A WHITE-BOX IMPLEMENTATION AGAINST ATTACKS - A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the cryptographic operation includes at least one round including a non-linear mapping function configured to map input data to output data, including: splitting the input data into n split input data, wherein the splitting of the input data varies based upon the value of the input message; inputting each split input data into the non-linear mapping function to obtain n split output data, wherein a combination the n split output data indicates an output data, wherein the output data results when the input data is input to the non-linear mapping function. | 09-24-2015 |
20150270950 | SPLITTING S-BOXES IN A WHITE-BOX IMPLEMENTATION TO RESIST ATTACKS - A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the input message comprises m input data and the output message comprises m output data and wherein the cryptographic operation includes at least one round and the cryptographic operation specifies a substitution box for mapping input data into output data, including: transforming each of the m input data into n output data using n split substitution boxes, wherein the n split substitution boxes sum to the specified substitution box; and mixing and combining the m×n output data. | 09-24-2015 |
20150270951 | SECURITY MODULE FOR SECURE FUNCTION EXECUTION ON UNTRUSTED PLATFORM - A method of performing a secure function on data inputs by a security module, including: receiving an encrypted data value by the security module; decrypting the encrypted data value using a white-box decryption block cipher and encoding the decrypted data value, wherein the data value is invisible to an attacker; performing a function on the encoded data value and producing an encoded result of the function, wherein the data value and the result are invisible to the attacker; decoding the encoded result of the programmed function and then encrypting the result using a white-box encryption block cipher, wherein the result is invisible to the attacker. | 09-24-2015 |
20150312039 | BEHAVIORAL FINGERPRINT IN A WHITE-BOX IMPLEMENTATION - A method of determining a fingerprint identification of a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an input message that is a fingerprint identification message; performing, by the cryptographic system, a keyed cryptographic operation mapping the fingerprint identification message into an output message that includes a fingerprint identification; and outputting the output message. | 10-29-2015 |
20150312042 | INTERFACE COMPATIBLE APPROACH FOR GLUING WHITE-BOX IMPLEMENTATION TO SURROUNDING PROGRAM - A method of gluing a cryptographic implementation of a cryptographic function to a surrounding program in a cryptographic system, including: receiving, by the cryptographic system, an input message; receiving a computed value from the surrounding program; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message using the computed value from the surrounding program, wherein the output message is a correct output message when the computed value has a correct value; and outputting the output message. | 10-29-2015 |
20150312223 | REALIZING AUTHORIZATION VIA INCORRECT FUNCTIONAL BEHAVIOR OF A WHITE-BOX IMPLEMENTATION - A method of authorization in a cryptographic system that provides separate authorization for a plurality of different input message groups using a single cryptographic key, including: receiving, by the cryptographic system, a first input message from a first input message group; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first input message group, wherein the keyed cryptographic operation does not produce a correct output when the cryptographic system is not authorized for the first input message group, and wherein each of the plurality of input message groups has an associated set of input messages wherein the sets of input messages do not overlap. | 10-29-2015 |
20150312224 | IMPLEMENTING USE-DEPENDENT SECURITY SETTINGS IN A SINGLE WHITE-BOX IMPLEMENTATION - A method of enforcing security settings in a cryptographic system, including: receiving, by the cryptographic system, a first input message associated with a first security setting of a plurality of security settings; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first security setting, wherein each of the plurality of security settings has an associated set of input messages wherein the sets of input messages do not overlap. | 10-29-2015 |
20150312225 | SECURITY PATCH WITHOUT CHANGING THE KEY - A method of patching a cryptographic implementation without changing a key in a cryptographic system, including: sending a message from a first message set to the cryptographic implementation, wherein the first message uses a first portion of the cryptographic implementation; deciding to patch the cryptographic implementation; sending a second message from a second message set to the cryptographic implementation after deciding to patch the cryptographic implementation, wherein the second message use a second portion of the cryptographic implementation that is not used for any messages in the first message set. | 10-29-2015 |
20150312226 | METHOD FOR INCLUDING AN IMPLICIT INTEGRITY OR AUTHENTICITY CHECK INTO A WHITE-BOX IMPLEMENTATION - A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the indentifying string value equals a binding string value | 10-29-2015 |