EP1618519A2 - Procede pour traiter des donnees - Google Patents

Procede pour traiter des donnees

Info

Publication number
EP1618519A2
EP1618519A2 EP04725619A EP04725619A EP1618519A2 EP 1618519 A2 EP1618519 A2 EP 1618519A2 EP 04725619 A EP04725619 A EP 04725619A EP 04725619 A EP04725619 A EP 04725619A EP 1618519 A2 EP1618519 A2 EP 1618519A2
Authority
EP
European Patent Office
Prior art keywords
petri
data
output
network
composition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04725619A
Other languages
German (de)
English (en)
Inventor
Wulf Harder
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Syncrosoft SIA
Original Assignee
Syncrosoft SIA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Syncrosoft SIA filed Critical Syncrosoft SIA
Publication of EP1618519A2 publication Critical patent/EP1618519A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models

Definitions

  • the invention relates to a method for processing data.
  • the term software protection is understood to mean the protection of intellectual property that is associated with the software. This includes knowledge of the application area of the software, specific problems in this area and their solutions, which are implemented in the software. All techniques for creating the software, which can be problem- or solution-specific, also belong to intellectual property worth protecting. An author often wants to protect his knowledge and ensure that only he can further develop the software. To protect the values mentioned, it is necessary to prevent a reconstruction (reverse engineering) of the source code or an equivalent program code with the help of an analysis of the machine code of the software or to ensure that the effort of the analysis is greater than the development of the software. Software protection can include preventing unauthorized use of the software. Protection methods and devices created for this purpose are called software copy protection, although many methods and devices do not prevent copying but use the software. This demotivates illegal copying.
  • the values encrypted by the hardware are only processed by the application as a bill.
  • the attacker is now either convinced that he needs to find and remove the integrity checks mentioned above, or he is watching the communication processes. It writes each value sent to the hardware in a large memory and checks which values are sent several times. Only these values are really processed by the application with a high probability.
  • the hardware simulation then uses a table with these values. If no entry is found in the table for a specific input in the simulation, the answer is a random number, because the application could evaluate and recognize the spread of the answers.
  • the table is significantly smaller than the memory used previously.
  • a crypto function is calculated in a connector component connected to the PC and in parallel in the protected application. Sub-functions of this crypto function can be inserted into the application at various points, so that extraction is not possible without a semantic analysis of the program code. With the help of the output values of the crypto function, calculations of the software are falsified and corrected shortly before a harmful effect on the course of the application with the aid of the output values of the connector component.
  • the protected application cannot be used without the plug component that cannot be reproduced by an attacker.
  • the described method has the disadvantage that the integration of the sub-functions in the software to be protected is very complex.
  • parts of the program is held in a non-readable memory of a smart card and executed by the smart card controller. These parts are only transmitted in encrypted form. Examples of such processors are devices in the form of USB devices from Syncrosoft [12] and Sospita [11].
  • the encryption of the software with this method also prevents reverse engineering.
  • the integration of devices for program decryption and protected execution in a PC processor would be very expensive and would lead to standardization and compatibility problems in the development and distribution of new processor versions.
  • the present invention is based on the object of providing methods for processing data which complicate or prevent the semantic analysis of disclosed, possibly fewer processing steps and which enable an attacker to link the processing method to hardware which is difficult to separate.
  • the application of the method to predetermined processing steps should be possible with little effort.
  • a Petri network is coded, the transitions of which exchange symbols or symbol chains with the aid of one or more heads with at least one band.
  • the coding of the Petri network is written into a memory and read and executed by at least one instance.
  • Petri nets and the terms "place”, “transition” and “marking” are described in [6] and [8].
  • the terms "head and" band are used based on the terms that describe a Turing machine, the band being finite for technical reasons, in contrast to the model of the Turing machine.
  • the head is moved on the tape during each read and write operation, but the head movement can also be controllable.
  • the presence of at least two heads is advantageous for the operating speed because most operations work with at least two operands can be a register of a processor or a memory cell of a RAM.
  • a head can be a register with a mask for masking values of the tape.
  • the execution of a Petri network is understood here to mean the switching of transitions of the Petri network Execution of the Petri net, which works on tapes, data is processed, the memory and the executing instance or The executing entities can be designed in many ways.
  • the Petri network can receive and process symbols or symbol chains from a cryptological function.
  • the cryptological function can be permanently connected to the device executing the Petri net, so that a link between the processing method and a hardware that is difficult for an attacker to establish is established.
  • the petri net, the head or heads and the band or bands form a universal Turing machine.
  • a Petri net can form the finite control of the Turing machine.
  • the coding of a Turing machine is on the tape of the universal Turing machine or a universal Turing machine. In the latter case, a Turing machine or a universal Turing machine can in turn be stored on the tape of the last-mentioned universal Turing machine, etc. This recursion can be continued.
  • a semantic analysis of the processing steps in the execution of the Petri net is becoming increasingly difficult with each recursion.
  • the Petri network exchanges symbols or symbol chains with one or more further Petri networks via channels. This can increase the complexity and thus make it more difficult to analyze.
  • switching of transitions can be carried out quickly using tables.
  • a marking or a status and an input can be used to quickly determine a subsequent marking or a subsequent status and an output from a table.
  • the inputs or outputs can also be made optionally.
  • An increase in speed when switching the transitions can be achieved by a method in which a processor executes the switching of a transition with an instruction, an instruction reading the tables as an operand.
  • a processor's instruction set may contain several such instructions.
  • Petri net The expenditure of a Petri net can be entered into another Petri net and processed further.
  • a system consisting of several Petri networks is a cooperation.
  • a cooperation of petri networks forms a Turing machine.
  • the fields, bands and the finite control of the Turing machine are coded as Petri nets, which can exchange symbols or symbol chains via channels and can synchronize.
  • this software For the protection of software, the translation of this software into a Petri network or a cooperation of Petri networks or into a Turing machine is advantageous. This translation process could be done mechanically by a special compiler.
  • a cooperation of petri nets can be carried out in one embodiment of the method by executing a composition rule. This creates a Petri network that has the same external input / output behavior shows how the cooperation of Petri-Netze, with the restriction that expenditure can be delayed. As a result, the desired functionality of the Petri net generated is not necessarily impaired.
  • An alternative solution to the object on which the invention is based provides that data processing, cooperating networks are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance, the composition result being one of its own Components regarding the external input / output behavior, except for output delays, is an equivalent network.
  • This does not apply to a public key encryption method from [1] and [3], in which the composition result of a composition of finite automata forms a public key.
  • the present invention is concerned with the general processing of data, taking into account the object on which the invention is based.
  • the task is solved because a semantic analysis of a composition result without knowledge of the components is difficult.
  • a decomposition is in many cases a hard one. np hard problem.
  • the characteristic of claim 9 does not restrict what type of data processing, cooperating networks are composed. It is known that many networks of one type can be simulated by networks of another type or are equivalent to one another. For example, it was shown in [7] and in [9] that recursive McCulloch-Pitts networks, a special form of artificial neural networks, are equivalent to finite automata. Finite automata can in turn be described by B / E networks. B / E networks are special Petri networks. A description of the composition naturally depends on the formal definition of the networks, and it is possible to define many different variants of the composition regardless of this definition. Claim 9 also includes variants of compositions that are based on the same inventive idea.
  • each component forms a sequential machine with optionally several input channels and optionally several output channels.
  • ⁇ : ⁇ (S, E n , ⁇ , ß, s 0 ) ⁇ ⁇ : ⁇ ⁇ 5 ⁇ ß: R ⁇ B ⁇ n ⁇ RCS x B n
  • a number of synchronization channels are included as parameters in the composition function. Switch the transitions of the machines to be composed. depending on an imaginary global clock and there is no concurrency. A "rendezvous" between sender and receiver of symbols should be possible, which presupposes that the components can wait for each other. This is realized by switching an "empty transition" of the waiting machine. The empty transition does not read or write anything. Such transitions exist in nondeterministic automatons with ⁇ movements [5]. The ⁇ movements are called ⁇ movements here. There are several possible switching sequences or serial processes in the non-deterministic sequential machines to be composed as B / E networks [6]. Every possible switching sequence corresponds to a composed sequential machine.
  • K ⁇ , ..., K n ((S ⁇ , En, ⁇ , ß ⁇ l s 0 ) ) ..., (S ⁇ l , En, ⁇ n , ß n , see above )
  • ⁇ 3T ⁇ ( ⁇ x ..., x n ), (2 / ⁇ , ..., y n ), (si, ..., s' n ), ⁇ , y)
  • K ' ⁇ mp B ([(S 1 , Ea, ⁇ 1 1 , s), ..., (S n , E ⁇ nn , 3' n ))) ⁇
  • ⁇ ? ⁇ [(( ⁇ o ,, » ., ⁇ o n ), ⁇ ), ( 5 i, ..., s' n )] l
  • each channel is used by only one machine and a set of synchronization channels B in which each channel is used by at least two machines.
  • the composition of the synchronization channels B should be subdivided into internal and external synchronization channels.
  • BCB is the set of synchronization channels that are no longer used in the composed machine.
  • B B.
  • a major difference between internal and external synchronization channels is that a transition with an internal synchronization channel can only switch if a symbol is exchanged with a synchronized transition via this channel. With an external synchronization channel, the condition is not so strict: the input or output on the channel must not be incompatible with a synchronized transition.
  • a possible recursive composition algorithm works as follows: A composition routine is called with the start states of the machines to be composed. In this routine enter the ordered set of start states as a " composed state " in a list of composed states. Then a set of compatible transitions (one transition for each component) is searched, each of which has the start state as an entry point.
  • Transitions are compatible if all event sets assigned to these transitions are compatible in pairs and each symbol that is written or read by a machine on an internal synchronization channel is read or written by another machine
  • Two sets of events are compatible if all events are compatible in pairs or at least one set is empty
  • Event set is compatible with any other event set
  • Two events of an internal or external synchronization channel are compatible if they either concern different channels or if the same symbol is read by one machine and written by the other machine or by both machines read or write. For example, it is impossible for two machines to write different symbols on one channel at the same time.
  • the ordered set of the starting points of the transitions is entered as a composed state in the list of composed states and entered as a starting state in a recursive call of the composition routine if the composed state was not yet in the list. If the composed state was already in the list, the composition routine is ended. The algorithm ends when no new composable states are found.
  • composition rule In order to take concurrency into account, the composition rule must be modified. In the composition, only transitions with-syn-. chronization channels combined into a transition.
  • composition results often have equivalent states. If the products composition results are processed in further compositions, such redundancies are undesirable. Therefore, one tries to find equivalent machines with a minimal number of states.
  • the minimization is shown below by a function min: Mn - M. designated.
  • the control flow and structure of a Turing machine can be obscured by composing some components of the Turing machine. For example, you could compose groups of arbitrary fields from different bands. Fields of tapes can also be composed with the program or reading heads. Further combinations with other components that are not part of the Turing machine are also conceivable.
  • data processing networks to be composed are formed by translating algorithms. This makes it difficult or impossible to decompose and analyze algorithms.
  • At least one of the data processing networks to be composed is a cryptological component. If this component is generated accidentally and kept secret, a decomposition of the composition result is much more difficult or impossible, especially if several components are cryptological components with different tasks.
  • This method is suitable for encrypting sequences of operations. An operation reads the operands and writes a result. An attacker wishing to gain knowledge of the operation has the option of comparing the network that represents the operation with networks known to him, or is trying to model the operation using input and output examples that the operation and model show equivalent input / output behavior. Both are prevented if the values are encrypted and processed encrypted.
  • components can decompress data and / or insert watermarks in the data.
  • a watermark is an identifier or certificate that is added to data without interfering with the use of that data.
  • This method is suitable for the distribution of data, such as audio and / or video files, to many end users.
  • the end user can insert the watermarks into the data when decrypting the data.
  • the decryption and the watermark are preferably individual to the end user.
  • the encryption previously made does not necessarily have to be individual for the end user.
  • the decryption can be coupled to a cryptological function protected by special hardware, the function values of which are individual to the end user. .
  • registers can be combined in a register bank and thereby linked together.
  • entanglement is meant that an attacker cannot change a register's value without changing the value of another bank's register.
  • the integrity of the register contents can be ensured for a period in which at least one value essential for the correct execution of the program is stored in a bank register.
  • An important component of a write operation is a machine, which is called the combiner in the following.
  • a combiner reversibly maps several data streams from different channels, each of which is assigned to a register in the register bank, onto a data stream from one channel.
  • the product of the amounts of the symbol sets of the incoming data streams is an upper bound for the amount of the symbol set of the output of the combiner.
  • the data stream generated by a combiner is encrypted. This is cheaper than encrypting the data streams entering the combiner because the symbol set of the output of the combiner is larger than the symbol set of the components. Stream encryption with a larger set of symbols is more efficient than with a smaller set of symbols.
  • To extract the data of a register from the data stream of a combiner the data stream is first decrypted. Then the data of individual registers can be read after using the separator.
  • storing data in a register bank has the advantage that data flows can be hidden. Many operations can work in succession on a register bank without intermediate results leaving the register bank.
  • a pseudorandom number can be written into a register, which is changed with every read and write access to the register bank.
  • the pseudo random number generator is then a component of the register bank. Changing data from registers that are not in the register bank can be entered into this generator.
  • a cryptological component receives data from a function that is protected and processes it, the result of the composition not working or working incorrectly if the cryptological function does not receive any or incorrect data.
  • Another method provides that a further composition result that is restricted in functionality does not contain the cryptological component and does not need to receive any data from the cryptological function in order to ensure the correct functioning.
  • This method is suitable for the distribution of demonstration versions of software that can be freely copied and distributed. The functionality of the composition result must be limited so that an attacker in the full version of the software does not replace the composition result linked to the cryptological function by the composition result used in the demonstration version and thus produces a full version without restrictions.
  • An alternative method ensures that the execution of a data processing network or a program is coupled to the executing device.
  • a protected cryptological function for example a function of the TPM chip of the Trusted Computing Platform Alliance (TGPA) [13], which is permanently connected to the device, for example a PC or a PDA, exchanges data with the network or the pro - grams out.
  • the data processing network or the program is not working or is working incorrectly if the cryptological function does not receive any data or contains incorrect data.
  • a value beyond the calculation of a function value of the cryptological function is stored so that it cannot be read or changed by an attacker, and in the case of a further calculation of a further function value, this value influences the result of the further calculation, this value being based on a predefined rule changed. This prevents multiple network or. Program instances can use function values of the cryptological function in an uncontrollable manner.
  • an executing entity has access to a memory which stores a Petri network and the bands x and y.
  • the initial marking has a mark in one place, the starting state ⁇ -
  • the mark is moved from the entry point to the exit point, a symbol reads the input alphabet from the tape x with the help of a head and a symbol of the with the aid of another head
  • Output alphabets written on volume y After each reading and writing process, the heads move one space to the right.
  • the network carries out a binary multiplication [y - 2x).
  • a mark is on the starting state SQ.
  • the transitions are labeled with the form b each.
  • the input and output channels are named in the same way in the entry point of each transition, ⁇ and b are the channels for operands, c is the channel for the result. Transitions that have the same entry point and the same exit point, but different inputs or outputs, are represented in this and many other representations by a rectangle. Each line of a rectangle corresponds to a transition.
  • FIGS. 4 and 5 Further examples of networks are shown in FIGS. 4 and 5.
  • Fig. 6 shows the composition of two networks M and M '.
  • the bin and output events are described in the transitions by sets as in claim 11.
  • M writes the symbol ⁇ with transition i 4 via channel b, which M 'reads over the same channel with transition ig, b is an internal synchronization channel.
  • i 3 are the only transitions that work on channel b and can therefore only switch synchronously.
  • the composition routine described therefore ends after the state has been entered (see above) in the list of composed states.
  • FIG. 7 shows the composition of the same networks, in which only transitions with synchronization channels are combined to form a transition in order to obtain the information about concurrency.
  • Fig. 9 shows that concatenation of networks can also be carried out by a composition.
  • Transitions with empty event sets (“empty transitions"), the entry point of which is the same as the exit point, are called waiting transitions below and are represented by empty rectangles in FIG. 9.
  • M writes a 1 on channel a and then a 2 on channel b.
  • M ' writes a 3 on channel c and then a 4 on channel d.
  • M and M' also have a channel k for concatenating and waiting transitions i 3 and t [.
  • transition 2 of M the symbol K is written on channel k.
  • Transition t ' 2 of M' reads the symbol K on channel k.
  • a machine for addition c ⁇ a + b reads on channels ⁇ and b and writes on channel c. Both machines are composed via the internal synchronization channel ⁇ . 11 shows the result.
  • the composition result after composition with an operand can also do this if the operand is completed by a cyclic transition that outputs zeros.
  • the equation d - 2a + c is first formed and then d is substituted by.
  • Fig. 15 shows the first step. If d is now substituted by o, then all transitions in which before the substitution the. symbols associated with channels o and d were unequal. The invalid transitions and a position s 3 that can no longer be reached are shaded gray in FIG. 15. After the substitution, the channel o must be removed because a transition cannot read and write on a channel at the same time. So that the information of the channel ⁇ is not lost after the removal, the copy a '- a was created.
  • matrices of natural numbers are encoded as a network and added by composition.
  • the network of Fig. 18 corresponds to a function from ⁇ 1, 2 ⁇ 2 to ⁇ 0, 1, 2, 3 ⁇ , which is row i and column j of the matrix
  • FIG. 20 shows the channel structure of a Turing machine, which is formed by a cooperation of networks.
  • the transitions correspond to the cooperation partners involved, the positions correspond to the channels.
  • a finite control implemented as a network, reads via channel x or writes symbols onto channel y. Tape. The finite control gives movement instructions to the head with every read and write operation over the channel I.
  • a head H with fields Fi communicates via channels z, ⁇ .
  • Figure 21 shows a band with fields for storing symbols 0, 1 and r. At the beginning all fields save the symbol r. 22 shows an initialization of the band with the symbol chain ⁇ 01 ⁇ . Am a dot instead of a symbol in a transition means that any allowed symbol can be used here.
  • the transis- tion rectangle with the label "./Rr” and the input location with the label "x / Iy” is the short notation for three transitions with the same input and output station with 'the following input / output sets of events: 1. Transition: ⁇ (z, 0) ⁇ / ⁇ (J, ⁇ ), (y, ⁇ ) ⁇ , 2nd transition: ⁇ (z, 1) ⁇ / ⁇ (I, ⁇ ), ( ⁇ / ,. ⁇ ) ⁇ , 3. Transition: ⁇ (x, r) ⁇ / ⁇ (I, R), (y, r) ⁇ .
  • the components form a closed cycle of symbol producers and consumers.
  • the head is positioned on field F 3 , which stores a one.
  • a finite control i for recognizing the language L ⁇ 0 ⁇ 1 "
  • the machine accepts the word. Acceptance is communicated to the outside world by writing a one on channel A. If the machine finds a zero or egg If one is one, one or zero or one r, the word is not accepted and a zero is output on channel ⁇ .
  • the user in this case the finite control
  • the user does not need to know about the structure of the tape. The band and the fields could, for example, also be composed in a machine. The user only needs knowledge of the interface of the tape, the meaning of the input and output channels. A user of the finite control of speech recognition must know how to write the word to be checked on the tape.
  • 27 a) shows the encrypted execution of an operation.
  • the operands ⁇ , b and c are encoded as ⁇ ', V and c', respectively.
  • the decryption of ⁇ and b and the encryption of c are composed with the operation.
  • 27 b) shows how unencrypted operands ⁇ and b are processed with one operation and the result c is encrypted as c '.
  • the operation and encryption are composed.
  • 28 a) and b) illustrate a combiner of channels or its reversal, a separator, which is used in a register bank.
  • 29 shows a possible structure of a register bank. In order to change a register value, several operations are composed. A register bank R 'with three registers Aj, R 2 and A3 is read via the channel x'. The old register value of register H 3 is output on channel 1 3 . A new value is written into register A 3 via channel ys. 29 b) shows a composition which outputs the content of register R 3 without changing the register bank.
  • FIG. 30 shows how a hardware data of the application is encrypted with a stream encryption.
  • the value encrypted by the hardware is decrypted by the application.
  • the decryption function is composed with an operation of the application.
  • the result after "execution of the operation is encrypted.
  • Decryption using the hardware reverse function and encryption using the operation take place in parallel.
  • the decrypted value is never visible to an attacker. It doesn't matter whether the hardware is encrypted and the application is decrypted, or vice versa. It is essential that the link between the two functions is identity.
  • Parallel decryption and encryption is possible because only stream encryption is used.
  • Other crypto functions can also be used. Many known crypto functions can only be implemented with the help of registers for storing intermediate results, such as round results. These interim results must be stored in protected register banks.
  • a round of block encryption is a stream encryption
  • the last round of this block decryption can be composed with the operation and the re-keyings of the operation.
  • a hash function can also be carried out in the hardware. 31 shows a possible scheme. Part of the entry in the hash function must remain secret. This part corresponds to the key for an encryption function. The other part of the input is data from the application.
  • the output value of the hash function can be added to the result of an executed operation with the output value of a simulation of the hash function, for example by compensating operations such as addition and subtraction. The result of such an executed operation is only correct if the hash function and its simulation deliver the same value.
  • the operation, the hash function or a round of the hash function, the addition, subtraction and all conversions of the operation are to be composed.
  • the secret part of the entry into the hash function and any intermediate results, if any, are to be stored in protected register banks.
  • Sequential, reversible machines can be used for encryption and decryption.
  • An example of a sequential, reversible machine is shown in FIG. 32.
  • the corresponding entry can be determined for a given output 'unique.
  • Such machines with a significantly higher number of states than exemplified in FIG. 32 are suitable for composition with other networks, for example as shown in FIG. 27 a) and b).
  • Machines with delayed outputs are also conceivable, as described in [3]. All machines can be generated non-deterministically, for example with the help of random number generators.

Abstract

La présente invention concerne un procédé pour traiter des données, selon lequel un réseau de Pétri est codé, est mis en mémoire et est extrait de la mémoire et mis en oeuvre par au moins une instance. Des transitions du réseau de Pétri extraient d'au moins une bande des symboles ou des chaînes de symboles à l'aide d'au moins une tête et/ou les écrivent sur au moins une bande (figure 1). En variante, des réseaux de traitement de données coopérants sont composés, le résultat de composition est codé, est enregistré dans une mémoire et est extrait de la mémoire et mis en oeuvre par au moins une instance. Des composantes peuvent présenter des fonctions cryptologiques. Les réseaux de traitement de données peuvent recevoir des secondes données d'une fonction cryptologique mise en oeuvre de manière protégée. Cette invention permet de traiter des données en évitant une analyse sémantique d'étapes de traitement décrites les moins nombreuses possibles et en permettant d'établir une liaison des étapes de traitement qui peut difficilement être rompue, à l'aide d'un système matériel.
EP04725619A 2003-04-25 2004-04-03 Procede pour traiter des donnees Withdrawn EP1618519A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10319435.5A DE10319435B4 (de) 2003-04-25 2003-04-25 Verfahren zur Verarbeitung von Daten zum Schutz eines Softwareprogramms vor Rekonstruktion
PCT/EP2004/003561 WO2004097734A2 (fr) 2003-04-25 2004-04-03 Procede pour traiter des donnees

Publications (1)

Publication Number Publication Date
EP1618519A2 true EP1618519A2 (fr) 2006-01-25

Family

ID=33154484

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04725619A Withdrawn EP1618519A2 (fr) 2003-04-25 2004-04-03 Procede pour traiter des donnees

Country Status (9)

Country Link
US (6) US9275202B2 (fr)
EP (1) EP1618519A2 (fr)
KR (1) KR20060017593A (fr)
CN (1) CN1781117A (fr)
BR (1) BRPI0409740A (fr)
CA (1) CA2525484A1 (fr)
DE (1) DE10319435B4 (fr)
RU (1) RU2005135987A (fr)
WO (1) WO2004097734A2 (fr)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10319435B4 (de) 2003-04-25 2018-07-26 Whitecryption Corporation Verfahren zur Verarbeitung von Daten zum Schutz eines Softwareprogramms vor Rekonstruktion
GB0813142D0 (en) * 2008-07-17 2008-08-27 Glaxo Group Ltd Novel compounds
US9026768B2 (en) * 2009-09-14 2015-05-05 AEMEA Inc. Executing machine instructions comprising input/output pairs of execution nodes
US9152779B2 (en) 2011-01-16 2015-10-06 Michael Stephen Fiske Protecting codes, keys and user credentials with identity and patterns
US10268843B2 (en) 2011-12-06 2019-04-23 AEMEA Inc. Non-deterministic secure active element machine
EP2648125B1 (fr) * 2012-03-05 2014-11-19 Steinberg Media Technologies GmbH Procédé d'autorisation d'un déroulement de programme
US9584310B2 (en) 2014-03-19 2017-02-28 Nxp B.V. Protecting a white-box implementation against attacks
US9838198B2 (en) * 2014-03-19 2017-12-05 Nxp B.V. Splitting S-boxes in a white-box implementation to resist attacks
US9654279B2 (en) 2014-03-20 2017-05-16 Nxp B.V. Security module for secure function execution on untrusted platform
US9455833B2 (en) 2014-04-28 2016-09-27 Nxp B.V. Behavioral fingerprint in a white-box implementation
EP2940919B1 (fr) 2014-04-28 2019-02-20 Nxp B.V. Réalisation d'une autorisation via un comportement fonctionnel incorrect d'une implémentation de boîte blanche
US9641337B2 (en) 2014-04-28 2017-05-02 Nxp B.V. Interface compatible approach for gluing white-box implementation to surrounding program
US9338145B2 (en) 2014-04-28 2016-05-10 Nxp B.V. Security patch without changing the key
EP2940677A1 (fr) 2014-04-28 2015-11-04 Nxp B.V. Procédé d'inclusion d'une vérification d'authenticité ou d'intégrité implicite dans une implémentation en boîte blanche
EP2940920B1 (fr) 2014-04-28 2017-03-08 Nxp B.V. Patch de sécurité sans changer la clé
US9380033B2 (en) * 2014-04-28 2016-06-28 Nxp B.V. Implementing use-dependent security settings in a single white-box implementation
US9485226B2 (en) 2014-04-28 2016-11-01 Nxp B.V. Method for including an implicit integrity or authenticity check into a white-box implementation
EP2940918B1 (fr) 2014-04-28 2019-07-17 Nxp B.V. Approche compatible avec une interface pour le collage d'une implémentation de boîte blanche à un programme environnant
EP2940925B1 (fr) 2014-04-28 2017-12-27 Nxp B.V. MISE EN oeUVRE DE RÉGLAGES DE SÉCURITÉ EN FONCTION de l'utilisation DANS UNE IMPLÉMENTATION À BOÎTE BLANCHE UNIQUE
US9363244B2 (en) 2014-04-28 2016-06-07 Nxp B.V. Realizing authorization via incorrect functional behavior of a white-box implementation
EP2940917B1 (fr) 2014-04-28 2019-02-20 Nxp B.V. Empreinte comportementale dans une implémentation de boîte blanche
EP2960891B1 (fr) 2014-06-24 2019-01-16 Nxp B.V. Procédé permettant d'introduire la dépendance d'implémentation d'une boîte blanche sur un ensemble de chaînes
US10412054B2 (en) 2014-06-24 2019-09-10 Nxp B.V. Method for introducing dependence of white-box implementation on a set of strings
US9569639B2 (en) 2014-09-12 2017-02-14 Nxp B.V. Remapping constant points in a white-box implementation
US9639674B2 (en) 2014-12-18 2017-05-02 Nxp B.V. Using single white-box implementation with multiple external encodings
US20160182472A1 (en) 2014-12-19 2016-06-23 Nxp, B.V. Binding White-Box Implementation To Reduced Secure Element
US9819486B2 (en) 2014-12-19 2017-11-14 Nxp B.V. S-box in cryptographic implementation
US9665699B2 (en) 2015-03-13 2017-05-30 Nxp B.V. Implementing padding in a white-box implementation
US9602273B2 (en) 2015-05-06 2017-03-21 Nxp B.V. Implementing key scheduling for white-box DES implementation
US20160350520A1 (en) 2015-05-29 2016-12-01 Nxp, B.V. Diversifying Control Flow of White-Box Implementation
US10505709B2 (en) 2015-06-01 2019-12-10 Nxp B.V. White-box cryptography interleaved lookup tables
US10020932B2 (en) 2015-11-13 2018-07-10 Nxp B.V. Split-and-merge approach to protect against DFA attacks
US10015009B2 (en) 2015-11-25 2018-07-03 Nxp B.V. Protecting white-box feistel network implementation against fault attack
US10171234B2 (en) 2015-12-16 2019-01-01 Nxp B.V. Wide encoding of intermediate values within a white-box implementation
US10223511B2 (en) 2016-03-30 2019-03-05 Nxp B.V. Watermarking input and output of a white-box implementation
US10243937B2 (en) * 2016-07-08 2019-03-26 Nxp B.V. Equality check implemented with secret sharing
US10567159B2 (en) 2017-06-07 2020-02-18 Nxp B.V. CMAC computation using white-box implementations with external encodings

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4328542A (en) * 1979-11-07 1982-05-04 The Boeing Company Secure implementation of transition machine computer
US4866605A (en) * 1984-11-05 1989-09-12 Hitachi, Ltd. System function simulation method and apparatus therefor using Petri net symbols
US4922413A (en) * 1987-03-24 1990-05-01 Center For Innovative Technology Method for concurrent execution of primitive operations by dynamically assigning operations based upon computational marked graph and availability of data
JP2580592B2 (ja) * 1987-04-17 1997-02-12 株式会社日立製作所 データ構造駆動型処理装置とその制御方法
DE3914233C1 (en) 1989-04-29 1990-07-26 Wulf 2054 Geesthacht De Harder Computer program protection device - has generator data output connected with consisting testing stage
US5257363A (en) * 1990-04-09 1993-10-26 Meta Software Corporation Computer-aided generation of programs modelling complex systems using colored petri nets
EP0842471A4 (fr) * 1995-07-31 2006-11-08 Hewlett Packard Co Procede et appareil pour gerer des ressources sous la commande d'un module protege ou d'un autre processeur protege
US6192475B1 (en) 1997-03-31 2001-02-20 David R. Wallace System and method for cloaking software
JP4739465B2 (ja) * 1997-06-09 2011-08-03 インタートラスト テクノロジーズ コーポレイション ソフトウェアセキュリティを増強するための混乱化技術
US6334189B1 (en) * 1997-12-05 2001-12-25 Jamama, Llc Use of pseudocode to protect software from unauthorized use
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
US6779112B1 (en) * 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit devices with steganographic authentication, and steganographic authentication methods
US7120699B2 (en) * 2001-09-20 2006-10-10 Ricoh Company, Ltd. Document controlled workflow systems and methods
US7478233B2 (en) * 2002-05-30 2009-01-13 Microsoft Corporation Prevention of software tampering
US7383443B2 (en) * 2002-06-27 2008-06-03 Microsoft Corporation System and method for obfuscating code using instruction replacement scheme
US20040015719A1 (en) * 2002-07-16 2004-01-22 Dae-Hyung Lee Intelligent security engine and intelligent and integrated security system using the same
US7415596B2 (en) 2003-01-24 2008-08-19 Gigafin Networks, Inc. Parser table/production rule table configuration using CAM and SRAM
DE10319435B4 (de) 2003-04-25 2018-07-26 Whitecryption Corporation Verfahren zur Verarbeitung von Daten zum Schutz eines Softwareprogramms vor Rekonstruktion

Also Published As

Publication number Publication date
DE10319435B4 (de) 2018-07-26
US11809530B2 (en) 2023-11-07
US10534897B2 (en) 2020-01-14
RU2005135987A (ru) 2007-05-27
US20170364668A1 (en) 2017-12-21
DE10319435A1 (de) 2004-11-11
WO2004097734A2 (fr) 2004-11-11
US20200117775A1 (en) 2020-04-16
US20170024550A1 (en) 2017-01-26
US9946854B2 (en) 2018-04-17
US11010455B2 (en) 2021-05-18
US20070014394A1 (en) 2007-01-18
US20180239881A1 (en) 2018-08-23
CN1781117A (zh) 2006-05-31
WO2004097734A8 (fr) 2005-12-01
CA2525484A1 (fr) 2004-11-11
US20210240802A1 (en) 2021-08-05
US9721075B2 (en) 2017-08-01
US9275202B2 (en) 2016-03-01
BRPI0409740A (pt) 2006-05-09
KR20060017593A (ko) 2006-02-24

Similar Documents

Publication Publication Date Title
DE10319435B4 (de) Verfahren zur Verarbeitung von Daten zum Schutz eines Softwareprogramms vor Rekonstruktion
DE102011088502B3 (de) Verfahren und Vorrichtung zur Absicherung von Blockchiffren gegen Template-Attacken
EP3218893B1 (fr) Implémentation en boîte blanche durcie
EP1410128A1 (fr) Dispositif de traitement de donnees
EP1818844A1 (fr) Procédé destiné à l'utilisation de mécanismes de sécurité
EP3552344B1 (fr) Structure de chaîne de blocs à chaînage bidirectionnel
DE69737806T2 (de) Datenverschlüsselungsverfahren
DE60103515T2 (de) Kryptografisches verfahren zum schutz gegen betrug
WO2005024606A1 (fr) Transition entre deux representations masquees d'une valeur lors de calculs cryptographiques
EP3576001A1 (fr) Procédé mis en uvre par ordinateur permettant de transférer une chaîne de données à partir d'une application vers un dispositif de protection des données à caractère personnel
EP1228410A1 (fr) Dispositif et procede de sortie protegee d'un document electronique via un reseau de transmission de donnees
DE60224603T2 (de) Auf einem graphisch implementierten Algorithmus basierendes Verfahren zur Erzeugung und Filtrierung von Datensequenzen für kryptographische Anwendungen
DE10020050A1 (de) Vorrichtung zum zugriffsgeschützten Behandeln elektronischer Daten
EP3742319B1 (fr) Mise en oeuvre sécurisée du canal latéral
EP4325387A1 (fr) Procédé de fourniture d'une clé numérique
DE102004052196B4 (de) Ausspähungsgeschütztes Ausführen von Operationen unter Verwendung einer maskenunterstützenden Recheneinheit
DE10028265A1 (de) Vorrichtung und Verfahren zum Entschlüsseln eines verschlüsselten elektronischen Dokuments
DE112005001837B4 (de) Verfahren zum Schutz von Schlüsseln
WO2022223193A1 (fr) Modification sécurisée de données d'utilisation dans une chaîne de blocs
DE202022103193U1 (de) Ein System zur Entwicklung einer leichtgewichtigen Blockchiffre für ressourcenbeschränkte Anwendungen
EP3633914A1 (fr) Procédé et système de traitement de données détectables à l'aide d'un obscurcissement
DE102017214591A1 (de) Verfahren und Vorrichtung zum Schützen eines Gerätes
EP1288941A2 (fr) Méthode de stockage d'un nombre d'un ensemble de données dans une série de supports de données avec la même information et support de données
EP1069508A2 (fr) Procédé cryptographique modifiable pendant l'exécution
DE10133741A1 (de) Verfahren zur Übertragung und/oder Speicherung von Daten

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

PUAK Availability of information related to the publication of the international search report

Free format text: ORIGINAL CODE: 0009015

17P Request for examination filed

Effective date: 20051102

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20090415

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20091229