公开(公告)号：US11728972B2

公开(公告)日：2023-08-15

申请号：US17848922

申请日：2022-06-24

Applicant: APPLE INC.

Inventor： Yannick L. Sierra ,  Zhimin Chen ,  Thomas Icart

IPC: H04L9/08 ,  G01S13/76 ,  H04L9/40 ,  H04W12/03 ,  H04W12/041

CPC classification number: H04L9/0822 ,  G01S13/765 ,  H04L63/1441 ,  H04W12/03 ,  H04W12/041 ,  H04L9/0872 ,  H04L63/0428 ,  H04L63/0492

Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.

公开(公告)号：US20160359618A1

公开(公告)日：2016-12-08

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L9/06 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

Abstract translation: 一些实施例提供了一种用于执行迭代块密码的方法。 线旋转和列旋转被组合以具有多种AES状态的表示。 这些保护可以在静止模式下执行，其中旋转被直接包括在代码和表中，或者在动态模式中，其中根据一些熵上下文变量在执行时随机选择旋转。 两种模式也可以有利地组合在一起。

公开(公告)号：US20160261405A1

公开(公告)日：2016-09-08

申请号：US14639026

申请日：2015-03-04

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

Abstract translation: 一些实施例提供了用于执行密码处理的方法。 该方法接收第一和第二密码密钥。 该方法生成与第一和第二密码密钥中的每一个对应的一组子密钥。 用于第一密码密钥的子密钥集合取决于第一密码密钥和第二密码密钥。 该方法通过使用生成的子项集执行加密处理。

公开(公告)号：US20200336303A1

公开(公告)日：2020-10-22

申请号：US16643237

申请日：2018-07-03

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Zhimin Chen ,  Thomas Icart

IPC: H04L9/08 ,  G01S13/76 ,  H04L29/06

Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.

公开(公告)号：US09774443B2

公开(公告)日：2017-09-26

申请号：US14639026

申请日：2015-03-04

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

公开(公告)号：US20160211972A1

公开(公告)日：2016-07-21

申请号：US15000223

申请日：2016-01-19

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09264222B2

公开(公告)日：2016-02-16

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30 ,  H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US20140165208A1

公开(公告)日：2014-06-12

申请号：US13707444

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Daniel F. Reynaud ,  Jonathan G. McLachlan ,  Julien Lerouge ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/60

CPC classification number: G06F21/14 ,  G06F8/30

Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.

Abstract translation: 描述提供重写代码来动态地屏蔽静态嵌入在第一代码中的程序数据的方法和装置。 程序数据可以在第一个代码中的多个指令中使用。 可以确定第一代码中的代码位置（例如，最佳代码位置）用于注入重写代码。 代码位置可以被包括在第一代码的两个或多个执行路径中。 每个执行路径可以具有使用程序数据的指令中的至少一个。 可以基于在最佳代码位置插入重写代码的第一代码来生成第二代码。 第二代码可以包括使用由重写代码动态屏蔽的程序数据的指令。 当由处理器执行时，第一代码和第二代码可以产生相同的结果。

公开(公告)号：US20220399994A1

公开(公告)日：2022-12-15

申请号：US17848922

申请日：2022-06-24

Applicant: APPLE INC.

Inventor： Yannick L. Sierra ,  Zhimin Chen ,  Thomas Icart

IPC: H04L9/08 ,  G01S13/76 ,  H04L9/40 ,  H04W12/03 ,  H04W12/041

Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.