公开(公告)号：US09692592B2

公开(公告)日：2017-06-27

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

公开(公告)号：US20160119133A1

公开(公告)日：2016-04-28

申请号：US14291581

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L9/06

CPC classification number: H04L9/0643 ,  H04L2209/20

Abstract: The disclosed hash and message padding functions are based on the permutation composition problem. To compute a hash of a message using permutation composition based hashing, the message is split into equal size blocks. For each block, a permutation composition value is computed. The block permutation composition values are then combined through composition to generate an overall permutation composition value. The hash of the message is then based on the overall permutation composition value. To pad a message using permutation composition based padding, the message is split into equal size blocks. For each block, a permutation composition value is computed and the permutation composition value is added to the block. The padded blocks are then recombined to generate the padded message.

Abstract translation: 所公开的散列和消息填充功能基于置换组合问题。 为了使用基于散列组合的散列来计算消息的散列，消息被分割成相等大小的块。 对于每个块，计算置换组合值。 然后通过组合将块置换组合值组合以产生整体置换组合值。 然后，消息的散列基于整体排列组合值。 为了使用基于置换组合的填充来填充消息，消息被分割成相等的大小块。 对于每个块，计算置换组合值，并将置换组合值添加到块。 然后将填充的块重新组合以产生填充消息。

公开(公告)号：US20160080143A1

公开(公告)日：2016-03-17

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/06 ,  H04L9/08

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。

公开(公告)号：US09143317B2

公开(公告)日：2015-09-22

申请号：US13902723

申请日：2013-05-24

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/16

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗，其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作，然后从结果中移除，以在存储器中提供数据的混淆，同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转，对密码状态矩阵执行块密码操作的迭代，并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。

公开(公告)号：US20140189366A1

公开(公告)日：2014-07-03

申请号：US14139826

申请日：2013-12-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Mathieu Ciet ,  Benoit Chevallier-Mames

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/14 ,  G06F2221/2107 ,  G09C1/00 ,  H04L2209/04

Abstract: In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries).

Abstract translation: 在第一计算机（数字）数据混淆处理中，通过逻辑地或数学地组合数据来模拟（掩蔽）常规地被布置在被称为阵列（例如，一个表格）的数据结构中并且通常存储在计算机或计算机设备存储器中的数据 逐个输入，具有屏蔽值，其被计算为条目本身的逻辑或数学函数或其阵列中的索引，模数为安全值。 补充取消掩码值是指向该表中条目地址的指针，以模拟安全值。 在第二计算机（数字）数据混淆处理中，数据阵列的存储器中的地址（位置指定）本身通过将阵列划分成条目块并将每个块中的数据条目的顺序按顺序排列（A）来进行混淆（掩蔽） 预定的算法，导致在其大小（入口总数）方面与原始阵列不同的混洗阵列。

公开(公告)号：US10599873B2

公开(公告)日：2020-03-24

申请号：US15707847

申请日：2017-09-18

Applicant: Apple Inc.

Inventor： Lucas O. Winstrom ,  Eric D. Friedman ,  Ritwik K. Kumar ,  Jeremy M. Stober ,  Amol V. Pattekar ,  Benoit Chevallier-Mames ,  Julien Lerouge ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L29/06 ,  G06F21/64 ,  G06Q10/10 ,  H04L12/58 ,  H04L9/32 ,  G06F21/55

Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.

公开(公告)号：US20160359618A1

公开(公告)日：2016-12-08

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L9/06 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

Abstract translation: 一些实施例提供了一种用于执行迭代块密码的方法。 线旋转和列旋转被组合以具有多种AES状态的表示。 这些保护可以在静止模式下执行，其中旋转被直接包括在代码和表中，或者在动态模式中，其中根据一些熵上下文变量在执行时随机选择旋转。 两种模式也可以有利地组合在一起。

公开(公告)号：US20160261405A1

公开(公告)日：2016-09-08

申请号：US14639026

申请日：2015-03-04

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

Abstract translation: 一些实施例提供了用于执行密码处理的方法。 该方法接收第一和第二密码密钥。 该方法生成与第一和第二密码密钥中的每一个对应的一组子密钥。 用于第一密码密钥的子密钥集合取决于第一密码密钥和第二密码密钥。 该方法通过使用生成的子项集执行加密处理。

公开(公告)号：US20130205137A1

公开(公告)日：2013-08-08

申请号：US13802508

申请日：2013-03-13

Applicant: APPLE INC.

Inventor： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3242 ,  H04L2209/603 ,  H04L2209/80

Abstract: In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

Abstract translation: 在数据安全性和系统可靠性和资格认证领域中，本公开是一种用于使用基于零知识的认证技术来验证或认证到主机的设备的方法，系统和装置，其包括诸如HMAC之类的密钥化消息认证码 或密钥密码函数，并且操作在主机和设备之间共享的秘密信息。 这对于安全目的也是有用的，并且还确保诸如计算机外围设备或附件或组件的设备有资格与主机互操作。

公开(公告)号：US11494574B2

公开(公告)日：2022-11-08

申请号：US16805214

申请日：2020-02-28

Applicant: Apple Inc.

Inventor： Mathieu Ciet ,  Bruno Benteo ,  Michael Mouchous ,  Augustin J. Farrugia

IPC: G06K5/00 ,  G06K7/12 ,  G06Q30/06 ,  G06V30/413

Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.