-
公开(公告)号:US12001579B1
公开(公告)日:2024-06-04
申请号:US17302539
申请日:2021-05-05
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Thomas Icart , Mathieu Ciet , Oliver J. Hunt , Yannick Sierra , Gokul Thirumalai , Roberto Garcia
IPC: H04L9/40 , G06F16/174 , G06F21/62 , H04L9/08 , H04L9/14 , H04L9/30 , H04L9/32 , H04L51/04 , H04L51/08 , H04L67/1095 , H04L67/1097 , H04W12/02 , H04W12/04
CPC classification number: G06F21/6227 , G06F16/1752 , G06F21/6218 , H04L9/0847 , H04L9/14 , H04L9/30 , H04L9/3242 , H04L9/3247 , H04L9/3273 , H04L51/04 , H04L51/08 , H04L63/0428 , H04L63/0478 , H04L63/065 , H04L63/123 , H04L63/126 , H04L67/1095 , H04L67/1097 , H04W12/02 , H04W12/04
Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.
-
2.发明授权公开(公告)号:US09716586B2
公开(公告)日:2017-07-25
申请号:US15000223
申请日:2016-01-19
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Mathieu Ciet , Thomas Icart , Bruno Kindarji , Augustin J. Farrugia
CPC classification number: H04L9/0637 , H04L9/0631 , H04L9/30 , H04L2209/24
Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.
-
公开(公告)号:US09692592B2
公开(公告)日:2017-06-27
申请号:US14866997
申请日:2015-09-27
Applicant: Apple Inc.
Inventor: Bruno Kindarji , Benoit Chevallier-Mames , Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
CPC classification number: H04L9/0618 , H04L9/0631 , H04L9/14 , H04L63/1466 , H04L2209/16 , H04L2209/24 , H04L2209/34
Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.
-
公开(公告)号:US20160080143A1
公开(公告)日:2016-03-17
申请号:US14487872
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Bruno Kindarji , Mathieu Ciet , Benoit Chevallier-Mames , Thomas Icart , Augustin J. Farrugia
CPC classification number: H04L9/0618 , H04L9/0637 , H04L2209/04 , H04L2209/043 , H04L2209/16 , H04L2209/24
Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.
Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行,而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中,用于第一块的至少两个轮次一个接一个地执行,而对于该组中的任何其他块,没有任何中间轮。
-
公开(公告)号:US09143317B2
公开(公告)日:2015-09-22
申请号:US13902723
申请日:2013-05-24
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Mathieu Ciet , Thomas Icart , Bruno Kindarji , Augustin J. Farrugia
CPC classification number: H04L9/0631 , H04L9/002 , H04L2209/16
Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.
Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗,其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作,然后从结果中移除,以在存储器中提供数据的混淆,同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转,对密码状态矩阵执行块密码操作的迭代,并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。
-
Patent Agency Ranking
公开(公告)号:US20140189366A1
公开(公告)日:2014-07-03
申请号:US14139826
申请日:2013-12-23
Applicant: Apple Inc.
Inventor: Augustin J. Farrugia , Mathieu Ciet , Benoit Chevallier-Mames
IPC: G06F21/60
CPC classification number: G06F21/60 , G06F21/14 , G06F2221/2107 , G09C1/00 , H04L2209/04
Abstract: In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries).
Abstract translation: 在第一计算机(数字)数据混淆处理中,通过逻辑地或数学地组合数据来模拟(掩蔽)常规地被布置在被称为阵列(例如,一个表格)的数据结构中并且通常存储在计算机或计算机设备存储器中的数据 逐个输入,具有屏蔽值,其被计算为条目本身的逻辑或数学函数或其阵列中的索引,模数为安全值。 补充取消掩码值是指向该表中条目地址的指针,以模拟安全值。 在第二计算机(数字)数据混淆处理中,数据阵列的存储器中的地址(位置指定)本身通过将阵列划分成条目块并将每个块中的数据条目的顺序按顺序排列(A)来进行混淆(掩蔽) 预定的算法,导致在其大小(入口总数)方面与原始阵列不同的混洗阵列。
-
公开(公告)号:US11025596B1
公开(公告)日:2021-06-01
申请号:US15907468
申请日:2018-02-28
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Thomas Icart , Mathieu Ciet , Oliver J. Hunt , Yannick Sierra , Gokul Thirumalai , Roberto Garcia
Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.
-
公开(公告)号:US20180089465A1
公开(公告)日:2018-03-29
申请号:US15707847
申请日:2017-09-18
Applicant: Apple Inc.
Inventor: Lucas O. Winstrom , Eric D. Friedman , Ritwik K. Kumar , Jeremy M. Stober , Amol V. Pattekar , Benoit Chevallier-Mames , Julien Lerouge , Gianpaolo Fasoli , Augustin J. Farrugia , Mathieu Ciet
CPC classification number: G06F21/64 , G06F21/55 , G06Q10/107 , H04L9/3247 , H04L51/12 , H04L51/22 , H04L63/1441 , H04L2463/144
Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.
-
公开(公告)号:US09336370B2
公开(公告)日:2016-05-10
申请号:US13707444
申请日:2012-12-06
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Daniel F. Reynaud , Jonathan G. McLachlan , Julien Lerouge , Mathieu Ciet , Thomas Icart
Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.
Abstract translation: 描述提供重写代码来动态地屏蔽静态嵌入在第一代码中的程序数据的方法和装置。 程序数据可以在第一个代码中的多个指令中使用。 可以确定第一代码中的代码位置(例如,最佳代码位置)用于注入重写代码。 代码位置可以被包括在第一代码的两个或多个执行路径中。 每个执行路径可以具有使用程序数据的指令中的至少一个。 可以基于在最佳代码位置插入重写代码的第一代码来生成第二代码。 第二代码可以包括使用由重写代码动态屏蔽的程序数据的指令。 当由处理器执行时,第一代码和第二代码可以产生相同的结果。
-
10.发明授权公开(公告)号:US08918768B2
公开(公告)日:2014-12-23
申请号:US13707437
申请日:2012-12-06
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Mathieu Ciet , Thomas Icart , Bruno Kindarji , Augustin J. Farrugia
CPC classification number: G06F21/14
Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.
Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置,用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。
-
-
-
-
-
-
-
-
-
Search Results
27
records
(took 0.021 seconds)
