Patents by Inventor Jon McLachlan
Jon McLachlan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240015141Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: ApplicationFiled: June 12, 2023Publication date: January 11, 2024Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 11706198Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: May 8, 2020Date of Patent: July 18, 2023Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Publication number: 20200344218Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: ApplicationFiled: May 8, 2020Publication date: October 29, 2020Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 10693847Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: December 11, 2018Date of Patent: June 23, 2020Assignee: Symphony Communication Services Holdings LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 10432589Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: July 29, 2016Date of Patent: October 1, 2019Assignee: Symphony Communication Services Holdings LLCInventors: David M'Raihi, David Gurle, Michael Harmon, Jon McLachlan, Ivan Rylach, Sergey Stelmakh
-
Patent number: 10237246Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: July 29, 2016Date of Patent: March 19, 2019Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 9721120Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.Type: GrantFiled: May 14, 2013Date of Patent: August 1, 2017Assignee: Apple Inc.Inventors: Jon McLachlan, Julien Lerouge, Daniel F. Reynaud, Eric D. Laspe
-
Patent number: 9116765Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data using instructions as a source of pseudorandom values. Obfuscation is performed by receiving instructions and data and compiling the instructions and the data into an executable file having a text section and a data section. The text section can include instructions and the data section can include data segments. The system obfuscates the data section iteratively by generating a hash of an address for a respective data segment, and based on the hash, identifying a corresponding address in the text section that includes at least one instruction. The system retrieves a mask key from the corresponding address and applies the mask key to the respective data segment, yielding a masked data segment. In one embodiment, integrity verification of obfuscated data is performed without exposing the data in an unprotected state by utilizing multiple mask keys.Type: GrantFiled: November 30, 2011Date of Patent: August 25, 2015Assignee: Apple Inc.Inventors: Jon McLachlan, Gideon M. Myles, Julien Lerouge
-
Publication number: 20140344924Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.Type: ApplicationFiled: May 14, 2013Publication date: November 20, 2014Applicant: Apple Inc.Inventors: Jon McLachlan, Julien Lerouge, Daniel F. Reynaud, Eric D. Laspe
-
Patent number: 8887140Abstract: Disclosed herein are systems, methods, and computer-readable storage media for obfuscating using inlined functions. A system configured to practice the method receives a program listing including annotated functions for obfuscation, identifies an annotated function called more than once in the program listing, and creates an inline control flow structure in the program listing for the identified annotated function, the control flow structure being computationally equivalent to inlining the identified annotated function into the program listing for each occurrence of the identified annotated function. The program listing can include tiers of annotated functions. The system can identify annotated functions called more than once based on an optionally generated callgraph. The system can create inline control flow structures in the program listing in order of annotation importance. The system can identify how many times each annotated function is called in the program listing.Type: GrantFiled: January 15, 2010Date of Patent: November 11, 2014Assignee: Apple Inc.Inventors: Julien Lerouge, Nicholas T. Sullivan, Gideon M. Myles, Jon McLachlan, Augustin J. Farrugia
-
Patent number: 8756434Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time.Type: GrantFiled: April 8, 2011Date of Patent: June 17, 2014Assignee: Apple Inc.Inventors: Ganna Zaks, Pierre Betouin, Augustin J. Farrugia, Julien Lerouge, Jon McLachlan, Gideon M. Myles, Cédric Tessier
-
Patent number: 8751823Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating branches in computer code. A compiler or a post-compilation tool can obfuscate branches by receiving source code, and compiling the source code to yield computer-executable code. The compiler identifies branches in the computer-executable code, and determines a return address and a destination value for each branch. Then, based on the return address and the destination value for each branch, the compiler constructs a binary tree with nodes and leaf nodes, each node storing a balanced value, and each leaf node storing a destination value. The non-leaf nodes are arranged such that searching the binary tree by return address leads to a corresponding destination value. Then the compiler inserts the binary tree in the computer-executable code and replaces each branch with instructions in the computer-executable code for performing a branching operation based on the binary tree.Type: GrantFiled: August 1, 2011Date of Patent: June 10, 2014Assignee: Apple Inc.Inventors: Gideon M. Myles, Julien Lerouge, Jon McLachlan, Ganna Zaks, Augustin J. Farrugia
-
Patent number: 8699703Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data via a pseudo-random polymorphic tree. A server, using a seed value shared with a client device, generates a tag stream according to a byte-string algorithm. The server passes the tag stream and the data to be transmitted to the client device through a pseudo-random polymorphic tree serializer to generate a pseudo-random polymorphic tree, which the server transmits to the client device. The client device, using the same seed and byte-string algorithm, generates the same tag stream as on the server. The client passes that tag stream and the received pseudo-random polymorphic tree through a pseudo-random polymorphic tree parser to extract the data. Data to be transmitted from the server to the client device is hidden in a block of seemingly random data, which changes for different seed values. This approach obfuscates data and has low processing overhead.Type: GrantFiled: October 19, 2011Date of Patent: April 15, 2014Assignee: Apple Inc.Inventors: Nicholas T. Sullivan, Bertrand Mollinier Toublet, Gianpaolo Fasoli, Jon McLachlan
-
Patent number: 8656363Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for detecting changes in a source of entropy. A system configured to practice the method generates a cyclic graph based at least in part on the values in the entropy pool. Using the cyclic graph and one or more starting points, the system establishes one or more baseline properties for the cyclic graph. These properties can include the number of steps required to identify a cycle in the graph or the number of steps required to traverse the graph from one or more starting points to a selected end point. The computed properties are then stored for later use. As execution progresses, the system monitors the entropy pool to detect a change by regenerating the cyclic graph and using the stored properties.Type: GrantFiled: June 14, 2010Date of Patent: February 18, 2014Assignee: Apple Inc.Inventors: Jon McLachlan, Julien Lerouge, Nicholas T. Sullivan, Ganna Zaks, Augustin J. Farrugia
-
Patent number: 8615735Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating a computer program. A system configured to practice the method identifies a set of executable instructions at a first location in an instruction section of the computer program and identifies a second location in a data section of the computer program. Then the system moves the set of executable instructions to the second location and patches references in the computer program to the set of executable instructions to point to the second location. The instruction section of the computer program can be labeled as _TEXT,_text and the data section of the computer program is labeled as _DATA,_data. The set of executable instructions can include one or more non-branching instructions optionally followed by a branching instruction. The placement of the first and second locations can be based on features of a target computing architecture, such as cache size.Type: GrantFiled: May 3, 2011Date of Patent: December 24, 2013Assignee: Apple Inc.Inventors: Jon McLachlan, Ganna Zaks, Julien Lerouge, Pierre Betouin, Augustin J. Farrugia, Gideon M. Myles, Cédric Tessier
-
Patent number: 8495390Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.Type: GrantFiled: January 23, 2013Date of Patent: July 23, 2013Assignee: Apple Inc.Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Mathiew Ciet, Jon McLachlan
-
Publication number: 20130104239Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data using instructions as a source of pseudorandom values. Obfuscation is performed by receiving instructions and data and compiling the instructions and the data into an executable file having a text section and a data section. The text section can include instructions and the data section can include data segments. The system obfuscates the data section iteratively by generating a hash of an address for a respective data segment, and based on the hash, identifying a corresponding address in the text section that includes at least one instruction. The system retrieves a mask key from the corresponding address and applies the mask key to the respective data segment, yielding a masked data segment. In one embodiment, integrity verification of obfuscated data is performed without exposing the data in an unprotected state by utilizing multiple mask keys.Type: ApplicationFiled: November 30, 2011Publication date: April 25, 2013Applicant: Apple Inc.Inventors: Jon McLachlan, Gideon M. Myles, Julien Lerouge
-
Publication number: 20130103942Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data via a pseudo-random polymorphic tree. A server, using a seed value shared with a client device, generates a tag stream according to a byte-string algorithm. The server passes the tag stream and the data to be transmitted to the client device through a pseudo-random polymorphic tree serializer to generate a pseudo-random polymorphic tree, which the server transmits to the client device. The client device, using the same seed and byte-string algorithm, generates the same tag stream as on the server. The client passes that tag stream and the received pseudo-random polymorphic tree through a pseudo-random polymorphic tree parser to extract the data. Data to be transmitted from the server to the client device is hidden in a block of seemingly random data, which changes for different seed values. This approach obfuscates data and has low processing overhead.Type: ApplicationFiled: October 19, 2011Publication date: April 25, 2013Applicant: Apple Inc.Inventors: Nicholas T. Sullivan, Bertrand Mollinier Toublet, Gianpaolo Fasoli, Jon McLachlan
-
Patent number: 8386803Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.Type: GrantFiled: November 18, 2009Date of Patent: February 26, 2013Assignee: Apple Inc.Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Mathieu Ciet, Jon McLachlan
-
Publication number: 20130036473Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating branches in computer code. A compiler or a post-compilation tool can obfuscate branches by receiving source code, and compiling the source code to yield computer-executable code. The compiler identifies branches in the computer-executable code, and determines a return address and a destination value for each branch. Then, based on the return address and the destination value for each branch, the compiler constructs a binary tree with nodes and leaf nodes, each node storing a balanced value, and each leaf node storing a destination value. The non-leaf nodes are arranged such that searching the binary tree by return address leads to a corresponding destination value. Then the compiler inserts the binary tree in the computer-executable code and replaces each branch with instructions in the computer-executable code for performing a branching operation based on the binary tree.Type: ApplicationFiled: August 1, 2011Publication date: February 7, 2013Applicant: Apple Inc.Inventors: Gideon M. Myles, Julien Lerouge, Jon McLachlan, Ganna Zaks, Augustin J. Farrugia