Patents by Inventor Augustin J. Farrugia

Augustin J. Farrugia has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20160080143
    Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.
    Type: Application
    Filed: September 16, 2014
    Publication date: March 17, 2016
    Inventors: Bruno Kindarji, Mathieu Ciet, Benoit Chevallier-Mames, Thomas Icart, Augustin J. Farrugia
  • Patent number: 9274976
    Abstract: In the field of computer software (code) security, it is known to include verification data such as hash values in or associated with the code to allow subsequent detection of tampering by a attacker with the code. This verification technique is used here in a “White Box” cryptographic process by tying the verification data to the content of functional table lookups present in the object (compiled) code, where values in the table lookups are selectively masked (prior to the source code being compiled into the subject code) by being subject to permutation operations.
    Type: Grant
    Filed: November 5, 2010
    Date of Patent: March 1, 2016
    Assignee: APPLE INC.
    Inventors: Augustin J. Farrugia, Mathieu Ciet, Pierre Betouin
  • Patent number: 9264222
    Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.
    Type: Grant
    Filed: August 30, 2013
    Date of Patent: February 16, 2016
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Mathieu Ciet, Thomas Icart, Bruno Kindarji, Augustin J. Farrugia
  • Patent number: 9264234
    Abstract: In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.
    Type: Grant
    Filed: January 24, 2012
    Date of Patent: February 16, 2016
    Assignee: APPLE INC.
    Inventors: Augustin J. Farrugia, David M'Raihi, Mathieu Ciet, Thomas Icart
  • Publication number: 20160019375
    Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.
    Type: Application
    Filed: February 27, 2015
    Publication date: January 21, 2016
    Inventors: Gianpaolo Fasoli, Apoorva Govind, Augustin J. Farrugia, Raffi T. Khatchadourian
  • Publication number: 20150363580
    Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.
    Type: Application
    Filed: June 17, 2014
    Publication date: December 17, 2015
    Inventors: Pierre Betouin, Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, Cédric Tessier, Jean-Baptiste Aviat, Mathieu Ciet, Thomas Icart
  • Publication number: 20150347996
    Abstract: One or more user accounts can be linked together to form a group of linked user accounts to access content items assigned to the other user accounts in the group of linked user accounts. Prior to completing a purchase for a content item, a requesting user can be alerted that a member of the group of linked user accounts has access to the content item. Content items assigned to a member of a group of linked user accounts can be downloaded by one or more other members of the group of linked user accounts along with a Digital Rights Management (DRM) key that enables use of the content item. The DRM key can represent the group relationship between the downloading user account and the content owner's user account to which the content item is assigned.
    Type: Application
    Filed: May 26, 2015
    Publication date: December 3, 2015
    Inventors: Thomas Alsina, Augustin J. Farrugia, Edward T. Schmidt, Gianpaolo Fasoli, Sean B. Kelly
  • Publication number: 20150349951
    Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).
    Type: Application
    Filed: May 30, 2014
    Publication date: December 3, 2015
    Applicant: Apple Inc.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, Mathieu Ciet, Thomas Icart
  • Patent number: 9189425
    Abstract: In the field of computer enabled cryptography, such as a cipher using lookup tables, the cipher is hardened against an attack by a protection process which obscures the lookup tables using the properties of bijective functions and applying masks to the tables' input and output values, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by obfuscating lookup table data, thereby increasing the cipher's complexity against reverse engineering and other attacks.
    Type: Grant
    Filed: October 31, 2011
    Date of Patent: November 17, 2015
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, Mathieu Ciet, Thomas Icart
  • Patent number: 9172683
    Abstract: In a Digital Rights Management (DRM) system, cryptographic keys for decrypting distributed assets (such as audio or video media) are distributed using an offline (e.g., non-Internet) method for distribution of the key generation process, with an implicit authorization to use the distributed key generation process. This is used to update an asset key for use by a client such as a media player when a key formula for generating the key for decrypting an asset has been compromised, such as by hackers.
    Type: Grant
    Filed: June 29, 2011
    Date of Patent: October 27, 2015
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Gianpaolo Fasoli, Nicholas Sullivan
  • Publication number: 20150294382
    Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.
    Type: Application
    Filed: June 25, 2015
    Publication date: October 15, 2015
    Inventors: Thomas Alsina, Dallas B. De Atley, Augustin J. Farrugia, Byron B. Han, Sean B. Kelly, Craig A. Marciniak, Maxim Khutornenko, Raymond N. Walsh
  • Patent number: 9143317
    Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.
    Type: Grant
    Filed: May 24, 2013
    Date of Patent: September 22, 2015
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Mathieu Ciet, Thomas Icart, Bruno Kindarji, Augustin J. Farrugia
  • Patent number: 9128722
    Abstract: Disclosed herein are systems, computer-implemented methods, and non-transitory computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are non-transitory computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: September 8, 2015
    Assignee: Apple Inc.
    Inventors: Pierre Betouin, Mathieu Ciet, Augustin J. Farrugia
  • Publication number: 20150220926
    Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.
    Type: Application
    Filed: April 13, 2015
    Publication date: August 6, 2015
    Inventors: Jonathan G. McLachlan, Augustin J. Farrugia, Nicholas T. Sullivan
  • Patent number: 9043887
    Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: May 26, 2015
    Assignee: Apple Inc.
    Inventors: Jonathan G. McLachlan, Augustin J. Farrugia, Nicholas T. Sullivan
  • Patent number: 9031228
    Abstract: Systems and methods for an implementation of block cipher algorithms (e.g., AES) use lookup tables to obscure key information, increasing difficulty of reverse engineering efforts. The implementation encodes round key information into a first plurality of tables (T1), which when used for lookup operations also complete SubBytes operations, and output state in an encoded format. A Shiftrows operation is performed arithmetically on the output state. A second plurality of tables (T2) are used to perform a polynomial multiplication portion of MixColumns operation, and an XOR portion of MixColumns is performed arithmetically on the columns. Encoding from the T1 tables is made to match a decoding built into the T2 tables. Subsets of the T1 tables use the same T2 tables, reducing a memory footprint for the T2 tables. Multiple AES keys can be embedded in different sets of T1 tables that encode for the same set of T2 tables.
    Type: Grant
    Filed: April 16, 2012
    Date of Patent: May 12, 2015
    Assignee: Apple Inc.
    Inventors: Mathieu Ciet, Augustin J. Farrugia, Filip Toma Paun
  • Publication number: 20150073998
    Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.
    Type: Application
    Filed: September 9, 2013
    Publication date: March 12, 2015
    Applicant: Apple Inc.
    Inventors: Thomas Alsina, Dallas B. De Atley, Augustin J. Farrugia, Byron B. Han, Sean B. Kelly, Craig A. Marciniak, Maxim Khutornenko, Raymond N. Walsh
  • Patent number: 8976960
    Abstract: A method and an apparatus that generate a plurality of elements randomly as a split representation of an input used to provide an output data cryptographically representing an input data are described. The input may correspond to a result of a combination operation on the elements. Cryptographic operations may be performed on the input data and the elements to generate a plurality of data elements without providing data correlated with the key. The combination operation may be performed on the data elements for the output data.
    Type: Grant
    Filed: April 2, 2012
    Date of Patent: March 10, 2015
    Assignee: Apple Inc.
    Inventors: Mathieu Ciet, Benoit Chevallier-Mames, Thomas Icart, Bruno Kindarji, Augustin J. Farrugia
  • Patent number: 8966279
    Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by protecting the cipher key by means of a key expansion process which obscures the cipher and/or the round keys by increasing their lengths to provide an expanded version of the keys for carrying out encryption or decryption using the cipher. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key.
    Type: Grant
    Filed: December 21, 2010
    Date of Patent: February 24, 2015
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Mathieu Ciet, Thomas Icart, Bruno Kindarji
  • Patent number: 8966285
    Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against attack by protecting the round keys by (1) combining several cipher operations using a pair of sub-keys (round keys) into one table look-up, or (2) a key masking process which obscures the round keys by providing a masked version of the key operations for carrying out encryption or decryption using the cipher. This approach is especially advantageous in an insecure “White Box” environment where an attacker has full access to execution of the cipher algorithm, including the algorithm's internal state during its execution.
    Type: Grant
    Filed: January 10, 2011
    Date of Patent: February 24, 2015
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Mathieu Ciet, Benoit Chevallier-Mames