Patents by Inventor Jurgen Pulkus

Jurgen Pulkus has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11405190
    Abstract: A method for setting up a subscriber identity module for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server includes generating one or several exchange keys from keys of the provisioning server and of the subscriber identity module on a production server and are transmitted into the subscriber identity module and stored, so that the subscriber identity module is put particularly into a state as though it had generated the exchange keys itself. In a method for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server, the subscriber identity module sends its public key to the provisioning server, which subsequently generates the exchange keys.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: August 2, 2022
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Gabriel Goller, Sven Bauer, Jürgen Pulkus, Lars Hoffmann
  • Patent number: 11386239
    Abstract: A method for the transition is provided from a Boolean masking of a value to be kept secret to an additive masking of the value to be kept secret. The value to be kept secret is present in the Boolean masking as a representation masked with a first Boolean mask and a second Boolean mask. A first additive mask and a second additive mask are determined for the value to be kept secret. A first masking transition is executed in which the first Boolean mask is converted into the first additive mask. A second masking transition is executed in which the obfuscation value is converted into an additive correction value, and a third masking transition is executed in which the second Boolean mask is converted into the second additive mask.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: July 12, 2022
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Jürgen Pulkus, Lars Hoffmann
  • Patent number: 10805066
    Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon, which algorithm is adapted to produce an output text from an input text employing a secret key K. The implementation of the algorithm comprises a key-dependent computing step S which comprises a key combination of input values x derived directly or indirectly from the input text with key values SubK derived directly or indirectly from the key; the key-dependent computing step S is represented by a table which is masked with input masking and/or output masking to form a masked table TabSSubK; and a new masked table TabSKneu is generated in the processor device.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: October 13, 2020
    Assignee: GIESECKE + DEVRIENT MOBILE SECURITY GMBH
    Inventors: Sven Bauer, Hermann Drexler, Jürgen Pulkus
  • Patent number: 10615962
    Abstract: A processor device has an executable implementation of the cryptographic algorithm DES implemented with an XOR linkage operation at the round exit and an implemented computation step S arranged to map expanded right input values r? as computation step entry values x=r? onto exit values s=S[x]. The computation step S is implemented as a key-dependent computation step further comprises a key linkage operation for linking input values of the round with key values of the round derived directly or indirectly from the key. The computation step S is implemented as a combined key-dependent computation step T which further comprises: a permutation operation P associated with the round, arranged to be applied to exit values s of the computation step S and to supply the exit values s of the computation step in permutated form to the XOR linkage operation at the round exit.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: April 7, 2020
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Sven Bauer, Hermann Drexler, Jürgen Pulkus
  • Patent number: 10438513
    Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: October 8, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
  • Patent number: 10403174
    Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: September 3, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
  • Patent number: 10249220
    Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: April 2, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
  • Patent number: 9860065
    Abstract: The invention provides a method, in a processor, for executing a cryptographic computation. Upon the execution of the computation there is applied a base masking through which intermediate values are incorporated into the computation as masked intermediate values. Upon the execution of the computation a secondary masking is additionally applied, wherein for each intermediate value masked by means of the base masking the one's complement of the masked intermediate value is formed, the masked intermediate value and the one's complement of the masked intermediate value are made available, and randomly the computation is executed either with the masked intermediate value or with the one's complement of the masked intermediate value.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: January 2, 2018
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventor: Jurgen Pulkus
  • Patent number: 9520995
    Abstract: In a method for checking whether a value represents a prime number, for a cryptographic application, a Fermat test is carried out, which includes a modular exponentiation of a base with an exponent (e) and a module (m). The exponent (e) and the module (m) respectively depend on the value to be checked, and the modular exponentiation is executed employing Montgomery operations. A device and a computer program product have corresponding features. The method can be particularly efficiently implemented on suitable platforms.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: December 13, 2016
    Assignee: GIESECKE & DEVRIENT GMBH
    Inventor: Jurgen Pulkus
  • Publication number: 20150244524
    Abstract: The invention provides a method, in a processor, for executing a cryptographic computation. Upon the execution of the computation there is applied a base masking through which intermediate values are incorporated into the computation as masked intermediate values. Upon the execution of the computation a secondary masking is additionally applied, wherein for each intermediate value masked by means of the base masking the one's complement of the masked intermediate value is formed, the masked intermediate value and the one's complement of the masked intermediate value are made available, and randomly the computation is executed either with the masked intermediate value or with the one's complement of the masked intermediate value.
    Type: Application
    Filed: September 23, 2013
    Publication date: August 27, 2015
    Applicant: Giesecke & Devrient GmbH
    Inventor: Jurgen Pulkus
  • Patent number: 9042543
    Abstract: A method in a portable data carrier for executing a cryptographic operation on security-relevant data comprises a step of determining a remainder (r) of a dividend (a) modulo a divisor (b). In so doing, the remainder (r) is determined iteratively by means of a division device of the data carrier. In each iteration there is carried out a Montgomery multiplication with the divisor (b) as the modulus and an additive linkage of an output value of the Montgomery multiplication with a coefficient (ai) derived from the dividend (a) and associated with the respective iteration. The Montgomery multiplication is carried out here by means of a multiplication device of the data carrier, preferably a corresponding coprocessor. The Montgomery multiplication of a subsequent iteration receives a result of a preceding iteration as an input value.
    Type: Grant
    Filed: November 16, 2011
    Date of Patent: May 26, 2015
    Assignee: GIESECKE & DEVRIENT GMBH
    Inventors: Markus Bockes, Jurgen Pulkus
  • Publication number: 20140294174
    Abstract: In a method for checking whether a value represents a prime number, for a cryptographic application, a Fermat test is carried out, which includes a modular exponentiation of a base with an exponent (e) and a module (m). The exponent (e) and the module (m) respectively depend on the value to be checked, and the modular exponentiation is executed employing Montgomery operations. A device and a computer program product have corresponding features. The method can be particularly efficiently implemented on suitable platforms.
    Type: Application
    Filed: October 25, 2012
    Publication date: October 2, 2014
    Inventor: Jurgen Pulkus
  • Publication number: 20140286488
    Abstract: A device and/or computer program uses a method including determining the division remainder of a first value (b) modulo a second value (p?) and executing a first Montgomery multiplication with the first value (b) as one of the factors and the second value (p?) as a module. A correction factor is determined, and a second Montgomery multiplication is executed with the result of the first Montgomery multiplication as one of the factors and the correction factor as the other factor and the second value (p?) as a module. A method for ascertaining prime number candidates includes determining a base value (b) for a sieve, and several sieve iterations are executed, in which respectively one marking value (p?) is ascertained and multiples of the marking value (p?) in the sieve are marked as composite numbers.
    Type: Application
    Filed: October 25, 2012
    Publication date: September 25, 2014
    Inventor: Jurgen Pulkus
  • Publication number: 20130236006
    Abstract: A method in a portable data carrier for executing a cryptographic operation on security-relevant data comprises a step of determining a remainder (r) of a dividend (a) modulo a divisor (b). In so doing, the remainder (r) is determined iteratively by means of a division device of the data carrier. In each iteration there is carried out a Montgomery multiplication with the divisor (b) as the modulus and an additive linkage of an output value of the Montgomery multiplication with a coefficient (ai) derived from the dividend (a) and associated with the respective iteration. The Montgomery multiplication is carried out here by means of a multiplication device of the data carrier, preferably a corresponding coprocessor. The Montgomery multiplication of a subsequent iteration receives a result of a preceding iteration as an input value.
    Type: Application
    Filed: November 16, 2011
    Publication date: September 12, 2013
    Applicant: GIESECKE & DEVRIENT GMBH
    Inventors: Markus Bockes, Jurgen Pulkus
  • Patent number: 8290145
    Abstract: In a method for the transition from a first masked representation of a value to be kept secret to a second masked representation of the value, according to a first aspect of the invention at least one previously calculated table with a plurality of entries is used, and the calculation is carried out depending on at least one veiling parameter, in order to prevent the value to be kept secret from being spied out. According to a second aspect of the invention, at least one comparison table is used, which, for each table index, provides the result of a comparison between a value dependent on the table index and a value dependent on at least one masking value. A computer program product and a device have corresponding features. The invention provides a technique for protecting the transition between masked representations of a value from being spied out, wherein the masked representations are based on different masking rules.
    Type: Grant
    Filed: September 3, 2004
    Date of Patent: October 16, 2012
    Assignee: Giesecke & Devrient GmbH
    Inventors: Olaf Neisse, Jürgen Pulkus
  • Publication number: 20070058800
    Abstract: In a method for the transition from a first masked representation of a value to be kept secret to a second masked representation of the value, according to a first aspect of the invention at least one previously calculated table with a plurality of entries is used, and the calculation is carried out depending on at least one veiling parameter, in order to prevent the value to be kept secret from being spied out. According to a second aspect of the invention, at least one comparison table is used, which, for each table index, provides the result of a comparison between a value dependent on the table index and a value dependent on at least one masking value. A computer program product and a device have corresponding features. The invention provides a technique for protecting the transition between masked representations of a value from being spied out, wherein the masked representations are based on different masking rules.
    Type: Application
    Filed: September 3, 2004
    Publication date: March 15, 2007
    Applicant: GIESECKE & DEVRIENT GMBH
    Inventors: Olaf Neisse, Jurgen Pulkus