Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.

Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as or C++.

Abstract: A method is provided for generating an output from an input according to a secret using a white-box implementation of a cryptographic function having a first operation, a second operation, and a third operation. The method applies the input to a first operation to generate a first intermediate result, applies the first intermediate result to a second operation to generate a second intermediate result, and applies the second intermediate result to a third operation to generate the output, wherein at least two of the first operation, the second operation, and the third operation is implemented by a plurality of interconnected logic elements, the interconnection of the plurality of logic elements being comprised of one of a non-algebraic interconnection of logic elements and an algebraic interconnection of logic elements having obfuscated boundaries between the at least one of the first operation, the second operation and the third operation.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method and apparatus for securely generating an output is disclosed. In one embodiment, the method comprises generating a white-box implementation having unlocked white-box look up table (LUTs) for node-encoded secrets, the node-encoded secrets to be encoded for operation solely on a node of a network and globally encoded white-box LUTs for globally-encoded secrets to be encoded for operation on the node and at least another node; generating, from the white box implementation, a soft-locked white-box implementation having a plurality of node-specific locked white-box LUTs and modified globally encoded LUTs. The method further comprises receiving a global secret encoded according to the base file; generating the node-encoded secrets by applying node-specific locking transformations to the global secret; and generating, by the node, the output according to at least one of the globally-encoded secrets or the node-encoded secrets.

Abstract: A method and apparatus for securely processing an input to generate an output according to one or more encoded secrets is disclosed. In one embodiment, the method comprises a set of secrets S composed of a plurality of secrets s1, s2,..., sn, generating a first data structure based on the random encoding of the first secret s1, and performing a plurality of cryptographic operations according to the input and the encoded secrets s2,..., sn to compute the output according to each secret in the white-box implementation, the white-box implementation having at least one further data structure operating on the randomly encoded of the secrets.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.

Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: A method for whitebox cryptography is provided for computing an algorithm (m,S) with input m and secret S, using one or more white-box encoded operations. The method includes accepting an encoded input c, where c=Enc(P,m); accepting an encoded secret S?, where S?=Enc(P,S); performing one or more operations on the encoded input c and the encoded secret S? modulo N to obtain an encoded output c?; and decoding the encoded output c? with the private key p to recover an output m? according to m?=Dec(p,c?), such that m?=(m,S).

Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.