Abstract: Disclosed herein are methods for obfuscating data on a client, on a server, and on a client and a server. The method on a client device includes receiving input data, storing an operation value in a secure location, performing a modulus obfuscation on the operation value, performing a modulus operation on the operation value and the input data, performing a modulus transformation on the operation value and the input data to obtain client output data, and checking if the client output data matches corresponding server output data.

Abstract: Systems and methods for an implementation of block cipher algorithms (e.g., AES) use lookup tables to obscure key information, increasing difficulty for those with privileged access to a system performing the AES algorithm to obtain such key information. The implementation encodes round key information into a first plurality of tables (T1), which when used for lookup operations also complete SubBytes operations, and output state in an encoded format. A Shiftrows operation is performed arithmetically on the state output from the T1 table lookups. A second plurality of tables (T2) are used to perform a polynomial multiplication portion of MixColumns to state from Shiftrows, and an XOR portion of MixColumns is performed arithmetically on the columns outputted from using the T2 tables. Encoding from the T1 tables is made to match a decoding built into the T2 tables. Subsets of the T1 tables use the same T2 tables, reducing a memory footprint for the T2 tables.

Abstract: The invention relates to a method for handling data between two memory areas of an electronic component having at least one working memory area for carrying out operations on the component, which bring into play at least some of the data. The same memory areas are used for executing an operation, whatever the operation to be executed is, in such a manner that each operation has a hidden signal trace that is identical in terms of location leakage outside the component.

Abstract: In computer based data security systems which involve entity authenticating or document time stamping or other cases where data is to be derived from a previous state, the necessary linking values are calculated using recursive chaos based equations such as the type used in fractal theory (the Mandelbrot set) or the Lorentz attractor or other similar approaches. In each case a value in each step is calculated using these equations so that each authentication or timestamp or other data derivation is linked to the previous one in a chaotic way. This makes it impossible to calculate any one value in the link series without having the previous value, due to the chaos aspect thereby enhancing security.

Abstract: A cryptographic method carries out a modular exponentiation of the type C=A<B1> mod N, where A is an operand, B1 is a first exponent, N is a modulus and C is a result. The method includes the steps of masking the operand A by a number s, carrying out a modular exponentiation of the masked operand by the exponent B1, and de masking the result of the exponentiation, by removing a contribution from the random number s from the result of the exponentiation. During the step of masking the operand A, the operand A is multiplied by a parameter of the form K<s.B2>, where K is a constant and B2 is a second exponent such that B1.B2=1 mod N. The method is implemented preferably by using a Montgomery multiplier. The preferred choice for the constant K is K=2P, p being an integer lying between 0 and n, n being an upper bound of the size of the modulus N and conventionally depending on the choice of implementation of the Montgomery multiplication.

Abstract: A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period.

Abstract: Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value yB=0 and for each x in {a, a+epsilon, . . . , b?epsilon, b} and computes z=E(x)*x. The function E(x) is an encryption scheme and the multiplication is carried out mod p. Entity B updates yB=yB+z. After processing each x, entity B sends yB to entity A. Entity A performs the same calculation and generates a yA value and compares yA with yB. If yB=yA, Entity A authenticate entity B. In one aspect, a light HMAC scheme splits an input x into n blocks with key expansion.

Abstract: A Digital Rights Management (DRM) system for distribution of digital content such as audio or video uses a method to enhance security of the content from unauthorized access and use, including access by unauthorized players. The method does not necessarily require a token exchange and thereby minimizes storage demands on the server which distributes the digital content. The system generates and distributes keys for decryption of the digital content whereby the keys are unique to a specific player and user account.

Abstract: Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication.

Abstract: A computer enabled method and apparatus for encrypting and decrypting data using a keyless transformation cryptographic technique. Data is protected using a keyless (unkeyed) complex mathematical transformation, in contrast to a traditional cryptographic algorithm using a secret key. This approach is resistant to both static analysis (hacking) performed on executable encryption/decryption code, as well as dynamic analysis performed during execution (runtime) of ciphering or deciphering. The method uses a family of asymmetric data transformations based on Galois field polynomials.

Abstract: Computer related method and apparatus to transmit a logical value (e.g., 1 or 0) between two entities, such as an operating system and application program, in a secure way in an insecure environment. The logical status is sent by in effect encrypting it using two random numbers, one from each entity, before sending it to the other entity. However the encrypting is much “lighter” (requiring much less computer or circuit resources) than any conventional secure cipher and has a built-in verification feature.

Abstract: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol.

Abstract: Computers and other electronic devices typically include a timing operation such as a clock in an operating system. It is anticipated that hackers may tamper with this clock. This tampering might be especially advantage in the context of systems which provide for rental of audio and video content, such as movies. Tampering with the system clock on the playing device would allow an extension of the rental period to the detriment of the provider of the rental content. Hence the present method is directed to detecting clock modifications both in terms of time shifting and clock rate tampering. This detection is done using digital signal processing.

Abstract: A computer based method and apparatus to tie content protection information to recipient devices via a family of deterministic permutations of quadratic multivariate polynomial maps used for computing an HMAC (Hash Message Authentication Code) or a signed digest. This allows digital rights management (DRM) systems to customize the protection information (such as an HMAC or signed digest) for audio and video content, whereby such protection information for a piece of content differs for different recipient devices or for types of recipient devices.

Abstract: For purposes of cryptographic authentication, verification and digital signature processes, a derivation function is provided. The derivation function is generated from a Fourier series, using a prime number to compute the initial value in the series.

Abstract: A block cipher or other cryptographic process intended to be efficiently implemented in hardware (circuitry) includes an s-box (substitution operation) which does not require a look up table, but may be implemented solely with Boolean logic operations (logic gates). Also provided is an associated key scheduling process.

Abstract: Method and apparatus for data security using exponentiation. This is suitable for public key cryptography authentication and other data security applications using a one-way function. A type of exponentiation is disclosed here where the bits of an exponent value expressed in binary form correspond to a course (path) in a given graph defining the one-way function. This uses an approach called here F sequences. Each value is in a ladder of a sequence of values, as defined from its predecessor values. This ladder satisfies certain algebraic identities and is readily calculated by a computer program or logic circuitry.

Abstract: In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software.

Abstract: Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness.

Abstract: Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers.