Patents by Inventor Philip Allan Eisen
Philip Allan Eisen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11093656Abstract: A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.Type: GrantFiled: November 14, 2018Date of Patent: August 17, 2021Assignee: IRDETO B.V.Inventor: Philip Allan Eisen
-
Patent number: 10762179Abstract: Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.Type: GrantFiled: August 8, 2018Date of Patent: September 1, 2020Assignee: IRDETO B.V.Inventors: Catherine Chambers, Philip Allan Eisen, Robert Durand, Grant Goodes
-
Publication number: 20200151367Abstract: A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.Type: ApplicationFiled: November 14, 2018Publication date: May 14, 2020Applicant: Irdeto B.V.Inventor: Philip Allan Eisen
-
Publication number: 20200050740Abstract: Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.Type: ApplicationFiled: August 8, 2018Publication date: February 13, 2020Applicant: IRDETO B.V.Inventors: Catherine Chambers, Philip Allan Eisen, Robert Durand, Grant Goodes
-
Patent number: 9866381Abstract: Embodiments of the invention provide an improved method and an improved receiver for obtaining a control word. Two or more subkeys are obtained in a receiver. Each subkey was encrypted under control of a key received in an entitlement message or transformed under control of a seed received in an entitlement message. After decryption or transformation, the subkeys are combined to obtain the control word. Typically at least one of the entitlement messages is a positive entitlement message and at least one of the entitlement messages is a negative entitlement message. Embodiments of the invention can be used in a conditional access system such as a Pay-TV system.Type: GrantFiled: January 12, 2015Date of Patent: January 9, 2018Assignee: IRDETO B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Patent number: 9455834Abstract: The invention provides a system and a method for securely providing a secret data from a sender to one or more receivers. The receiver uses a sequence of functions originating from a hierarchy of functions to migrate the secret data from an input transform space to an output transform space using a mathematical transformation under control of one or more seeds. The seeds are provided to the receiver by the sender. The sender conditionally allows the receiver to obtain the secret data by controlling the seeds.Type: GrantFiled: April 9, 2014Date of Patent: September 27, 2016Assignee: Irdeto B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Patent number: 9443091Abstract: A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain.Type: GrantFiled: March 31, 2011Date of Patent: September 13, 2016Assignee: Irdeto B.V.Inventors: Jonathan Emmett, Philip Allan Eisen, James Muir, Daniel Murdock
-
Publication number: 20150124964Abstract: Embodiments of the invention provide an improved method and an improved receiver for obtaining a control word. Two or more subkeys are obtained in a receiver. Each subkey was encrypted under control of a key received in an entitlement message or transformed under control of a seed received in an entitlement message. After decryption or transformation, the subkeys are combined to obtain the control word. Typically at least one of the entitlement messages is a positive entitlement message and at least one of the entitlement messages is a negative entitlement message. Embodiments of the invention can be used in a conditional access system such as a Pay-TV system.Type: ApplicationFiled: January 12, 2015Publication date: May 7, 2015Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Patent number: 9009481Abstract: A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d).Type: GrantFiled: March 31, 2010Date of Patent: April 14, 2015Assignee: Irdeto Canada CorporationInventors: James Muir, Jiayuan Sui, Daniel Elie Murdock, Philip Allan Eisen
-
Patent number: 8990785Abstract: A system and method for producing a massive number of diverse program instances so as to deter differential attacks, collusion, and similar hostile actions. Code portions are shown to be defined in various manners, instantiated, and aggregated. The system and method establishes a very large number of program instances that may be deployed. Furthermore, testing is accomplished over a minimal set of instances to provide for high test coverage and high confidence over the fully deployed in stance set without incurring a high penalty.Type: GrantFiled: July 29, 2010Date of Patent: March 24, 2015Inventors: Robert Durand, Clifford Liem, Philip Allan Eisen
-
Patent number: 8958558Abstract: Embodiments of the invention provide an improved method and an improved receiver for obtaining a control word. Two or more subkeys are obtained in a receiver. Each subkey was encrypted under control of a key received in an entitlement message or transformed under control of a seed received in an entitlement message. After decryption or transformation, the subkeys are combined to obtain the control word. Typically at least one of the entitlement messages is a positive entitlement message and at least one of the entitlement messages is a negative entitlement message. Embodiments of the invention can be used in a conditional access system such as a Pay-TV system.Type: GrantFiled: March 1, 2010Date of Patent: February 17, 2015Assignee: Irdeto B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Publication number: 20140362987Abstract: The invention provides a system and a method for securely providing a secret data from a sender to one or more receivers. The receiver uses a sequence of functions originating from a hierarchy of functions to migrate the secret data from an input transform space to an output transform space using a mathematical transformation under control of one or more seeds. The seeds are provided to the receiver by the sender. The sender conditionally allows the receiver to obtain the secret data by controlling the seeds.Type: ApplicationFiled: April 9, 2014Publication date: December 11, 2014Applicant: IRDETO B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Patent number: 8737620Abstract: The invention provides a system and a method for securely providing a secret data from a sender to one or more receivers. The receiver uses a sequence of functions originating from a hierarchy of functions to migrate the secret data from an input transform space to an output transform space using a mathematical transformation under control of one or more seeds. The seeds are provided to the receiver by the sender. The sender conditionally allows the receiver to obtain the secret data by controlling the seeds.Type: GrantFiled: February 26, 2010Date of Patent: May 27, 2014Assignee: Irdeto B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Publication number: 20140019771Abstract: A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain.Type: ApplicationFiled: March 31, 2011Publication date: January 16, 2014Applicant: IRDETO B.V.Inventors: Jonathan Emmett, Philip Allan Eisen, James Muir, Daniel Murdock
-
Patent number: 8510726Abstract: A development suite for generating files, such as DRM-protected files, using white-box cryptography. The suite consists of a code generation tool, a data transformation engine, and a white-box data generation tool, and a white-box library. In the white-box cryptography context, the data transformation engine is used to protect the boundary between the cryptographic operation and the surrounding code. In particular, the data transformation engine is used to apply data transformations to the inputs to and outputs from the cryptographic operations. If the user specifies that transformations are required via a white-box parameterization file, the code generation tool puts the information specified by the user into a form the data transformation engine understands, namely as qualifiers on data variables and function prototypes. The data transformation engine then applies the specified transformations, and passes information to the data generation tool regarding which transformations were chosen.Type: GrantFiled: May 25, 2009Date of Patent: August 13, 2013Assignee: Irdeto Canada CorporationInventors: Philip Allan Eisen, Grant Stewart Goodes, Daniel Elie Murdock
-
Publication number: 20130125090Abstract: A system and method for producing a massive number of diverse program instances so as to deter differential attacks, collusion, and similar hostile actions. Code portions are shown to be defined in various manners, instantiated, and aggregated. The system and method establishes a very large number of program instances that may be deployed. Furthermore, testing is accomplished over a minimal set of instances to provide for high test coverage and high confidence over the fully deployed instance set without incurring a high testing penalty.Type: ApplicationFiled: July 29, 2010Publication date: May 16, 2013Applicant: IRDETO CANADA CORPORATIONInventors: Robert Durand, Clifford Liem, Philip Allan Eisen
-
Publication number: 20130024699Abstract: A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d).Type: ApplicationFiled: March 31, 2010Publication date: January 24, 2013Applicant: IRDETO CANADA CORPORATIONInventors: James Muir, Jiayuan Sui, Daniel Elie Murdock, Philip Allan Eisen
-
Publication number: 20110067012Abstract: A development suite for generating files, such as DRM-protected files, using white-box cryptography. The suite consists of a code generation tool, a data transformation engine, and a white-box data generation tool, and a white-box library. In the white-box cryptography context, the data transformation engine is used to protect the boundary between the cryptographic operation and the surrounding code. In particular, the data transformation engine is used to apply data transformations to the inputs to and outputs from the cryptographic operations. If the user specifies that transformations are required via a white-box parameterization file, the code generation tool puts the information specified by the user into a form the data transformation engine understands, namely as qualifiers on data variables and function prototypes. The data transformation engine then applies the specified transformations, and passes information to the data generation tool regarding which transformations were chosen.Type: ApplicationFiled: May 25, 2009Publication date: March 17, 2011Applicant: IRDETO CANADA CORPORATIONInventors: Philip Allan Eisen, Grant Stewart Goodes, Daniel Elie Murdock
-
Publication number: 20100246822Abstract: The invention provides a system and a method for securely providing a secret data from a sender to one or more receivers. The receiver uses a sequence of functions originating from a hierarchy of functions to migrate the secret data from an input transform space to an output transform space using a mathematical transformation under control of one or more seeds. The seeds are provided to the receiver by the sender. The sender conditionally allows the receiver to obtain the secret data by controlling the seeds.Type: ApplicationFiled: February 26, 2010Publication date: September 30, 2010Applicant: Irdeto Access B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs
-
Publication number: 20100251285Abstract: Embodiments of the invention provide an improved method and an improved receiver for obtaining a control word. Two or more subkeys are obtained in a receiver. Each subkey was encrypted under control of a key received in an entitlement message or transformed under control of a seed received in an entitlement message. After decryption or transformation, the subkeys are combined to obtain the control word. Typically at least one of the entitlement messages is a positive entitlement message and at least one of the entitlement messages is a negative entitlement message. Embodiments of the invention can be used in a conditional access system such as a Pay-TV system.Type: ApplicationFiled: March 1, 2010Publication date: September 30, 2010Applicant: Irdeto Access B.V.Inventors: Philip Allan Eisen, Ettore Benedetti, Arnoud Evert Van Foreest, Andrew Augustine Wajs