Abstract: A method of implementing a keyed cryptographic operation using a plurality of basic blocks, includes: generating a balanced encoding function; applying the balanced encoding function to the output of a first basic block; and applying an inverse of the encoding function to the input of a second basic block, wherein the second basic block receives the encoded output of first basic block as an input.

Abstract: A method for a method for mapping an input message to an output message by a keyed cryptographic operation in a cryptographic system, including a plurality of rounds wherein each round has a substitution layer, wherein wide encoding is used on the substitution layer in the rounds that require protection from attacks.

Abstract: A reconfigurable digital wallet device such as a smart card containing a secure element and acting as an instantiation of a subset of a virtual wallet stored in the cloud. The digital wallet device is managed and synchronized with the virtual wallet in the cloud using a mobile device such as a smartphone.

Abstract: A smartcard communicating simultaneously with a smart phone and a point of sale, thereby allowing the smartcard to act as a bridge between the point of sale and the smart phone. The smart card is typically powered by the point of sale and typically communicates with the smart phone using BLUETOOTH Low Energy (BLE).

Abstract: A method for a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, including: receiving input data for the keyed cryptographic operation; calculating a first mask value based upon the input data; and applying the first mask value to a first intermediate value of the keyed cryptographic operation.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.

Abstract: A method of binding a software to a device is disclosed. Accordingly, during a setup of the software in the device, a unique identifier is derived from contents stored in the device and the derived unique identifier is encrypted. The derived unique identifier is then stored in a configuration of the software. During a next invocation of the software in the device, a new unique identifier is derived from the contents stored in the device. The newly derived unique identifier is then matched with the stored unique identifier. The execution of the software is terminated if the matching fails.

Abstract: A portion of a reprogrammable storage device is used to implement permanent data storage. The storage device includes a plurality of electrically erasable memory elements and a controller. The plurality of electrically erasable memory elements are configured to store data. Each memory element is programmable a number of write cycles before reaching a write failure state. The controller is coupled to the plurality of memory elements. The controller includes a receiver and a write engine. The receiver receives an instruction to drive a selected memory element to the write failure state. The write engine repeatedly writes a data value, in a plurality of write operations, to the selected memory element until the write failure state of the selected memory element is established.

Abstract: An apparatus for restricting execution of software is disclosed. The apparatus includes a telecommunication device configured to communicate with a wireless device (e.g., an RFID device) using a first wireless communication protocol. The telecommunication device is configured to determine whether or not the telecommunication device is located in an authorized wireless environment, based on wireless devices detected by the telecommunication device. The telecommunication device is also configured to execute a program in response to determining that it is located in an authorized wireless environment. Conversely, the telecommunication device is also configured to inhibit execution of the program in response to determining that it is not located in an authorized wireless environment.

Abstract: A method for a method for mapping an input message to an output message by a keyed cryptographic operation in a cryptographic system, the keyed cryptographic operation including a plurality of substitution layers and state data, including: mapping the input message to first state data in a first substitution layer of the keyed cryptographic operation, wherein the first substitution layer includes N basic blocks that implement the first substitution layer and wherein a non-linear encoding having a first size is placed on the inputs and outputs of the N basic blocks of the first substitution layer, where N is an integer; mapping the first state data to second state data in a plurality of intermediate substitution layers of the keyed cryptographic operation, wherein the intermediate substitution layers include M blocks that implement the intermediate substitution layers and wherein a plurality of non-linear encodings having a second size are placed on the inputs and outputs of the M basic blocks of the intermedi

Abstract: Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified.

Abstract: A method of securely implementing functions in a secure software application, including: determining, by a processor, two functions to be implemented by the secure software application; generating a first function lookup table; encrypting the first function lookup table; sorting the first function lookup table by encrypted operand; generating a second function lookup table; encrypting the second function lookup table; sorting the second function lookup table by encrypted operand; generating a flattened lookup table from a combination of the encrypted first and second function lookup tables; permutating the flattened table indices e.g. by use of public key cryptography encryption; and sorting the flattened table by the permutated flattened table indices.

Abstract: Disclosed is a method of generating a structure comprising at least one virtual machine, the method comprising: obfuscating a first virtual machine source code, thereby yielding a first obfuscated virtual machine (OVM) source code; associating a processor identifier with the first OVM source code, thereby yielding a processor-specific first OVM source code; compiling the processor-specific first OVM source code, thereby yielding a processor-specific first OVM. Furthermore, a structure generated by said method is disclosed.

Abstract: A method for a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, including: receiving input data for the keyed cryptographic operation; calculating a first mask value based upon the input data; and applying the first mask value to a first intermediate value of the keyed cryptographic operation.

Abstract: A method of implementing a keyed cryptographic operation using a plurality of basic blocks, includes: generating a balanced encoding function; applying the balanced encoding function to the output of a first basic block; and applying an inverse of the encoding function to the input of a second basic block, wherein the second basic block receives the encoded output of first basic block as an input.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.

Abstract: Disclosed are secure processes based upon fuzzy opaque predicates and machines such as processors and non-transitory machine-readable storage mediums encoded with instructions containing fuzzy opaque predicates.

Abstract: A non-transitory machine-readable storage medium encoded with instructions for execution by a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, including: instructions for receiving input data for a round of the keyed cryptographic operation; instructions for determining the order of computing output portions for the round of the cryptographic function based upon portions of the input data; and instructions for computing the portions of the output data in the determined order based upon the input data.

Abstract: A method for protecting computer software code is disclosed. In the embodiment, the method involves receiving instructions corresponding to computer software code for an application, the instructions including a first section of instructions to protect that is indicated by a first indicator and a second section of the instructions to protect that is indicated by a second indicator, rewriting the first section of instructions into a first section of virtual instructions, and rewriting the second section of instructions into a second section of virtual instructions, wherein the first section of instructions includes a first virtual instruction that corresponds to a first handler and the second section of virtual instructions includes a second virtual instruction that corresponds to a second handler, the first handler having different properties than the second handler.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.