Abstract: Method and apparatus for obfuscating computer software code, to protect against reverse-engineering of the code. The obfuscation here is on the part of the code that accesses buffers (memory locations). Further, the obfuscation process copies or replaces parts of the buffer contents with local variables. This obfuscation is typically carried out by suitably annotating (modifying) the original source code.

Abstract: This disclosure is directed to measuring hardware-based statistics, such as the number of instructions executed in a specific section of a program during execution, for enforcing software security. The counting can be accomplished through a specific set of instructions, which can either be implemented in hardware or included in the instruction set of a virtual machine. For example, the set of instructions can include atomic instructions of reset, start, stop, get instruction count, and get CPU cycle count. To obtain information on a specific section of code, a software developer can insert start and stop instructions around the desired code section. For each instruction in the identified code block, when the instruction is executed, a counter is incremented. The counter can be stored in a dedicated register. The gathered statistics can be used for a variety of purposes, such as detecting unauthorized code modifications or measuring code performance.

Abstract: Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable media for authentication using a shared table. The method receives an authentication challenge from a first entity including an accumulator with an initial value, lists of elements in a shared table, and a list of sorting algorithms, each sorting algorithm is associated with one of the lists of elements and modified to include embedded instructions operating on the accumulator. The method then generates a temporary table for each list of elements in the shared table by copying elements from the shared table as indicated in each respective list of elements, each temporary table being associated with one sorting algorithm in the list of sorting algorithms. The method sorts each generated temporary table with the associated sorting algorithm, thereby updating the accumulator with the embedded instructions. Finally, the method transmits the updated accumulator to the first entity for verification.

Abstract: In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable media for authentication using a shared table. The method receives an authentication challenge from a first entity including an accumulator with an initial value, lists of elements in a shared table, and a list of sorting algorithms, each sorting algorithm is associated with one of the lists of elements and modified to include embedded instructions operating on the accumulator. The method then generates a temporary table for each list of elements in the shared table by copying elements from the shared table as indicated in each respective list of elements, each temporary table being associated with one sorting algorithm in the list of sorting algorithms. The method sorts each generated temporary table with the associated sorting algorithm, thereby updating the accumulator with the embedded instructions. Finally, the method transmits the updated accumulator to the first entity for verification.

Abstract: A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period.

Abstract: Computers and other electronic devices typically include a timing operation such as a clock in an operating system. It is anticipated that hackers may tamper with this clock. This tampering might be especially advantage in the context of systems which provide for rental of audio and video content, such as movies. Tampering with the system clock on the playing device would allow an extension of the rental period to the detriment of the provider of the rental content. Hence the present method is directed to detecting clock modifications both in terms of time shifting and clock rate tampering. This detection is done using digital signal processing.

Abstract: Disclosed herein are systems, methods, and computer-readable storage media for obfuscating software data references. The obfuscation process locates pointers to data within source code and loads the pointers into an ordered set of pools. The process further shuffles the pointers in the ordered set of pools and adds a function within the source code that when executed uses the ordered set of pools to retrieve the data. The obfuscation process utilizes pool entry shuffling, pool chaining shuffling and cross-pointer shuffling.

Abstract: Disclosed herein are systems, methods, and computer-readable storage media for obfuscating by a common function. A system configured to practice the method identifies a set of functions in source code, generates a transformed set of functions by transforming each function of the set of functions to accept a uniform set of arguments and return a uniform type, and merges the transformed set of functions into a single recursive function. The single recursive function can allocate memory in the heap. The stack can contain a pointer to the allocated memory in the heap. The single recursive function can include instructions for creating and explicitly managing a virtual stack in the heap. The virtual stack can emulate what would happen to the real stack if one of the set of functions was called. The system can further compile the source code including the single recursive function.

Abstract: In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion.

Abstract: An integrity verification process and associated apparatus to detect tampering or other alterations to computer code (software) or other computer files, and especially useful to detect tampering with code by hackers who might try to plant their own malicious code in the software. To make the verification process more robust versus hackers, each e.g., object code file to be protected is first selected using some sort of rule, then partitioned into variable length blocks or portions, the lengths varying in an unpredictable manner. Each portion has its checksum or hash value computed. An accompanying verification file is created which includes a vector for each portion including the portion's start address in memory, length, and the computed checksum or hash value.

Abstract: Disclosed herein are systems, computer-implemented methods, and tangible computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are tangible computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable media for authentication using a shared table. The method receives an authentication challenge from a first entity including an accumulator with an initial value, lists of elements in a shared table, and a list of sorting algorithms, each sorting algorithm is associated with one of the lists of elements and modified to include embedded instructions operating on the accumulator. The method then generates a temporary table for each list of elements in the shared table by copying elements from the shared table as indicated in each respective list of elements, each temporary table being associated with one sorting algorithm in the list of sorting algorithms. The method sorts each generated temporary table with the associated sorting algorithm, thereby updating the accumulator with the embedded instructions. Finally, the method transmits the updated accumulator to the first entity for verification.

Abstract: A system, method and computer readable medium are disclosed for authentication. The method includes generating a challenge on a sender based on physical emission properties of a particle gun; transmitting the challenge from the sender to a receiver; receiving the challenge on the receiver; and verifying the authenticity of an entity, such as data, an object or a person, at the receiver by comparing the challenge with a value generated at the receiver. The process of generating the challenge and value is such that it is difficult to retrieve details of the input data based on the output data.

Abstract: Disclosed herein are systems, computer-implemented methods, and tangible computer-readable media for obfuscating constants in a binary. The method includes generating a table of constants, allocating an array in source code, compiling the source code to a binary, transforming the table of constants to match Pcode entries in an indirection table so that each constant in the table of constants can be fetched by an entry in the indirection table. A Pcode is a data representation of a set of instructions populating the indirection table with offsets toward the table of constants storing the indirection table in the allocated array in the compiled binary. The method further includes populating the indirection table with offsets equivalent to the table of constants, and storing the indirection table in the allocated array in the compiled binary. Constants can be of any data type. Constants can be one byte each or more than one byte each.

Abstract: A hash provides aggregation properties, and allows distributed and/or concurrent processing. In an example, the hash operates on message M, and produces a multiplicative matrix sequence by substituting a 2×2 matrix A for binary ones and substituting a 2×2 matrix B for binary zeros in M. A and B are selected from SL2(R), R=F2[x]/(P), F2[x] being the set of polynomials degree with coefficients in F2={0,1}, and (P) is the ideal of F2[x] generated by irreducible polynomial P(x) order n=12/4. The matrix sequence is multiplied to produce a 2×2 matrix, h, with n bit length entries. A function converts h into an l×l matrix, Y. Two l×l invertible matrices with randomly chosen F2 entries, P and Q, are accessed. P pre-multiplies Y and Q?1 post-multiplies Y to produce a final hash value. M can be subdivided into m1 . . . mt, corresponding h1 . . . ht can be produced, and the Y matrix produced from a product of h1 . . . ht to get the same hash value.

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable media for deriving a deterministic binary value. The method consists of generating a graph from multiple inputs, formalizing the graph, calculating paths between starting and ending nodes in the graph using a shortest path algorithm and performing a digest operation based on the derived paths to generate a deterministic binary value. In another aspect of this disclosure, authentication is performed utilizing deterministic binary values and a graph-merging function. This method allows for diversity in complexity, thus maintaining security on different computer platforms.

Abstract: A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period.

Abstract: Method and apparatus to detect clock roll-forward attacks in a computing device or similar system. This protects against hackers who tamper with the system clock of, for instance, a digital media playback device in order to access a content item which has been rented for a limited time. By detecting clock roll-forward tampering, the present method and system prevent such hackers from accessing the content item outside its authorized rental time period.