Method for testing and hardening software applications

Assignee

• GIESECKE+DEVRIENT MOBILE SECURITY GMBH · DE

Inventors

• Hermann Drexler · Munich, DE
• Sven Bauer · Vaterstetten, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/16
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods are provided for testing and hardening software applications for the carrying out digital transactions which comprise a white-box implementation of a cryptographic algorithm. The method comprises the following steps: (a) feeding one plaintext of a plurality of plaintexts to the white-box implementation; (b) reading out and storing the contents of the at least one register of the processor stepwise while processing the machine commands of the white-box implementation stepwise; (c) repeating the steps (a) and (b) with a further plaintext of the plurality of plaintexts N-times; and (d) statistically evaluating the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts by searching for correlations between the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts to establish the secret key.