System and method for protecting computer software from a white box attack
US7397916B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 10, 2001 |
| Grant date | Jul 8, 2008 |
| Priority date | — |
| Expiry date | Nov 28, 2023 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/24
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Existing encryption systems are designed to protect secret keys or other data under a “black box attack,” where the attacker may examine the algorithm, and various inputs and outputs, but has no visibility into the execution of the algotitm itself. However, it has been shown that the black box model is generally unrealistic, and that attack efficiency rises dramatically if the attacker can observe even minor aspects of the algorithm's execution. The invention protects software from a “white-box attack”, where the attacker has total visibility into software implementation and execution. In general, this is done by encoding the software and widely diffusing sites of information transfer and/or combination and/or loss. Other embodiments of the invention include: the introduction of lossy subcomponents, processing inputs and outputs with random cryptographic functions, and representing algorithmic steps or components as tables, which permits encoding to be represented with arbitrary nonlinear bijections.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.