公开(公告)号：EP2606603A1

公开(公告)日：2013-06-26

申请号：EP11741738.6

申请日：2011-08-03

Applicant: Apple Inc.

Inventor： FARRUGIA, Augustin, J. ,  ICART, Thomas ,  CIET, Mathieu

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  H04L2209/043 ,  H04L2209/16

Abstract: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature using a block type cipher such as AES implemented for instance in a "whitebox" model with the cipher key either known or unknown at the compilation time. This method is secure for use in entrusted environments, particularly for securing cryptographic keys. The look up tables characteristic of such algorithms are protected against attack here by making all such tables of the same size and indistinguishable, and further by masking the output values of such tables, typically where the tables carry out a permutation function or a logical exclusive OR operation.

公开(公告)号：WO2020197698A1

公开(公告)日：2020-10-01

申请号：PCT/US2020/020508

申请日：2020-02-28

Applicant: APPLE INC.

Inventor： CIET, Mathieu ,  BENTEO, Bruno ,  MOUCHOUS, Michael ,  FARRUGIA, Augustin J.

IPC: G06F21/33 ,  B42D25/30 ,  G06F21/34 ,  G06F21/64

Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.

公开(公告)号：WO2011026134A1

公开(公告)日：2011-03-03

申请号：PCT/US2010/047388

申请日：2010-08-31

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  SULLIVAN, Nicholas ,  FASOLI, Gianpaolo ,  CIET, Mathieu

Inventor： FARRUGIA, Augustin, J. ,  SULLIVAN, Nicholas ,  FASOLI, Gianpaolo ,  CIET, Mathieu

IPC: G06F7/04

CPC classification number: H04L9/083 ,  H04L9/0822 ,  H04L9/0827 ,  H04L2209/603

Abstract: A method and associated apparatus for use in a data distribution process to allow an untrusted intermediary to re-encrypt data for transmission from an originator to a message receiver without revealing the data (message) or the cipher to the intermediary. This method uses a composition of two ciphers for re-encrypting the message at the intermediary, without revealing the plain text message or either cipher to the intermediary.

Abstract translation: 一种在数据分发过程中使用的方法和相关联的装置，以允许不信任的中间人重新加密用于从发起者到消息接收者的传输的数据，而不向中介者显示数据（消息）或密码。 该方法使用两个密码的组合来在中间人处重新加密消息，而不向中间人透露明文消息或密码。

公开(公告)号：WO2012024086A1

公开(公告)日：2012-02-23

申请号：PCT/US2011/046483

申请日：2011-08-03

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  ICART, Thomas ,  CIET, Mathieu

Inventor： FARRUGIA, Augustin, J. ,  ICART, Thomas ,  CIET, Mathieu

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  H04L2209/043 ,  H04L2209/16

Abstract: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature using a block type cipher such as AES implemented for instance in a "whitebox" model with the cipher key either known or unknown at the compilation time. This method is secure for use in entrusted environments, particularly for securing cryptographic keys. The look up tables characteristic of such algorithms are protected against attack here by making all such tables of the same size and indistinguishable, and further by masking the output values of such tables, typically where the tables carry out a permutation function or a logical exclusive OR operation.

Abstract translation: 使用例如在“白盒”模式中实现的诸如AES之类的块类型密码的加密算法的安全性的加密算法的安全性的方法和装置，所述密码算法在编译时具有已知或未知的密码密钥。 这种方法是安全的，用于委托环境，特别是用于保护加密密钥。 这种算法特征的查找表可以通过使所有这些相同尺寸和不可区分的表格进行保护，防止这种攻击，并进一步通过掩蔽这些表的输出值，通常在表执行置换功能或逻辑异或 操作。

公开(公告)号：WO2008147617A1

公开(公告)日：2008-12-04

申请号：PCT/US2008/061817

申请日：2008-04-28

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  TOUBLET, Bertrand, Mollinier ,  CIET, Mathieu

Inventor： FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  TOUBLET, Bertrand, Mollinier ,  CIET, Mathieu

IPC: G06F21/00

CPC classification number: G06F21/10

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content- distribution system distributes device-restricted content and device-unrestricted content. Device- restricted content is content that can only be played on devices that the system associates with the particular user. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分配系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须对设备无限制内容进行认证。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。

公开(公告)号：EP3899764A1

公开(公告)日：2021-10-27

申请号：EP20716015.1

申请日：2020-02-28

Applicant: Apple Inc.

Inventor： CIET, Mathieu ,  BENTEO, Bruno ,  MOUCHOUS, Michael ,  FARRUGIA, Augustin J.

IPC: G06F21/33 ,  B42D25/30 ,  G06F21/34 ,  G06F21/64

公开(公告)号：WO2013006819A1

公开(公告)日：2013-01-10

申请号：PCT/US2012/045819

申请日：2012-07-06

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  CHEVALLIER-MAMES, Benoit ,  KINDARJI, Bruno ,  CIET, Mathieu ,  ICART, Thomas

Inventor： FARRUGIA, Augustin, J. ,  CHEVALLIER-MAMES, Benoit ,  KINDARJI, Bruno ,  CIET, Mathieu ,  ICART, Thomas

IPC: H04L9/00 ,  H04L9/06

CPC classification number: H04L9/002 ,  H04L9/0631 ,  H04L2209/04 ,  H04L2209/16

Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the round keys using the properties of group field automorphisms and applying masks to the states of the cipher, for encryption or decryption. This is especially advantageous in a "White Box" environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on "White Box" ciphers, by eliminating S-box operations, together with improved masking techniques and increasing the cipher's complexity against reverse engineering and key storage attacks.

Abstract translation: 在计算机启用的密码学领域，例如具有多个回合的密钥分组密码，密码被抵御使用群组域自动生成的属性遮蔽轮密钥的保护过程而被强化，并将掩码应用于 密码，用于加密或解密。 这在“白盒”环境中特别有利，攻击者可以完全访问密码算法，包括算法的执行过程中的内部状态。 该方法和相关联的计算装置对于通过消除S盒操作以及改进的掩蔽技术并增加密码的复杂度以逆向工程和密钥存储攻击来防止已知的对“白盒”密码的攻击是有用的。

公开(公告)号：WO2010047899A1

公开(公告)日：2010-04-29

申请号：PCT/US2009/057217

申请日：2009-09-16

Applicant: APPLE INC. ,  CIET, Mathieu ,  CROGAN, Michael, L. ,  FARRUGIA, Augustin, J. ,  SULLIVAN, Nicholas, T.

Inventor： CIET, Mathieu ,  CROGAN, Michael, L. ,  FARRUGIA, Augustin, J. ,  SULLIVAN, Nicholas, T.

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L2209/80

Abstract: Aspects relate to systems and methods implementing a scheme allowing a Verifier (V) to authenticate a Prover (P). The scheme comprises pre-sharing between V and P a graph of nodes. Each node is associated with a polynomial. V sends P data comprising data for selecting a polynomial of the graph, such as traversal data for proceeding from a known node to another node, a time interval, and a number k. P uses the time interval in an evaluation of the polynomial. P then uses the evaluation as a λ in a Poisson distribution, and determines a value related to a probability that a number of occurrences of an event equals k. P sends the determined value to V. V performs a similar determination to arrive at a comparison value. P authenticates V if the separately determined values match, or otherwise meet expectations. The process can be repeated to increase confidence in authentication.

Abstract translation: 方面涉及实现允许Verifier（V）验证Prover（P）的方案的系统和方法。 该方案包括在V和P之间预先共享节点图。 每个节点与多项式相关联。 V发送包括用于选择图形的多项式的数据的P数据，例如用于从已知节点进行到另一个节点的遍历数据，时间间隔和数量k。 P在多项式的评估中使用时间间隔。 P然后使用评估作为？ 在泊松分布中，并且确定与事件的发生次数等于k的概率相关的值。 P将确定的值发送到V.V执行类似的确定以得到比较值。 如果单独确定的值匹配，则P验证V，否则满足预期。 可以重复该过程以增加认证的置信度。

公开(公告)号：WO2009105081A1

公开(公告)日：2009-08-27

申请号：PCT/US2008/012902

申请日：2008-11-18

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  CIET, Mathieu ,  MOLLINIER TOUBLET, Bertrand

Inventor： FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  CIET, Mathieu ,  MOLLINIER TOUBLET, Bertrand

IPC: H04L9/00

CPC classification number: H04L63/062 ,  G06F21/10 ,  H04L9/0827 ,  H04L9/0891 ,  H04L63/123 ,  H04L2209/605

Abstract: Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content downloaded or streamed over a computer network. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique; the key information can be used only to extract the content decryption key for a particular session and for a particular client device, preventing any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and session-specific anti-replay information to encrypt the content key. A typical application is Internet streaming of audio or video to consumers.

Abstract translation: 用于保护通过计算机网络下载或流式传输的内容的计算机（或等效）硬件和软件启用的方法和装置。 内容通过加密形式的流式传输或下载提供给用户。 加密是使得内容密钥解密信息被发送，使得其本身被加密成既是设备又是会话唯一的; 密钥信息可以仅用于提取用于特定会话和特定客户端设备的内容解密密钥，以防止除了该会话中以及该特定客户端之外的内容的任何进一步使用或复制。 通过使用设备唯一标识符和特定于会话的反重放信息来加密内容密钥来实现特定性。 典型的应用是将音频或视频的互联网流传输给消费者。