公开(公告)号：WO2016091581A1

公开(公告)日：2016-06-16

申请号：PCT/EP2015/077552

申请日：2015-11-24

Applicant: GEMALTO SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F9/48 ,  G06F21/55

CPC classification number: G06F9/30065 ,  G06F7/588 ,  G06F9/4881 ,  G06F21/52 ,  G06F21/602

Abstract: The present invention relates to a method to execute by a processing unit a sensitive computation using multiple different and independent branches (SB1, SB2) each necessitating a given number of processing unit time units to be executed, characterized in that it comprises the following steps of, at each execution of a sensitive computation: - generating at least as many identifiers as the number of branches, - associating each identifier to a unique branch, - generating (S1, S2) a random permutation of identifiers, the number of occurrences of each identifier in the permutation being at least equal to the number of central processing unit time units in the shortest of the branches, - by processing (S3) each identifier in the random permutation, determining successively the branch to execute by each successive central processing unit time units according to the identifier value, - for each identifier of the random permutation, executing (S11, S21) a central processing unit time unit for the branch determined according to the identifier value.

Abstract translation: 本发明涉及一种由处理单元执行使用多个不同且独立的分支（SB1，SB2）进行敏感计算的方法，每个分支都需要执行给定数量的处理单元时间单元，其特征在于包括以下步骤： 在每次执行敏感计算时： - 产生至少与分支数目一样多的标识符， - 将每个标识符与唯一分支相关联 - 生成（S1，S2）标识符的随机排列，每个 排列中的标识符至少等于最短分支中的中央处理单元时间单元的数量， - 通过处理（S3）随机置换中的每个标识符，依次确定每个连续的中央处理单元时间执行的分支 根据标识符值的单位， - 对于随机置换的每个标识符，执行（S11，S21）中央处理单元时间单位fo r根据标识符值确定分支。

公开(公告)号：WO2017208245A1

公开(公告)日：2017-12-07

申请号：PCT/IL2017/050614

申请日：2017-06-01

Applicant: GEMALTO SA ,  REINHOLD COHN AND PARTNERS

Inventor： LEVEQUE, Sylvain

IPC: H04L9/00

CPC classification number: H04L9/002 ,  H04L9/302 ,  H04L9/3066 ,  H04L2209/16

Abstract: The present invention relates to a method to intrinsically protect a computer program having a driving value (DV) dedicated to handle sensitive data, said driving value (DV) comprising a plurality of N computation units (A,B) to perform computations using sensitive data and susceptible to let sensitive data leak, each unit having V possible values, said method comprising the step (S1) of unrolling k parts of P units, with P>1 and P

Abstract translation: 本发明涉及一种本质上保护具有专用于处理敏感数据的驱动值（DV）的计算机程序的方法，所述驱动值（DV）包括多个N个计算单元（A， B）使用敏感数据执行计算并且易于使敏感数据泄漏，每个单元具有V个可能值，所述方法包括展开P个单元的k个部分的步骤（S1），其中P> 1且P

公开(公告)号：WO2019025181A1

公开(公告)日：2019-02-07

申请号：PCT/EP2018/069409

申请日：2018-07-17

Applicant: GEMALTO SA

Inventor： ADJEDJ, Michael ,  LEVEQUE, Sylvain

IPC: H04L9/00 ,  G06F21/14 ,  H04L9/06

Abstract: The present invention relates to a method of securing by a first processor of a securing device, a software code performing, when executed by an execution device, a sensitive operation performing accesses to a plurality of look-up tables (T 0 ,T 1 ,... T n ), wherein said software code comprises first sequences of instructions performing said accesses, said method comprising the steps of: - a) generating (S1 ) a packed table (T) gathering said look-up tables (T 0 ,T 1 ,... T n ), - b) applying (S2) a permutation (P) to said packed table (T) to obtain a permuted table (T P ), - c) replacing (S3) in the software code (SC) at least one of said first sequences of instructions, which when executed at runtime by a second processor of said execution device performs an access to a target value (X) located at a first index (i) in a first look-up table among said plurality of look-up tables by a new sequence of instructions which: o c1) determines using said permutation (P) a permuted index (i P ) of the target value (X) in the permuted table, o c2) returns the value memorized at the permuted index in said permuted table (T P ).

公开(公告)号：EP3252988A1

公开(公告)日：2017-12-06

申请号：EP16305629.4

申请日：2016-05-31

Applicant: GEMALTO SA

Inventor： LEVEQUE, Sylvain

IPC: H04L9/00

CPC classification number: H04L9/002 ,  H04L2209/16

Abstract: The present invention relates to a method to intrinsically protect a computer program having a driving value (DV) dedicated to handle sensitive data, said driving value (DV) comprising a plurality of N computation units (A,B) to perform computations using sensitive data and susceptible to let sensitive data leak, each unit having V possible values, said method comprising the step (S1) of unrolling k parts of P units, with P>1 and P

Abstract translation: 本发明涉及一种本质上保护具有专用于处理敏感数据的驱动值（DV）的计算机程序的方法，所述驱动值（DV）包括多个N个计算单元（A，B）以使用敏感数据 并且容易使敏感数据泄露，每个单元具有V个可能值，所述方法包括通过将P个单元的P个单元重写为P个并且将P个单元展开为P个并且将P个单元展开为N个单元的步骤（S1） 保护敏感数据的等效计算序列（AB，AA，BB，BA），所述展开步骤（S1）导致P个单元的多个V ^ P可能部分，所述方法进一步包括以下步骤： 最终执行的计算机程序，通过在每个执行部件结束时选择（S2）动态执行驱动值（DV）的指令，在可能部件当中执行下一个要执行的部件。

公开(公告)号：EP3439225A1

公开(公告)日：2019-02-06

申请号：EP17306033.6

申请日：2017-08-02

Applicant: GEMALTO SA

Inventor： LEVEQUE, Sylvain ,  ADJEDJ, Michael

IPC: H04L9/00 ,  G06F21/14 ,  H04L9/06

Abstract: The present invention relates to a method of securing by a first processor of a securing device, a software code performing, when executed by an execution device, a sensitive operation performing accesses to a plurality of look-up tables (T 0 , T 1 , ... T n ),
wherein said software code comprises first sequences of instructions performing said accesses,
said method comprising the steps of:
- a) generating (S1) a packed table (T) gathering said look-up tables (To ,Ti, ... T n ),
- b) applying (S2) a permutation (P) to said packed table (T) to obtain a permuted table (T p ),
- c) replacing (S3) in the software code (SC) at least one of said first sequences of instructions, which when executed at runtime by a second processor of said execution device performs an access to a target value (X) located at a first index (i) in a first look-up table among said plurality of look-up tables by a new sequence of instructions which:
∘ c1) determines using said permutation (P) a permuted index (i p ) of the target value (X) in the permuted table,
∘ c2) returns the value memorized at the permuted index in said permuted table (T p ).

公开(公告)号：EP3230859A1

公开(公告)日：2017-10-18

申请号：EP15801751.7

申请日：2015-11-24

Applicant: Gemalto SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F9/48 ,  G06F21/55

CPC classification number: G06F9/30065 ,  G06F7/588 ,  G06F9/4881 ,  G06F21/52 ,  G06F21/602

Abstract: The present invention relates to a method to execute by a processing unit a sensitive computation using multiple different and independent branches (SB1,SB2) each necessitating a given number of processing unit time units to be executed, characterized in that it comprises the following steps of, at each execution of a sensitive computation: - generating at least as many identifiers as the number of branches, - associating each identifier to a unique branch, - generating (S1,S2) a random permutation of identifiers, the number of occurrences of each identifier in the permutation being at least equal to the number of central processing unit time units in the shortest of the branches, - by processing (S3) each identifier in the random permutation, determining successively the branch to execute by each successive central processing unit time units according to the identifier value, - for each identifier of the random permutation, executing (S11,S21) a central processing unit time unit for the branch determined according to the identifier value.

Abstract translation: 本发明涉及一种由处理单元执行使用多个不同且独立的分支（SB1，SB2）进行敏感计算的方法，每个分支需要执行给定数量的处理单位时间单元，其特征在于其包括以下步骤 ，在每次执行敏感计算时： - 生成至少与分支数量一样多的标识符， - 将每个标识符与唯一分支相关联， - 生成（S1，S2）标识符的随机置换，每个标识符的出现次数 标识符至少等于分支中最短分支中的中央处理单元时间单元的数目; - 通过处理（S3）随机置换中的每个标识符，连续地确定要由每个连续中央处理单元执行的分支时间 根据所述标识符值确定单元， - 对于所述随机置换的每个标识符，执行（S11，S21）中央处理单元时间单元fo r根据标识符值确定的分支。

公开(公告)号：EP3608806A1

公开(公告)日：2020-02-12

申请号：EP18306094.6

申请日：2018-08-09

Applicant: GEMALTO SA

Inventor： ADJEDJ, Michael ,  GOUGET, Aline ,  GRELLIER, Stéphane ,  LEVEQUE, Sylvain ,  VACEK, Jan

IPC: G06F21/14 ,  G06F21/53 ,  G06F21/55 ,  G06F21/72 ,  H04L29/06 ,  H04W12/06

Abstract: The present invention relates to a method to protect a data file (DF) to be used by a white-box cryptography software application (WBCA) installed in memory (MEM) of a device (D) to prevent the malevolent use of a digital copy of the data file (DF) by a white-box cryptography software application installed in memory of another device, said method comprising the steps of extracting (S1) an unique identifier (ID) for the device (D) from the environment (ENVT) of the device (D) and modifying (S2) data in the data file (DF) according to the unique identifier (ID), the available white-box cryptography software application (WBCA) being such that it comprises a software security layer adapted to, when the WBC software application (WBCA) is executed (T1), retrieve (T3) the unique identifier (ID) from the environment (ENVT) of the device (D) in which it is installed and to use (T2) this unique identifier (ID) in combination with the stored data file (DF) in its execution (T4), the result of the execution (T4) being correct only in case where the correct unique identifier (ID) has been extracted by the executed WBC software application (WBCA).

公开(公告)号：EP3230859B1

公开(公告)日：2019-07-17

申请号：EP15801751.7

申请日：2015-11-24

Applicant: Gemalto SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F7/58 ,  G06F9/30 ,  G06F21/52 ,  G06F21/60 ,  G06F9/48