专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2012126083A1 SYSTEM AND METHOD PROVIDING DEPENDENCY NETWORKS THROUGHOUT APPLICATIONS FOR ATTACK RESISTANCE 审中-公开
标题翻译：系统和方法提供依赖性网络通过应用来防止攻击
公开(公告)号：WO2012126083A1
公开(公告)日：2012-09-27
申请号：PCT/CA2011/050157
申请日：2011-03-24
申请人： IRDETO CANADA CORPORATION , LIEM, Clifford , ZHOU, Yongxin , GU, Yuan Xiang
发明人： LIEM, Clifford , ZHOU, Yongxin , GU, Yuan Xiang
IPC分类号： G06F21/22
CPC分类号： G06F21/572 , G06F21/125 , G06F21/14
摘要： A method and system is provided to automatically propagate dependencies from one part of a software application to another previously unrelated part. Propagation of essential code functionality and data to other parts of the program serves to augment common arithmetic functions with Mixed Boolean Arithmetic (MBA) formulae that are bound to pre-existing parts of the program. A software application is first analyzed on a compiler level to determine the program properties which hold in the program. Thereafter, conditions are constructed based on these properties and encoded in formulae that encode the condition in data and operations. Real dependencies throughout the application are therefore created such that if a dependency is broken the program will no longer function correctly.
摘要翻译：提供了一种方法和系统，用于自动传播从软件应用程序的一个部分到另一个先前无关的部分的依赖关系。将基本代码功能和数据传播到程序的其他部分用于通过与程序的预先存在的部分绑定的混合布尔算术（MBA）公式来增加常规算术函数。首先在编译器级别分析软件应用程序，以确定程序中保存的程序属性。此后，基于这些属性构建条件并在编码数据和操作中的条件的公式中编码。因此，在整个应用程序中实际的依赖关系被创建，使得如果依赖关系被破坏，程序将不能正常工作。

2. 发明申请

WO2013138895A1 UPDATING SOFTWARE COMPONENTS 审中-公开
标题翻译：更新软件组件
公开(公告)号：WO2013138895A1
公开(公告)日：2013-09-26
申请号：PCT/CA2012/000307
申请日：2012-03-22
申请人： IRDETO CANADA CORPORATION , LIEM, Clifford , DONG, Hongrui , MARTIN, Sam , GU, Yuan Xiang , WEINER, Michael
发明人： LIEM, Clifford , DONG, Hongrui , MARTIN, Sam , GU, Yuan Xiang , WEINER, Michael
IPC分类号： G06F9/445 , G06F11/36
CPC分类号： G06F8/65 , G06F8/656 , G06F8/658 , G06F9/44521 , G06F21/57 , G06F21/572
摘要： A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.
摘要翻译：提供了一种在组件级更新软件的方法和系统。客户端程序包括用于将软件组件加载到程序的至少一个可加载区域中以更新程序的基础组件。软件组件中的代码用于写入状态数据，将存储器中的更新状态与执行软件组件相关联，并测试状态数据以验证更新程序的状态，并禁止回滚和前滚攻击，状态数据包括哈希链值。用于验证更新的程序的正确性的状态数据与用于程序功能的应用程序数据相互纠缠。服务器包括：具有部署在每个客户端中的多个软件更新的更新池，以及用于监视和控制以下至少之一的策略控制：客户端运行到软件更新被调用的时间长短，更新链 ; 和更新的粒度。

3. 发明申请

WO2011120122A1 METHOD FOR LINKING AND LOADING TO PROTECT APPLICATIONS 审中-公开
标题翻译：连接和加载保护应用的方法
公开(公告)号：WO2011120122A1
公开(公告)日：2011-10-06
申请号：PCT/CA2010/000450
申请日：2010-03-31
申请人： IRDETO CANADA CORPORATION , GOODES, Grant Stewart , LIEM, Clifford
发明人： GOODES, Grant Stewart , LIEM, Clifford
IPC分类号： G06F9/44 , G06F21/22 , G06F7/58 , G06F9/45
CPC分类号： G06F9/44521 , G06F8/54 , G06F21/14 , G06F21/51
摘要： A linker or loader, and associated method, is described, whereby the application of security transformations to object-code modules can be deferred until link or load-time, through, for example, memory relocation, selection from diverse instances of a module, and late-binding of constants. This provides several benefits over conventional source-to-source security transformations. These deferred security transformations can be applied in a very light-weight manner and create many opportunities for diversity in the resulting executable program, enhancing security, while at the same time minimizing the impact on execution performance and correctness, and reducing the complexity of debugging.
摘要翻译：描述了链接器或加载器以及相关联的方法，由此通过例如存储器重定位，从模块的不同实例的选择，到对象代码模块的安全转换的应用可以被推迟到链接或加载时间为止，以及常数的晚期绑定。这比传统的源到源安全转换提供了几个好处。这些延迟安全转换可以以非常轻量级的方式应用，并在生成的可执行程序中创建多样化的机会，增强安全性，同时最小化对执行性能和正确性的影响，并降低调试的复杂性。

4. 发明申请

WO2011120123A1 A SYSTEM AND METHOD FOR ENCAPSULATING AND ENABLING PROTECTION THROUGH DIVERSE VARIATIONS IN SOFTWARE LIBRARIES 审中-公开
标题翻译：通过软件图书馆中的多样化变化进行保护和实现保护的系统和方法
公开(公告)号：WO2011120123A1
公开(公告)日：2011-10-06
申请号：PCT/CA2010/000451
申请日：2010-03-31
申请人： IRDETO CANADA CORPORATION , GOODES, Grant, Stewart , LIEM, Clifford
发明人： GOODES, Grant, Stewart , LIEM, Clifford
IPC分类号： G06F9/44 , G06F21/22 , G06F9/45
CPC分类号： G06F21/6209 , G06F2221/2145 , G06F2221/2149
摘要： A flexible software library in which the software modules are defined as an abstract intermediate representation. The flexible library allows security transformation and performance attribute selections to be made by the end-user, rather than the library creator. Furthermore, since the flexible library contains an abstract representation of the software modules, the library can also be provisioned to contain an arbitrary number of named instances, representing specific sets of values for security and performance decisions, along with the corresponding native object-code resulting from those decisions. This permits distribution of software modules in a completely platform-independent manner while avoiding the disclosure of proprietary information, such as source-files.
摘要翻译：一个灵活的软件库，其中将软件模块定义为抽象中间表示。灵活库允许最终用户进行安全转换和性能属性选择，而不是库创建者。此外，由于灵活库包含软件模块的抽象表示，所以还可以将库配置为包含任意数量的命名实例，代表用于安全性和性能决策的特定值集合，以及相应的本机对象代码从那些决定。这允许以完全与平台无关的方式分发软件模块，同时避免披露专有信息，例如源文件。

5. 发明申请

WO2011041871A1 A SYSTEM AND METHOD FOR AGGRESSIVE SELF-MODIFICATION IN DYNAMIC FUNCTION CALL SYSTEMS 审中-公开
标题翻译：一种用于动态功能调用系统中的自适应自适应的系统和方法
公开(公告)号：WO2011041871A1
公开(公告)日：2011-04-14
申请号：PCT/CA2009/001430
申请日：2009-10-08
申请人： IRDETO CANADA CORPORATION , LIEM, Clifford
发明人： LIEM, Clifford
IPC分类号： G06F9/44 , G06F21/00
CPC分类号： G06F9/4426 , G06F9/4486 , G06F21/52
摘要： Embodiments of the invention provide a system and method for software obfuscation for transforming a program from a first form to more secure form that is resistant to static and dynamic attacks. In an embodiment, the method utilizes a sophisticated pre-analysis step to comprehend the function-call structure, the function-call layout, and the entire function call graph of the program, in order to determine strategic points in the program for changing the program. The method provides resistance to static attacks by transforming the original function-call layout to a new layout. In an embodiment changing the layout may include changing the function boundaries. The method also provides resistance to static attacks by transforming the original function-call structure to a new structure to be able to self modify as the transformed program executes in memory. In an embodiment, changing the function-call structure may include modifying when and how functions are called, and/or choosing random paths of execution that lead to the same result. The transformed program is semantically equivalent to the original program but is more resistant to static and dynamic attacks.
摘要翻译：本发明的实施例提供了一种用于将程序从第一形式转换为对静态和动态攻击具有抵抗性的更安全形式的软件混淆的系统和方法。在一个实施例中，该方法利用复杂的预分析步骤来理解程序的功能调用结构，函数调用布局和整个函数调用图，以便确定程序中用于改变程序的策略点。该方法通过将原始功能调用布局转换为新布局来提供对静态攻击的抵抗。在改变布局的实施例中，可以包括改变功能边界。该方法还通过将原始函数调用结构转换为新结构来提供对静态攻击的抵抗，以便能够在变换的程序在内存中执行时自修改。在一个实施例中，改变功能调用结构可以包括修改何时以及如何调用功能，和/或选择导致相同结果的随机执行路径。转换的程序在语义上等同于原始程序，但更能抵抗静态和动态攻击。

6. 发明申请

WO2013116918A1 METHOD AND APPARATUS FOR PROGRAM FLOW IN SOFTWARE OPERATION 审中-公开
标题翻译：软件运行程序流程的方法与装置
公开(公告)号：WO2013116918A1
公开(公告)日：2013-08-15
申请号：PCT/CA2012/000134
申请日：2012-02-10
申请人： IRDETO CANADA CORPORATION , KRTEN, Robert , EMMETT, Jonathan , LIEM, Clifford
发明人： KRTEN, Robert , EMMETT, Jonathan , LIEM, Clifford
IPC分类号： G06F21/00 , G06F9/40 , G06F9/44
CPC分类号： G06F21/52 , G06F21/54 , G06F21/57
摘要： The present disclosure provides a description of a computer implemented method and system for protecting a software program from attack during runtime. The system comprises a plurality of software blocks for providing desired functions during execution of a software program and a trusted address server having a table for mapping predetermined source tokens to destination tokens. The trusted address server couples each of the plurality of software blocks for receipt of predetermined source tokens from any one of the plurality of software blocks, while returning a mapped destination token from the predetermined destination tokens to said any one of the plurality of software blocks in dependence upon the table for mapping predetermined source tokens to destination tokens.
摘要翻译：本公开提供了一种用于在运行时间期间保护软件程序免受攻击的计算机实现的方法和系统的描述。该系统包括用于在执行软件程序期间提供所需功能的多个软件块和具有用于将预定源代码映射到目标令牌的表的可信地址服务器。所述可信地址服务器将所述多个软件块中的每一个耦合以接收来自所述多个软件块中的任何一个的预定源令牌，同时将映射的目标令牌从所述预定目的地令牌返回到所述多个软件块中的所述任一个软件块依赖于将预定的源代码映射到目的地令牌的表格。

7. 发明申请

WO2012126077A1 SYSTEM AND METHOD FOR SECURELY BINDING AND NODE-LOCKING PROGRAM EXECUTION TO A TRUSTED SIGNATURE AUTHORITY 审中-公开
标题翻译：信号绑定和节点锁定程序执行到信号签名机构的系统和方法
公开(公告)号：WO2012126077A1
公开(公告)日：2012-09-27
申请号：PCT/CA2011/050150
申请日：2011-03-21
申请人： IRDETO CANADA CORPORATION , BODIS, Michael, Louis, John , SUI, Jiayuan , GOODES, Grant, Stewart , LIEM, Clifford
发明人： BODIS, Michael, Louis, John , SUI, Jiayuan , GOODES, Grant, Stewart , LIEM, Clifford
IPC分类号： G06F21/22
CPC分类号： G06F21/602 , G06F21/51 , G06F21/645 , H04L9/321 , H04L9/3247 , H04L63/12
摘要： A system and method is disclosed for securely binding an arbitrary program to an authorized instance of a generic execution platform. Once the binding process occurs, the protected software application will not exhibit correct behavior unless run on the execution platform to which it is bound. The system and method withstands repeated attacks which tamper with the software application and the execution platform. The system and method present a mechanism to bind a program, P, to any un-trusted execution platform, E, which contains a Trusted Signing Authority (TSA). The TSA may take many alternate forms including a trusted platform module, secure processor, kernel driver, and hardened software agents.
摘要翻译：公开了用于将任意程序安全地绑定到通用执行平台的授权实例的系统和方法。一旦绑定过程发生，受保护的软件应用程序将不会显示正确的行为，除非在与其绑定的执行平台上运行。系统和方法可以承受反复攻击，篡改软件应用程序和执行平台。系统和方法提供了将程序P绑定到任何不受信任的执行平台E（其包含可信签名机构（TSA））的机制。 TSA可能采取许多替代形式，包括可信平台模块，安全处理器，内核驱动程序和强化的软件代理。

8. 发明申请

WO2013142943A1 METHOD FOR PROTECTING DATA 审中-公开
标题翻译：保护数据的方法
公开(公告)号：WO2013142943A1
公开(公告)日：2013-10-03
申请号：PCT/CA2012/000269
申请日：2012-03-26
申请人： IRDETO CANADA CORPORATION , KRTEN, Robert , DONG, Hongrui , LIEM, Clifford
发明人： KRTEN, Robert , DONG, Hongrui , LIEM, Clifford
IPC分类号： G06F21/24
CPC分类号： G06F21/60 , G06F17/30097 , G06F21/125 , G06F21/14 , G06F21/64 , G06F2221/2107 , H04L9/0894 , H04L9/3239 , H04L2209/16
摘要： In the present disclosure, a hash function is computed over a known image, for example, an address range in a program. The result of the hash function is known to be the same at two distinct points in time, before the program is run, i.e. signing at build-time, and during the running of the program, i.e. run time. The value that the programmer wishes to hide, i.e. the secret value, is also known at build-time. At build-time, the secret value is combined with the hash in such a way that the combining operation can be reversed at run time. This combined value, i.e. the salt, is stored along with the program. Later, at runtime, the program computes the same hash value as was computed at signing time, and does the reverse combining operation in order to reveal the secret value.
摘要翻译：在本公开中，在已知图像上计算散列函数，例如程序中的地址范围。在运行程序之前的两个不同的时间点，即在构建时签署，以及程序的运行，即运行时间，已知哈希函数的结果是相同的。程序员希望隐藏的值，即秘密值，在构建时也是已知的。在构建时，秘密值与哈希结合，使得组合操作在运行时可以颠倒。该组合值，即盐，与程序一起存储。后来，在运行时，程序计算与在签名时计算的哈希值相同的哈希值，并进行反向组合操作，以显示秘密值。

9. 发明申请

WO2012012861A1 SYSTEM AND METHOD FOR EFFICIENTLY DEPLOYING MASSIVELY DIVERSE PROGRAM INSTANCES TO RESIST DIFFERENTIAL ATTACKS 审中-公开
标题翻译：有效地分配大量多样化程序的系统和方法抵制差异性攻击
公开(公告)号：WO2012012861A1
公开(公告)日：2012-02-02
申请号：PCT/CA2010/001168
申请日：2010-07-29
申请人： IRDETO CANADA CORPORATION , DURAND, Robert , LIEM, Clifford , EISEN, Philip, Allan
发明人： DURAND, Robert , LIEM, Clifford , EISEN, Philip, Allan
IPC分类号： G06F9/44 , G06F21/00 , G06F9/45
CPC分类号： G06F8/30 , G06F8/61 , G06F21/14
摘要： A system and method for producing a massive number of diverse program instances so as to deter differential attacks, collusion, and similar hostile actions. Code portions are shown to be defined in various manners, instantiated, and aggregated. The system and method establishes a very large number of program instances that may be deployed. Furthermore, testing is accomplished over a minimal set of instances to provide for high test coverage and high confidence over the fully deployed instance set without incurring a high testing penalty.
摘要翻译：一种用于产生大量不同程序实例的系统和方法，以便防止差别攻击，串通和类似的敌对行为。代码部分被显示为以各种方式定义，实例化和聚合。系统和方法建立了可以部署的大量程序实例。此外，通过最少的一组实例来实现测试，以提供高度测试覆盖率和对完全部署的实例集的高置信度，而不会导致高的测试损失。

10. 发明申请

WO2011116448A1 SYSTEM AND METHOD FOR DYNAMIC, VARIABLY-TIMED OPERATION PATHS AS A RESISTANCE TO SIDE CHANNEL AND REPEATED INVOCATION ATTACKS 审中-公开
标题翻译：用于动态，可变时间操作的系统和方法作为对信道和重复的发起攻击的抵抗
公开(公告)号：WO2011116448A1
公开(公告)日：2011-09-29
申请号：PCT/CA2010/000409
申请日：2010-03-25
申请人： IRDETO CANADA CORPORATION , LIEM, Clifford , NAHAS, Carlos
发明人： LIEM, Clifford , NAHAS, Carlos
IPC分类号： G06F21/22
CPC分类号： G06F21/14 , G06F21/755
摘要： A system and method for constructing variably-timed operation paths and applying those paths to any algorithm. In particular, the system and method may be applied to cryptography algorithms as a means to resist side- channel, repeated invocation, and any similar attacks based on the physical characteristics of a system for a given software implementation. The method has the benefit of being generally applicable to any algorithm and has the ability to constrain performance to known timing windows.
摘要翻译：一种用于构建可变定时操作路径并将这些路径应用于任何算法的系统和方法。特别地，系统和方法可以应用于加密算法，作为抵抗侧信道，重复调用和基于给定软件实现的系统的物理特性的任何类似攻击的手段。该方法具有通常适用于任何算法的优点，并且具有将性能约束到已知时序窗口的能力。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式