Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020109049 - PROTECTING SENSITIVE DATA IN A SOFTWARE PROGRAM

Publication Number WO/2020/109049
Publication Date 04.06.2020
International Application No. PCT/EP2019/081619
International Filing Date 18.11.2019
IPC
G06F 21/55 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
G06F 21/62 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/52 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
CPC
G06F 21/52
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
G06F 21/556
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
556involving covert channels, i.e. data leakage between processes
G06F 21/6245
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
6245Protecting personal data, e.g. for financial or medical purposes
G06F 2221/033
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
033Test or assess software
G06F 2221/2149
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2149Restricted operating environment
Applicants
  • NAGRAVISION AS [NO]/[NO]
Inventors
  • MÖNCH, Christian
  • ORAKZAI, Asfandyar
Agents
  • HOYNG ROKH MONEGIER LLP
Priority Data
18209644.630.11.2018EP
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) PROTECTING SENSITIVE DATA IN A SOFTWARE PROGRAM
(FR) PROTECTION DE DONNÉES SENSIBLES DANS UN PROGRAMME LOGICIEL
Abstract
(EN)
The disclosed method is concerned with a computer implemented method generating code for protecting sensitive data used by the program, by partitioning the program into a plurality of blocks of code, such that each code block in the program is registered using a code index in a code register created for the program. The code index for a given code block reflects current properties including the current location of the code block, at any given time. During execution of the program at runtime by the computing device, each code block of the program is moved from a first code location in a memory to a respective second code location in the memory, such that the code block is accessible from the second code location in the memory henceforth. The code index for the moved code block is updated to indicate updated current properties, such as the new location of the code block, i.e. the second code location, after moving the code block. In addition to moving the code to the second code location that is different to the first code location; one or more references stored in the memory and that are required for the execution of the code block, i.e. which are accessed by the code block and/or are required to access the code block, are also associated with the moved code block. To enable the association, the one or more references for the code block are registered in a reference register, such that a reference index reflecting current properties for each of the one or more references is adjusted based on updated current properties of the code index of the moved code block.
(FR)
L'invention concerne un procédé mis en œuvre par ordinateur générant un code pour protéger des données sensibles utilisées par le programme, par partition du programme en une pluralité de blocs de code, de telle sorte que chaque bloc de code dans le programme est enregistré à l'aide d'un index de code dans un registre de code créé pour le programme. L'indice de code pour un bloc de code donné reflète des propriétés actuelles comprenant l'emplacement actuel du bloc de code, à n'importe quel moment donné. Pendant l'exécution du programme au moment de l'exécution par le dispositif informatique, chaque bloc de code du programme est déplacé d'un premier emplacement de code dans une mémoire à un second emplacement de code respectif dans la mémoire, de telle sorte que le bloc de code est accessible à partir du second emplacement de code dans la mémoire décrite. L'indice de code pour le bloc de code déplacé est mis à jour pour indiquer des propriétés actuelles mises à jour, telles que la nouvelle position du bloc de code, c'est-à-dire le second emplacement de code, après le déplacement du bloc de code. En plus de déplacer le code vers le second emplacement de code qui est différent du premier emplacement de code, une ou plusieurs références stockées dans la mémoire et qui sont requises pour l'exécution du bloc de code, c'est-à-dire qui sont accédées par le bloc de code et/ou sont nécessaires pour accéder au bloc de code, sont également associées au bloc de code déplacé. Pour permettre l'association, la ou les références pour le bloc de code sont enregistrées dans un registre de référence, de telle sorte qu'un indice de référence reflétant des propriétés courantes pour chacune de la ou des références est ajusté sur la base des propriétés actuelles mises à jour de l'indice de code du bloc de code déplacé.
Also published as
Latest bibliographic data on file with the International Bureau