Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2001079969 - LOGICIEL INVIOLABLE - CODAGE DE DONNEES DE MASSE

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

WHAT IS CLAIMED IS:
1. A method of obscuring memory contents comprising the steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.

2. A method of memory storage which is tamper-resistant and obscure,
comprising the steps of:
responding to a request to store a data value at a virtual address by:
calculating a hash of said virtual address to generate an actual address; and ' storing said data value in a memory location indexed by said actual address.

3. A method of reducing the amount of information which can be derived from a memory comprising the steps of:
mapping virtual data addresses onto actual data addresses;
said mapping altering the pattern of memory accesses during execution of a
program.

4. A method of obscuring mass data comprising the steps of:
responding to a request to store a data value at a virtual address by:
storing said data value at an actual memory location indexed by a hash of
said virtual address.

5. A method of obscuring mass data comprising the steps of:
storing data in pseudo-random addresses;
thereby distributing data sets throughout a memory space.

6. A method of obscuring mass data comprising the steps of:
responding to a request to store a data value by:
storing said data in a pseudo-randomly selected memory location.

7. The method of claim 1 , wherein said step of mapping comprises the prior
step of selecting one of a plurality of different mappings.

8. The method of claim 1 , further comprising the steps of: varying said address mappings over time;
whereby any information obtained by an attacker will have a very short useful life.

9. The method of claim 1 , further comprising the prior step of encrypting said data value being stored.

10. The method of claim 1 , further comprising the prior step of:
encoding said input data with a data flow encoding technique;
whereby only encoded data is processed and unprotected data is not exposed.

11. The method of claim 1 , wherein all steps are cloaked using tamper-resistant secret-hiding software; thereby rendering the corresponding computer code enormously complex and resistant to reverse engineering.

12. The method of claim 8, wherein said step of varying said address mappings comprises the step of:
varying said address mappings randomly or pseudo-randomly, on the basis of other addresses and data.

13. The method of claim 12, wherein said step of varying said address mappings comprises the step of:
varying said address mappings randomly or pseudo-randomly, each time a store or fetch is performed.

14. The method of claim 13, further comprising the steps of:
executing a separate, background routine which atomically changes the locations and data encoding while said application program is running.

15. The method of claim 14, wherein said step of executing a separate,
background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of said data by changing a tag which indexes an
encryption key stored in an associated recoding vector; and
allows execution of the main program to resume.

16. The method of claim 14, wherein said step of executing a separate,
background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of said data by changing the actual read/write R/W
encryption pairs within recoding vectors, with associated changes to the data affected, so that there is no stable association between
particular tags and particular cell encodings in a software actual
memory array (SAMA); and
allows execution of the main program to resume.

17. The method of claim 14, wherein said step of executing a separate,
background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of data within cells of a SAMA by changing the hash
function encoding said data, so that no given piece of data has a fixed address within said SAMA for a long period of time; and
allows execution of the main program to resume.

18. The method of claim 9, further comprising the step of:
varying the encoding of said data in said mass storage device over time.

19. The method of claim 10, further comprising the prior step of:
performing "maze" encoding transformations on data being input.

20. The method of claim 10, further comprising the step of:
performing "maze" encoding transformations on data being output.

21. The method of claim 11 , wherein said tamper-resistant secret-hiding software comprises data flow encoding.

22. The method of claim 11 , wherein said tamper-resistant secret-hiding software comprises control flow encoding.

23. The method of claim 7 wherein said actual address is pseudo-randomly
selected.

24. The method of claim 7 wherein said mapping comprises a composition of composable hash functions.

25. The method of claim 7 wherein said step of mapping comprises the steps of: determining necessary number of cell data encodings, based on degree of security required;
generating tags to index said cell data encodings;
generating recoding vectors containing read/write (R/W) data encryption pairs, said

R/W pairs indexed by values of said tags;
storing said tag values in a tag array, at a location indexed by said hash of said
virtual address;
encrypting input data value using said write data encryption key; and
storing said encrypted data value in a SAMA array indexed by said hash of said virtual address.

26. The method of claim 7, further comprising the step of:
converting said virtual address to an actual address using a Pointwise Linear
Partitioned Bijection (PLPB) transform.

27. The method of claim 7, wherein multiple SAMAs mapping onto multiple
SVMAs.

28. The method of claim 7, wherein said mapping comprises a concealed hash.

29. The method of claim 28, wherein said hash is concealed because the hash function itself is never computed, rather it comprises two functions:
a concealed data coding as a "half-way point" in the computation; and
a "hasher" function applied to the output of the concealed data coding to produce the hashed value.

30. The method of claim 7, wherein said step of mapping further comprises the step of: composing transforms which perform both data encoding and hash functions
(Pointwise Linear Partitioned Bijections, or PLPBs);
said PLPBs:
composing seamlessly with linear data encoding transformations; and
being table-driven, making them highly suited to incremental changes over
time as may be required to generate a flexibly sized address space
(extensible hashing) or to change the address mapping incrementally over time by a "scrambler" process.

31. A method of retrieving data from a tamper-resistant memory storage system comprising the steps of:
responding to a request to retrieve a data value at a virtual address by:
calculating a hash of said virtual address to generate an actual address; and fetching said data value at said actual address.

32. A method of obscuring memory contents comprising the steps of:
responding to a request to fetch a data value from a virtual address by:
mapping said virtual address onto a predetermined, pseudo-randomly
selected actual address; and
fetching said data value from a memory location indexed by said actual
address.

33. A method of memory retrieval which is tamper-resistant and obscure
comprising the steps of:
responding to a request to fetch a data value from a virtual address by:
calculating a hash of said virtual address to generate an actual address; and fetching said data value from a memory location indexed by said actual
address.

34. A method of obscuring mass data comprising the steps of:
responding to a request to fetch a data value at a virtual address by:
fetching said data value from an actual memory location indexed by a hash of said virtual address.

35. A method of obscuring mass data comprising the steps of: responding to a request to fetch a data value by:
fetching said data from a pseudo-randomly selected memory location.

36. A system for obscuring memory contents comprising:
a computer;
said computer being operable to:
respond to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual
address; and
storing said data value in a memory location indexed by said actual
address.

37. An apparatus for obscuring memory contents comprising:
means for responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.

38. A computer readable memory medium for storing software code executable to perform the method steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.

39. A carrier signal incorporating software code executable to perform the
method steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.