专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11526616B1 Method to verify the execution integrity of an application in a target device 有权
公开(公告)号：US11526616B1
公开(公告)日：2022-12-13
申请号：US17099814
申请日：2020-11-17
申请人： NAGRAVISION S.A.
发明人： Brecht Wyseur
IPC分类号： G06F21/57 , G06F21/44 , G06F21/54 , G06F21/51 , G06F21/53 , G06F21/52
摘要： The present invention concerns the field of software verification, in particular to check whether the run-time integrity of a software application can be demonstrated. It is therefore proposed a method to verify, by a verification server, the execution integrity of an application in a target device wherein the verification server receives an application signature generated from run time application information on the target device, said signature being used to verify the execution integrity of the application in the target device, said application comprising an array of blocks, each block producing a digest, thus producing an array of digests related to the array of blocks, comprising the steps of: —sending to the target device a message comprising a challenge and a first function, said first function defining an aggregation method, said challenge defining an aggregation instruction, —receiving an attestation from the target device, this attestation being generated by the target device by determining for each block, the corresponding digest for said block, aggregating the digests of the blocks according to the aggregation method of the first function and the challenge to produce the attestation related to the application, —applying a second function to the attestation by the verification server, said second function undoing the effect of the challenge thus producing an application signature independent of the challenge, —verifying the execution integrity of the application by comparing the produced application signature with a reference signature.

2. 发明授权

US10939163B2 Method for watermarking encrypted digital content, method and device for retrieving a unique identifier from watermarked content and content distribution network 有权
公开(公告)号：US10939163B2
公开(公告)日：2021-03-02
申请号：US15774671
申请日：2016-11-10
申请人： NAGRAVISION S.A.
发明人： Jean-Bernard Fischer , Brecht Wyseur
IPC分类号： G06F21/16 , H04N21/4405 , H04N21/8355 , H04N21/6334 , H04N21/8358 , H04N19/467 , H04N5/913
摘要： A method for watermarking an encrypted digital content stored in a content distribution network (CDN) method comprises the steps of receiving in the CDN, a non-watermarked encrypted content and marking metadata, said non-watermarked encrypted content being the result of an encryption of a non-watermarked clear content by a stream cipher process, said marking metadata indicating locations in the content suitable for a modification of said content; using a watermark formed of watermark values and corresponding to a unique identifier; and producing a watermarked encrypted content by combining in the CDN, with a combination function, the values forming the watermark with the non-watermarked encrypted content in locations indicated by the marking metadata.

3. 发明授权

US11418321B2 Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method 有权
公开(公告)号：US11418321B2
公开(公告)日：2022-08-16
申请号：US15532932
申请日：2015-12-01
申请人： NAGRAVISION S.A.
发明人： Brecht Wyseur
IPC分类号： H04L9/06 , H04L9/32 , G06F21/60
摘要： A block cipher method and apparatus using round repetition for providing, from a plaintext message, a ciphertext message and a global tag is disclosed; the plaintext message is converted into a plurality of ordered plaintext blocks which are successively processed during a round for computing: a cryptogram by encrypting input data using a single cryptographic key, said cryptogram comprising a first segment and a second segment; a ciphertext block by performing a first operation using, as operands: said first segment said current plaintext block and said second segment; at each next round said input data is newly determined based on the current ciphertext block and an updated reproducible data; the ciphertext message is determined by concatenating the ciphertext blocks and the global tag by a second operation using computed authentication local tags as operands.

4. 发明授权

US10742394B2 Key sequence generation for cryptographic operations 有权
公开(公告)号：US10742394B2
公开(公告)日：2020-08-11
申请号：US15772933
申请日：2016-11-02
申请人： NAGRAVISION S.A.
发明人： Karine Villegas , Brecht Wyseur
IPC分类号： H04L9/28 , H04L9/06
摘要： Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack. At the same time, by using the main key only once (rather than using the main key each time a sub-key is generated), the vulnerability of the main key to a side-channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced. Specific embodiments use parallel or chained execution of sub-functions to generate respective sub-keys. Other specific embodiments generate all sub-keys from a single one-way function in one go.

5. 发明授权

US11336448B2 On demand code decryption 有权
公开(公告)号：US11336448B2
公开(公告)日：2022-05-17
申请号：US16313273
申请日：2017-06-29
申请人： NAGRAVISION S.A.
发明人： Laurent Dore , Eric Piret , Yasser Belaidi , Brecht Wyseur
IPC分类号： H04L9/32 , G06F21/14 , G06F21/56 , G06F21/60
摘要： A system and a method for protecting code are provided. Extraction of code to be protected takes place during an object-to-object transformation and that code is replaced with fake binary code. The extracted code to be protected may then be encrypted or otherwise obscured and stored in a separate region of an object file. A prior source-to-source file transformation can be provided to isolate and mark the code to be protected, and to inject additional source code to handle later decryption.

6. 发明授权

US09946855B2 Method to detect cloned software 有权
公开(公告)号：US09946855B2
公开(公告)日：2018-04-17
申请号：US15438381
申请日：2017-02-21
申请人： NAGRAVISION S.A.
发明人： Jean-Bernard Fischer , Patrik Marcacci , Christian Schwarz , Brecht Wyseur
IPC分类号： G06F7/04 , G06F21/16 , H04N21/258 , H04N21/426 , H04N21/442 , H04N21/6334 , H04N21/6377 , G06F21/64 , G06F21/12 , G06F17/30
CPC分类号： G06F21/16 , G06F17/30345 , G06F21/121 , G06F21/64 , G06F2221/0711 , H04N21/25816 , H04N21/42684 , H04N21/44236 , H04N21/6334 , H04N21/6377
摘要： Method to detect cloned software being used on a client user unit. An initialization phase comprises: defining a tag value as being equal to an initial random value, opening a new record storing the tag value and introducing the tag value into the client user unit. An operating phase comprises: preparing a client message comprising the request and a value depending on the tag value; sending the client message to the server; and checking if the tag value of the client message is correct with respect to the stored tag value. If they do not match, the requested service is denied. If they do match, the method sends a server message to the user unit; updates the tag value with a new tag value; and stores the new tag value on the server and user unit.

7. 发明授权

US09641331B2 Method for converting a conditional access content and receiver for the implementation for said method 有权
公开(公告)号：US09641331B2
公开(公告)日：2017-05-02
申请号：US14572438
申请日：2014-12-16
申请人： Nagravision S.A.
发明人： Christian Schwarz , Brecht Wyseur
IPC分类号： H04L9/00 , H04L9/14 , H04L9/06
CPC分类号： H04L9/14 , H04L9/0637 , H04L2209/16 , H04L2209/76
摘要： A method is disclosed for converting a conditional access content. This method includes receiving, by a cryptographic module of a first receiver, the content encrypted according to the first encryption mode; choosing a first entry data of the combination of the first encryption mode choosing a second entry data of the combination of the second encryption mode inverting the first and second input data in order to process the content received by the cryptographic module of the first receiver, this processing including a decryption operation according to the first encryption mode, by using the entry data corresponding to the second encryption mode, and to process the content obtained during the previous processing step, this processing including an encryption operation according to the second encryption mode, by using the entry data corresponding to the first encryption mode.

8. 发明授权

US11546135B2 Key sequence generation for cryptographic operations 有权
公开(公告)号：US11546135B2
公开(公告)日：2023-01-03
申请号：US16918426
申请日：2020-07-01
申请人： NAGRAVISION S.A.
发明人： Karine Villegas , Brecht Wyseur
IPC分类号： H04L9/06
摘要： Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack. At the same time, by using the main key only once (rather than using the main key each time a sub-key is generated), the vulnerability of the main key to a side-channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced. Specific embodiments use parallel or chained execution of sub-functions to generate respective sub-keys. Other specific embodiments generate all sub-keys from a single one-way function in one go.

9. 发明授权

US11297170B2 Data transmission method, transmitter and receiver 有权
公开(公告)号：US11297170B2
公开(公告)日：2022-04-05
申请号：US16958081
申请日：2018-12-26
申请人： NAGRAVISION S.A.
发明人： Brecht Wyseur , Klaus Kursawe
IPC分类号： H04L29/06 , H04L9/32 , H04L69/22 , H04W84/18
摘要： A method of transmitting data to a receiver via a network includes transmitting a sequence of first data packets to the receiver via the network, each first data packet including payload data and identification data, the identification data identifying the respective first data packet, the identification data being different for each first data packet. The method also includes transmitting a corresponding second data packet for each first data packet to the receiver via the network, each second data packet including the data enabling identification of the corresponding first data packet and additional data related to the corresponding first data packet, the data enabling identification of the corresponding first data packet enabling the receiver to associate each second data packet with the corresponding first data packet.

10. 发明授权

US11271901B2 Integrated circuit 有权
公开(公告)号：US11271901B2
公开(公告)日：2022-03-08
申请号：US16958069
申请日：2018-12-21
申请人： NAGRAVISION S.A.
发明人： Fabien Gremaud , Brecht Wyseur
IPC分类号： H04L29/06
摘要： In overview, an integrated circuit in accordance with the disclosure comprises first and second network interface processors which are separate processors and which are connected by a first unidirectional interconnect. The first unidirectional interconnect allows data transfer from the first network interface processor to the second network interface processor, while preventing data transfer in the reverse direction. The first network interface processor is for communication with a first network which may be a secure network and the second network interface processor is for communication with second network which may be a public network, for example an insecure public network. In this way, the processing of data received from each of the first and second networks is performed by separate processors and data can only be sent from the first network to the second network, thereby protecting the first network from the second network.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式