Computer implemented masked representation of data tables

US 20100306497A1
Filed: 05/29/2009
Published: 12/02/2010
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method of masking data in a set of computer instructions stored in computer readable memory, using a processor coupled to the computer readable memory, comprising the acts of:

providing at least one first table of data in a first portion of the computer readable memory;

each table having a length and an allocation in the first portion of the computer readable memory;

the processor detecting a pointer to a location in the table in the set of computer instructions;

the processor modifying the detected pointer in the set of computer instructions, so the detected pointer is modified by a transformation function;

storing the modified pointer in an entry in a second table in a second portion of the computer readable memory, the entry including the allocation and length of the first table; and

storing the set of computer instructions with the modified pointer and the second table in a third portion of the computer readable memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion.

13 Citations

View as Search Results

35 Claims

1. A method of masking data in a set of computer instructions stored in computer readable memory, using a processor coupled to the computer readable memory, comprising the acts of:
- providing at least one first table of data in a first portion of the computer readable memory;
  
  each table having a length and an allocation in the first portion of the computer readable memory;
  
  the processor detecting a pointer to a location in the table in the set of computer instructions;
  
  the processor modifying the detected pointer in the set of computer instructions, so the detected pointer is modified by a transformation function;
  
  storing the modified pointer in an entry in a second table in a second portion of the computer readable memory, the entry including the allocation and length of the first table; and
  
  storing the set of computer instructions with the modified pointer and the second table in a third portion of the computer readable memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the set of computer instructions includes a second table of data and a second pointer to the second table of data, and further comprising applying the method to the second table of data.
  - 3. The method of claim 1, wherein the transformation function is one of an affine transformation, a multiplication by a modulus of a length of the first table, or a permutation.
  - 4. The method of claim 1, wherein the act of modifying the detected pointer includes invoking a handler.
  - 5. The method of claim 1, wherein the transformation function is bijection.
  - 6. The method of claim 1, wherein each entry in the second table also includes the transformation function for that pointer.
  - 7. The method of claim 1, wherein the pointer is an absolute or an offset pointer.
  - 8. The method of claim 1, wherein the method is performed for all pointers only during initialization of the set of computer instructions.
  - 9. The method of claim 1, wherein the method is performed for each access to the first table.
  - 10. The method of claim 1, further comprising the acts of:
    - providing a third table of data; and
      
      applying the transformation function to the first and third tables of data, thereby to concatenate the tables.
  - 11. The method of claim 1, wherein additional data is appended to the first table, thereby being a third table;
    - and further comprising the act of applying a transformation function only to the additional data in the third table.
  - 12. The method of claim 1, wherein the set of computer instructions is in source code format prior to application of the method, and the method is carried out before or during compilation of the source code into object code.
  - 13. The method of claim 1, wherein the transformation function is included in the second table.
  - 14. The method of claim 1, further comprising increasing the length of the first table and putting padding values in additional entries of the first table.
  - 15. A computing device programmed to perform the method of claim 1.
  - 16. A computer program product storing computer code to carry out the method of claim 1.
  - 17. A computer readable memory storing the set of computer instructions resulting from the method of claim 1.
  - 18. The method of claim 1, wherein the set of computer instructions resulting from the method is object code.

19. A method of accessing masked data in a set of computer instructions stored in a computer readable memory, using a processor coupled to the computer readable memory, comprising the acts of:
- the processor detecting a pointer to a table of masked data in the set of computer instructions stored in a first portion of the computer readable memory;
  
  upon detecting the pointer, the processor accessing a second table stored in a second portion of the computer readable memory, the second table including a plurality of entries, each entry corresponding to a table of data and having a length and starting address of the corresponding masked table of data and a transformation function;
  
  the processor modifying the masked table of data pointed to by the detected pointer, so the masked table of data is modified by the transformation function so as to be unmasked; and
  
  storing the unmasked table of data with the set of computer instructions in the computer readable memory.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 20. The method of claim 19, wherein the set of computer instructions includes a second table of data and a second pointer to the second table of data, and further comprising applying the method to the second table of data.
  - 21. The method of claim 19, wherein the transformation function is one of an affine transformation, a multiplication by a modulus of a length of the first table, or a permutation.
  - 22. The method of claim 19, wherein the act of modifying the detected pointer includes invoking a handler.
  - 23. The method of claim 19, wherein the transformation function is a bijection.
  - 24. The method of claim 19, wherein each entry in the second table also includes the transformation function for that pointer.
  - 25. The method of claim 19, wherein the pointer is an absolute or an offset pointer.
  - 26. The method of claim 19, wherein the method is performed for all pointers only during initialization of the set of computer instructions.
  - 27. The method of claim 19, wherein the method is performed for each access to the first table.
  - 28. The method of claim 19, further comprising the acts of:
    - providing a third table of data; and
      
      applying the transformation function to the first and third tables of data, thereby to de-concatenate the tables.
  - 29. The method of claim 19, wherein additional data is appended to the first table, thereby being a third table;
    - and further comprising the act of applying a transformation function only to the additional data in the third table.
  - 30. The method of claim 19, wherein the transformation function is included in the second table.
  - 31. The method of claim 19, wherein predetermined entries of the second table contain padding values.
  - 32. A computing device programmed to perform the method of claim 19.
  - 33. A computer program product storing computer code to carry out the method of claim 19.
  - 34. A computer readable memory storing the set of computer instructions resulting from the method of claim 19.
  - 35. The method of claim 19, wherein the set of computer instructions resulting from the method is object code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Betouin, Pierre, Farrugia, Augustin J., Ciet, Mathieu

Granted Patent

US 8,140,809 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/202
CPC Class Codes

G06F 21/14 against software analysis o...

Computer implemented masked representation of data tables

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Computer implemented masked representation of data tables

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links