SECURE AUTHENTICATION OF IDENTIFICATION FOR COMPUTING DEVICES

US 20120311338A1
Filed: 01/24/2012
Published: 12/06/2012
Est. Priority Date: 06/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of determining a signature of an identifier of a computing device, comprising the acts of:

receiving the identifier at a port;

storing the identifier in a first computer readable storage medium coupled to the port;

providing a value;

at a processor coupled to the first computer readable memory, applying a hash function to a combination of the identifier and the value, thereby generating a hash value;

applying a cryptographic process which is secure in an untrusted computing environment to the hash value;

combining a result of the cryptographic process and the value thereby, to define a signature; and

storing the signature in a second computer readable medium which is coupled to the processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.

Citations

19 Claims

1. A method of determining a signature of an identifier of a computing device, comprising the acts of:
- receiving the identifier at a port;
  
  storing the identifier in a first computer readable storage medium coupled to the port;
  
  providing a value;
  
  at a processor coupled to the first computer readable memory, applying a hash function to a combination of the identifier and the value, thereby generating a hash value;
  
  applying a cryptographic process which is secure in an untrusted computing environment to the hash value;
  
  combining a result of the cryptographic process and the value thereby, to define a signature; and
  
  storing the signature in a second computer readable medium which is coupled to the processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the identifier is a serial number, system number, network identifier or user identifier.
  - 3. The method of claim 1, further comprising applying a mask value or permutation to the hash value.
  - 4. The method of claim 3, wherein applying the mask value includes applying an affine mask or encrypting.
  - 5. The method of claim 1, wherein the cryptographic process is a block or stream cipher.
  - 6. The method of claim 1, wherein the cryptographic process is a cipher encryption or decryption.
  - 7. The method of claim 1, wherein the value is a random or pseudo random number.
  - 8. The method of claim 1, further comprising providing at least one additional signature generation process.
  - 9. The method of claim 8, further comprising associating each signature generation process with a different identifier.
  - 10. The method of claim 9, further comprising linking successive ones of the signature generation processes sequentially.
  - 11. The method of claim 2, wherein the value is a random or pseudo random number, and the combination is a concatenation of the identifier and the value.
  - 12. The method of claim 1, further comprising:
    - providing a plurality of additional signature generation processes, each associated with a different computing process, entity, or resource, wherein each of the signature generation processes computed is associated with a different identifier and is computed using a different hash function or cryptographic process; and
      
      wherein the plurality of signature generation processes are linked sequentially.
  - 13. The method of claim 5, wherein the cryptographic process is Advanced Encryption Standard encryption.
  - 14. The method of claim 1, further comprising applying a mask value or permutation to a result of the cryptographic process.
  - 15. A computer readable medium storing computer code for carrying out the method of claim 1.
  - 16. A computing apparatus programmed to carry out the method of claim 1.

17. An apparatus for determining a signature for an identifier of a computing device, comprising:
- a port adapted for receiving the identifier;
  
  a first computer readable storage coupled to the port and adapted to store the identifier;
  
  a processor coupled to the first computer readable memory and which applies a hash function to the identifier and a value, thereby generating a hash value;
  
  the processor applying a cryptographic process which is secure in an untrusted computing environment to the hash value and combining a result of the cryptographic process and the value, thereby to define a signature; and
  
  a second computer readable storage coupled to the processor and adapted to store the signature.

18. A method of verifying an identifier of a computing device, comprising the acts of:
- receiving a signature and the identifier at a port;
  
  storing the signature and identifier in a first computer readable storage medium coupled to the port;
  
  at a processor coupled to the first computer readable storage medium, partitioning the signature into at least two portions;
  
  applying at the processor a cryptographic process to one of the portions;
  
  applying at the processor a hash function to a combination of the other portion and the identifier thereby to generate a hash value; and
  
  verifying the identifier by comparing the hash value to a result of the cryptographic process.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein there is a plurality of signatures and associated identifiers, and further comprising one of:
    - verifying all the identifiers to determine a valid identifier;
      
      verifying a predetermined number of the identifiers of the plurality to determine a valid identifier;
      
      orverifying the identifiers in a predetermined order to determine a valid identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
FARRUGIA, Augustin J., CIET, Mathieu, M'RAIHI, David, ICART, Thomas

Granted Patent

US 9,264,234 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/06   the encryption apparatus us...

H04L 9/3247   involving digital signatures

SECURE AUTHENTICATION OF IDENTIFICATION FOR COMPUTING DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE AUTHENTICATION OF IDENTIFICATION FOR COMPUTING DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links