METHOD FOR PROTECTING DATA

US 20150324590A1
Filed: 03/26/2012
Published: 11/12/2015
Est. Priority Date: 03/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method of protecting sensitive data comprising the steps of:

during build time, hashing an image to produce a first hash;

combining sensitive data with the first hash to form a salt; and

storing the salt;

at runtime, hashing the image to produce a second hash;

retrieving the salt;

combining the second hash and the salt to recover the sensitive data;

combining a first value with the image; and

comprising the step of splitting the sensitive data into at least two portions, combining a first value with the image, combining a first portion of the sensitive data with the first hash to form a first salt and combining a second value with the image, combining a second portion of the sensitive data with the first hash to form a second salt.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the present disclosure, a hash function is computed over a known image, for example, an address range in a program. The result of the hash function is known to be the same at two distinct points in time, before the program is run, i.e. signing at build-time, and during the running of the program, i.e. run time. The value that the programmer wishes to hide, i.e. the secret value, is also known at build-time. At build-time, the secret value is combined with the hash in such a way that the combining operation can be reversed at run time. This combined value, i.e. the salt, is stored along with the program. Later, at runtime, the program computes the same hash value as was computed at signing time, and does the reverse combining operation in order to reveal the secret value.

26 Citations

View as Search Results

25 Claims

1. A method of protecting sensitive data comprising the steps of:
- during build time, hashing an image to produce a first hash;
  
  combining sensitive data with the first hash to form a salt; and
  
  storing the salt;
  
  at runtime, hashing the image to produce a second hash;
  
  retrieving the salt;
  
  combining the second hash and the salt to recover the sensitive data;
  
  combining a first value with the image; and
  
  comprising the step of splitting the sensitive data into at least two portions, combining a first value with the image, combining a first portion of the sensitive data with the first hash to form a first salt and combining a second value with the image, combining a second portion of the sensitive data with the first hash to form a second salt.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the step of retrieving the salt retrieves first and second salts and the step of combining the second hash, combines the second hash with the first and second salts to recover first and second portions, respectively, of the sensitive data.
  - 3. The method of claim 2, further comprising the step of hashing the first and second hashes to produce third and fourth hashes and comparing the third and fourth hashes to determine if they are the same and verifying the sensitive data if they are the same.
  - 4. The method of claim 3, wherein the step of combining sensitive data and the third hash value includes combining the sensitive data with random data.
  - 5. The method of claim 4, wherein the step of combining sensitive data and the third hash value includes combining the sensitive data with random data and combining the output with the random data and the third hash value.
  - 6. The method of claim 5, wherein the sensitive data is an instruction address.
  - 7. The method of claim 6, wherein the instruction address includes at least one of a branching address and callback function address.
  - 8. The method of claim 6 or 7, wherein the instruction address has one of 32 bits and 64 bits.
  - 9. The method of claim 1, wherein the image is a portion of any file.
  - 10. The method of claim 9, wherein the image is a portion of an executable file.

11. A method of protecting sensitive data comprising the steps of:
- during build time, hashing an image to produce a first hash;
  
  hashing the first hash to produce a second hash;
  
  combining sensitive data with the second hash to produce a combined value;
  
  combining the first hash and the combined value to form a salt; and
  
  storing the salt;
  
  at runtime, hashing the image to produce a third hash;
  
  hashing the third hash to produce a fourth hash;
  
  retrieving the salt;
  
  combining the third hash and the salt to recover the combined value;
  
  comparing the second hash from the recovered combined value with the fourth hash and if they are the same;
  
  recovering the sensitive data from the remainder of the combined data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The method of claim 11, wherein the step of combining sensitive data and the second hash value includes the step of adding random data.
  - 13. A method of claim 12 wherein the step of combining sensitive data and the second hash value includes exclusive oring the sensitive data with the random data.
  - 14. The method of claim 13, wherein the step of combining sensitive data and the second hash value includes exclusive oring the sensitive data with the random data and combining the output with the random data and the second has value.
  - 15. The method of claim 14, wherein the sensitive data is an instruction address.
  - 16. The method of claim 15, wherein the instruction address includes at least one of a branching address and callback function address.
  - 17. The method of claim 15 or 16, wherein the sensitive data is an instruction address has one of 32 bits and 64 bits.
  - 18. The method of claim 11, wherein the image is a portion of any file
  - 19. The method of claim 18, wherein the image is a portion of an executable file
  - 20. The method of claim 19 wherein the image has a value combined therewith
  - 21. The method of claim 20 wherein the value corresponds to an instruction address
  - 22. The method of claim 21 wherein there are a plurality of instruction addresses, each address having a corresponding value combined with the image.
  - 23. The method of claim 22 wherein the step of combining the first hash and the combined value to form a salt does so for each corresponding value combined with the image to produce a corresponding plurality of salts.

24. (canceled)

25. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto Canada Corporation (MultiChoice Group Ltd.)
Inventors
KRTEN, Robert, DONG, Hongrul, LIEM, Clifford

Granted Patent

US 9,454,666 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/137   Hash-based content-based in...

G06F 21/125   by manipulating the program...

G06F 21/14   against software analysis o...

G06F 21/60   Protecting data

G06F 21/64   Protecting data integrity, ...

G06F 2221/2107   File encryption

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3239   involving non-keyed hash fu...

METHOD FOR PROTECTING DATA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR PROTECTING DATA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links