Computer implemented masked representation of data tables

US 8,140,809 B2
Filed: 05/29/2009
Issued: 03/20/2012
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method of masking data, the data being in a set of computer instructions stored in computer readable memory, using a processor coupled to the computer readable memory, the method comprising the acts of:

providing a first table of data in a first portion of the computer readable memory, wherein the first table has a length and an allocation in the first portion of the computer readable memory;

the processor detecting a pointer to a location in the first table in the set of computer instructions;

the processor modifying the detected pointer in the set of computer instructions, so the detected pointer is modified by a transformation function;

storing the modified pointer in an entry in a second table in a second portion of the computer readable memory, the entry including the allocation and length of the first table; and

storing the set of computer instructions and the second table in a third portion of the computer readable memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the computer software field, method and apparatus to obfuscate (mask or hide) computer data which is part of or accessed by a computer program. The method protects (hides) accesses to tables of data in terms of the place or position of each element in the table. It does this by providing an intermediate table which describes the positions of the elements of the first table or tables, but in a transformed (modified) fashion.

12 Citations

View as Search Results

31 Claims

1. A method of masking data, the data being in a set of computer instructions stored in computer readable memory, using a processor coupled to the computer readable memory, the method comprising the acts of:
- providing a first table of data in a first portion of the computer readable memory, wherein the first table has a length and an allocation in the first portion of the computer readable memory;
  
  the processor detecting a pointer to a location in the first table in the set of computer instructions;
  
  the processor modifying the detected pointer in the set of computer instructions, so the detected pointer is modified by a transformation function;
  
  storing the modified pointer in an entry in a second table in a second portion of the computer readable memory, the entry including the allocation and length of the first table; and
  
  storing the set of computer instructions and the second table in a third portion of the computer readable memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the set of computer instructions includes a third table of data and a second pointer to the third table of data, and further comprising applying the method to the third table of data.
  - 3. The method of claim 1, wherein the transformation function is one of an affine transformation, a multiplication by a modulus of a length of the first table, or a permutation.
  - 4. The method of claim 1, wherein the act of modifying the detected pointer includes invoking a handler.
  - 5. The method of claim 1, wherein the transformation function is a bijection.
  - 6. The method of claim 1, wherein each entry in the second table also includes the transformation function for that pointer.
  - 7. The method of claim 1, wherein the pointer is an absolute or an offset pointer.
  - 8. The method of claim 1, wherein the method is performed for all pointers only during initialization of the set of computer instructions.
  - 9. The method of claim 1, wherein the method is performed for each access to the first table.
  - 10. The method of claim 1, further comprising the acts of:
    - providing a third table of data; and
      
      applying the transformation function to the first and third tables of data, thereby to concatenate the tables.
  - 11. The method of claim 1, wherein additional data is appended to the first table, thereby being a third table;
    - and wherein the method further comprises the act of applying a transformation function only to the additional data in the third table.
  - 12. The method of claim 1, wherein the set of computer instructions is in source code format prior to application of the method, and the method is carried out before or during compilation of the source code into object code.
  - 13. The method of claim 1, wherein the transformation function is included in the second table.
  - 14. The method of claim 1, further comprising increasing the length of the first table and putting padding values in additional entries of the first table.
  - 15. The method of claim 1, wherein the method is performed on a computing device programmed to do such.
  - 16. The method of claim 1, wherein the method is carried out by computer code stored on a computer program product.
  - 17. The method of claim 1, wherein the set of computer instructions resulting from the method is object code.

18. A method of accessing masked data, the data being in a set of computer instructions stored in a computer readable memory, using a processor coupled to the computer readable memory, the method comprising the acts of:
- the processor detecting a pointer to a table of masked data in the set of computer instructions stored in a first portion of the computer readable memory;
  
  upon detecting the pointer, the processor accessing a second table stored in a second portion of the computer readable memory, the second table including a plurality of entries, each entry corresponding to a table of data and having a length and starting address of the corresponding masked table of data and a transformation function;
  
  the processor modifying the masked table of data pointed to by the detected pointer, so the masked table of data is modified by the transformation function so as to be unmasked; and
  
  storing the unmasked table of data in the computer readable memory.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. The method of claim 18, wherein the set of computer instructions includes a third table of data and a second pointer to the third table of data, and further comprising applying the method to the third table of data.
  - 20. The method of claim 18, wherein the transformation function is one of an affine transformation, a multiplication by a modulus of a length of the first table, or a permutation.
  - 21. The method of claim 18, wherein the act of modifying the detected pointer includes invoking a handler.
  - 22. The method of claim 18, wherein the transformation function is a bij ection.
  - 23. The method of claim 18, wherein each entry in the second table also includes the transformation function for that pointer.
  - 24. The method of claim 18, wherein the pointer is an absolute or an offset pointer.
  - 25. The method of claim 18, wherein the method is performed for each access to the masked table of data.
  - 26. The method of claim 18, further comprising the acts of:
    - providing a third table of data; and
      
      applying the transformation function to the masked and third tables of data, thereby to de-concatenate the tables.
  - 27. The method of claim 18, wherein additional data is appended to the masked table of data, thereby being a third table;
    - and further comprising the act of applying a transformation function only to the additional data in the third table.
  - 28. The method of claim 18, wherein the transformation function is included in the second table.
  - 29. The method of claim 18, wherein predetermined entries of the second table contain padding values.
  - 30. The method of claim 18, wherein the method is performed by a computing device programmed to do such.
  - 31. The method of claim 18, wherein the method is carried out by computer code stored on a computer program product.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Farrugia, Augustin J., Ciet, Mathieu, Betouin, Pierre
Primary Examiner(s)
Hoang, Huan
Assistant Examiner(s)
RADKE, JAY W

Application Number

US12/475,377
Publication Number

US 20100306497A1
Time in Patent Office

1,026 Days
Field of Search

711/170
US Class Current

711/170
CPC Class Codes

G06F 21/14 against software analysis o...

Computer implemented masked representation of data tables

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Computer implemented masked representation of data tables

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others