Universal secure token for obfuscation and tamper resistance
First Claim
Patent Images
1. A program obfuscation system, comprising:
- a hardware token including a secret oracle component, the hardware token and the secret oracle component having a stateless operation to enable interacting concurrently with multiple obfuscated program components, the secret oracle component enabling use of an execution identity for an entire execution to facilitate security when interacting concurrently with the multiple obfuscated program components;
an obfuscated program component of the multiple obfuscated program components, produced by a public obfuscation function corresponding to the secret oracle component, that includes queries to the secret oracle component included in the hardware token to facilitate evaluation of the obfuscated program component, the secret oracle component to assign a secret obfuscation identity to each of the queries, the obfuscated program component obfuscated as a universal circuit; and
an evaluation component that detects unauthorized modification with respect to the obfuscated program component or input based in part on message authentication codes in conjunction with input encryption, program evaluation, and output decryption.
2 Assignments
0 Petitions
Accused Products
Abstract
Program obfuscation is accomplished with tamper proof token including an embedded oracle. A public obfuscation function can be applied to any program/circuit to produce a new obfuscated program/circuit that makes calls to the corresponding oracle to facilitate program execution. A universal circuit representation can be employ with respect to obfuscation to hide circuit wiring and allow the whole circuit to be public. Furthermore, the token or embedded oracle can be universal and stateless to enable a single token to be employed with respect to many programs.
42 Citations
16 Claims
-
1. A program obfuscation system, comprising:
-
a hardware token including a secret oracle component, the hardware token and the secret oracle component having a stateless operation to enable interacting concurrently with multiple obfuscated program components, the secret oracle component enabling use of an execution identity for an entire execution to facilitate security when interacting concurrently with the multiple obfuscated program components; an obfuscated program component of the multiple obfuscated program components, produced by a public obfuscation function corresponding to the secret oracle component, that includes queries to the secret oracle component included in the hardware token to facilitate evaluation of the obfuscated program component, the secret oracle component to assign a secret obfuscation identity to each of the queries, the obfuscated program component obfuscated as a universal circuit; and an evaluation component that detects unauthorized modification with respect to the obfuscated program component or input based in part on message authentication codes in conjunction with input encryption, program evaluation, and output decryption. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of program obfuscation, comprising:
-
receiving queries including encrypted information from a plurality of obfuscated universal circuit representations of programs, by a computer including a memory and a processor, the plurality of obfuscated universal circuit representations of programs comprising one or more input wires; assigning a secret obfuscation identity to each of the queries; processing the queries in parallel at a secret oracle component having a stateless operation, the secret oracle component enabling use of an execution identity for an entire execution to facilitate security when processing the queries in parallel, the secret oracle component included in a hardware token; returning encrypted results to at least one of the plurality of obfuscated universal circuit representations; receiving message authentication codes associated with one or more input wires to detect unauthorized modification; and verifying input authentication utilizing the message authentication codes prior to evaluation in conjunction with the encrypted information, evaluation of the querying program, and output decryption. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of program obfuscation comprising:
-
acquiring, by a computer including a memory and a processor, a public obfuscation function; applying the function to a circuit representation of a program to generate an obfuscated universal circuit that includes queries to an oracle that is tamper resistant and stateless, the oracle to process multiple queries from multiple programs in parallel, to assign a secret obfuscation identity to each of the multiple queries, the oracle enabling use of an execution identity for an entire execution to facilitate security when processing the multiple queries from the multiple programs in parallel, and to facilitate evaluation of the obfuscated universal circuit, wherein the oracle is included in a hardware token; and detecting unauthorized modification of the obfuscated universal circuit or input based in part on message authentication codes, input encryption, program evaluation and output decryption. - View Dependent Claims (15, 16)
-
Specification