Secure authentication of identification for computing devices

US 9,264,234 B2
Filed: 01/24/2012
Issued: 02/16/2016
Est. Priority Date: 06/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of generating a signature for a computing device, the method comprising:

receiving a particular value and a plurality of identifiers that each uniquely identifies the computing device, wherein each identifier is used to generate a different signature;

applying a hash function using a combination of a received first identifier of the plurality of identifiers and the particular value to generate a hash value;

applying a symmetric cryptographic operation to the hash value to generate a result;

combining the result and the particular value to determine the signature for the computing device, wherein a received second identifier of the plurality of identifiers is used to generate a second signature by applying at least one of a different hash function and a different symmetricic operation; and

storing the signatures for the computing device for later use by other devices in verifying the received identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.

Citations

19 Claims

1. A method of generating a signature for a computing device, the method comprising:
- receiving a particular value and a plurality of identifiers that each uniquely identifies the computing device, wherein each identifier is used to generate a different signature;
  
  applying a hash function using a combination of a received first identifier of the plurality of identifiers and the particular value to generate a hash value;
  
  applying a symmetric cryptographic operation to the hash value to generate a result;
  
  combining the result and the particular value to determine the signature for the computing device, wherein a received second identifier of the plurality of identifiers is used to generate a second signature by applying at least one of a different hash function and a different symmetricic operation; and
  
  storing the signatures for the computing device for later use by other devices in verifying the received identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein each identifier of the plurality of identifiers is one of a serial number, a system number, a network identifier, and a user identifier.
  - 3. The method of claim 1 further comprising applying a mask value or a permutation to the hash value prior to the application of the symmetric cryptographic operation.
  - 4. The method of claim 3, wherein applying the mask value comprises applying an affine mask or a weak encryption.
  - 5. The method of claim 1, wherein the symmetric cryptographic operation is a block or stream cipher.
  - 6. The method of claim 5, wherein the symmetric cryptographic operation is Advanced Encryption Standard encryption.
  - 7. The method of claim 1, wherein the symmetric cryptographic operation is a cipher encryption or decryption.
  - 8. The method of claim 1, wherein the particular value is a random or pseudo random number.
  - 9. The method of claim 1, wherein the signatures for the first and second identifiers are generated sequentially.
  - 10. The method of claim 1, wherein the particular value is a random or pseudo random number, and the combination is a concatenation of the received first identifier and the particular value.
  - 11. The method of claim 1, wherein each identifier is associated with one of a different computing process, entity, and resource.
  - 12. The method of claim 1 further comprising applying a mask value or permutation to the result.

13. A method for verifying a plurality of identifiers of a computing device, the method comprising:
- receiving a plurality of signatures and the plurality of identifiers of the computing device, each identifier associated with a different signature;
  
  partitioning a first signature, associated with a first identifier, into a first portion and a second portion;
  
  applying a symmetric cryptographic operation on the first portion to generate a result;
  
  applying a hash function using a combination of the second portion and the first identifier to generate a hash value; and
  
  verifying the first identifier by comparing the hash value to the result of the cryptographic process, wherein a second identifier that is associated with a second signature is verified by applying at least one of a different symmetric cryptographic operation and a different hash function.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the method further verifies one of (i) all the identifiers to determine a valid identifier, (ii) a predetermined number of the identifiers of the plurality to determine a valid identifier, and (iii) the identifiers in a predetermined order to determine a valid identifier.
  - 15. The method of claim 13, wherein each identifier of the plurality of identifiers is one of a serial number, a system number, a network identifier, and a user identifier of the computing device.
  - 16. The method of claim 13, wherein applying the symmetric cryptographic operation comprises performing a cipher decryption.

17. A non-transitory machine-readable medium storing a program which when executed by at least one processing unit generates a signature for a computing device, the program comprising sets of instructions for:
- receiving (i) a plurality of identifiers that each uniquely identifies the computing device and (ii) a particular value, wherein each identifier is used to generate a different signature;
  
  applying a hash function using a combination of a received first identifier of the plurality of identifiers and the particular value to generate a hash value;
  
  applying a symmetric cryptographic operation to the hash value to generate a result;
  
  combining the result and the particular value to determine the signature for the computing device, wherein a received second identifier of the plurality of identifiers is used to generate a second signature by applying at least one of a different hash function and a different symmetric cryptographic operation; and
  
  storing the signatures for the computing device for later use by other devices in verifying the received identifier.
- View Dependent Claims (18, 19)
- - 18. The non-transitory machine-readable medium of claim 17, wherein each identifier of the plurality of identifiers is one of a serial number, a system number, a network identifier, and a user identifier.
  - 19. The non-transitory machine-readable medium of claim 17, wherein the particular value is a random or pseudo random number and the combination is a concatenation of the received first identifier and the particular value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Farrugia, Augustin J., Ciet, Mathieu, Icart, Thomas, M'Raihi, David
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US13/357,454
Publication Number

US 20120311338A1
Time in Patent Office

1,484 Days
Field of Search

726/2, 726/5, 726/18, 726/30, 726/34, 713/176, 713/181, 707/698, 711/100, 380/255
US Class Current

1/1
CPC Class Codes

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/06   the encryption apparatus us...

H04L 9/3247   involving digital signatures

Secure authentication of identification for computing devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authentication of identification for computing devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links