Methods and Systems for Thwarting Side Channel Attacks
US-2015373035-A1 · Dec 24, 2015 · US
Method for modulating access to a resource, corresponding program and device
US11227054B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11227054-B2 |
| Application number | US-201715437697-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 21, 2017 |
| Priority date | Mar 1, 2016 |
| Publication date | Jan 18, 2022 |
| Grant date | Jan 18, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for controlling access to preliminarily identified computer resources is disclosed. The access is controlled so as to prevent the circumventing, by malicious applications, of barriers set up to prevent them from communicating when they are executed on one or more processors of an electronic device The method is implemented by an electronic device having access to the resources to be controlled. The method includes: receiving a request, coming from a program, for access to a current resource; obtaining at least one access parameter for access to the current resource within a resource-characterizing data structure; and modulating access to the current resource as a function of the at least one access parameter.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for controlling access to preliminarily identified computing resources, the method being implemented by an electronic device configured to modulate access to said computing resources to be controlled, the method comprising: receiving a request, coming from a program installed on the electronic device, for access to a current resource of the preliminarily identified computing resources; obtaining at least one modulation parameter for access to said current resource within a resource-characterizing data structure, wherein the resource-characterizing data structure associates for each of the preliminarily identified computing resources a respective resource identifier, an indicator and at least one modulation parameter, the indicator indicating whether the associated resource is a resource of a first type of the preliminarily identified computing resources having values that are variable over time or is a resource of a second type of the preliminarily identified computing resources that is distinct from the first type, and wherein the computing resources of the first type are selected from the group consisting of: available random-access memory, available mass storage memory, power of a received signal, time, date, clock, electrical consumption, battery level, and processor charge level; the computing resources of the second type are selected from the group consisting of: an identifier, a memory address, a process number, and a serial number; and the obtaining comprises: identifying the current resource in the resource-characterizing data structure as a function of the resource identifier of the current resource; and obtaining, from said resource-characterizing data structure, the indicator and the at least one modulation parameter associated with the resource identifier of the current resource; and modulating access to said current resource by the program as a function of the obtained indicator and the obtained at least one modulation parameter associated with said current resource, wherein the modulating comprises: if the indicator indicates the associated resource is of the first type, sending the program an error-containing piece of information; else if the indicator indicates the associated resource is of the second type, sending the program a piece of encrypted data or a pointer pointing toward the associated resource. 2. The method for controlling access according to claim 1 , wherein, the modulating access to said current resource comprises: masking data as a function of the at least one modulation parameter. 3. The method for controlling access according to claim 2 , wherein for the preliminarily identified computing resources of the second type the masking data comprises: obtaining a code corresponding to the program; computing an encrypted value of the current resource by using the code; and transmitting the encrypted value to said program. 4. The method for controlling access according to claim 2 , wherein for the preliminarily identified computing resources of the second type the masking data comprises: receiving an encrypted value of the current resource coming from the program; obtaining a code corresponding to the program; decrypting the encrypted value by using the code, delivering the value of the current resource; and implementing an operation required by the program on the current resource. 5. A module for controlling access to preliminarily identified computing resources, wherein the module is implemented within an electronic device configured to modulate access to said computing resources to be controlled, and wherein the module comprises: means for receiving a request, coming from a program installed on the electronic device, for access to a current resource of the preliminarily identified computing resources; means for obtaining at least one modulation parameter for access to said current resource within a resource-characterizing data structure, wherein the resource-characterizing data structure associates for each of the preliminarily identified computing resources a respective resource identifier, an indicator and at least one modulation parameter, the indicator indicating whether the associated resource is a resource of a first type of the preliminarily identified computing resources having values that are variable over time or is a resource of a second type of the preliminarily identified computing resources that is distinct from the first type, and wherein the computing resources of the first type are selected from the group consisting of: available random-access memory, available mass storage memory, power of a received signal, time, date, clock, electrical consumption, battery level, and processor charge level; the computing resources of the second type are selected from the group consisting of: an identifier, a memory address, a process number, and a serial number; and the obtaining comprises: identifying the current resource in the resource-characterizing data structure as a function of the resource identifier of the current resource; and obtaining, from said resource-characterizing data structure, the indicator and the at least one modulation parameter associated with the resource identifier of the current resource; and means for modulating access to said current resource by the program as a function of the obtained indicator and the obtained at least one modulation parameter associated with said current resource, wherein the modulating comprises: if the indicator indicates the associated resource is of the first type, sending the program an error-containing piece of information; else if the indicator indicates the associated resource is of the second type, sending the program a piece of encrypted data or a pointer pointing toward the associated resource. 6. An electronic device comprising: a processor; a random-access memory and a storage memory; an operating system, executed within the random-access memory and enabling access to preliminarily identified computing resources of said electronic device; and a module for controlling access to said computing resources, the module for controlling access to said computing resources comprising: means for receiving a request, coming from a program installed on the electronic device, for access to a current resource of the preliminarily identified computing resources; means for obtaining at least one modulation parameter for access to said current resource within a resource-characterizing data structure, wherein the resource-characterizing data structure associates for each of the preliminarily identified computing resources a respective resource identifier, an indicator and at least one modulation parameter, the indicator indicating whether the associated resource is a resource of a first type of the preliminarily identified computing resources having values that are variable over time or is a resource of a second type of the preliminarily identified computing resources that is distinct from the first type, and wherein: the computing resources of the first type are selected from the group consisting of: available random-access memory, available mass storage memory, power of a received signal, time, date, clock, electrical consumption, battery level, and processor charge level; the computing resources of the second type are selected from the group consisting of: an identifier, a memory address, a process number, and a serial number; and the obtaining comprises: identifying the current resource in the resource-characterizing data structure as a function of the resource identifier of the current resource; and obtaining, from said resource-characterizing dat
Assignees
Inventors
Classifications
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
at program execution time, where the protection is within the operating system · CPC title
involving covert channels, i.e. data leakage between processes (inhibiting the analysis of circuitry or operation with measures against power attack G06F21/755) · CPC title
during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11227054B2 cover?
- A method for controlling access to preliminarily identified computer resources is disclosed. The access is controlled so as to prevent the circumventing, by malicious applications, of barriers set up to prevent them from communicating when they are executed on one or more processors of an electronic device The method is implemented by an electronic device having access to the resources to be co…
- Who is the assignee on this patent?
- Banks And Acquirers Int Holding
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 18 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).