| CPC G06F 21/6227 (2013.01) [G06F 21/44 (2013.01); G06F 21/602 (2013.01); H04L 9/085 (2013.01); H04L 2209/16 (2013.01); H04L 2209/34 (2013.01)] | 21 Claims |
|
1. A method of enabling secure generation of an output in a run-time device, comprising:
receiving a request to register a whitebox implementation for generating the output in a network service from a build-time device, the request to register comprising:
a base file; and
a list of unlocked whitebox look up tables (LUTs);
registering the base file and the list of unlocked whitebox LUTs in the network service;
returning a surrogate whitebox implementation having a build identifier (ID) and a plurality of blank LUTs to the build-time device;
receiving a lock request from the run-time device upon execution of the surrogate whitebox implementation, the lock request comprising a fingerprint of the run-time device determined by the run-time device upon first execution of the surrogate whitebox implementation and the build identifier;
generating a locked whitebox implementation according to the received fingerprint of the run-time device and the build identifier, the locked whitebox implementation having a plurality of run-time device specific locked whitebox LUTs;
transmitting the plurality of run-time device specific locked whitebox LUTs from the network service to the run-time device;
receiving a request for a secret from the run-time device, the request for the secret including the build ID; and
transmitting an encoded secret.
|