	US 12,321,481 B2
	Cloud-based whitebox node locking
Lex Aaron Anderson, Auckland (NZ); Rafie Shamsaasef, San Diego, CA (US); and Alexander Medvinsky, San Diego, CA (US)
Assigned to ARRIS Enterprises LLC, Horsham, PA (US)
Filed by ARRIS Enterprises LLC, Horsham, PA (US)
Filed on Feb. 22, 2024, as Appl. No. 18/584,912.
Application 18/584,912 is a continuation of application No. 18/171,081, filed on Feb. 17, 2023, granted, now 11,941,143.
Application 18/171,081 is a continuation of application No. 17/722,201, filed on Apr. 15, 2022, granted, now 11,625,498, issued on Apr. 11, 2023.
Claims priority of provisional application 63/181,670, filed on Apr. 29, 2021.
Prior Publication US 2024/0193297 A1, Jun. 13, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 21/44 (2013.01); G06F 21/60 (2013.01); H04L 9/08 (2006.01)

CPC G06F 21/6227 (2013.01) [G06F 21/44 (2013.01); G06F 21/602 (2013.01); H04L 9/085 (2013.01); H04L 2209/16 (2013.01); H04L 2209/34 (2013.01)]

7 Claims

1. A method of enabling secure generation of an output, comprising:

receiving a lock request from a run-time device upon execution of a surrogate whitebox implementation, the lock request comprising a fingerprint of the run-time device determined by the run-time device upon first execution of the surrogate whitebox implementation and a build identifier;

generating a locked whitebox implementation according to the received fingerprint of the run-time device and the build identifier, the locked whitebox implementation having a plurality of run-time device specific locked whitebox LUTs associated with a plurality of blank LUTs at a build-time device;

transmitting the run-time device specific locked whitebox LUTs from a network service to the run-time device;

receiving a request for a secret from the run-time device, the request including the build identifier; and

transmitting an encoded secret.