公开(公告)号：US20250156543A1

公开(公告)日：2025-05-15

申请号：US18506639

申请日：2023-11-10

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed

IPC: G06F21/56

Abstract: A method includes fetching, at a program counter value, an instruction of a basic block of code; decoding the instruction; updating a checksum value with a checksum of the instruction; and determining whether a tuple of the program counter value and the checksum value is in an approximate membership query filter (AMQ-filter).

公开(公告)号：US20250077439A1

公开(公告)日：2025-03-06

申请号：US18456732

申请日：2023-08-28

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge

IPC: G06F12/10

Abstract: A data processing system is provided that includes a processor and a memory. The processor is configured to execute instructions to access a location pointed to by an address pointer. The memory is coupled to the processor and configured to have a plurality of memory portions. A first address pointer for accessing a first portion of the memory includes a type bit field, a tag bit field, and a first address bit field. A second address pointer for accessing a second portion of the memory is configured to have only the type bit field and a second address bit field without the tag bit field. The type bit field is set to a first value for the tagged pointer and a second value for the untagged pointer. In another embodiment, a method is provided for accessing a location in the data processing system.

公开(公告)号：US20240249184A1

公开(公告)日：2024-07-25

申请号：US18156767

申请日：2023-01-19

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Wilhelmus Petrus Adrianus Johannus Michiels

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: A method is provided for detecting non-problem domain (NPD) data in a machine learning (ML) model. The method includes training the ML model using problem domain (PD) training data. A second fully connected layer is added to the trained ML model in parallel with a first fully connected layer in the trained ML model. The trained ML model is retrained with NPD training data while preventing weights in the ML model from changing except for weights of the second fully connected layer. An inference operation is performed with the retrained ML model. Output vectors are received from the first and second fully connected layers via a Softmax layer. A metric is computed using the output vectors. The metric is compared to a threshold metric to determine if input samples are PD or NPD. An indication is provided when NPD data is detected. In another embodiment, a ML model is provided.

公开(公告)号：US12032690B2

公开(公告)日：2024-07-09

申请号：US17810428

申请日：2022-07-01

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Wilhelmus Petrus Adrianus Johannus Michiels

IPC: G06N3/08 ,  G06F21/55 ,  G06N3/045 ,  G06N3/084

CPC classification number: G06F21/554 ,  G06N3/08 ,  G06F2221/031

Abstract: A method is provided for protecting a machine learning model from a side channel attack. A weighted sum vector having first and second elements is initialized. A weight vector for a connection between a node of a first layer and a node of a second layer is multiplied with an input vector to the node of the first layer. A first element of the weight vector includes a weight, and a first element of the input vector includes the input. A second element of the weight vector is a negation of the first element of the weight vector and the second element of the input vector equals the first element of the input vector. A multiplication result is added to the weighted sum vector to produce a computed weighted sum vector. An output vector including the computed weighted sum vector is provided to the node of the second layer.

公开(公告)号：US11687678B2

公开(公告)日：2023-06-27

申请号：US17081589

申请日：2020-10-27

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Tobias Schneider ,  Ventzislav Nikov ,  Jorge Miguel Ventuzelos Pereira ,  Rudi Verslegers ,  Nikita Veshchikov ,  Joppe Willem Bos ,  Jan Hoogerbrugge

IPC: G06F21/74 ,  G06F21/60

CPC classification number: G06F21/74 ,  G06F21/606

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

公开(公告)号：US20220215103A1

公开(公告)日：2022-07-07

申请号：US17143762

申请日：2021-01-07

Applicant: NXP B.V.

Inventor： Wilhelmus Petrus Adrianus Johannus MICHIELS ,  Jan Hoogerbrugge ,  Ad Arts

IPC: G06F21/60 ,  G06F12/1009

Abstract: A data processing system has a processor and a system memory. The system memory may be a dynamic random-access memory (DRAM). The processor includes an embedded memory. The system memory is coupled to the processor and is organized in a plurality of pages. A portion of the code or data stored in the plurality of memory pages is selected for permutation. A permutation order is generated and the memory pages containing the portion of code or data is permuted using a permutation order. The permutation order and/or a reverse permutation order to recover the original order may be stored in the embedded memory. Permuting the memory pages with a permutation order stored in the embedded memory prevents the code or data from being read during a freeze attack on the system memory in a way that is useful to an attacker.

公开(公告)号：US11055202B1

公开(公告)日：2021-07-06

申请号：US16715656

申请日：2019-12-16

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed

IPC: G06F8/35 ,  G06F8/41 ,  G06F11/36

Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.

公开(公告)号：US11023344B2

公开(公告)日：2021-06-01

申请号：US16659937

申请日：2019-10-22

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge

IPC: G06F11/30 ,  G06F11/32 ,  G06F21/60 ,  G06N20/00 ,  G06K9/62

Abstract: A data processing system includes a monitoring system, the monitoring system includes a processor and a data analysis block. The processor executes a monitoring application for monitoring an operation of a monitored system coupled to the monitoring system. When assistance is needed from the monitored system, the processor has an output coupled to the monitored system for providing an assistance request. When the assistance request is sent to the monitored system, the processor also sends a disturbance indication to the data analysis block. The disturbance indication indicates that the output data from the monitored system may be disturbed by the assistance request. The data analysis block can then take an action to reduce the effect the disturbance may have on the analysis results. A method for monitoring the monitored system is also provided.

公开(公告)号：US10389517B2

公开(公告)日：2019-08-20

申请号：US15194001

申请日：2016-06-27

Applicant: NXP B.V.

Inventor： Wilhelmus Petrus Adrianus Johannus Michiels ,  Jan Hoogerbrugge ,  Joppe Willem Bos

IPC: H04L9/00 ,  G06F21/75

Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.

公开(公告)号：US10361855B2

公开(公告)日：2019-07-23

申请号：US15166925

申请日：2016-05-27

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Artur Tadeusz Burchard ,  Jan Hoogerbrugge ,  Wilhelmus Petrus Adrianus Johannus Michiels

IPC: H04L9/30 ,  G06F7/72 ,  H04L9/00 ,  G06F12/14

Abstract: A system includes a secure processor and an unsecure processor. The secure processor is configured to: split a secure scalar K into m2 random values ki, where i is an integer index; randomly select m1-m2 values ki for the indices m2