-
公开(公告)号:US11409845B2
公开(公告)日:2022-08-09
申请号:US16250074
申请日:2019-01-17
Applicant: NXP B.V.
Inventor: Nikita Veshchikov , Joppe Willem Bos , Simon Johann Friedberger
Abstract: A method is provided for detecting copying of a machine learning model. A plurality of inputs is provided to a first machine learning model. The first machine learning model provides a plurality of output values. A sequence of bits of a master input is divided into a plurality of subsets of bits. The master input may be an image. Each subset of the plurality of subsets of bits corresponds to one of the plurality of output values. An ordered sequence of the inputs is generated based on the plurality of subsets of bits. The ordered sequence of the inputs is inputted to a second machine learning model. It is then determined if output values from the second machine learning model reproduces the predetermined master input. If the predetermined master input is reproduced, the second machine learning model is a copy of the first machine learning model.
-
2.发明授权公开(公告)号:US11500970B2
公开(公告)日:2022-11-15
申请号:US16529882
申请日:2019-08-02
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Simon Johann Friedberger , Nikita Veshchikov , Christine van Vredendaal
Abstract: A method and data processing system are provided for determining if a machine learning model has been copied. The machine learning model has a plurality of nodes, the plurality of nodes is organized as a plurality of interconnected layers, and the plurality of interconnected layers includes an input layer and an output layer. The output layer has a predetermined number of output nodes for classifying input samples into a predetermined number of categories, where each output node corresponds to a category. An additional watermarking node is added to the output layer. The model is trained to classify the input data into the predetermined number of categories and into an additional category for the additional node. The additional node may be added to another model to determine if the another model is a copy or clone of the ML model.
-
公开(公告)号:US20210110002A1
公开(公告)日:2021-04-15
申请号:US16598148
申请日:2019-10-10
Applicant: NXP B.V.
Inventor: Nikita Veshchikov , Joppe Willem Bos , Simon Johann Friedberger , Christine van Vredendaal
Abstract: A method is provided for protecting a software program from copying. The method includes providing a first implementation of the software program. A second implementation of the software program is then provided. The second implementation provides a same functionality as the first implementation, and wherein the second implementation includes a plurality of dummy operations to increase a number of operations and an execution time of the second implementation compared to the first implementation. The dummy operations are encoded. The second implementation may then be compared to another software program to determine if the another software program is a copy of the first implementation of the software program. This allows a copy of the first implementation to be detected without disclosing the first implementation.
-
公开(公告)号:US10608822B2
公开(公告)日:2020-03-31
申请号:US15497419
申请日:2017-04-26
Applicant: NXP B.V.
Inventor: Florian Boehl , Simon Johann Friedberger , Thierry G. C. Walrant
Abstract: A method of computing a message authentication code (MAC) for a message having a common part and an independent part using a constrained processor, including: performing a MAC function on the common part of the message using a first secret key to produce a first output; performing a pseudorandom function on the independent part of the message using a second key to produce a second output, wherein the computation time of the pseudorandom function is significantly less than the computation time of the MAC function; and combining the first output and the second output to produce a computed MAC for the message.
-
公开(公告)号:US11586989B2
公开(公告)日:2023-02-21
申请号:US16511082
申请日:2019-07-15
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Simon Johann Friedberger , Nikita Veshchikov , Christine Van Vredendaal
Abstract: A method is provided for detecting copying of a machine learning model. In the method, the first machine learning model is divided into a plurality of portions. Intermediate outputs from a hidden layer of a selected one of the plurality of portions is compared to corresponding outputs from a second machine learning model to detect the copying. Alternately, a first seal may be generated using the plurality of inputs and the intermediate outputs from nodes of the selected portion. A second seal from a suspected copy that has been generated the same way is compared to the first seal to detect the copying. If the first and second seals are the same, then there is a high likelihood that the suspected copy is an actual copy. By using the method, only the intermediate outputs of the machine learning model outputs have to be disclosed to others, thus protecting the confidentiality of the model.
-
Patent Agency Ranking
公开(公告)号:US20180316504A1
公开(公告)日:2018-11-01
申请号:US15497419
申请日:2017-04-26
Applicant: NXP B.V.
Inventor: Florian Boehl , Simon Johann Friedberger , Thierry G.C. Walrant
CPC classification number: H04L9/14 , H04L9/3242 , H04L2209/125
Abstract: A method of computing a message authentication code (MAC) for a message having a common part and an independent part using a constrained processor, including: performing a MAC function on the common part of the message using a first secret key to produce a first output; performing a pseudorandom function on the independent part of the message using a second key to produce a second output, wherein the computation time of the pseudorandom function is significantly less than the computation time of the MAC function; and combining the first output and the second output to produce a computed MAC for the message.
-
公开(公告)号:US11410078B2
公开(公告)日:2022-08-09
申请号:US16297955
申请日:2019-03-11
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Simon Johann Friedberger , Christiaan Kuipers , Vincent Verneuil , Nikita Veshchikov , Christine Van Vredendaal , Brian Ermans
Abstract: A method and data processing system for making a machine learning model more resistant to adversarial examples are provided. In the method, an input for a machine learning model is provided. A randomly generated mask is added to the input to produce a modified input. The modified input is provided to the machine learning model. The randomly generated mask negates the effect of a perturbation added to the input for causing the input to be an adversarial example. The method may be implemented using the data processing system.
-
公开(公告)号:US11409843B2
公开(公告)日:2022-08-09
申请号:US16598148
申请日:2019-10-10
Applicant: NXP B.V.
Inventor: Nikita Veshchikov , Joppe Willem Bos , Simon Johann Friedberger , Christine van Vredendaal
Abstract: A method is provided for protecting a software program from copying. The method includes providing a first implementation of the software program. A second implementation of the software program is then provided. The second implementation provides a same functionality as the first implementation, and wherein the second implementation includes a plurality of dummy operations to increase a number of operations and an execution time of the second implementation compared to the first implementation. The dummy operations are encoded. The second implementation may then be compared to another software program to determine if the another software program is a copy of the first implementation of the software program. This allows a copy of the first implementation to be detected without disclosing the first implementation.
-
9.发明申请公开(公告)号:US20210034721A1
公开(公告)日:2021-02-04
申请号:US16529882
申请日:2019-08-02
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Simon Johann Friedberger , Nikita Veshchikov , Christine van Vredendaal
Abstract: A method and data processing system are provided for determining if a machine learning model has been copied. The machine learning model has a plurality of nodes, the plurality of nodes is organized as a plurality of interconnected layers, and the plurality of interconnected layers includes an input layer and an output layer. The output layer has a predetermined number of output nodes for classifying input samples into a predetermined number of categories, where each output node corresponds to a category. An additional watermarking node is added to the output layer. The model is trained to classify the input data into the predetermined number of categories and into an additional category for the additional node. The additional node may be added to another model to determine if the another model is a copy or clone of the ML model.
-
10.发明申请公开(公告)号:US20200293941A1
公开(公告)日:2020-09-17
申请号:US16297955
申请日:2019-03-11
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Simon Johann Friedberger , Christiaan Kuipers , Vincent Verneuil , Nikita Veshchikov , Christine Van Vredendaal , Brian Ermans
Abstract: A method and data processing system for making a machine learning model more resistant to adversarial examples are provided. In the method, an input for a machine learning model is provided. A randomly generated mask is added to the input to produce a modified input. The modified input is provided to the machine learning model. The randomly generated mask negates the effect of a perturbation added to the input for causing the input to be an adversarial example. The method may be implemented using the data processing system.
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.013 seconds)
