公开(公告)号：US09961057B2

公开(公告)日：2018-05-01

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

公开(公告)号：US20240377969A1

公开(公告)日：2024-11-14

申请号：US18314207

申请日：2023-05-09

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Lorenz Schumm

IPC: G06F3/06

Abstract: A method is provided to protect access to a memory in a data processing system. For each application of a plurality of applications, there is a fetch secret, a load secret, and a store secret. A fetch tweak, a load tweak, and a store tweak is computed for each application as a combination of one or more of the fetch secret, the load secret, and the store secret. Data to be stored in the memory is encrypted using the store tweak, and data to be retrieved from the memory is decrypted using the load tweak. Only a software security monitor of the data processing system knows the fetch secret, and each application knows its own load and store secrets. All three of the fetch secret, store secret, and the load secret have to be switched for a context switch in the data processing system.

公开(公告)号：US20240118380A1

公开(公告)日：2024-04-11

申请号：US17938430

申请日：2022-10-06

Applicant: NXP B.V.

Inventor： Tobias Schneider ,  Eduardo Pimentel de Alvarenga ,  Marcel Medwed ,  Erik Kraft ,  Stefan Lemsitzer ,  Robert Spreitzer

IPC: G01S7/02

CPC classification number: G01S7/023

Abstract: A method is provided for detecting interference in a radar system. The method includes transmitting, by a transmitter of the radar system, a sequence of radar pulses at a regular interval with a rest period following each radar pulse of the sequence of radar pulses. The transmitter is disabled during each rest period. A receiver is enabled to receive reflected radar pulses from a target during the rest period following each radar pulse of the sequence of radar pulses. Some of the radar pulses are selected to be omitted and not transmitted. The receiver is still enabled during the rest periods following the omitted transmission pulses. Any reflected pulses received during the rest periods following the omitted transmission pulses may be an indication of a targeted interference of the radar system. In another embodiment, a radar system is provided.

公开(公告)号：US11770700B2

公开(公告)日：2023-09-26

申请号：US17851609

申请日：2022-06-28

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Stefan Lemsitzer

IPC: H04W12/02 ,  H04W12/0433 ,  H04W12/069 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04W12/02 ,  H04L9/3236 ,  H04L63/0869 ,  H04W12/0433 ,  H04W12/069

Abstract: Various embodiments relate to a method and system for resuming a secure communication session with a server by a device, including: sending a message to the server requesting the resumption of a secure communication session; receiving from the server a server identifier, a server nonce, and a salt; determining that the device has a shared key with the server based upon the server identifier; determining that the received salt is valid; calculating a salted identifier based upon the shared key and the salt; sending the salted identifier to the server; and resuming the secure communication session with the server.

公开(公告)号：US11295025B2

公开(公告)日：2022-04-05

申请号：US16427977

申请日：2019-05-31

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F21/60 ,  G06F17/18 ,  G06F21/62

Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. In another embodiment, the manager may be replaced with an L1 cache.

公开(公告)号：US20210306852A1

公开(公告)日：2021-09-30

申请号：US16829401

申请日：2020-03-25

Applicant: NXP B.V

Inventor： Marcel Medwed ,  Pim Vullers ,  Joost Roland Renes ,  Stefan Lemsitzer

IPC: H04W12/06 ,  H04L9/32 ,  H04W12/00

Abstract: A method is provided for authenticating one device to another device. In the method, a first device proves to a second device that a first credential comprising multiple first attributes is valid. The second device proves to the first device that a second credential comprising multiple second attributes is valid. The first device reveals a first attribute of the multiple first attributes to the second device. The second device verifies the first attribute and decides whether to continue revealing attributes. If continuing, the second device reveals to the first device a first attribute of the multiple second attributes. The first device verifies the first attribute of the multiple second attributes. The first device decides whether to continue revealing attributes. Attributes can be revealed until one of the first or second devices end the method or until no attributes of the multiple first and second attributes remain to be revealed.

公开(公告)号：US10824560B2

公开(公告)日：2020-11-03

申请号：US16278246

申请日：2019-02-18

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F12/0802 ,  G06F12/0804 ,  G06F21/78 ,  G06F21/79

Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory. The MSV indicator may be written to the memory by executing a flush instruction of the cache system, and may include the same number of bits as a cache line of the cache system. A data value of the MSV indicator may be a secret data value.

公开(公告)号：US20160072779A1

公开(公告)日：2016-03-10

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括从密码装置的存储器获取密钥（230）的步骤; 向加密模块（240）提供密钥和恒定输入（210）; 使用加密模块（240）导出加密数据比特的输出（250）; 向密钥更新模块（260）提供输出（250），密钥（230）和输入向量（270）; 以及使用所述密钥更新模块（260）基于所述输入向量（270）的至少一部分（270a）来修改所述密钥以导出更新的密钥（230a）。 这样可以防止使用更新的密钥或通过使用侧信道攻击来导出密钥的值，因为所有密钥的输入是不变的。 另外，通过改变输入向量，更新的密钥也被改变。

公开(公告)号：US20250156543A1

公开(公告)日：2025-05-15

申请号：US18506639

申请日：2023-11-10

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed

IPC: G06F21/56

Abstract: A method includes fetching, at a program counter value, an instruction of a basic block of code; decoding the instruction; updating a checksum value with a checksum of the instruction; and determining whether a tuple of the program counter value and the checksum value is in an approximate membership query filter (AMQ-filter).

公开(公告)号：US20250077439A1

公开(公告)日：2025-03-06

申请号：US18456732

申请日：2023-08-28

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge

IPC: G06F12/10

Abstract: A data processing system is provided that includes a processor and a memory. The processor is configured to execute instructions to access a location pointed to by an address pointer. The memory is coupled to the processor and configured to have a plurality of memory portions. A first address pointer for accessing a first portion of the memory includes a type bit field, a tag bit field, and a first address bit field. A second address pointer for accessing a second portion of the memory is configured to have only the type bit field and a second address bit field without the tag bit field. The type bit field is set to a first value for the tagged pointer and a second value for the untagged pointer. In another embodiment, a method is provided for accessing a location in the data processing system.