公开(公告)号：US20200264976A1

公开(公告)日：2020-08-20

申请号：US16278246

申请日：2019-02-18

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F12/0802

Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit is coupled to the system bus and to the processing core. The memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory. The MSV indicator may be written to the memory by executing a flush instruction of the cache system and may include the same number of bits as a cache line of the cache system. A data value of the MSV indicator may be a secret data value.

公开(公告)号：US10678474B1

公开(公告)日：2020-06-09

申请号：US16206066

申请日：2018-11-30

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge ,  Ventzislav Nikov

IPC: G06F12/00 ,  G06F3/06 ,  G06F13/24

Abstract: A computing system using low-fat pointers, including: a memory configured to be accessed by the low-fat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core; and a memory safety peripheral configured to receive a pointer request, wherein the pointer is a low-fat pointer and to verify that the pointer request is within required memory bounds.

公开(公告)号：US09961057B2

公开(公告)日：2018-05-01

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

公开(公告)号：US11687678B2

公开(公告)日：2023-06-27

申请号：US17081589

申请日：2020-10-27

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Tobias Schneider ,  Ventzislav Nikov ,  Jorge Miguel Ventuzelos Pereira ,  Rudi Verslegers ,  Nikita Veshchikov ,  Joppe Willem Bos ,  Jan Hoogerbrugge

IPC: G06F21/74 ,  G06F21/60

CPC classification number: G06F21/74 ,  G06F21/606

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

公开(公告)号：US10567155B2

公开(公告)日：2020-02-18

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/08 ,  G06F7/58 ,  H04L29/06 ,  H04L9/06

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

公开(公告)号：US09979543B2

公开(公告)日：2018-05-22

申请号：US14139849

申请日：2013-12-23

Applicant: NXP B.V.

Inventor： Miroslav Knezevic ,  Ventzislav Nikov

IPC: H04L9/00 ,  H04L9/30 ,  G06F7/72

CPC classification number: H04L9/3066 ,  G06F7/725 ,  G06F7/726

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.

公开(公告)号：US09906505B2

公开(公告)日：2018-02-27

申请号：US14707712

申请日：2015-05-08

Applicant: NXP B.V.

Inventor： Michael Michel Patrick Peeters ,  Ventzislav Nikov

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L63/0435 ,  H04L9/0618 ,  H04L9/085 ,  H04L9/302 ,  H04L9/3247 ,  H04L63/061 ,  H04L63/0853

Abstract: An embodiment features an RSA process in which the private key is separated into shares. Decryption (and authentication and other RSA objectives) may be accomplished by successive modular exponentiation of, for example, a ciphertext or a signature.

公开(公告)号：US20170012948A1

公开(公告)日：2017-01-12

申请号：US14707712

申请日：2015-05-08

Applicant: NXP B.V.

Inventor： Michael Michel Patrick Peeters ,  Ventzislav Nikov

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L63/0435 ,  H04L9/0618 ,  H04L9/085 ,  H04L9/302 ,  H04L9/3247 ,  H04L63/061 ,  H04L63/0853

Abstract: An embodiment features an RSA process in which the private key is separated into shares. Decryption (and authentication and other RSA objectives) may be accomplished by successive modular exponentiation of, for example, a ciphertext or a signature.

Abstract translation: 实施例的特征在于其中私钥被分成共享的RSA过程。 解密（以及认证和其他RSA目标）可以通过例如密文或签名的连续模幂运算来实现。

公开(公告)号：US20160323097A1

公开(公告)日：2016-11-03

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08 ,  G06F7/58

CPC classification number: H04L9/002 ,  G06F7/582 ,  H04L9/003 ,  H04L9/0662 ,  H04L9/0869 ,  H04L9/0891 ,  H04L63/0457 ,  H04L63/08 ,  H04L63/123

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括以下步骤：使用伪随机发生器（510）产生秘密值（324）; 提供密钥（330），具有多个块的输入（324）和秘密值给加密模块（340）; 索引大块和秘密值（324）; 通过使用密钥（330）和加密模块（340）加密由块索引的秘密值（324）来处理输入块; 为每个块生成加密模块（340）的伪随机输出（330'），在处理下一个块时提供伪随机输出作为密钥（330'）; 并且通过使用它作为加密固定明文的密钥，对前一步骤的最后伪随机输出（330'）执行最终变换。

公开(公告)号：US11295025B2

公开(公告)日：2022-04-05

申请号：US16427977

申请日：2019-05-31

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F21/60 ,  G06F17/18 ,  G06F21/62

Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. In another embodiment, the manager may be replaced with an L1 cache.