公开(公告)号：US20240192307A1

公开(公告)日：2024-06-13

申请号：US18079473

申请日：2022-12-12

Applicant: NXP B.V.

Inventor： Eduardo Pimentel de Alvarenga ,  Marcel Medwed ,  Tobias Schneider ,  Erik Kraft

IPC: G01S5/14

CPC classification number: G01S5/14

Abstract: In an ultra-wideband (UWB) communication network, a controller anchor changes which anchor of a group of anchors serves as initiator for each of multiple ranging rounds. Based on the capabilities of the anchors in the UWB communication network, the controller selects among multiple modes for designating which anchor serves as initiator for each ranging round. In a first mode, the anchors take turns serving as the initiator for successive ranging rounds in round robin fashion. In a second mode, the anchors randomly take turns serving as the initiator for ranging rounds. By dynamically selecting an initiator for each ranging round, launching a successful jamming attack becomes significantly more complicated.

公开(公告)号：US11687678B2

公开(公告)日：2023-06-27

申请号：US17081589

申请日：2020-10-27

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Tobias Schneider ,  Ventzislav Nikov ,  Jorge Miguel Ventuzelos Pereira ,  Rudi Verslegers ,  Nikita Veshchikov ,  Joppe Willem Bos ,  Jan Hoogerbrugge

IPC: G06F21/74 ,  G06F21/60

CPC classification number: G06F21/74 ,  G06F21/606

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

公开(公告)号：US20220330016A1

公开(公告)日：2022-10-13

申请号：US17851609

申请日：2022-06-28

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Stefan Lemsitzer

IPC: H04W12/02 ,  H04W12/0433 ,  H04W12/069 ,  H04L9/32 ,  H04L9/40

Abstract: Various embodiments relate to a method and system for resuming a secure communication session with a server by a device, including: sending a message to the server requesting the resumption of a secure communication session; receiving from the server a server identifier, a server nonce, and a salt; determining that the device has a shared key with the server based upon the server identifier; determining that the received salt is valid; calculating a salted identifier based upon the shared key and the salt; sending the salted identifier to the server; and resuming the secure communication session with the server.

公开(公告)号：US11055202B1

公开(公告)日：2021-07-06

申请号：US16715656

申请日：2019-12-16

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed

IPC: G06F8/35 ,  G06F8/41 ,  G06F11/36

Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.

公开(公告)号：US10567155B2

公开(公告)日：2020-02-18

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/08 ,  G06F7/58 ,  H04L29/06 ,  H04L9/06

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

公开(公告)号：US20160323097A1

公开(公告)日：2016-11-03

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08 ,  G06F7/58

CPC classification number: H04L9/002 ,  G06F7/582 ,  H04L9/003 ,  H04L9/0662 ,  H04L9/0869 ,  H04L9/0891 ,  H04L63/0457 ,  H04L63/08 ,  H04L63/123

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括以下步骤：使用伪随机发生器（510）产生秘密值（324）; 提供密钥（330），具有多个块的输入（324）和秘密值给加密模块（340）; 索引大块和秘密值（324）; 通过使用密钥（330）和加密模块（340）加密由块索引的秘密值（324）来处理输入块; 为每个块生成加密模块（340）的伪随机输出（330'），在处理下一个块时提供伪随机输出作为密钥（330'）; 并且通过使用它作为加密固定明文的密钥，对前一步骤的最后伪随机输出（330'）执行最终变换。