-
公开(公告)号:US20190251233A1
公开(公告)日:2019-08-15
申请号:US16391437
申请日:2019-04-23
Applicant: NXP B.V.
Inventor: Jan Hoogerbrugge , Wil Michiels
CPC classification number: G06F21/14 , G06F21/629 , G06F2221/0748 , H04L9/302 , H04L9/3066 , H04L2209/046
Abstract: A method of obscuring the input and output of a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits and a modulus m; generating randomly a pre-multiplier; calculating a post-multiplier based upon the pre-multiplier, exponent e, and modulus m; multiplying an input to the modular exponentiation function by the pre-multiplier; performing the modular exponentiation function; and multiplying the output of the modular exponentiation function by the post-multiplier, wherein multiplying an input to the modular exponentiation function by the pre-multiplier, performing the modular exponentiation function, and multiplying the output of the modular exponentiation function by the post-multiplier are split variable operations.
-
公开(公告)号:US10140437B2
公开(公告)日:2018-11-27
申请号:US14815301
申请日:2015-07-31
Applicant: NXP B.V.
Inventor: Jan Hoogerbrugge , Wil Michiels
Abstract: A method of obscuring software code including a data array and a plurality of operations, including: identifying, by a processor, a data array with an index to be obscured and an operation using the data array; permutating the identified data array using a permutating function; and replacing the identified operation using the permutated data array and equivalent encoded permutation function.
-
公开(公告)号:US20170373828A1
公开(公告)日:2017-12-28
申请号:US15194001
申请日:2016-06-27
Applicant: NXP B.V.
CPC classification number: H04L9/002 , G06F21/75 , H04L2209/16
Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.
-
64.发明授权公开(公告)号:US09641337B2
公开(公告)日:2017-05-02
申请号:US14263507
申请日:2014-04-28
Applicant: NXP B.V.
Inventor: Wil Michiels , Jan Hoogerbrugge , Michael Patrick Peeters
CPC classification number: H04L9/3242 , H04L9/0631 , H04L9/0643 , H04L9/3226
Abstract: A method of gluing a cryptographic implementation of a cryptographic function to a surrounding program in a cryptographic system, including: receiving, by the cryptographic system, an input message; receiving a computed value from the surrounding program; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message using the computed value from the surrounding program, wherein the output message is a correct output message when the computed value has a correct value; and outputting the output message.
-
公开(公告)号:US20160350560A1
公开(公告)日:2016-12-01
申请号:US14727413
申请日:2015-06-01
Applicant: NXP B.V.
Inventor: Jan Hoogerbrugge , Wilhemus Michiels
CPC classification number: H04L9/002 , H04L2209/043 , H04L2209/16
Abstract: A method of producing a white-box implementation of a cryptographic function, including: creating, by a processor, a white-box implementation of a cryptographic function using a network of two dimensional lookup tables; identifying two dimensional lookup tables using a common index; and rewriting the identified two dimensional lookup tables as a three dimensional table.
Abstract translation: 一种产生加密功能的白盒实现的方法,包括:使用二维查找表的网络,由处理器创建加密功能的白盒实现; 使用公共索引识别二维查找表; 并将所识别的二维查找表重写为三维表。
-
Patent Agency Ranking
公开(公告)号:US20160328541A1
公开(公告)日:2016-11-10
申请号:US14815381
申请日:2015-07-31
Applicant: NXP B.V.
Inventor: Jan Hoogerbrugge , Wil Michiels
CPC classification number: G06F21/14 , G06F7/723 , H04L9/002 , H04L2209/16
Abstract: A method of obscuring software code implementing a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits; generating a bitwise exponent array and inverse bitwise exponent array; and generating modular exponentiation function operations using the bitwise exponent array, inverse bitwise exponent array, and N, wherein the generated modular exponentiation function operations are split variable operations.
Abstract translation: 一种模糊实现模幂运算功能的软件代码的方法,包括:接收包括N比特指数e的模幂运算参数; 产生按位指数阵列和反向按位指数阵列; 以及使用按位指数阵列,逆位指数阵列和N生成模幂运算函数运算,其中生成的模幂运算函数是分割变量运算。
-
67.发明授权公开(公告)号:US09405936B2
公开(公告)日:2016-08-02
申请号:US14572356
申请日:2014-12-16
Applicant: NXP B.V.
Inventor: Jan Hoogerbrugge , Wil Michiels
CPC classification number: G06F21/64 , G06F8/70 , G06F21/14 , G06F21/54 , G06F2221/2123
Abstract: A method of obscuring software code including a plurality of basic blocks, including: calculating, by a processor, a checksum value of the current basic block and a pointer to the end of the current basic block; determining a preceding basic block for the current basic block; inserting the checksum value for the current basic block into the preceding basic block; and inserting instructions into the preceding basic block to determine a pointer to the beginning of the current basic block based upon the checksum value of the current basic block.
Abstract translation: 一种模糊包括多个基本块的软件代码的方法,包括:由处理器计算当前基本块的校验和值和指向当前基本块的结束的指针; 确定当前基本块的前一个基本块; 将当前基本块的校验和值插入到前一个基本块中; 以及基于当前基本块的校验和值,将指令插入到前述基本块中以确定指向当前基本块的开头的指针。
-
68.发明授权Implementing use-dependent security settings in a single white-box implementation 有权在单个白盒实现中实现依赖于使用的安全设置公开(公告)号:US09380033B2
公开(公告)日:2016-06-28
申请号:US14263247
申请日:2014-04-28
Applicant: NXP B.V.
Inventor: Wil Michiels , Jan Hoogerbrugge
CPC classification number: H04L63/0428 , H04L9/002 , H04L9/0631 , H04L2209/043 , H04L2209/16
Abstract: A method of enforcing security settings in a cryptographic system, including: receiving, by the cryptographic system, a first input message associated with a first security setting of a plurality of security settings; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first security setting, wherein each of the plurality of security settings has an associated set of input messages wherein the sets of input messages do not overlap.
Abstract translation: 一种在加密系统中实施安全设置的方法,包括:由加密系统接收与多个安全设置的第一安全设置相关联的第一输入消息; 通过加密系统执行将第一输入消息映射到第一输出消息中的密钥加密操作,其中当密码系统被授权用于第一安全设置时,密钥密码操作产生正确的输出消息,其中, 安全设置具有相关联的一组输入消息,其中输入消息组不重叠。
-
公开(公告)号:US20160182472A1
公开(公告)日:2016-06-23
申请号:US14577148
申请日:2014-12-19
Applicant: NXP B.V.
Inventor: Wil Michiels , Jan Hoogerbrugge
IPC: H04L29/06
CPC classification number: H04L63/061 , H04L9/002 , H04L63/0876 , H04L2209/16
Abstract: A non-transitory machine-readable storage medium encoded with instructions for a keyed cryptographic operation having a first and second portion for execution by a cryptographic system mapping an input message to an output message, including: instructions for outputting first cryptographic data from a first portion the cryptographic operation to a secure hardware device implementing a secure function on the data; instructions for receiving output data from the secure hardware device; instructions for implementing an inverse of the secure function on the output data; and instructions for performing a second portion of the cryptographic operation on the inverted output data, wherein the instructions for implementing an inverse of the secure function on the output data are securely merged with the instructions for performing the second portion of the cryptographic operation on the inverted output data so that the inverted output is not accessible to an attacker.
Abstract translation: 一种编码具有用于密钥密码操作的指令的非暂时机读存储介质,具有用于由映射输入消息到输出消息的加密系统执行的第一和第二部分,包括:用于从第一部分输出第一加密数据的指令 对在数据上实现安全功能的安全硬件设备的加密操作; 用于从安全硬件设备接收输出数据的指令; 用于实现对输出数据的安全功能的反向的指令; 以及用于对所述反相输出数据执行所述密码操作的第二部分的指令,其中用于对所述输出数据执行所述安全功能的逆的所述指令与所述用于执行所述反转的所述加密操作的所述第二部分的指令安全地合并 输出数据,使得反向输出不能被攻击者访问。
-
公开(公告)号:US20150331609A1
公开(公告)日:2015-11-19
申请号:US14276793
申请日:2014-05-13
Applicant: NXP B.V.
Inventor: Friso Jedema , Jan R. Brands , Timotheus van Roermund , Jan Hoogerbrugge , Piotr Polak
IPC: G06F3/06
CPC classification number: G06F3/0604 , G06F3/0632 , G06F3/0679 , G06Q20/341 , G07F7/082
Abstract: A time manager controls one or more timing functions on a circuit. The time manager includes a data storage and a time calculator. The data storage device stores a first indication of a performance characteristic of a memory cell at a first time. The data storage device also stores a second indication of the performance characteristic of the memory cell at a second time. The time calculator is coupled to the data storage device. The time calculator calculates a time duration between the first time and the second time based on a change in the performance characteristic of the memory cell from the first indication to the second indication.
Abstract translation: 时间管理器控制电路上的一个或多个定时功能。 时间管理器包括数据存储和时间计算器。 数据存储装置在第一时间存储存储单元的性能特性的第一指示。 数据存储装置还在第二时间存储存储单元的性能特性的第二指示。 时间计算器耦合到数据存储装置。 时间计算器基于从第一指示到第二指示的存储器单元的性能特性的变化,计算第一时间和第二时间之间的持续时间。
-
-
-
-
-
-
-
-
-
Search Results
97
records
(took 0.024 seconds)
