公开(公告)号：US20200233936A1

公开(公告)日：2020-07-23

申请号：US16250074

申请日：2019-01-17

Applicant: NXP B.V.

Inventor： NIKITA VESHCHIKOV ,  JOPPE WILLEM BOS ,  SIMON JOHANN FRIEDBERGER

IPC: G06F21/12 ,  G06N20/00

Abstract: A method is provided for detecting copying of a machine learning model. A plurality of inputs is provided to a first machine learning model. The first machine learning model provides a plurality of output values. A sequence of bits of a master input is divided into a plurality of subsets of bits. The master input may be an image. Each subset of the plurality of subsets of bits corresponds to one of the plurality of output values. An ordered sequence of the inputs is generated based on the plurality of subsets of bits. The ordered sequence of the inputs is inputted to a second machine learning model. It is then determined if output values from the second machine learning model reproduces the predetermined master input. If the predetermined master input is reproduced, the second machine learning model is a copy of the first machine learning model.

公开(公告)号：US20210019661A1

公开(公告)日：2021-01-21

申请号：US16511082

申请日：2019-07-15

Applicant: NXP B.V.

Inventor： JOPPE WILLEM BOS ,  SIMON JOHANN FRIEDBERGER ,  NIKITA VESHCHIKOV ,  CHRISTINE VAN VREDENDAAL

IPC: G06N20/20 ,  G06N3/08

Abstract: A method is provided for detecting copying of a machine learning model. In the method, the first machine learning model is divided into a plurality of portions. Intermediate outputs from a hidden layer of a selected one of the plurality of portions is compared to corresponding outputs from a second machine learning model to detect the copying. Alternately, a first seal may be generated using the plurality of inputs and the intermediate outputs from nodes of the selected portion. A second seal from a suspected copy that has been generated the same way is compared to the first seal to detect the copying. If the first and second seals are the same, then there is a high likelihood that the suspected copy is an actual copy. By using the method, only the intermediate outputs of the machine learning model outputs have to be disclosed to others, thus protecting the confidentiality of the model.

公开(公告)号：US20200050766A1

公开(公告)日：2020-02-13

申请号：US16058094

申请日：2018-08-08

Applicant: NXP B.V.

Inventor： JOPPE WILLEM BOS

IPC: G06F21/57 ,  G06N99/00 ,  G06F21/52

Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.

公开(公告)号：US20180276392A1

公开(公告)日：2018-09-27

申请号：US15464711

申请日：2017-03-21

Applicant: NXP B.V.

Inventor： JAN HOOGERBRUGGE ,  WILHELMUS PETRUS ADRIANUS JOHANNUS MICHIELS ,  JOPPE WILLEM BOS

IPC: G06F21/60 ,  G06F12/0891

CPC classification number: G06F21/602 ,  G06F12/0891 ,  G06F12/1408 ,  G06F21/64 ,  G06F21/74 ,  G06F21/79 ,  G06F2212/1021 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/60 ,  H04L9/0643 ,  H04L9/0897 ,  H04L9/3236

Abstract: A data processing system having rich execution environment (REE) and a trusted execution environment (TEE) is provided. In the data processing system, an unsecure memory is coupled to the REE and used for storing encrypted data for use in the TEE. The TEE may have a cache for storing the encrypted data after it is decrypted. The data in both the memory and the cache is organized in blocks, and the cache is smaller than the memory. An interpreter is provided in the TEE, along with a service block in the REE, for fetching and decrypting the data to be stored in the cache. The interpreter checks an integrity of the decrypted data using a hash tree having multiple levels. In the event of a cache miss, all blocks of the hash tree in a path from the data block to a root block are retrieved from the memory in one access operation. A method for operating the cache in the data processing system is also provided.

公开(公告)号：US20180212767A1

公开(公告)日：2018-07-26

申请号：US15414391

申请日：2017-01-24

Applicant: NXP B.V.

Inventor： JOPPE WILLEM BOS ,  BJORN FAY ,  BRUCE MURRAY

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L9/0861 ,  H04L9/0662 ,  H04L9/0825 ,  H04L9/0869 ,  H04L9/14 ,  H04L9/3013 ,  H04L9/3066 ,  H04L9/3252

Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to more e□ciently generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.