公开(公告)号：US20140089612A1

公开(公告)日：2014-03-27

申请号：US14029659

申请日：2013-09-17

Applicant: NXP B.V.

Inventor： Martin Feldhofer ,  Franz Amtmann ,  Soenke Ostertun ,  Alicia da Conceicao

IPC: G06F12/00

CPC classification number: G06F12/00 ,  H03K21/403

Abstract: An electronic counter comprising a sequence of memory cells, each memory cell being non-volatile and supporting a one state and a zero state, the counter being configured to represent at least part of a current counting-state of the counter as a pattern of one and zero states in the memory cells of the sequence of memory cells, and increment logic configured to advance the pattern of one and zero states to a next pattern to represent an increment of the counter, the increment logic comprising programming increment logic and erasing increment logic, the increment logic being configured to alternate between a programming phase in which the programming increment logic advances the pattern, and an erasing phase in which the erasing increment logic advances the pattern, wherein the programming increment logic is configured to program a next cell of the sequence of non-volatile memory cells from a zero state to a one state, the program phase terminating when all memory cells of the sequence of memory cells are in the one state, the erasing increment logic is configured to erase a next cell of the sequence of non-volatile memory cells from a one state to a zero state, the erase phase terminating when all memory cells of the sequence of memory cells are in the zero state.

Abstract translation: 一种包括存储器单元序列的电子计数器，每个存储单元是非易失性的并且支持一种状态和零状态，所述计数器被配置为将计数器的当前计数状态的至少一部分表示为一种模式 以及存储器单元序列的存储器单元中的零状态，以及被配置为将一个和零个状态的模式推进到下一个模式以表示计数器的增量的递增逻辑，该增量逻辑包括编程增量逻辑和擦除增量逻辑 所述增量逻辑被配置为在所述编程增量逻辑推进所述模式的编程阶段与所述擦除增量逻辑使所述模式前进的擦除阶段之间交替，其中所述编程增量逻辑被配置为对 非易失性存储单元的序列从零状态到一状态，程序阶段在序列的所有存储单元时终止 所述擦除增量逻辑被配置为将所述非易失性存储器单元序列的下一个单元从一个状态擦除到零状态，所述擦除阶段在所述存储器单元的序列的所有存储单元 存储单元处于零状态。

公开(公告)号：US11409973B2

公开(公告)日：2022-08-09

申请号：US17168246

申请日：2021-02-05

Applicant: NXP B.V.

Inventor： Martin Feldhofer ,  Franz Amtmann ,  Peter Thüringer

IPC: G06K7/10 ,  G06K19/07

Abstract: In accordance with a first aspect of the present disclosure, a radio frequency identification (RFID) device is provided, comprising a first power domain, a second power domain, a first processing unit, and a second processing unit, wherein the first processing unit is configured to execute one or more first operations and the second processing unit is configured to execute one or more second operations, wherein the first operations output intermediate data which are used as input for the second operations, and wherein the first processing unit is configured to operate in the first power domain and the second processing unit is configured to operate in the second power domain, said first power domain having a larger amount of available power than the second power domain. In accordance with further aspects of the present disclosure, a corresponding method of operating a radio frequency identification (RFID) device is conceived, and a corresponding computer program is provided.

公开(公告)号：US09961057B2

公开(公告)日：2018-05-01

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

公开(公告)号：US20160072779A1

公开(公告)日：2016-03-10

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括从密码装置的存储器获取密钥（230）的步骤; 向加密模块（240）提供密钥和恒定输入（210）; 使用加密模块（240）导出加密数据比特的输出（250）; 向密钥更新模块（260）提供输出（250），密钥（230）和输入向量（270）; 以及使用所述密钥更新模块（260）基于所述输入向量（270）的至少一部分（270a）来修改所述密钥以导出更新的密钥（230a）。 这样可以防止使用更新的密钥或通过使用侧信道攻击来导出密钥的值，因为所有密钥的输入是不变的。 另外，通过改变输入向量，更新的密钥也被改变。

公开(公告)号：US10567155B2

公开(公告)日：2020-02-18

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/08 ,  G06F7/58 ,  H04L29/06 ,  H04L9/06

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

公开(公告)号：US20160323097A1

公开(公告)日：2016-11-03

申请号：US15143259

申请日：2016-04-29

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Ventzislav Nikov ,  Martin Feldhofer

IPC: H04L9/00 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08 ,  G06F7/58

CPC classification number: H04L9/002 ,  G06F7/582 ,  H04L9/003 ,  H04L9/0662 ,  H04L9/0869 ,  H04L9/0891 ,  H04L63/0457 ,  H04L63/08 ,  H04L63/123

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330′) of the encryption module (340), providing the pseudorandom output as the key (330′) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330′) from the previous step by using it as a key to encrypt a fixed plaintext.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括以下步骤：使用伪随机发生器（510）产生秘密值（324）; 提供密钥（330），具有多个块的输入（324）和秘密值给加密模块（340）; 索引大块和秘密值（324）; 通过使用密钥（330）和加密模块（340）加密由块索引的秘密值（324）来处理输入块; 为每个块生成加密模块（340）的伪随机输出（330'），在处理下一个块时提供伪随机输出作为密钥（330'）; 并且通过使用它作为加密固定明文的密钥，对前一步骤的最后伪随机输出（330'）执行最终变换。

公开(公告)号：US09454471B2

公开(公告)日：2016-09-27

申请号：US14029659

申请日：2013-09-17

Applicant: NXP B.V.

Inventor： Martin Feldhofer ,  Franz Amtmann ,  Soenke Ostertun ,  Alicia da Conceicao

IPC: G06F12/00 ,  H03K21/40

CPC classification number: G06F12/00 ,  H03K21/403

Abstract: An electronic counter is provided having a sequence of memory cells and increment logic. Each memory cell of the sequence is non-volatile and supports a one state and a zero state. The one state can also be referred to as a ‘programmed state’, the zero state as an ‘erased state’. The counter is configured to represent at least part of a current counting-state of the counter as a pattern of one and zero states in the memory cells of the sequence of memory cells, and increment logic configured to advance the pattern of one and zero states to a next pattern to represent an increment of the counter.

Abstract translation: 提供了具有一系列存储单元和增量逻辑的电子计数器。 序列的每个存储单元是非易失性的，并且支持一个状态和一个零状态。 一个状态也可以被称为“编程状态”，零状态被称为“擦除状态”。 计数器被配置为将计数器的当前计数状态的至少一部分表示为存储器单元序列的存储单元中的一个和零个状态的模式，并且增量逻辑被配置为提前一个和零个状态的模式 到下一个模式来表示计数器的增量。