Patents by Inventor Jan Hoogerbrugge

Jan Hoogerbrugge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240004994
    Abstract: A method is provided for protecting a machine learning model from a side channel attack. A weighted sum vector having first and second elements is initialized. A weight vector for a connection between a node of a first layer and a node of a second layer is multiplied with an input vector to the node of the first layer. A first element of the weight vector includes a weight, and a first element of the input vector includes the input. A second element of the weight vector is a negation of the first element of the weight vector and the second element of the input vector equals the first element of the input vector. A multiplication result is added to the weighted sum vector to produce a computed weighted sum vector. An output vector including the computed weighted sum vector is provided to the node of the second layer.
    Type: Application
    Filed: July 1, 2022
    Publication date: January 4, 2024
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20240004998
    Abstract: A method is provided for protecting a machine learning (ML) model from a side channel attack (SCA). The method is executed by a processor in a data processing system. The method includes generating a first random bit. A first weighted sum is computed for a first connection between a node of a first layer and a node of a second layer of the ML model. The first weighted sum for the first connection is equal to a multiplication of the weight of the first connection multiplied by an input to the selected node. In the multiplication, one of the weight or the input is negated conditioned on a value of the random bit. A first output including the computed first weighted sum is provided to one or more nodes of a second layer of the plurality of layers.
    Type: Application
    Filed: July 1, 2022
    Publication date: January 4, 2024
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20230418478
    Abstract: Tweakable block cipher encryption is described using a buffer identifier and a memory address.
    Type: Application
    Filed: June 23, 2022
    Publication date: December 28, 2023
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge, Paul Kimelman
  • Patent number: 11783055
    Abstract: A data processing system includes a rich execution environment, a hardware accelerator, a trusted execution environment, and a memory. The REE includes a processor configured to execute an application. A compute kernel is executed on the hardware accelerator and the compute kernel performs computations for the application. The TEE provides relatively higher security than the REE and includes an accelerator controller for controlling operation of the hardware accelerator. The memory has an unsecure portion coupled to the REE and to the TEE, and a secure portion coupled to only the TEE. The secure portion is relatively more secure than the unsecure portion. Data that is to be accessed and used by the hardware accelerator is stored in the secure portion of the memory. In another embodiment, a method is provided for securely executing an application is the data processing system.
    Type: Grant
    Filed: October 26, 2020
    Date of Patent: October 10, 2023
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Ad Arts
  • Patent number: 11782744
    Abstract: A data processing system has a processor, a system memory, and a hypervisor. The system memory stores program code and data in a plurality of memory pages. The hypervisor controls SLAT (second level address translation) read, write, and execute access rights of the plurality of memory pages. A portion of the plurality of memory pages are classified as being in a secure enclave portion of the system memory and a portion is classified as being in an unsecure memory area. The portion of the memory pages classified in the secure enclave is encrypted and a hash is generated for each of the memory pages. During an access of a memory page, the hypervisor determines if the accessed memory page is in the secure enclave or in the unsecure memory area based on the hash. In another embodiment, a method for accessing a memory page in the secure enclave is provided.
    Type: Grant
    Filed: October 8, 2020
    Date of Patent: October 10, 2023
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 11720384
    Abstract: A method is provided in a data processing system having second level address translation (SLAT) controlled by a hypervisor. In the method, hashes of all memory pages accessible by a guest OS are stored (set S). Also, hashes of all memory pages previously accessed by the guest OS are stored (set T). When the guest OS attempts an access to a memory page having executable code for which it does not have permission, an exception is generated. A hash of the memory page is compared with the hashes of set T and set S. If there is not a match within set T, then the guest OS has never attempted the requested operation before and suspicious behavior is reported. If there is not a match within set S, the requested operation is reported as illegal. In another embodiment, the memory page may be encrypted to prevent the guest OS from reading the memory page.
    Type: Grant
    Filed: June 5, 2020
    Date of Patent: August 8, 2023
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Patent number: 11687678
    Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: June 27, 2023
    Assignee: NXP B.V.
    Inventors: Marcel Medwed, Tobias Schneider, Ventzislav Nikov, Jorge Miguel Ventuzelos Pereira, Rudi Verslegers, Nikita Veshchikov, Joppe Willem Bos, Jan Hoogerbrugge
  • Patent number: 11521084
    Abstract: A data processing system and a method for detecting an anomaly in the data processing system are provided. The method includes receiving a plurality of program counter values from a processing core of the data processing system. Each of the plurality of program counter values corresponds to an instruction being executed in the data processing system. A histogram is constructed using the plurality of program counter values. The histogram is provided to a machine learning (ML) model and used for training the ML model. If training has already been accomplished, the histogram is provided during inference operation of the ML model. The ML model and the histogram are used to detect an anomaly in the data processing system. If an anomaly is detected, an indication of the anomaly may be provided.
    Type: Grant
    Filed: March 12, 2020
    Date of Patent: December 6, 2022
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Publication number: 20220215103
    Abstract: A data processing system has a processor and a system memory. The system memory may be a dynamic random-access memory (DRAM). The processor includes an embedded memory. The system memory is coupled to the processor and is organized in a plurality of pages. A portion of the code or data stored in the plurality of memory pages is selected for permutation. A permutation order is generated and the memory pages containing the portion of code or data is permuted using a permutation order. The permutation order and/or a reverse permutation order to recover the original order may be stored in the embedded memory. Permuting the memory pages with a permutation order stored in the embedded memory prevents the code or data from being read during a freeze attack on the system memory in a way that is useful to an attacker.
    Type: Application
    Filed: January 7, 2021
    Publication date: July 7, 2022
    Inventors: Wilhelmus Petrus Adrianus Johannus MICHIELS, Jan Hoogerbrugge, Ad Arts
  • Publication number: 20220129566
    Abstract: A data processing system includes a rich execution environment, a hardware accelerator, a trusted execution environment, and a memory. The REE includes a processor configured to execute an application. A compute kernel is executed on the hardware accelerator and the compute kernel performs computations for the application. The TEE provides relatively higher security than the REE and includes an accelerator controller for controlling operation of the hardware accelerator. The memory has an unsecure portion coupled to the REE and to the TEE, and a secure portion coupled to only the TEE. The secure portion is relatively more secure than the unsecure portion. Data that is to be accessed and used by the hardware accelerator is stored in the secure portion of the memory. In another embodiment, a method is provided for securely executing an application is the data processing system.
    Type: Application
    Filed: October 26, 2020
    Publication date: April 28, 2022
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Ad Arts
  • Publication number: 20220114002
    Abstract: A data processing system has a processor, a system memory, and a hypervisor. The system memory stores program code and data in a plurality of memory pages. The hypervisor controls SLAT (second level address translation) read, write, and execute access rights of the plurality of memory pages. A portion of the plurality of memory pages are classified as being in a secure enclave portion of the system memory and a portion is classified as being in an unsecure memory area. The portion of the memory pages classified in the secure enclave is encrypted and a hash is generated for each of the memory pages. During an access of a memory page, the hypervisor determines if the accessed memory page is in the secure enclave or in the unsecure memory area based on the hash. In another embodiment, a method for accessing a memory page in the secure enclave is provided.
    Type: Application
    Filed: October 8, 2020
    Publication date: April 14, 2022
    Inventors: Jan HOOGERBRUGGE, Wilhelmus Petrus Adrianus Johannus MICHIELS
  • Patent number: 11295025
    Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. In another embodiment, the manager may be replaced with an L1 cache.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: April 5, 2022
    Assignee: NXP B.V
    Inventors: Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov, Asier Goikoetxea Yanci
  • Publication number: 20210382740
    Abstract: A method is provided in a data processing system having second level address translation (SLAT) controlled by a hypervisor. In the method, hashes of all memory pages accessible by a guest OS are stored (set S). Also, hashes of all memory pages previously accessed by the guest OS are stored (set T). When the guest OS attempts an access to a memory page having executable code for which it does not have permission, an exception is generated. A hash of the memory page is compared with the hashes of set T and set S. If there is not a match within set T, then the guest OS has never attempted the requested operation before and suspicious behavior is reported. If there is not a match within set S, the requested operation is reported as illegal. In another embodiment, the memory page may be encrypted to prevent the guest OS from reading the memory page.
    Type: Application
    Filed: June 5, 2020
    Publication date: December 9, 2021
    Inventor: Jan HOOGERBRUGGE
  • Patent number: 11126432
    Abstract: A computer processor is provided which hides jump instructions, in particular condition jump instructions, from side-channels. The processor comprises a forward jump detector for detecting a forward jump instruction having a jump target location which lies ahead and a jump inhibitor for inhibiting an execution of the forward jump instruction. The computer processor is configured for executing at least one intermediate computer instruction located between the inhibited forward jump instruction and the jump target location. The processor further comprises a storage destination modifier for modifying the storage destination determined by the at least one intermediate computer instruction to suppress the effects of execution of intermediate instructions. Since the intermediate instruction is executed regardless of the forward jump instruction, the jump is hidden in a side-channel. Secret information, such as cryptographic keys, on which the forward jump may depend, is also hidden.
    Type: Grant
    Filed: February 4, 2011
    Date of Patent: September 21, 2021
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Publication number: 20210287110
    Abstract: A data processing system and a method for detecting an anomaly in the data processing system are provided. The method includes receiving a plurality of program counter values from a processing core of the data processing system. Each of the plurality of program counter values corresponds to an instruction being executed in the data processing system. A histogram is constructed using the plurality of program counter values. The histogram is provided to a machine learning (ML) model and used for training the ML model. If training has already been accomplished, the histogram is provided during inference operation of the ML model. The ML model and the histogram are used to detect an anomaly in the data processing system. If an anomaly is detected, an indication of the anomaly may be provided.
    Type: Application
    Filed: March 12, 2020
    Publication date: September 16, 2021
    Inventor: JAN HOOGERBRUGGE
  • Patent number: 11055202
    Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: July 6, 2021
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Marcel Medwed
  • Publication number: 20210182175
    Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.
    Type: Application
    Filed: December 16, 2019
    Publication date: June 17, 2021
    Inventors: Jan HOOGERBRUGGE, Marcel MEDWED
  • Patent number: 11023344
    Abstract: A data processing system includes a monitoring system, the monitoring system includes a processor and a data analysis block. The processor executes a monitoring application for monitoring an operation of a monitored system coupled to the monitoring system. When assistance is needed from the monitored system, the processor has an output coupled to the monitored system for providing an assistance request. When the assistance request is sent to the monitored system, the processor also sends a disturbance indication to the data analysis block. The disturbance indication indicates that the output data from the monitored system may be disturbed by the assistance request. The data analysis block can then take an action to reduce the effect the disturbance may have on the analysis results. A method for monitoring the monitored system is also provided.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: June 1, 2021
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Publication number: 20210133362
    Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.
    Type: Application
    Filed: October 27, 2020
    Publication date: May 6, 2021
    Inventors: Marcel Medwed, Tobias Schneider, Ventzislav Nikov, Jorge Miguel Ventuzelos Pereira, Rudi Verslegers, Nikita Veshchikov, Joppe Willem Bos, Jan Hoogerbrugge
  • Publication number: 20210117301
    Abstract: A data processing system includes a monitoring system, the monitoring system includes a processor and a data analysis block. The processor executes a monitoring application for monitoring an operation of a monitored system coupled to the monitoring system. When assistance is needed from the monitored system, the processor has an output coupled to the monitored system for providing an assistance request. When the assistance request is sent to the monitored system, the processor also sends a disturbance indication to the data analysis block. The disturbance indication indicates that the output data from the monitored system may be disturbed by the assistance request. The data analysis block can then take an action to reduce the effect the disturbance may have on the analysis results. A method for monitoring the monitored system is also provided.
    Type: Application
    Filed: October 22, 2019
    Publication date: April 22, 2021
    Inventor: JAN HOOGERBRUGGE