Patents by Inventor Jan Hoogerbrugge

Jan Hoogerbrugge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11126432
    Abstract: A computer processor is provided which hides jump instructions, in particular condition jump instructions, from side-channels. The processor comprises a forward jump detector for detecting a forward jump instruction having a jump target location which lies ahead and a jump inhibitor for inhibiting an execution of the forward jump instruction. The computer processor is configured for executing at least one intermediate computer instruction located between the inhibited forward jump instruction and the jump target location. The processor further comprises a storage destination modifier for modifying the storage destination determined by the at least one intermediate computer instruction to suppress the effects of execution of intermediate instructions. Since the intermediate instruction is executed regardless of the forward jump instruction, the jump is hidden in a side-channel. Secret information, such as cryptographic keys, on which the forward jump may depend, is also hidden.
    Type: Grant
    Filed: February 4, 2011
    Date of Patent: September 21, 2021
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Publication number: 20210287110
    Abstract: A data processing system and a method for detecting an anomaly in the data processing system are provided. The method includes receiving a plurality of program counter values from a processing core of the data processing system. Each of the plurality of program counter values corresponds to an instruction being executed in the data processing system. A histogram is constructed using the plurality of program counter values. The histogram is provided to a machine learning (ML) model and used for training the ML model. If training has already been accomplished, the histogram is provided during inference operation of the ML model. The ML model and the histogram are used to detect an anomaly in the data processing system. If an anomaly is detected, an indication of the anomaly may be provided.
    Type: Application
    Filed: March 12, 2020
    Publication date: September 16, 2021
    Inventor: JAN HOOGERBRUGGE
  • Patent number: 11055202
    Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: July 6, 2021
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Marcel Medwed
  • Publication number: 20210182175
    Abstract: A system and method for accessing a tagged global variable in software, including: randomly generating tags for global variables in the software; tagging the global variables with the random tags; creating a pointer to each global variable with the random tags in unused bits of the pointer wherein the pointer points to the associated global variable; accessing one global variable indirectly using the tagged pointer; determining whether tag on the accessed global variable matches the tag on the accessed pointer; and indicating a fault when the tag on the accessed global variable does not match the tag on the accessed pointer.
    Type: Application
    Filed: December 16, 2019
    Publication date: June 17, 2021
    Inventors: Jan HOOGERBRUGGE, Marcel MEDWED
  • Patent number: 11023344
    Abstract: A data processing system includes a monitoring system, the monitoring system includes a processor and a data analysis block. The processor executes a monitoring application for monitoring an operation of a monitored system coupled to the monitoring system. When assistance is needed from the monitored system, the processor has an output coupled to the monitored system for providing an assistance request. When the assistance request is sent to the monitored system, the processor also sends a disturbance indication to the data analysis block. The disturbance indication indicates that the output data from the monitored system may be disturbed by the assistance request. The data analysis block can then take an action to reduce the effect the disturbance may have on the analysis results. A method for monitoring the monitored system is also provided.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: June 1, 2021
    Assignee: NXP B.V.
    Inventor: Jan Hoogerbrugge
  • Publication number: 20210133362
    Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.
    Type: Application
    Filed: October 27, 2020
    Publication date: May 6, 2021
    Inventors: Marcel Medwed, Tobias Schneider, Ventzislav Nikov, Jorge Miguel Ventuzelos Pereira, Rudi Verslegers, Nikita Veshchikov, Joppe Willem Bos, Jan Hoogerbrugge
  • Publication number: 20210117301
    Abstract: A data processing system includes a monitoring system, the monitoring system includes a processor and a data analysis block. The processor executes a monitoring application for monitoring an operation of a monitored system coupled to the monitoring system. When assistance is needed from the monitored system, the processor has an output coupled to the monitored system for providing an assistance request. When the assistance request is sent to the monitored system, the processor also sends a disturbance indication to the data analysis block. The disturbance indication indicates that the output data from the monitored system may be disturbed by the assistance request. The data analysis block can then take an action to reduce the effect the disturbance may have on the analysis results. A method for monitoring the monitored system is also provided.
    Type: Application
    Filed: October 22, 2019
    Publication date: April 22, 2021
    Inventor: JAN HOOGERBRUGGE
  • Publication number: 20200380140
    Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. in another embodiment, the manager may be replaced with an L1 cache.
    Type: Application
    Filed: May 31, 2019
    Publication date: December 3, 2020
    Inventors: Marcel MEDWED, Jan HOOGERBRUGGE, Ventzislav NIKOV, Asier GOIKOETXEA YANCI
  • Patent number: 10824560
    Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory. The MSV indicator may be written to the memory by executing a flush instruction of the cache system, and may include the same number of bits as a cache line of the cache system.
    Type: Grant
    Filed: February 18, 2019
    Date of Patent: November 3, 2020
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Marcel Medwed, Ventzislav Nikov, Asier Goikoetxea Yanci
  • Publication number: 20200264976
    Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit is coupled to the system bus and to the processing core. The memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory.
    Type: Application
    Filed: February 18, 2019
    Publication date: August 20, 2020
    Inventors: Jan Hoogerbrugge, Marcel Medwed, Ventzislav Nikov, Asier Goikoetxea Yanci
  • Patent number: 10726108
    Abstract: A method of obscuring the input and output of a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits and a modulus m; generating randomly a pre-multiplier; calculating a post-multiplier based upon the pre-multiplier, exponent e, and modulus m; multiplying an input to the modular exponentiation function by the pre-multiplier; performing the modular exponentiation function; and multiplying the output of the modular exponentiation function by the post-multiplier, wherein multiplying an input to the modular exponentiation function by the pre-multiplier, performing the modular exponentiation function, and multiplying the output of the modular exponentiation function by the post-multiplier are split variable operations.
    Type: Grant
    Filed: April 23, 2019
    Date of Patent: July 28, 2020
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10678474
    Abstract: A computing system using low-fat pointers, including: a memory configured to be accessed by the low-fat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core; and a memory safety peripheral configured to receive a pointer request, wherein the pointer is a low-fat pointer and to verify that the pointer request is within required memory bounds.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: June 9, 2020
    Assignee: NXP B.V.
    Inventors: Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov
  • Publication number: 20200174694
    Abstract: A computing system using low-fat pointers, including: a memory configured to be accessed by the low-fat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core; and a memory safety peripheral configured to receive a pointer request, wherein the pointer is a low-fat pointer and to verify that the pointer request is within required memory bounds
    Type: Application
    Filed: November 30, 2018
    Publication date: June 4, 2020
    Inventors: Marcel MEDWED, Jan HOOGERBRUGGE, Ventzislav NIKOV
  • Patent number: 10652011
    Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: May 12, 2020
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Jan Hoogerbrugge, Marc Joye, Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 10630462
    Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: April 21, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov, Bruce Murray, Joppe Willem Bos
  • Patent number: 10599820
    Abstract: A method of obscuring software code including a plurality of basic blocks wherein the basic blocks have an associated identifier (ID), including: determining, by a processor, for a first basic block first predecessor basic blocks, wherein first predecessor basic blocks jump to the first basic block and the first basic block jumps to a next basic block based upon a next basic block ID; producing, by the processor, a mask value based upon the IDs of first predecessor basic blocks, wherein the mask value identifies common bits of the IDs of the first predecessor basic blocks; and inserting, by the processor, an instruction in the first basic block to determine a next basic block ID based upon the mask value and an ID of one of the first predecessor basic blocks.
    Type: Grant
    Filed: April 23, 2014
    Date of Patent: March 24, 2020
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Phillippe Teuwen, Wil Michiels
  • Patent number: 10567159
    Abstract: A method for mapping an input message to a message authentication code (MAC) by a white-box implementation of a keyed cryptographic operation in a cryptographic system that includes using a white-box implementation of the block cipher in a MAC.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: February 18, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge, Joppe Willem Bos
  • Patent number: 10547449
    Abstract: A method is provided for performing a cryptographic operation in a white-box implementation on a mobile device. The cryptographic operation is performed in the mobile device for a response to a challenge from a mobile device reader. The mobile device reader includes a time-out period within which the cryptographic operation must be completed by the mobile device. In accordance with an embodiment, a first time period to complete the cryptographic operation on the mobile device is determined. A predetermined number of dummy computations are added to the cryptographic operation to increase the first time period to a second time period. The second time period is only slightly less than the time-out period by a predetermined safety value to make it less likely a relay attack with be successful.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: January 28, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge
  • Patent number: 10516541
    Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: December 24, 2019
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Rudi Verslegers
  • Patent number: 10505709
    Abstract: A method of producing a white-box implementation of a cryptographic function, including: creating, by a processor, a white-box implementation of a cryptographic function using a network of two dimensional lookup tables; identifying two dimensional lookup tables using a common index; and rewriting the identified two dimensional lookup tables as a three dimensional table.
    Type: Grant
    Filed: June 1, 2015
    Date of Patent: December 10, 2019
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wilhemus Michiels