Patents by Inventor Joppe Willem Bos
Joppe Willem Bos has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10680810Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.Type: GrantFiled: October 26, 2016Date of Patent: June 9, 2020Assignee: NXP B.V.Inventors: Joppe Willem Bos, Bjorn Fay, Bruce Murray
-
Patent number: 10652011Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.Type: GrantFiled: June 8, 2017Date of Patent: May 12, 2020Assignee: NXP B.V.Inventors: Joppe Willem Bos, Jan Hoogerbrugge, Marc Joye, Wilhelmus Petrus Adrianus Johannus Michiels
-
Patent number: 10630462Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.Type: GrantFiled: October 27, 2017Date of Patent: April 21, 2020Assignee: NXP B.V.Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov, Bruce Murray, Joppe Willem Bos
-
Publication number: 20200104754Abstract: A method is provided for managing a machine learning system. In the method, a database is provided for storing a plurality of data elements. A plurality of machine learning models is trained using assigned subsets of the plurality of data elements. The outputs of the plurality of machine learning models is provided to an aggregator. During inference operation of the machine learning system, the aggregator determines a final output based on outputs from the plurality of models. If it is determined that an assigned subset must be changed because, for example, a record must be deleted, then the data element is removed from the selected assigned subset. The affected machine learning model associated with the changed assigned subset is removed, and retrained using the changed assigned subset.Type: ApplicationFiled: October 1, 2018Publication date: April 2, 2020Inventors: NIKITA VESHCHIKOV, JOPPE WILLEM BOS, WILHELMUS PETRUS ADRIANUS JOHANNUS MICHIELS
-
Publication number: 20200099525Abstract: A white-box system for authenticating a user-supplied password, including: a password database including a salt value and an authentication value for each user; a white-box implementation of a symmetric cipher configured to produce an encrypted value by encrypting the user-supplied password using the salt value associated with the user as an encoded secret key; and a comparator configured to compare the encrypted value with the authentication value associated with the user to verify the user-supplied password.Type: ApplicationFiled: September 24, 2018Publication date: March 26, 2020Inventors: Joppe Willem BOS, Rudi VERSLEGERS, Wilhelmus Petrus Adrianus Johannus MICHIELS
-
Publication number: 20200076616Abstract: A white-box system and method for producing a digital signature of a message m, including: a white-box implementation of a symmetric cipher configured to produce a deterministic nonce value by encrypting the message m using a secret key; and a digital signature algorithm configured to produce a digital signature of the message m based upon the deterministic nonce, the message m, and a secret signing key.Type: ApplicationFiled: August 30, 2018Publication date: March 5, 2020Inventors: Joppe Willem BOS, Florian BOEHL
-
Patent number: 10567159Abstract: A method for mapping an input message to a message authentication code (MAC) by a white-box implementation of a keyed cryptographic operation in a cryptographic system that includes using a white-box implementation of the block cipher in a MAC.Type: GrantFiled: June 7, 2017Date of Patent: February 18, 2020Assignee: NXP B.V.Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge, Joppe Willem Bos
-
Publication number: 20200050766Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.Type: ApplicationFiled: August 8, 2018Publication date: February 13, 2020Inventor: JOPPE WILLEM BOS
-
Publication number: 20200044837Abstract: Various embodiments relate to a method of generating a shared secret for use in a symmetric cipher, including: receiving, by a processor, an encoded key Enc(K) and a white-box implementation of the symmetric cipher, where the encoded key Enc(K) is used in the white-box implementation; selecting, by the processor, homomorphic functions ? and ? and the values c1 and c3 such that Enc(K)?c1=Enc(K?c3); and transmitting, by the processor, ? and c3 to another device.Type: ApplicationFiled: July 31, 2018Publication date: February 6, 2020Inventors: Joppe Willem BOS, Rudi VERSLEGERS, Wilhelmus Petrus Adrianus Johannus MICHIELS
-
Patent number: 10516541Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.Type: GrantFiled: September 13, 2017Date of Patent: December 24, 2019Assignee: NXP B.V.Inventors: Joppe Willem Bos, Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Rudi Verslegers
-
Publication number: 20190332814Abstract: A device, including: a memory; a processor configured to implement an encrypted machine leaning model configured to: evaluate the encrypted learning model based upon received data to produce an encrypted machine learning model output; producing verification information; a tamper resistant hardware configured to: verify the encrypted machine learning model output based upon the verification information; and decrypt the encrypted machine learning model output when the encrypted machine learning model output is verified.Type: ApplicationFiled: April 27, 2018Publication date: October 31, 2019Inventors: Joppe Willem BOS, Marc Joye
-
Publication number: 20190319791Abstract: Various embodiments relate to a method of encrypting a message m using a Paillier cryptosystem, including: computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r?[1, N); computing a first verification value based upon u and N, where u is randomly chosen such that u?[1, N); computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.Type: ApplicationFiled: April 12, 2018Publication date: October 17, 2019Inventors: Joppe Willem BOS, Marc JOYE
-
Publication number: 20190312718Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.Type: ApplicationFiled: June 25, 2019Publication date: October 10, 2019Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge, Joppe Willem Bos
-
Patent number: 10389517Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.Type: GrantFiled: June 27, 2016Date of Patent: August 20, 2019Assignee: NXP B.V.Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Jan Hoogerbrugge, Joppe Willem Bos
-
Patent number: 10361855Abstract: A system includes a secure processor and an unsecure processor. The secure processor is configured to: split a secure scalar K into m2 random values ki, where i is an integer index; randomly select m1-m2 values ki for the indices m2<i?m1; select m1 mask values ?i; compute m1 residues ci based upon random residues ai, ??(i)?1, and k?(i), wherein ?(i) is a random permutation; compute m1 elliptic curve points Gi based upon random residues ai and an elliptic point to be multiplied; receive m1 elliptic curve points; and compute the elliptic curve scalar multiplication by combining a portion of the received elliptic curve points and removing the mask values ?i from the portion of the received elliptic curve points. The unsecure processor is configured to: receive m1 residues ci and elliptic curve points Gi; compute m1 elliptic curve points Pi based upon the m1 residues ci and elliptic curve points Gi; and send the m1 elliptic curve points Pi to the secure processor.Type: GrantFiled: May 27, 2016Date of Patent: July 23, 2019Assignee: NXP B.V.Inventors: Joppe Willem Bos, Artur Tadeusz Burchard, Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels
-
Patent number: 10341098Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.Type: GrantFiled: January 24, 2017Date of Patent: July 2, 2019Assignee: NXP B.V.Inventors: Joppe Willem Bos, Bjorn Fay, Bruce Murray
-
Publication number: 20190132116Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.Type: ApplicationFiled: October 27, 2017Publication date: May 2, 2019Inventors: Wilhelmus Petrus Adrianus Johannus MICHIELS, Marcel MEDWED, Jan HOOGERBRUGGE, Ventzislav NIKOV, Bruce MURRAY, Joppe Willem BOS
-
Publication number: 20190081797Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.Type: ApplicationFiled: September 13, 2017Publication date: March 14, 2019Inventors: Joppe Willem BOS, Jan HOOGERBRUGGE, Wilhelmus Petrus Adrianus Johannus MICHIELS, Rudi VERSLEGERS
-
Patent number: 10211975Abstract: The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return.Type: GrantFiled: March 7, 2016Date of Patent: February 19, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Jacob J Loftus, Michael Naehrig, Joppe Willem Bos, Kristin Estella Lauter
-
Patent number: 10204229Abstract: A data processing system having rich execution environment (REE) and a trusted execution environment (TEE) is provided. In the data processing system, an unsecure memory is coupled to the REE and used for storing encrypted data for use in the TEE. The TEE may have a cache for storing the encrypted data after it is decrypted. The data in both the memory and the cache is organized in blocks, and the cache is smaller than the memory. An interpreter is provided in the TEE, along with a service block in the REE, for fetching and decrypting the data to be stored in the cache. The interpreter checks an integrity of the decrypted data using a hash tree having multiple levels. In the event of a cache miss, all blocks of the hash tree in a path from the data block to a root block are retrieved from the memory in one access operation. A method for operating the cache in the data processing system is also provided.Type: GrantFiled: March 21, 2017Date of Patent: February 12, 2019Assignee: NXP B.V.Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Joppe Willem Bos