Patents by Inventor Miroslav Knezevic
Miroslav Knezevic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11783057Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.Type: GrantFiled: August 24, 2021Date of Patent: October 10, 2023Assignee: NXP B.V.Inventors: Björn Fay, Miroslav Knezevic, Durgesh Pattamatta, Alexander Vogt
-
Patent number: 11677541Abstract: A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.Type: GrantFiled: October 12, 2021Date of Patent: June 13, 2023Assignee: NXP B.V.Inventors: Miroslav Knezevic, Tuongvu Van Nguyen, Durgesh Pattamatta, Tung-Hao Huang
-
Publication number: 20230114689Abstract: A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.Type: ApplicationFiled: October 12, 2021Publication date: April 13, 2023Inventors: Miroslav Knezevic, Tuongvu Van Nguyen, Durgesh Pattamatta, Tung-Hao Huang
-
Publication number: 20230063743Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.Type: ApplicationFiled: August 24, 2021Publication date: March 2, 2023Inventors: Björn Fay, Miroslav Knezevic, Durgesh Pattamatta, Alexander Vogt
-
Patent number: 11500786Abstract: A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.Type: GrantFiled: December 3, 2019Date of Patent: November 15, 2022Assignee: NXP B.V.Inventors: Miroslav Knezevic, Vitaly Ocheretny
-
Publication number: 20220200807Abstract: As may be implemented in accordance with one or more aspects of the disclosure, an apparatus and/or method involves generating, using hash circuitry, successive hash values corresponding to operational states of an apparatus using, for respective ones of the hash values, a previous one of the hash values and a current operational sate of the apparatus. The hash values may be written into a register. In response to an attestation request, one of the hash values may be retrieved from the register and signed using cryptographic circuitry. The signed hash value may be communicated to a remote circuit, therein providing attestation of an operational state of the apparatus.Type: ApplicationFiled: December 17, 2020Publication date: June 23, 2022Inventors: Durgesh Pattamatta, Miroslav Knezevic
-
Publication number: 20210349990Abstract: A method is provided for protecting execution of a program against a fault injection attack. In one embodiment, a portion of the program includes multiple substantially logically identical conditional operations that are executed in a sequence. An attacker must successfully inject a fault at each instance of the conditional operations to cause the program execution to reach the final state. The multiple conditional operations may ask the same question differently so that the glitch will not cause the same response from both conditional operations. Also, the program portion may make advancement from one state to the next contingent on arriving at the next state from a valid previous state. The described program portions with multiple instances of a conditional operation make a program execution more resistant to a glitch type of fault injection attack.Type: ApplicationFiled: May 7, 2020Publication date: November 11, 2021Inventors: Rob COSARO, Miroslav Knezevic, Durgesh Pattamatta
-
Publication number: 20210165746Abstract: A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.Type: ApplicationFiled: December 3, 2019Publication date: June 3, 2021Inventors: Miroslav KNEZEVIC, Vitaly OCHERETNY
-
Patent number: 10824718Abstract: A method is provided for shuffling an order of a plurality of data blocks. In the method, a random number is generated, the random number corresponding to an index for a data block of the plurality of data blocks, where each data block of the plurality of data blocks has an index that uniquely identifies each data block of the plurality of data blocks. The increment function with a parameter is applied to the random number to generate a new index, the new index corresponds to a data block of the plurality of data blocks. The data block corresponding to the new index is selected as the next data block of a reordering of the plurality of data blocks. The method is iterated until the reordering of the plurality of data blocks is complete.Type: GrantFiled: July 5, 2018Date of Patent: November 3, 2020Assignee: NXP B.V.Inventors: Miroslav Knezevic, Nikita Veshchikov
-
Patent number: 10680798Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.Type: GrantFiled: February 15, 2017Date of Patent: June 9, 2020Assignee: NXP USA, Inc.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Publication number: 20200012782Abstract: A method is provided for shuffling an order of a plurality of data blocks. In the method, a random number is generated, the random number corresponding to an index for a data block of the plurality of data blocks, where each data block of the plurality of data blocks has an index that uniquely identifies each data block of the plurality of data blocks. The increment function with a parameter is applied to the random number to generate a new index, the new index corresponds to a data block of the plurality of data blocks. The data block corresponding to the new index is selected as the next data block of a reordering of the plurality of data blocks. The method is iterated until the reordering of the plurality of data blocks is complete.Type: ApplicationFiled: July 5, 2018Publication date: January 9, 2020Inventors: MIROSLAV KNEZEVIC, NIKITA VESHCHIKOV
-
Publication number: 20180234233Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.Type: ApplicationFiled: February 15, 2017Publication date: August 16, 2018Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Patent number: 9979543Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.Type: GrantFiled: December 23, 2013Date of Patent: May 22, 2018Assignee: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Patent number: 9929862Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.Type: GrantFiled: December 23, 2013Date of Patent: March 27, 2018Assignee: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Patent number: 9900154Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.Type: GrantFiled: December 23, 2013Date of Patent: February 20, 2018Assignee: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Publication number: 20150180664Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.Type: ApplicationFiled: December 23, 2013Publication date: June 25, 2015Applicant: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Publication number: 20150180665Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.Type: ApplicationFiled: December 23, 2013Publication date: June 25, 2015Applicant: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Publication number: 20150178503Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.Type: ApplicationFiled: December 23, 2013Publication date: June 25, 2015Applicant: NXP B.V.Inventors: Miroslav Knezevic, Ventzislav Nikov
-
Patent number: 8864197Abstract: An electromagnetic sensor having a detection zone in a sensor direction is at least partly enclosed by a molded part in the sensor direction and at right angles thereto. The molded part contacts and adjoins a motor vehicle part such as a bumper, whereby the molded part is between the sensor and the motor vehicle part. At least one functional element, such as a radiation absorber, a lense, a waveguide, or a reflector, may be embedded in the molded part. The sensor may be received in a pocket recess of the molded part, with an opening at the back side of the sensor.Type: GrantFiled: August 12, 2011Date of Patent: October 21, 2014Assignee: Conti Temic microelectronic GmbHInventors: Klaus Schneider, Miroslav Knezevic, Martin Vallendor
-
Publication number: 20130141269Abstract: The invention relates to a device for fastening a sensor assembly (1) on a motor vehicle, especially a radar sensor having at least one detection zone in the sensor direction, the sensor assembly (1) being located in the area behind a motor vehicle add-on part (2), in particular a bumper, and a moulded part (3) being arranged between the sensor assembly (1) and the motor vehicle add-on part (2). According to the invention, the moulded part (3) is a solid part, the moulded part (3) is designed to transmit the sensor signals in the detection zone, on its side facing the assembly, the moulded part (3) positively encloses at least part of the sensor assembly (1) in, and at right angles to, the sensor direction, and on its side facing the add-on part, the moulded part (3) has a surface (3a) that is shaped complementary to, and lies flat against, the surface (2a) of the motor vehicle add-on part (2).Type: ApplicationFiled: August 12, 2011Publication date: June 6, 2013Applicant: CONTI TEMIC MICROELECTRONIC GMBHInventors: Klaus Schneider, Miroslav Knezevic, Martin Vallendor