Patents by Inventor Wilhelmus Petrus Adrianus Johannus Michiels

Wilhelmus Petrus Adrianus Johannus Michiels has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220215103
    Abstract: A data processing system has a processor and a system memory. The system memory may be a dynamic random-access memory (DRAM). The processor includes an embedded memory. The system memory is coupled to the processor and is organized in a plurality of pages. A portion of the code or data stored in the plurality of memory pages is selected for permutation. A permutation order is generated and the memory pages containing the portion of code or data is permuted using a permutation order. The permutation order and/or a reverse permutation order to recover the original order may be stored in the embedded memory. Permuting the memory pages with a permutation order stored in the embedded memory prevents the code or data from being read during a freeze attack on the system memory in a way that is useful to an attacker.
    Type: Application
    Filed: January 7, 2021
    Publication date: July 7, 2022
    Inventors: Wilhelmus Petrus Adrianus Johannus MICHIELS, Jan Hoogerbrugge, Ad Arts
  • Patent number: 11321456
    Abstract: A method for protecting a machine learning (ML) model is provided. During inference operation of the ML model, a plurality of input samples is provided to the ML model. A distribution of a plurality of output predictions from a predetermined node in the ML model is measured. If the distribution of the plurality of output predictions indicates correct output category prediction with low confidence, then the machine learning model is slowed to reduce a prediction rate of subsequent output predictions. If the distribution of the plurality of categories indicates correct output category prediction with a high confidence, then the machine learning model is not slowed to reduce the prediction rate of subsequent output predictions of the machine learning model. A moving average of the distribution may be used to determine the speed reduction. This makes a cloning attack on the ML model take longer with minimal impact to a legitimate user.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: May 3, 2022
    Assignee: NXP B.V.
    Inventors: Gerardus Antonius Franciscus Derks, Brian Ermans, Wilhelmus Petrus Adrianus Johannus Michiels, Christine van Vredendaal
  • Publication number: 20220129566
    Abstract: A data processing system includes a rich execution environment, a hardware accelerator, a trusted execution environment, and a memory. The REE includes a processor configured to execute an application. A compute kernel is executed on the hardware accelerator and the compute kernel performs computations for the application. The TEE provides relatively higher security than the REE and includes an accelerator controller for controlling operation of the hardware accelerator. The memory has an unsecure portion coupled to the REE and to the TEE, and a secure portion coupled to only the TEE. The secure portion is relatively more secure than the unsecure portion. Data that is to be accessed and used by the hardware accelerator is stored in the secure portion of the memory. In another embodiment, a method is provided for securely executing an application is the data processing system.
    Type: Application
    Filed: October 26, 2020
    Publication date: April 28, 2022
    Inventors: Jan Hoogerbrugge, Wilhelmus Petrus Adrianus Johannus Michiels, Ad Arts
  • Publication number: 20220114002
    Abstract: A data processing system has a processor, a system memory, and a hypervisor. The system memory stores program code and data in a plurality of memory pages. The hypervisor controls SLAT (second level address translation) read, write, and execute access rights of the plurality of memory pages. A portion of the plurality of memory pages are classified as being in a secure enclave portion of the system memory and a portion is classified as being in an unsecure memory area. The portion of the memory pages classified in the secure enclave is encrypted and a hash is generated for each of the memory pages. During an access of a memory page, the hypervisor determines if the accessed memory page is in the secure enclave or in the unsecure memory area based on the hash. In another embodiment, a method for accessing a memory page in the secure enclave is provided.
    Type: Application
    Filed: October 8, 2020
    Publication date: April 14, 2022
    Inventors: Jan HOOGERBRUGGE, Wilhelmus Petrus Adrianus Johannus MICHIELS
  • Patent number: 11270227
    Abstract: A method is provided for managing a machine learning system. In the method, a database is provided for storing a plurality of data elements. A plurality of machine learning models is trained using assigned subsets of the plurality of data elements. The outputs of the plurality of machine learning models is provided to an aggregator. During inference operation of the machine learning system, the aggregator determines a final output based on outputs from the plurality of models. If it is determined that an assigned subset must be changed because, for example, a record must be deleted, then the data element is removed from the selected assigned subset. The affected machine learning model associated with the changed assigned subset is removed, and retrained using the changed assigned subset.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: March 8, 2022
    Assignee: NXP B.V.
    Inventors: Nikita Veshchikov, Joppe Willem Bos, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20220067503
    Abstract: A method is provided for analyzing a similarly between classes of a plurality of classes in a trained machine learning model (ML). The method includes collecting weights of connections from each node of a first predetermined layer of a neural network (NN) to each node of a second predetermined layer of the NN to which the nodes of the first predetermined layer are connected. The collected weights are used to calculate distances from each node of the first predetermined layer to nodes of the second predetermined layer to which the first predetermined layer nodes are connected. The distances are compared to determine which classes the NN determines are similar. Two or more of the similar classes may then be analyzed using any of a variety of techniques to determine why the two or more classes of the NN were determined to be similar.
    Type: Application
    Filed: August 26, 2020
    Publication date: March 3, 2022
    Inventors: Brian Ermans, Gerardus Antonius Franciscus Derks, Wilhelmus Petrus Adrianus Johannus Michiels, Christine van Vredendaal
  • Publication number: 20210406693
    Abstract: A method is described for analyzing data samples of a machine learning (ML) model to determine why the ML model classified a sample like it did. Two samples are chosen for analysis. The two samples may be nearest neighbors. Samples classified as nearest neighbors are typically samples that are more similar with respect to a predetermined criterion than other samples of a set of samples. In the method, a first set of features of a first sample and a second set of features of a second sample are collected. A set of overlapping features of the first and second sets of features is determined. Then, the set of overlapping features is analyzed using a predetermined visualization technique to determine why the ML model determined the first sample to be similar to the second sample.
    Type: Application
    Filed: June 25, 2020
    Publication date: December 30, 2021
    Inventors: Christine VAN VREDENDAAL, Wilhelmus Petrus Adrianus Johannus Michiels, Gerardus Antonius Franciscus Derks, Brian Ermans
  • Patent number: 11206130
    Abstract: Various embodiments relate to a method of generating a shared secret for use in a symmetric cipher, including: receiving, by a processor, an encoded key Enc(K) and a white-box implementation of the symmetric cipher, where the encoded key Enc(K) is used in the white-box implementation; selecting, by the processor, homomorphic functions ? and ? and the values c1 and c3 such that Enc(K)?c1=Enc(K?c3); and transmitting, by the processor, ? and c3 to another device.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: December 21, 2021
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Rudi Verslegers, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20210326748
    Abstract: A method for protecting a first machine learning (ML) model is provided. In the method, a dataset of non-problem domain (NPD) data is selected from a large dataset using a second ML model. The second ML model classifies the large dataset into NPD classifications and PD classifications. The PD classified data is excluded. A distinguisher includes a third ML model that is trained using selected NPD data from the large dataset. The distinguisher receives input samples that are intended for the first ML model. The third ML model provides either a PD classification or NPD classification in response to receiving each input sample. An indication of a likely extraction attempt may be provided when a predetermined number of NPD classifications are provided. The method provides an efficient way to create a training dataset for a distinguisher and for protecting a ML model with the distinguisher.
    Type: Application
    Filed: April 21, 2020
    Publication date: October 21, 2021
    Inventors: Christine van Vredendaal, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20210264295
    Abstract: A method is provided for analyzing a classification in a machine learning model (ML). In the method, the ML model is trained using a training dataset to produce a trained ML model. One or more samples are provided to the trained ML model to produce one or more prediction classifications. A gradient is determined for the one of more samples at a predetermined layer of the trained ML model. The one or more gradients and the one or more prediction classifications for each sample are stored. Also, an intermediate value of the ML model may be stored. Then, a sample is chosen to analyze. A gradient of the sample is determined if the gradient was not already determined when the at least one gradient is determined. Using the at least one gradient, and one or more of a data structure, a predetermined metric, and an intermediate value, the k nearest neighbors to the sample are determined. A report comprising the sample and the k nearest neighbors may be provided for analysis.
    Type: Application
    Filed: February 20, 2020
    Publication date: August 26, 2021
    Inventors: Brian ERMANS, Wilhelmus Petrus Adrianus Johannus Michiels, Christine van Vredendaal
  • Publication number: 20210240803
    Abstract: A method is provided for watermarking a machine learning model. In the method, a first subset of a labeled set of ML training samples is selected. The first subset is of a predetermined class of images. A first pixel pattern is selected and inserted into each sample of the first subset. One or more of a location, position, orientation, and transformation of the first pixel pattern is varied for each of the samples. Each sample of the first subset is relabeled to have a different label than the original label. The ML model is trained with the labeled set of ML training samples and the first subset of relabeled ML training samples. To detect the watermark, a second subset of training samples is selected, and the first pixel pattern is inserted into each sample. The second subset is used during inference operation to detect the presence of the watermark.
    Type: Application
    Filed: February 3, 2020
    Publication date: August 5, 2021
    Inventor: Wilhelmus Petrus Adrianus Johannus MICHIELS
  • Patent number: 10873459
    Abstract: A white-box system for authenticating a user-supplied password, including: a password database including a salt value and an authentication value for each user; a white-box implementation of a symmetric cipher configured to produce an encrypted value by encrypting the user-supplied password using the salt value associated with the user as an encoded secret key; and a comparator configured to compare the encrypted value with the authentication value associated with the user to verify the user-supplied password.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: December 22, 2020
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Rudi Verslegers, Wilhelmus Petrus Adrianus Johannus Michiels
  • Publication number: 20200364333
    Abstract: A method for protecting a machine learning (ML) model is provided. During inference operation of the ML model, a plurality of input samples is provided to the ML model. A distribution of a plurality of output predictions from a predetermined node in the ML model is measured. If the distribution of the plurality of output predictions indicates correct output category prediction with low confidence, then the machine learning model is slowed to reduce a prediction rate of subsequent output predictions. If the distribution of the plurality of categories indicates correct output category prediction with a high confidence, then the machine learning model is not slowed to reduce the prediction rate of subsequent output predictions of the machine learning model. A moving average of the distribution may be used to determine the speed reduction. This makes a cloning attack on the ML model take longer with minimal impact to a legitimate user.
    Type: Application
    Filed: May 16, 2019
    Publication date: November 19, 2020
    Inventors: GERARDUS ANTONIUS FRANCISCUS DERKS, BRIAN ERMANS, Wilhelmus Petrus Adrianus Johannus Michiels, CHRISTINE van VREDENDAAL
  • Publication number: 20200327443
    Abstract: A method for protecting a machine learning model is provided. In the method, a first machine learning model is trained, and a plurality of machine learning models derived from the first machine learning model is trained. Each of the plurality of machine learning models may be different from the first machine learning model. During inference operation, a first input sample is provided to the first machine learning model and to each of the plurality of machine learning models. The first machine learning model generates a first output and the plurality of machine learning models generates a plurality of second outputs. The plurality of second outputs are aggregated to determine a final output. The final output and the first output are classified to determine if the first input sample is an adversarial input. If it is adversarial input, a randomly generated output is provided instead of the first output.
    Type: Application
    Filed: April 9, 2019
    Publication date: October 15, 2020
    Inventors: CHRISTINE VAN VREDENDAAL, Nikita Veshchikov, Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 10769310
    Abstract: A method for protecting a machine learning model from copying is provided. The method includes providing a neural network architecture having an input layer, a plurality of hidden layers, and an output layer. Each of the plurality of hidden layers has a plurality of nodes. A neural network application is provided to run on the neural network architecture. First and second types of activation functions are provided. Activation functions including a combination of the first and second types of activation functions are provided to the plurality of nodes of the plurality of hidden layers. The neural network application is trained with a training set to generate a machine learning model. Using the combination of first and second types of activation functions makes it more difficult for an attacker to copy the machine learning model. Also, the neural network application may be implemented in hardware to prevent easy illegitimate upgrading of the neural network application.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: September 8, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Gerardus Antonius Franciscus Derks
  • Patent number: 10652011
    Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: May 12, 2020
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Jan Hoogerbrugge, Marc Joye, Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 10630462
    Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: April 21, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov, Bruce Murray, Joppe Willem Bos
  • Publication number: 20200104673
    Abstract: A method is provided for protecting a machine learning ensemble. In the method, a plurality of machine learning models is combined to form a machine learning ensemble. A plurality of data elements for training the machine learning ensemble is provided. The machine learning ensemble is trained using the plurality of data elements to produce a trained machine learning ensemble. During an inference operating phase, an input is received by the machine learning ensemble. A piecewise function is used to pseudo-randomly choose one of the plurality of machine learning models to provide an output in response to the input. The use of a piecewise function hides which machine learning model provided the output, making the machine learning ensemble more difficult to copy.
    Type: Application
    Filed: September 28, 2018
    Publication date: April 2, 2020
    Inventors: WILHELMUS PETRUS ADRIANUS JOHANNUS MICHIELS, Gerardus Antonius Franciscus Derks
  • Publication number: 20200104754
    Abstract: A method is provided for managing a machine learning system. In the method, a database is provided for storing a plurality of data elements. A plurality of machine learning models is trained using assigned subsets of the plurality of data elements. The outputs of the plurality of machine learning models is provided to an aggregator. During inference operation of the machine learning system, the aggregator determines a final output based on outputs from the plurality of models. If it is determined that an assigned subset must be changed because, for example, a record must be deleted, then the data element is removed from the selected assigned subset. The affected machine learning model associated with the changed assigned subset is removed, and retrained using the changed assigned subset.
    Type: Application
    Filed: October 1, 2018
    Publication date: April 2, 2020
    Inventors: NIKITA VESHCHIKOV, JOPPE WILLEM BOS, WILHELMUS PETRUS ADRIANUS JOHANNUS MICHIELS
  • Publication number: 20200099525
    Abstract: A white-box system for authenticating a user-supplied password, including: a password database including a salt value and an authentication value for each user; a white-box implementation of a symmetric cipher configured to produce an encrypted value by encrypting the user-supplied password using the salt value associated with the user as an encoded secret key; and a comparator configured to compare the encrypted value with the authentication value associated with the user to verify the user-supplied password.
    Type: Application
    Filed: September 24, 2018
    Publication date: March 26, 2020
    Inventors: Joppe Willem BOS, Rudi VERSLEGERS, Wilhelmus Petrus Adrianus Johannus MICHIELS