公开(公告)号：US11366904B2

公开(公告)日：2022-06-21

申请号：US15748788

申请日：2016-08-01

Applicant: ARM IP LIMITED

Inventor： Geraint Luff ,  Thomas Grocutt ,  Milosch Meriac ,  Jonathan Austin

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/74 ,  G06F21/78 ,  H04L41/0859

Abstract: A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.

公开(公告)号：US20210203489A1

公开(公告)日：2021-07-01

申请号：US17057373

申请日：2019-05-01

Applicant: Arm IP Limited

Inventor： Brendan James Moran ,  Milosch Meriac

IPC: H04L9/08

Abstract: A method for securely distributing content from a distributor to a plurality of receiving devices, each recipient creating recipient trusted ephemeral public private key pair and making the recipient trusted ephemeral public key available, the method comprising: generating a content encryption key for encrypting content to be distributed and encrypting content using the content encryption key; generating, for each recipient trusted ephemeral public key, a shared secret using the recipient trusted ephemeral public key and the distributor ephemeral private key; generating a plurality of encrypted per-recipient key slots, each encrypted per-recipient key slot generated by encrypting the content encryption key using a different shared secret of the plurality of shared secrets; creating a data structure comprising the distributor ephemeral public key, the encrypted content, and one or more encrypted per-recipient key slots; and transmitting the data structure to deliver the content to recipients associated with the device public keys from which the one or more encrypted per-recipient key slots are derived.

公开(公告)号：US11003508B2

公开(公告)日：2021-05-11

申请号：US15572692

申请日：2016-04-21

Applicant: ARM IP LIMITED ,  ARM LIMITED

Inventor： Christopher Mark Paola ,  Milosch Meriac ,  Remy Pottier

IPC: G06F15/173 ,  G06F9/50 ,  H04L29/08 ,  G06F11/34

Abstract: A system provided at nodes within a network of nodes enabling the nodes to migrate activities to other nodes within its communication range to provide load balancing across the network. The other nodes having power and processing capabilities and capacity enabling them to undertake the migrated activities.

公开(公告)号：US10924934B2

公开(公告)日：2021-02-16

申请号：US16191024

申请日：2018-11-14

Applicant: Arm IP Limited

Inventor： Samuel Marc Town ,  Milosch Meriac

IPC: H04W12/12 ,  H04L29/06 ,  G06F21/57

Abstract: A method, electronic apparatus and computer program for device obfuscation in electronic networks, comprising determining at least one device type of at least one physical device operable to be at least intermittently attached to a wireless network; generating a pattern of wireless network activity associated with the at least one device type; exposing over the wireless network a plurality of non-functional messages conforming to the pattern; and operating a purported sender and receiver of each of the plurality of messages to obscure at least one of an exploitable characteristic and an exploitable state of the at least one device type with respect to the wireless network.

公开(公告)号：US10917243B2

公开(公告)日：2021-02-09

申请号：US16025142

申请日：2018-07-02

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: H04L9/32 ,  H04L9/30 ,  G06F21/57 ,  G06F21/53 ,  H04L29/06 ,  H04L29/08

Abstract: Apparatus and methods are described to provision a compute node in a plurality of compute nodes to a requestor, comprising receiving an anonymised access token from a provider of the compute nodes, requesting identities of a subset of compute nodes in the plurality of compute nodes, selecting at least one compute node in the subset of compute notes, providing the anonymised access token to a secure enclave of the selected at least one compute node, providing an anonymised identity of the requestor to the secure enclave and validating use of the anonymised identity with the access token.

公开(公告)号：US10810098B2

公开(公告)日：2020-10-20

申请号：US15749108

申请日：2016-07-29

Applicant: ARM IP Limited

Inventor： Milosch Meriac ,  Thomas Christopher Grocutt ,  Jonathan Michael Austin ,  Geraint David Luff

IPC: G06F11/30 ,  G06F11/34 ,  G06F11/07 ,  G06F21/50 ,  G06F21/56

Abstract: A first processing component samples and lossily accumulates statistical activity data by generating at least one data bucket by segmenting a memory window in a memory and providing a map of the segmented memory window; sampling to detect activity in the data bucket and surjectively populating the map with statistical activity data; and responsive to a trigger, passing at least part of a population of the map to a second processing component. The second processing component receives and stores the at least part of the population of the surjective map, compares it with at least one previously stored map population; and on detecting anomalous patterning, performs an “anomaly detected” action.

公开(公告)号：US10333938B2

公开(公告)日：2019-06-25

申请号：US15001750

申请日：2016-01-20

Applicant: ARM IP Limited ,  ARM Limited

Inventor： Remy Pottier ,  Hugo John Martin Vincent ,  Amyas Edward Wykes Phillips ,  Christopher Mark Paola ,  Milosch Meriac

IPC: H04L29/06

Abstract: A method of creating, at a permissions management resource, access permissions relating to a subject device for at least one data processing device, the method comprising: obtaining, at the permissions management resource, input data; generating, at the permissions management resource, at least one permission relating to accessing the subject device in response to the input data; transmitting, from the permissions management resource to the subject device and/or the at least one processing device, a communication comprising the at least one permission.

公开(公告)号：US20180324146A1

公开(公告)日：2018-11-08

申请号：US15770621

申请日：2016-11-08

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: H04L29/06 ,  H04W4/70 ,  H04W4/80 ,  H04L9/32

CPC classification number: H04L63/0227 ,  H04L9/3213 ,  H04L63/1441 ,  H04W4/00 ,  H04W4/70 ,  H04W4/80

Abstract: Broadly speaking, embodiments of the present technique provide apparatus, systems and methods to enable secure communication between devices. In particular, the present techniques provide an apparatus configured to monitor for a data packet transmitted between a transmitter and a receiver, determine if the data packet is permitted to be transmitted, and act on at least part of the data packet to prevent the receiver from acting on the data packet if it is not permitted to be transmitted. In other words, the present techniques provide/implement security filters in a communication channel between a transmitter and a receiver to reduce the risk that unauthorised data packets are sent to, and implemented by, the receiver device.

公开(公告)号：US10122718B2

公开(公告)日：2018-11-06

申请号：US14832428

申请日：2015-08-21

Applicant: ARM IP Limited ,  ARM Limited

Inventor： Milosch Meriac ,  Geraint Luff ,  William Allen Curtis ,  Remy Pottier

IPC: H04W12/02 ,  H04L29/06 ,  H04L29/08

Abstract: In one example, a method includes obtaining, by a data processing device, first secret data associated with a first user and corresponding to a first location of a remote resource. The method further includes generating, using the first secret data, a first uniform resource locator (URL) usable to obtain the first location, and accessing the first location using the first URL. The method further includes obtaining, in response to transfer of usage rights of the data processing device from the first user to a second user, second secret data associated with the second user and corresponding to a second location of the remote resource. The method further includes generating, using the second secret data, a second URL usable to obtain the second location, and accessing the second location using the second URL. The second location is inaccessible via the first URL. The first location is inaccessible via the second URL.

公开(公告)号：US20180039510A1

公开(公告)日：2018-02-08

申请号：US15653095

申请日：2017-07-18

Applicant: ARM IP Limited

Inventor： Milosch Meriac ,  Alessandro Angelino

IPC: G06F9/48 ,  G06F9/50

CPC classification number: G06F9/4831 ,  G06F9/461 ,  G06F9/5055

Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.