公开(公告)号：US10917243B2

公开(公告)日：2021-02-09

申请号：US16025142

申请日：2018-07-02

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: H04L9/32 ,  H04L9/30 ,  G06F21/57 ,  G06F21/53 ,  H04L29/06 ,  H04L29/08

Abstract: Apparatus and methods are described to provision a compute node in a plurality of compute nodes to a requestor, comprising receiving an anonymised access token from a provider of the compute nodes, requesting identities of a subset of compute nodes in the plurality of compute nodes, selecting at least one compute node in the subset of compute notes, providing the anonymised access token to a secure enclave of the selected at least one compute node, providing an anonymised identity of the requestor to the secure enclave and validating use of the anonymised identity with the access token.

公开(公告)号：US10810098B2

公开(公告)日：2020-10-20

申请号：US15749108

申请日：2016-07-29

Applicant: ARM IP Limited

Inventor： Milosch Meriac ,  Thomas Christopher Grocutt ,  Jonathan Michael Austin ,  Geraint David Luff

IPC: G06F11/30 ,  G06F11/34 ,  G06F11/07 ,  G06F21/50 ,  G06F21/56

Abstract: A first processing component samples and lossily accumulates statistical activity data by generating at least one data bucket by segmenting a memory window in a memory and providing a map of the segmented memory window; sampling to detect activity in the data bucket and surjectively populating the map with statistical activity data; and responsive to a trigger, passing at least part of a population of the map to a second processing component. The second processing component receives and stores the at least part of the population of the surjective map, compares it with at least one previously stored map population; and on detecting anomalous patterning, performs an “anomaly detected” action.

公开(公告)号：US20180324146A1

公开(公告)日：2018-11-08

申请号：US15770621

申请日：2016-11-08

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: H04L29/06 ,  H04W4/70 ,  H04W4/80 ,  H04L9/32

CPC classification number: H04L63/0227 ,  H04L9/3213 ,  H04L63/1441 ,  H04W4/00 ,  H04W4/70 ,  H04W4/80

Abstract: Broadly speaking, embodiments of the present technique provide apparatus, systems and methods to enable secure communication between devices. In particular, the present techniques provide an apparatus configured to monitor for a data packet transmitted between a transmitter and a receiver, determine if the data packet is permitted to be transmitted, and act on at least part of the data packet to prevent the receiver from acting on the data packet if it is not permitted to be transmitted. In other words, the present techniques provide/implement security filters in a communication channel between a transmitter and a receiver to reduce the risk that unauthorised data packets are sent to, and implemented by, the receiver device.

公开(公告)号：US20180039510A1

公开(公告)日：2018-02-08

申请号：US15653095

申请日：2017-07-18

Applicant: ARM IP Limited

Inventor： Milosch Meriac ,  Alessandro Angelino

IPC: G06F9/48 ,  G06F9/50

CPC classification number: G06F9/4831 ,  G06F9/461 ,  G06F9/5055

Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.

公开(公告)号：US11194899B2

公开(公告)日：2021-12-07

申请号：US15578387

申请日：2016-05-31

Applicant: Arm IP Limited

Inventor： Alessandro Angelino ,  Milosch Meriac

IPC: G06F21/54 ,  G06F21/74 ,  G06F21/78 ,  G06F21/79 ,  G06F21/51 ,  G06F21/70 ,  G06F21/52 ,  G06F21/50 ,  G06F21/71 ,  G06F8/61 ,  G06F9/455 ,  G06F8/654 ,  G06F21/57

Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.

公开(公告)号：US20210266308A1

公开(公告)日：2021-08-26

申请号：US17255087

申请日：2019-05-24

Applicant: Arm IP Limited

Inventor： Robert George Taylor ,  Brendan James Moran ,  Milosch Meriac ,  Geraint David Luff

IPC: H04L29/06 ,  H04L9/32

Abstract: Methods for delivering an authenticatable management activity to a group of remote devices in a networked computing environment is described herein. An authenticatable management activity may be any activity which requires internal state changes to be made at a remote device, such as software or firmware updates, system configuration operations, access control list update operations, file transfer operations, changes to user data etc., and which requires an operators approval of the activity before being performed. In addition to an operators approval of the activity, the management activity is required to be signed by an operator, such that the operator authorising the management activity is authenticated.

公开(公告)号：US10956577B2

公开(公告)日：2021-03-23

申请号：US16113241

申请日：2018-08-27

Applicant: Arm IP Limited

Inventor： Alessandro Angelino ,  Milosch Meriac ,  Brendan James Moran

IPC: G06F21/57 ,  G06F21/52 ,  G06F8/65

Abstract: An apparatus and methods are provided to defending device against attacks. When it is determined that a device is under attack, a determination is made as to whether a layout of objects within said at least one resource at said device is protecting said device against said attack. The determination is then transferred to a remote server together with a layout of the resource at the device. When it is determined that the layout of objects within the at least one resource at the device is not protecting the device against the attack, then the layout of the at least one resource is changed. Either the remote server or the device may determine whether to change the layout in response to the attack.

公开(公告)号：US10514903B2

公开(公告)日：2019-12-24

申请号：US15409833

申请日：2017-01-19

Applicant: ARM IP LIMITED

Inventor： James Crosby ,  Hugo John Martin Vincent ,  Milosch Meriac ,  Marcus Chang

IPC: G06F8/654 ,  G06F3/06 ,  G06F8/65 ,  G06F8/656 ,  G06F8/658

Abstract: A data processing device has a processor which executes software directly from non-volatile memory. The processor has a runtime component which dynamically maps software element identifiers specified by the software to corresponding software elements in memory. Mapping information is used to determine which software elements identifiers correspond to which software elements. This provides a level of indirection which can be used to make software updates more efficient, by updating only parts of the software while leaving old parts of the software as they are. Updated software elements can be stored to memory and the mapping information updated to point to the new elements, while existing mappings may be retained.

公开(公告)号：US10459716B2

公开(公告)日：2019-10-29

申请号：US15756129

申请日：2016-08-23

Applicant: Arm IP Limited

Inventor： Brendan Moran ,  Milosch Meriac

IPC: G06F8/65 ,  G06F9/46

Abstract: A machine-implemented method or data processing component for controlling the processing of digital content from plural sources by at least one data processing device comprises receiving at least two digital content manifests at the data processing device; receiving at least one digital content payload at the data processing device; and responsive to the at least two digital content manifests, performing an atomic action using the at least one digital content payload.

公开(公告)号：US20190159035A1

公开(公告)日：2019-05-23

申请号：US16191024

申请日：2018-11-14

Applicant: Arm IP Limited

Inventor： Samuel Marc Town ,  Milosch Meriac

IPC: H04W12/12

Abstract: A method, electronic apparatus and computer program for device obfuscation in electronic networks, comprising determining at least one device type of at least one physical device operable to be at least intermittently attached to a wireless network; generating a pattern of wireless network activity associated with the at least one device type; exposing over the wireless network a plurality of non-functional messages conforming to the pattern; and operating a purported sender and receiver of each of the plurality of messages to obscure at least one of an exploitable characteristic and an exploitable state of the at least one device type with respect to the wireless network.