公开(公告)号：US10671730B2

公开(公告)日：2020-06-02

申请号：US15749169

申请日：2016-07-07

Applicant: ARM IP LIMITED

Inventor： Jonathan Austin ,  Milosch Meriac ,  Thomas Grocutt ,  Geraint Luff

IPC: G06F9/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/74 ,  G06F9/445 ,  G06F21/32

Abstract: A machine-implemented method is provided for securing a storage-equipped device against introduction of malicious configuration data into configuration data storage, the method comprising steps of receiving by the device, a trusted signal for modification of the configuration of the device; responsive to the receiving, placing the device into a restricted mode of operation and at least one of deactivating a service and rebooting the device; responsive to the placing the device into the restricted mode of operation and the deactivating or rebooting, permitting configuration data entry into a restricted portion of the configuration data storage. A corresponding device and computer program product are also described.

公开(公告)号：US10595207B2

公开(公告)日：2020-03-17

申请号：US15258117

申请日：2016-09-07

Applicant: ARM IP Limited ,  ARM Ltd

Inventor： Geraint Luff ,  Brendan Moran ,  Milosch Meriac ,  Manuel Pegourie-Gonnard

IPC: H04L9/32 ,  H04W12/12 ,  H04W4/70 ,  H04W12/10 ,  H04L29/06 ,  H04W4/80 ,  H04W4/06

Abstract: A method for verifying the integrity of data in a message by a data processing device, the message comprising a plurality of packets, the method comprising: receiving, at the device from a first resource, a manifest associated with the message, the manifest comprising a plurality of group check values for the plurality of packets; receiving, at the device, from the first or a different resource, the message; generating a first progression of rolling hashes for the plurality of packets; deriving group check values from the first progression of rolling hashes for groups of the plurality of packets along one or more paths; verifying the integrity of the data in the message based on or in response to a determination that the derived group check values correspond to the plurality of group check values in the manifest.

公开(公告)号：US10324516B2

公开(公告)日：2019-06-18

申请号：US15292333

申请日：2016-10-13

Applicant: ARM IP Limited

Inventor： Brendan James Moran ,  James Crosby ,  Milosch Meriac

IPC: G06F1/32 ,  G06F1/3234 ,  G06F1/3206 ,  G06F9/445

Abstract: A method for detecting and responding to a configuration setting capable of causing undesired energy consumption in a configurable electronic device comprises measuring a power state of at least one connection point of the configurable electronic device to establish a measured power state value; comparing the measured power state value with a stored power state value for the connection point; and responsive to a discrepancy between the measured power state value and the stored power state value for the connection point where the discrepancy is capable of causing undesired energy consumption, emitting a condition signal.

公开(公告)号：US10154411B2

公开(公告)日：2018-12-11

申请号：US15447729

申请日：2017-03-02

Applicant: ARM IP Limited

Inventor： Brendan James Moran ,  Milosch Meriac ,  Geraint David Luff

IPC: H04M1/66 ,  H04W12/06 ,  H04W4/02 ,  H04W12/04 ,  H04L29/06 ,  H04W4/70 ,  H04W4/80

Abstract: A machine implemented method of authenticating a communication channel between a first device and a second device by providing proof of proximity between both devices, the method comprising: generating, at the first device, an acoustic authentication signal to be received at the second device via a solid body acoustic coupling established between the first device and the second device thereby providing proof of proximity between both devices and so authenticating the communication channel between the first device and the second device.

公开(公告)号：US09887970B2

公开(公告)日：2018-02-06

申请号：US15315686

申请日：2015-05-13

Applicant: ARM IP LIMITED

Inventor： Geraint David Luff ,  Milosch Meriac

IPC: G06F7/04 ,  H04L29/06 ,  G06F17/30 ,  H04L9/14 ,  G06F21/62 ,  G06F19/00

CPC classification number: H04L9/3247 ,  G06F12/0813 ,  G06F17/3056 ,  G06F17/30887 ,  G06F19/00 ,  G06F21/6209 ,  G06F21/6245 ,  G06F2212/154 ,  G06F2212/60 ,  G06F2212/62 ,  G06F2221/2107 ,  G06F2221/2119 ,  G16H10/65 ,  G16H80/00 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/0428 ,  H04L63/067 ,  H04L63/08 ,  H04L63/101 ,  H04L63/166 ,  H04L63/168 ,  H04L67/02 ,  H04L67/2842

Abstract: A method of accessing a remote resource (4) from a data processing device (2) includes obtaining a first URL corresponding to the remote resource (4), obtaining secret data corresponding to the first URL, using the secret data to generate an obscured URL at the data processing device (2), and accessing the remote resource using the obscured URL. This allows the user of the device (2) to see a first URL which is intelligible and provides useful information about the device, without sharing that information with the network. The obscured URL identifies the actual location of the remote resource and can be an unintelligible stream of digits or letters.

公开(公告)号：US09594551B2

公开(公告)日：2017-03-14

申请号：US14735522

申请日：2015-06-10

Applicant: ARM IP LIMITED

Inventor： James Crosby ,  Hugo John Martin Vincent ,  Milosch Meriac ,  Marcus Chang

IPC: G06F9/44 ,  G06F3/06 ,  G06F9/445

CPC classification number: G06F8/654 ,  G06F3/0607 ,  G06F3/0659 ,  G06F3/0679 ,  G06F8/656 ,  G06F8/658 ,  G06F8/66

Abstract: A data processing device 2 has a processor 4 which executes software directly from non-volatile memory 6, 8. The processor 4 has a runtime component 20 which dynamically maps software element identifiers specified by the software to corresponding software elements in memory 6, 8. Mapping information 22 is used to determine which software elements identifiers correspond to which software elements. This provides a level of indirection which can be used to make software updates more efficient, by updating only parts of the software while leaving old parts of the software as they are. Updated software elements can be stored to memory and the mapping information updated to point to the new elements, while existing mappings may be retained.

Abstract translation: 数据处理设备2具有直接从非易失性存储器6,8执行软件的处理器4.处理器4具有运行时组件20，其将由软件指定的软件元素标识符动态地映射到存储器6,8中的相应软件元件。 映射信息22用于确定哪些软件元素标识符对应于哪些软件元素。 这提供了一定程度的间接，可以通过只更新软件的一部分，同时保留软件的旧部分，从而使软件更新更加高效。 更新的软件元素可以存储到内存中，映射信息更新为指向新的元素，而现有的映射可能被保留。

公开(公告)号：US20170039085A1

公开(公告)日：2017-02-09

申请号：US15304302

申请日：2015-04-20

Applicant: ARM IP LIMITED

Inventor： Milosch Meriac ,  Hugo John Martin Vincent ,  James Crosby

IPC: G06F9/455 ,  G06F9/54 ,  G06F21/60 ,  G06F21/74

CPC classification number: G06F9/45558 ,  G06F9/468 ,  G06F9/542 ,  G06F12/1441 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45587

Abstract: A data processing system operates in a plurality of modes including a first privilege mode and a second privilege mode with the first privilege mode giving rights of access that are not available in the second privilege mode. Application code executes in the second privilege mode and generates function calls to hypervisor code which executes in the first privilege mode. These function calk are to perform a secure function requiring the rights of access which are only available in the first privilege mode. Scheduling code which executes in the second privilege mode controls scheduling of both the application code and the hypervisor code. Memory protection circuitry operating with physical addresses serves to control access permissions required to access different regions within the memory address space using configuration data which is written by the hypervisor code. The hypervisor code temporarily grants access to different regions within the physical memory address space to the system in the second privilege mode as needed to support the execution of code scheduled by the scheduling code.

Abstract translation: 数据处理系统以包括第一特权模式和第二特权模式的多种模式操作，其中第一特权模式给出在第二权限模式中不可用的访问权限。 应用程序代码以第二特权模式执行，并对在第一特权模式下执行的管理程序代码生成函数调用。 这些功能calk是执行一个安全功能，需要访问的权限，只有在第一个权限模式下可用。 在第二特权模式下执行的调度代码控制应用代码和管理程序代码的调度。 使用物理地址操作的存储器保护电路用于控制使用由管理程序代码写入的配置数据来访问存储器地址空间内的不同区域所需的访问权限。 虚拟机管理程序代码根据需要临时授予访问物理内存地址空间内的不同区域到系统的第二权限模式，以支持由调度代码调度的代码的执行。

公开(公告)号：US20160212137A1

公开(公告)日：2016-07-21

申请号：US15001750

申请日：2016-01-20

Applicant: ARM IP Limited ,  ARM Ltd.

Inventor： Remy Pottier ,  Hugo John Martin Vincent ,  Amyas Edward Wykes Phillips ,  Christopher Mark Paola ,  Milosch Meriac

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0823 ,  H04L63/104

Abstract: A method of creating, at a permissions management resource, access permissions relating to a subject device for at least one data processing device, the method comprising: obtaining, at the permissions management resource, input data; generating, at the permissions management resource, at least one permission relating to accessing the subject device in response to the input data; transmitting, from the permissions management resource to the subject device and/or the at least one processing device, a communication comprising the at least one permission.

Abstract translation: 在权限管理资源上创建与至少一个数据处理设备的主题设备相关的访问许可的方法，所述方法包括：在所述许可管理资源处获取输入数据; 在所述许可管理资源处产生响应于所述输入数据访问所述主题设备的至少一个许可; 从所述许可管理资源向所述主体设备和/或所述至少一个处理设备发送包括所述至少一个许可的通信。

公开(公告)号：US12086253B2

公开(公告)日：2024-09-10

申请号：US17048744

申请日：2019-05-08

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: G06F21/57 ,  G06F9/455 ,  G06F21/64 ,  H04L9/32 ,  G06Q30/018 ,  G16H40/20 ,  G16H40/67

CPC classification number: G06F21/57 ,  G06F9/45558 ,  G06F21/64 ,  H04L9/3236 ,  H04L9/3247 ,  G06F2009/45587 ,  G06F2221/034 ,  G06Q30/018 ,  G16H40/20 ,  G16H40/67

Abstract: There is provided a data processing apparatus that includes an input policy filter that receives input data and an input provenance that relates to the input data. The filter forwards some or all of the input data and the input provenance according to at least one input policy. A processing environment receives the input data forwarded by the input policy filter and processes the input data to generate output data. A management environment produces an attestation of the processing environment and produces an output provenance based on the input provenance and the attestation. An output policy filter receives the output data and the output provenance and forwards the output data and the output provenance according to at least one output policy.

公开(公告)号：US11218321B2

公开(公告)日：2022-01-04

申请号：US15315659

申请日：2015-05-29

Applicant: ARM IP LIMITED

Inventor： Milosch Meriac ,  Geraint Luff

IPC: H04L9/32 ,  G06F21/62 ,  G06F16/25 ,  G06F16/955 ,  H04L29/08 ,  G16Z99/00 ,  H04L29/06 ,  G06F12/0813 ,  H04L9/14 ,  H04L9/30 ,  G16H10/65 ,  G16H80/00

Abstract: A method of accessing data sent between a remote resource and a data processing device, the method comprising: caching data uploaded from the remote resource or caching data sent to the remote resource at one or more intermediate network nodes between the data processing device and the remote resource; and accessing the cached data stored at the one or more intermediate network nodes.