公开(公告)号：US10732690B2

公开(公告)日：2020-08-04

申请号：US15982560

申请日：2018-05-17

Applicant: Arm IP Limited

Inventor： Niklas Lennart Hauser ,  Brendan James Moran ,  Milosch Meriac

IPC: G06F1/3206 ,  G06F1/28 ,  G06F8/65 ,  G01R31/392

Abstract: Broadly speaking, the present techniques provide methods, apparatus and systems for monitoring operation of a device. More particularly, the present techniques provide methods for monitoring operation of a device by observing state transitions which occur during the running of a device process following a firmware update, and either comparing the observed state transitions to a state transition map generated within the device or comparing the observed state transitions to a state transition model in, or associated with, the firmware update.

公开(公告)号：US10671730B2

公开(公告)日：2020-06-02

申请号：US15749169

申请日：2016-07-07

Applicant: ARM IP LIMITED

Inventor： Jonathan Austin ,  Milosch Meriac ,  Thomas Grocutt ,  Geraint Luff

IPC: G06F9/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/74 ,  G06F9/445 ,  G06F21/32

Abstract: A machine-implemented method is provided for securing a storage-equipped device against introduction of malicious configuration data into configuration data storage, the method comprising steps of receiving by the device, a trusted signal for modification of the configuration of the device; responsive to the receiving, placing the device into a restricted mode of operation and at least one of deactivating a service and rebooting the device; responsive to the placing the device into the restricted mode of operation and the deactivating or rebooting, permitting configuration data entry into a restricted portion of the configuration data storage. A corresponding device and computer program product are also described.

公开(公告)号：US10324516B2

公开(公告)日：2019-06-18

申请号：US15292333

申请日：2016-10-13

Applicant: ARM IP Limited

Inventor： Brendan James Moran ,  James Crosby ,  Milosch Meriac

IPC: G06F1/32 ,  G06F1/3234 ,  G06F1/3206 ,  G06F9/445

Abstract: A method for detecting and responding to a configuration setting capable of causing undesired energy consumption in a configurable electronic device comprises measuring a power state of at least one connection point of the configurable electronic device to establish a measured power state value; comparing the measured power state value with a stored power state value for the connection point; and responsive to a discrepancy between the measured power state value and the stored power state value for the connection point where the discrepancy is capable of causing undesired energy consumption, emitting a condition signal.

公开(公告)号：US10154411B2

公开(公告)日：2018-12-11

申请号：US15447729

申请日：2017-03-02

Applicant: ARM IP Limited

Inventor： Brendan James Moran ,  Milosch Meriac ,  Geraint David Luff

IPC: H04M1/66 ,  H04W12/06 ,  H04W4/02 ,  H04W12/04 ,  H04L29/06 ,  H04W4/70 ,  H04W4/80

Abstract: A machine implemented method of authenticating a communication channel between a first device and a second device by providing proof of proximity between both devices, the method comprising: generating, at the first device, an acoustic authentication signal to be received at the second device via a solid body acoustic coupling established between the first device and the second device thereby providing proof of proximity between both devices and so authenticating the communication channel between the first device and the second device.

公开(公告)号：US09887970B2

公开(公告)日：2018-02-06

申请号：US15315686

申请日：2015-05-13

Applicant: ARM IP LIMITED

Inventor： Geraint David Luff ,  Milosch Meriac

IPC: G06F7/04 ,  H04L29/06 ,  G06F17/30 ,  H04L9/14 ,  G06F21/62 ,  G06F19/00

CPC classification number: H04L9/3247 ,  G06F12/0813 ,  G06F17/3056 ,  G06F17/30887 ,  G06F19/00 ,  G06F21/6209 ,  G06F21/6245 ,  G06F2212/154 ,  G06F2212/60 ,  G06F2212/62 ,  G06F2221/2107 ,  G06F2221/2119 ,  G16H10/65 ,  G16H80/00 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/0428 ,  H04L63/067 ,  H04L63/08 ,  H04L63/101 ,  H04L63/166 ,  H04L63/168 ,  H04L67/02 ,  H04L67/2842

Abstract: A method of accessing a remote resource (4) from a data processing device (2) includes obtaining a first URL corresponding to the remote resource (4), obtaining secret data corresponding to the first URL, using the secret data to generate an obscured URL at the data processing device (2), and accessing the remote resource using the obscured URL. This allows the user of the device (2) to see a first URL which is intelligible and provides useful information about the device, without sharing that information with the network. The obscured URL identifies the actual location of the remote resource and can be an unintelligible stream of digits or letters.

公开(公告)号：US09594551B2

公开(公告)日：2017-03-14

申请号：US14735522

申请日：2015-06-10

Applicant: ARM IP LIMITED

Inventor： James Crosby ,  Hugo John Martin Vincent ,  Milosch Meriac ,  Marcus Chang

IPC: G06F9/44 ,  G06F3/06 ,  G06F9/445

CPC classification number: G06F8/654 ,  G06F3/0607 ,  G06F3/0659 ,  G06F3/0679 ,  G06F8/656 ,  G06F8/658 ,  G06F8/66

Abstract: A data processing device 2 has a processor 4 which executes software directly from non-volatile memory 6, 8. The processor 4 has a runtime component 20 which dynamically maps software element identifiers specified by the software to corresponding software elements in memory 6, 8. Mapping information 22 is used to determine which software elements identifiers correspond to which software elements. This provides a level of indirection which can be used to make software updates more efficient, by updating only parts of the software while leaving old parts of the software as they are. Updated software elements can be stored to memory and the mapping information updated to point to the new elements, while existing mappings may be retained.

Abstract translation: 数据处理设备2具有直接从非易失性存储器6,8执行软件的处理器4.处理器4具有运行时组件20，其将由软件指定的软件元素标识符动态地映射到存储器6,8中的相应软件元件。 映射信息22用于确定哪些软件元素标识符对应于哪些软件元素。 这提供了一定程度的间接，可以通过只更新软件的一部分，同时保留软件的旧部分，从而使软件更新更加高效。 更新的软件元素可以存储到内存中，映射信息更新为指向新的元素，而现有的映射可能被保留。

公开(公告)号：US20170039085A1

公开(公告)日：2017-02-09

申请号：US15304302

申请日：2015-04-20

Applicant: ARM IP LIMITED

Inventor： Milosch Meriac ,  Hugo John Martin Vincent ,  James Crosby

IPC: G06F9/455 ,  G06F9/54 ,  G06F21/60 ,  G06F21/74

CPC classification number: G06F9/45558 ,  G06F9/468 ,  G06F9/542 ,  G06F12/1441 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45587

Abstract: A data processing system operates in a plurality of modes including a first privilege mode and a second privilege mode with the first privilege mode giving rights of access that are not available in the second privilege mode. Application code executes in the second privilege mode and generates function calls to hypervisor code which executes in the first privilege mode. These function calk are to perform a secure function requiring the rights of access which are only available in the first privilege mode. Scheduling code which executes in the second privilege mode controls scheduling of both the application code and the hypervisor code. Memory protection circuitry operating with physical addresses serves to control access permissions required to access different regions within the memory address space using configuration data which is written by the hypervisor code. The hypervisor code temporarily grants access to different regions within the physical memory address space to the system in the second privilege mode as needed to support the execution of code scheduled by the scheduling code.

Abstract translation: 数据处理系统以包括第一特权模式和第二特权模式的多种模式操作，其中第一特权模式给出在第二权限模式中不可用的访问权限。 应用程序代码以第二特权模式执行，并对在第一特权模式下执行的管理程序代码生成函数调用。 这些功能calk是执行一个安全功能，需要访问的权限，只有在第一个权限模式下可用。 在第二特权模式下执行的调度代码控制应用代码和管理程序代码的调度。 使用物理地址操作的存储器保护电路用于控制使用由管理程序代码写入的配置数据来访问存储器地址空间内的不同区域所需的访问权限。 虚拟机管理程序代码根据需要临时授予访问物理内存地址空间内的不同区域到系统的第二权限模式，以支持由调度代码调度的代码的执行。

公开(公告)号：US12086253B2

公开(公告)日：2024-09-10

申请号：US17048744

申请日：2019-05-08

Applicant: Arm IP Limited

Inventor： Milosch Meriac

IPC: G06F21/57 ,  G06F9/455 ,  G06F21/64 ,  H04L9/32 ,  G06Q30/018 ,  G16H40/20 ,  G16H40/67

CPC classification number: G06F21/57 ,  G06F9/45558 ,  G06F21/64 ,  H04L9/3236 ,  H04L9/3247 ,  G06F2009/45587 ,  G06F2221/034 ,  G06Q30/018 ,  G16H40/20 ,  G16H40/67

Abstract: There is provided a data processing apparatus that includes an input policy filter that receives input data and an input provenance that relates to the input data. The filter forwards some or all of the input data and the input provenance according to at least one input policy. A processing environment receives the input data forwarded by the input policy filter and processes the input data to generate output data. A management environment produces an attestation of the processing environment and produces an output provenance based on the input provenance and the attestation. An output policy filter receives the output data and the output provenance and forwards the output data and the output provenance according to at least one output policy.

公开(公告)号：US11218321B2

公开(公告)日：2022-01-04

申请号：US15315659

申请日：2015-05-29

Applicant: ARM IP LIMITED

Inventor： Milosch Meriac ,  Geraint Luff

IPC: H04L9/32 ,  G06F21/62 ,  G06F16/25 ,  G06F16/955 ,  H04L29/08 ,  G16Z99/00 ,  H04L29/06 ,  G06F12/0813 ,  H04L9/14 ,  H04L9/30 ,  G16H10/65 ,  G16H80/00

Abstract: A method of accessing data sent between a remote resource and a data processing device, the method comprising: caching data uploaded from the remote resource or caching data sent to the remote resource at one or more intermediate network nodes between the data processing device and the remote resource; and accessing the cached data stored at the one or more intermediate network nodes.

公开(公告)号：US11061581B2

公开(公告)日：2021-07-13

申请号：US15771250

申请日：2015-12-23

Applicant: ARM IP LIMITED

Inventor： Marcus Chang ,  Hugo John Martin Vincent ,  Milosch Meriac

IPC: G06F3/06 ,  H03M7/30 ,  G06F12/1081

Abstract: Technology for operating a data-source device for assembling a data stream compliant with a data stream constraint. The technology comprises acquiring a plurality of data items by accessing data in a memory and/or transforming data. Prior to completion of the accessing data in a memory, an accessor is selected based on an estimate of access constraint. Prior to completion of the transforming data, a transformer is selected based on an estimate of transformation constraint, wherein the transportation constraint comprises any data acquisition constraint. The access and transformation constraints are dependent upon system state it the data-source system. The data items are positioned in the data stream, and, responsive to achieving compliance with the data stream constraint, the data strewn is communicated.