Abstract: A method for the protection of files is performed on an integrated-circuit device that comprises a hardware memory protection module, which controls access to regions of the memory depending on region-specific settings. A new file is created in the memory by storing metadata and content data for the new file in a common memory region. An access condition is set for the common memory region in the configuration settings of the hardware memory protection module. A file is retrieved from the memory by searching the memory to identify a file meeting a search criterion. The searching involves comparing the metadata of files from the memory against the search criterion in order to identify a file from the memory that meets the search criterion.

Abstract: A method of controlling an electronic device including a memory and a removable smart card. The method involves the device sending a request for context data to the smart card. The smart card sends context data to the device in response to the request and stores this data in the memory and power to the smart card is reduced. Power to the smart card is then increased or restored, and the data is written back to the smart card.

Abstract: An electronic device comprises a processor, a memory, a memory controller for controlling access to the memory, a hardware security module, and a bus system, to which the processor, the memory controller, and the hardware security module are connected. The hardware security module uses its connection to the bus system to detect requests on the bus system that are sent by the processor. The hardware security module has a secure state and a non-secure state. When in the secure state, the hardware security module adds a secure-state signal to requests sent by the processor over the bus system. The memory controller determines whether memory-access requests include the secure-state signal, and denies access to a secure region of the memory in response to receiving memory-access requests that do not include the secure-state signal.

Abstract: An integrated-circuit radio transmitter chip comprises a transmitter, a cryptographic engine and control circuitry for the cryptographic engine. The cryptographic engine performs a cryptographic operation by receiving input data, performing a first process to generate first result data and a second process to generate second result data. The first and second result data are used to generate output data. In response to determining that the transmitter is active, the control circuity controls the cryptographic engine to perform the first process and prevents the cryptographic engine from performing the second process while the transmitter is active. The control circuitry controls the cryptographic engine to perform the second process in response to determining that the transmitter is not active.

Abstract: A cryptographic module is switchable between a key-input mode and a data-input mode. In the key-input mode, the cryptographic module receives key data, key length information and first input data, combines an amount of the key data corresponding to the key length information with the first input data to produce combined data, wherein a key-influenced length of the combined data is the shortest length of the combined data that contains every data bit of the combined data whose value depends on the key data. It performs a cryptographic operation on the combined data to generate first output data and does not output any of the first output data until after the cryptographic operation has been applied to all of the key-influenced length of the combined data.

Abstract: An electronic device comprises a processor operable at a variable processor privilege level and a memory comprising a secure memory area. A hardware module is operable at a variable module privilege level and is arranged to access the memory directly. The secure memory area is accessible by the hardware module only when the module privilege level exceeds a threshold value. The device has a first mode of operation in which said processor privilege level is higher than said threshold value and said module privilege level is lower than said threshold value. A controller is arranged, upon receiving a privilege promotion signal and the device being in the first mode, to move the device to a second mode wherein the module privilege level is higher than said threshold value.

Abstract: An electronic apparatus has a processor; a peripheral having a data interface and a data-attribute interface; a direct memory access (DMA) controller for the peripheral; a memory; a bus system connecting the processor, the DMA controller, and the memory; a data link between the DMA controller and the peripheral; and a data-attribute link between the DMA controller and the peripheral, separate from the data link. The DMA controller has data-transfer circuitry for transferring data between the memory and the data interface of the peripheral over the data link, and for transferring data-attribute information, associated with the data, between the memory and the data-attribute interface of the peripheral over the data-attribute link.

Abstract: A hardware cipher engine encrypts or decrypts a block of input data from a sequence of blocks using a cipher operation where the block of output data depends on the input block's position in the sequence. In a random-access mode of operation, the engine receives a sequence position, receives a block of input data having that position, and outputs a block of output data without outputting data that encrypts, or that decrypts, every block of input data preceding the received position. In some embodiments, the operation is a stream cipher, and the engine generates a sequence of keystream blocks and performs a combining operation between the input block and a keystream block having a corresponding sequence position. In other embodiments, the cipher operation is a block cipher, and the engine generates, but doesn't output, blocks of data that encrypt, or decrypt, one or more blocks preceding the received input block.

Abstract: A processing system is configured to process instructions in a delta file, received at an input of the processing system, to generate a target file from a source file and to regenerate the source file from the target file. The delta file comprises copy instructions and reversing data. The copy instructions instruct the processing system to include one or more copy strings from the source file in the target file. The reversing data is received as part of the delta file and is used to regenerate all of the source file that is outside the one or more copy strings. The processing system is configured to generate the target file from the source file by reading the copy strings from the source file and including them in the target file.

Abstract: A method for the protection of files is performed on an integrated-circuit device that comprises a hardware memory protection module, which controls access to regions of the memory depending on region-specific settings. A new file is created in the memory by storing metadata and content data for the new file in a common memory region. An access condition is set for the common memory region in the configuration settings of the hardware memory protection module. A file is retrieved from the memory by searching the memory to identify a file meeting a search criterion. The searching involves comparing the metadata of files from the memory against the search criterion in order to identify a file from the memory that meets the search criterion.

Abstract: An electronic device comprises a processor, a memory, a memory controller for controlling access to the memory, a hardware security module, and a bus system, to which the processor, the memory controller, and the hardware security module are connected. The hardware security module uses its connection to the bus system to detect requests on the bus system that are sent by the processor. The hardware security module has a secure state and a non-secure state. When in the secure state, the hardware security module adds a secure-state signal to requests sent by the processor over the bus system. The memory controller determines whether memory-access requests include the secure-state signal, and denies access to a secure region of the memory in response to receiving memory-access requests that do not include the secure-state signal.

Abstract: A processing system is configured to process instructions in a delta file, received at an input of the processing system, to generate a target file from a source file and to regenerate the source file from the target file. The delta file comprises copy instructions and reversing data. The copy instructions instruct the processing system to include one or more copy strings from the source file in the target file. The reversing data is received as part of the delta file and is used to regenerate all of the source file that is outside the one or more copy strings. The processing system is configured to generate the target file from the source file by reading the copy strings from the source file and including them in the target file.

Abstract: An electronic device comprises a processor operable at a variable processor privilege level and a memory comprising a secure memory area. A hardware module is operable at a variable module privilege level and is arranged to access the memory directly. The secure memory area is accessible by the hardware module only when the module privilege level exceeds a threshold value. The device has a first mode of operation in which said processor privilege level is higher than said threshold value and said module privilege level is lower than said threshold value. A controller is arranged, upon receiving a privilege promotion signal and the device being in the first mode, to move the device to a second mode wherein the module privilege level is higher than said threshold value.

Abstract: A cryptographic module is switchable between a key-input mode and a data-input mode. In the key-input mode, the cryptographic module receives key data, key length information and first input data, combines an amount of the key data corresponding to the key length information with the first input data to produce combined data, wherein a key-influenced length of the combined data is the shortest length of the combined data that contains every data bit of the combined data whose value depends on the key data. It performs a cryptographic operation on the combined data to generate first output data and does not output any of the first output data until after the cryptographic operation has been applied to all of the key-influenced length of the combined data.

Abstract: A hardware cryptographic engine comprises a direct-memory-access (DMA) input module for receiving input data over a memory bus, and a cryptographic module. The cryptographic module comprises an input register having an input-register length, and circuitry configured to perform a cryptographic operation on data in the input register. The hardware cryptographic engine further comprises an input-alignment buffer having a length that is less than twice said input-register length, and alignment circuitry performing an alignment operation on input data in the input-alignment buffer. The hardware cryptographic engine is configured to pass input data, received by the DMA input module, from the memory bus to the input register of the cryptographic module after buffering an amount of input data no greater than the length of the input-alignment buffer.

Abstract: An electronic apparatus has a processor; a peripheral having a data interface and a data-attribute interface; a direct memory access (DMA) controller for the peripheral; a memory; a bus system connecting the processor, the DMA controller, and the memory; a data link between the DMA controller and the peripheral; and a data-attribute link between the DMA controller and the peripheral, separate from the data link. The DMA controller has data-transfer circuitry for transferring data between the memory and the data interface of the peripheral over the data link, and for transferring data-attribute information, associated with the data, between the memory and the data-attribute interface of the peripheral over the data-attribute link.

Abstract: A method of controlling an electronic device including a memory and a removable smart card. The method involves the device sending a request for context data to the smart card. The smart card sends context data to the device in response to the request and stores this data in the memory and power to the smart card is reduced. Power to the smart card is then increased or restored, and the data is written back to the smart card.

Abstract: A hardware cipher engine encrypts or decrypts a block of input data from a sequence of blocks using a cipher operation where the block of output data depends on the input block's position in the sequence. In a random-access mode of operation, the engine receives a sequence position, receives a block of input data having that position, and outputs a block of output data without outputting data that encrypts, or that decrypts, every block of input data preceding the received position. In some embodiments, the operation is a stream cipher, and the engine generates a sequence of keystream blocks and performs a combining operation between the input block and a keystream block having a corresponding sequence position. In other embodiments, the cipher operation is a block cipher, and the engine generates, but doesn't output, blocks of data that encrypt, or decrypt, one or more blocks preceding the received input block.

Abstract: This invention relates to automatically establishing a connection between a testing and/or debugging interface to an integrated circuit and a connector of an apparatus, the connector being connectable to a testing and/or debugging apparatus configured to communicate with the testing and/or debugging interface via the connector in a testing and/or debugging mode of the apparatus and connectable to an accessory apparatus to be used in a normal operation mode of the apparatus, if the testing and/or debugging apparatus is connected to the connector, thereby establishing the testing and/or debugging mode of the apparatus.

Abstract: This invention relates to automatically establishing a connection between a testing and/or debugging interface to an integrated circuit and a connector of an apparatus, the connector being connectable to a testing and/or debugging apparatus configured to communicate with the testing and/or debugging interface via the connector in a testing and/or debugging mode of the apparatus and connectable to an accessory apparatus to be used in a normal operation mode of the apparatus, if the testing and/or debugging apparatus is connected to the connector, thereby establishing the testing and/or debugging mode of the apparatus.