Abstract: Aspects of the present disclosure relate to an apparatus comprising TEE circuitry configured to maintain a list of trusted devices, and interface circuitry to provide communication between the TEE of the apparatus and TEE circuitry of a device communicatively coupled to the apparatus. The TEE circuitry of the apparatus is configured to perform, with the TEE circuitry of the device, a remote attestation in respect of the TEE circuitry of the device. Responsive to a positive outcome of the remote attestation, the device is added to the list of trusted devices. The TEE of the apparatus receives, from the TEE circuitry of the device, an indication of one or more further devices which are trusted by the device, and adds said one or more further devices to the list of trusted devices.

Abstract: A data processing system is provided, which comprises receiving circuitry for receiving, from a requester, a request to use decrypted data obtained by decrypting encrypted data. Trusted execution circuitry provides a trusted execution environment. The trusted execution circuitry is configured to: securely store a policy, acquire a key within the trusted execution environment, where the key is associated with the decrypted or encrypted data, and respond to the request based on the policy and one or more characteristics of the requester.

Abstract: Examples of the present disclosure relate to an apparatus comprising interface circuitry to interface with one or more peripheral devices, processing circuitry to execute software to communicate with a given peripheral device of the one or more peripheral devices, trusted execution environment circuitry communicatively coupled to the interface circuitry and the processing circuitry. The trusted execution circuitry is configured to: receive a transmission from one of the processing circuitry and the given peripheral device to the other one of the processing circuitry and the given peripheral device; and apply a control policy in respect of the received transmission and, based on the control policy, determine whether to forward the received transmission to said other one of the processing circuitry and the given peripheral device.

Abstract: There is provided a network node coordinator system. Communication circuitry communicates, via a network, with one or more network nodes. Receive circuitry receives a global policy that describes a security policy to be applied across the network. Policy processing circuitry specialises the global policy and produces, for each of the one or more network nodes, an associated local policy specific to that network node. Transmit circuitry transmits, to each of the one or more network nodes, the associated local policy specific to that network node.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device.

Abstract: An apparatus comprises a write buffer to buffer store requests issued by the processing circuitry, prior to the store data being written to at least one cache. Draining circuitry detects a draining trigger event having potential to cause loss of state stored in the at least one cache. In response to the draining trigger event, the draining circuitry performs a draining operation to identify whether the write buffer buffers any committed store requests requiring persistence, and when the write buffer buffers at least one committed store request requiring persistence, to cause the store data associated with the at least one committed store request to be written to persistent memory. This helps to eliminate barrier instructions from software, simplifying persistent programming and improving performance.

Abstract: Systems, methods, and hardware devices for routing traffic between first and second electronic devices are arranged such that anonymities of the first and second electronic devices are maintained. This includes coupling the first and second electronic devices to a network having a plurality of routers, each of which includes a trusted execution environment (TEE) circuit. Each TEE includes a secure routing protocol, a routing table, and an attestation circuitry. Cryptographically secured channels are formed between pairs of the routers that terminate at the TEE. Each of routers executes an attestation procedure, and an ad hoc path is generated within the network based upon the secure routing protocol, the routing table, and the attestation procedure, wherein the ad hoc path includes a subset of the plurality of routers of the network. Traffic is routed between the first electronic device and the second electronic device via the ad hoc path.

Abstract: A data processing system is provided, which comprises receiving circuitry for receiving, from a requester, a request to use decrypted data obtained by decrypting encrypted data. Trusted execution circuitry provides a trusted execution environment. The trusted execution circuitry is configured to: securely store a policy, acquire a key within the trusted execution environment, where the key is associated with the decrypted or encrypted data, and respond to the request based on the policy and one or more characteristics of the requester.

Abstract: Systems, methods, and hardware devices for routing traffic between first and second electronic devices are arranged such that anonymities of the first and second electronic devices are maintained. This includes coupling the first and second electronic devices to a network having a plurality of routers, each of which includes a trusted execution environment (TEE) circuit. Each TEE includes a secure routing protocol, a routing table, and an attestation circuitry. Cryptographically secured channels are formed between pairs of the routers that terminate at the TEE. Each of routers executes an attestation procedure, and an ad hoc path is generated within the network based upon the secure routing protocol, the routing table, and the attestation procedure, wherein the ad hoc path includes a subset of the plurality of routers of the network. Traffic is routed between the first electronic device and the second electronic device via the ad hoc path.

Abstract: An apparatus comprises a write buffer to buffer store requests issued by the processing circuitry, prior to the store data being written to at least one cache. Draining circuitry detects a draining trigger event having potential to cause loss of state stored in the at least one cache. In response to the draining trigger event, the draining circuitry performs a draining operation to identify whether the write buffer buffers any committed store requests requiring persistence, and when the write buffer buffers at least one committed store request requiring persistence, to cause the store data associated with the at least one committed store request to be written to persistent memory. This helps to eliminate barrier instructions from software, simplifying persistent programming and improving performance.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device.