Abstract: A method of generating a shortcut certificate for authenticating a user digital certificate generated by an issuing certification authority; the method comprising: authenticating the digital certificate of the issuing certification authority; creating the shortcut certificate for the digital certificate of the issuing certification authority when the digital certificate of the issuing certification authority is authenticated; wherein the shortcut certificate comprises a signed entry of an authentication of the issuing certification authority.

Abstract: Examples of the present disclosure relate to a method for anomaly response in a system on chip. The method comprises measuring a magnitude of a transient anomaly event in an operating condition of the system on chip. Based on the magnitude it is determined, for each of a plurality of components of the system on chip, an indication of susceptibility of that component to an anomaly event of the measured magnitude. Based on the determined indications of susceptibility for each of the plurality of components, an anomaly response action is determined. The method then comprises performing the anomaly response action.

Abstract: A data processing device has a processor which executes software directly from non-volatile memory. The processor has a runtime component which dynamically maps software element identifiers specified by the software to corresponding software elements in memory. Mapping information is used to determine which software elements identifiers correspond to which software elements. This provides a level of indirection which can be used to make software updates more efficient, by updating only parts of the software while leaving old parts of the software as they are. Updated software elements can be stored to memory and the mapping information updated to point to the new elements, while existing mappings may be retained.

Abstract: A method of creating, at a permissions management resource, access permissions relating to a subject device for at least one data processing device, the method comprising: obtaining, at the permissions management resource, input data; generating, at the permissions management resource, at least one permission relating to accessing the subject device in response to the input data; transmitting, from the permissions management resource to the subject device and/or the at least one processing device, a communication comprising the at least one permission.

Abstract: The present techniques generally relate to a method of monitoring for a fault event in a lockstep processing system having a plurality of cores configured to operate in lockstep, the method having: power gating, for a period of time, a subset of cores of the plurality of cores from a first power source and providing power to the subset of cores from a second power source for the period of time; processing, at each of the cores of the plurality of cores, one or more instructions; providing an output from each core of the plurality of cores to error detection circuitry to monitor for the fault event, the output from each core based on or in response to processing the one or more instructions during the period of time.

Abstract: Broadly speaking, the present techniques provide methods, apparatus and systems for monitoring operation of a device. More particularly, the present techniques provide methods for monitoring operation of a device by observing state transitions which occur during the running of a device process following a firmware update, and either comparing the observed state transitions to a state transition map generated within the device or comparing the observed state transitions to a state transition model in, or associated with, the firmware update.

Abstract: Broadly speaking, the present techniques provide methods, apparatus and systems for monitoring operation of a device. More particularly, the present techniques provide methods for monitoring operation of a device based on a device firmware update that is associated with at least one power profile.

Abstract: A method for controlling communications between a data processing device in a first network and a target service in a second network via a gateway apparatus, the method comprising: transmitting a request to communicate with the target service from the data processing device to the gateway apparatus; transmitting device credentials from the data processing device to the gateway apparatus, wherein the credentials comprise information relating to the target service; verifying at the gateway apparatus an authentication status of the data processing device based on the device credentials; establishing a communication path between the data processing device and the target service if the authentication status is verified.

Abstract: A machine-implemented method or data processing component for controlling the processing of digital content from plural sources by at least one data processing device comprises receiving at least two digital content manifests at the data processing device; receiving at least one digital content payload at the data processing device; and responsive to the at least two digital content manifests, performing an atomic action using the at least one digital content payload.

Abstract: A method for controlling communications between a data processing device in a first network and a target service in a second network via a gateway apparatus, the method comprising: transmitting a request to communicate with the target service from the data processing device to the gateway apparatus; transmitting device credentials from the data processing device to the gateway apparatus, wherein the credentials comprise information relating to the target service; verifying at the gateway apparatus an authentication status of the data processing device based on the device credentials; establishing a communication path between the data processing device and the target service if the authentication status is verified.

Abstract: A technology for mutually isolating accessors of a shared electronic device from leakage of context data after a context switch comprises: on making the shared electronic device available to the plurality of accessors, establishing a portion of storage as an indicator location for the shared electronic device; when a first accessor requests use of the shared electronic device, writing at least one device-reset-required indicator to the indicator location; on switching context to a new context, after context save, when a second accessor requests use of the shared electronic device, resetting context data of the shared electronic device to a known state and reconciling the first device-reset-required indicator and a second device-reset-required indicator for the new context.

Abstract: A machine implemented method for prioritizing system interrupts in a processing system is provided. The method comprising: determining, at a supervisor module, for each interrupt, a relative interrupt priority in accordance with at least one interrupt parameter for said interrupt; prioritising, at said supervisor module, each said interrupt with respect to other interrupts of said system in compliance with said determined relative interrupt priority; and in response to a change to said at least one interrupt parameter during operation of said system, adjusting said determined relative interrupt priority, and re-prioritising each said interrupt with respect to said other interrupts of said system in compliance with said adjusted relative interrupt priority.

Abstract: A method of creating, at a permissions management resource, access permissions relating to a subject device for at least one data processing device, the method comprising: obtaining, at the permissions management resource, input data; generating, at the permissions management resource, at least one permission relating to accessing the subject device in response to the input data; transmitting, from the permissions management resource to the subject device and/or the at least one processing device, a communication comprising the at least one permission.

Abstract: A method for detecting and responding to a configuration setting capable of causing undesired energy consumption in a configurable electronic device comprises measuring a power state of at least one connection point of the configurable electronic device to establish a measured power state value; comparing the measured power state value with a stored power state value for the connection point; and responsive to a discrepancy between the measured power state value and the stored power state value for the connection point where the discrepancy is capable of causing undesired energy consumption, emitting a condition signal.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

Abstract: A method, electronic apparatus and computer program for device obfuscation in electronic networks, comprising determining at least one device type of at least one physical device operable to be at least intermittently attached to a wireless network; generating a pattern of wireless network activity associated with the at least one device type; exposing over the wireless network a plurality of non-functional messages conforming to the pattern; and operating a purported sender and receiver of each of the plurality of messages to obscure at least one of an exploitable characteristic and an exploitable state of the at least one device type with respect to the wireless network.

Abstract: A method of accessing a remote resource (4) from a data processing device (2) includes obtaining a first URL corresponding to the remote resource (4), obtaining secret data corresponding to the first URL, using the secret data to generate an obscured URL at the data processing device (2), and accessing the remote resource using the obscured URL. This allows the user of the device (2) to see a first URL which is intelligible and provides useful information about the device, without sharing that information with the network. The obscured URL identifies the actual location of the remote resource and can be an unintelligible stream of digits or letters.

Abstract: There is described a method, data processing apparatus and computer program product for initializing storage protection, the storage protection for enforcing access permission for a region of storage configured in a layout of regions according to at least one security constraint, the method comprising: receiving a set of storage requirements; generating a layout whereby the layout comprises a combination of storage regions that accommodate the storage requirements within the at least one security constraint; and configuring the storage protection according to the generated layout, wherein generating a layout comprises: calculating, for each storage requirement, a list of all storage regions that could accommodate the storage requirement within the at least one security constraint; selecting and testing combinations of storage regions until a selected combination accommodates the storage requirements within the at least one security constraint; and providing the accommodated combination of storage regions as a

Abstract: An apparatus and methods are provided to defending device against attacks. When it is determined that a device is under attack, a determination is made as to whether a layout of objects within said at least one resource at said device is protecting said device against said attack. The determination is then transferred to a remote server together with a layout of the resource at the device. When it is determined that the layout of objects within the at least one resource at the device is not protecting the device against the attack, then the layout of the at least one resource is changed. Either the remote server or the device may determine whether to change the layout in response to the attack.

Abstract: In one example, a method includes obtaining, by a data processing device, first secret data associated with a first user and corresponding to a first location of a remote resource. The method further includes generating, using the first secret data, a first uniform resource locator (URL) usable to obtain the first location, and accessing the first location using the first URL. The method further includes obtaining, in response to transfer of usage rights of the data processing device from the first user to a second user, second secret data associated with the second user and corresponding to a second location of the remote resource. The method further includes generating, using the second secret data, a second URL usable to obtain the second location, and accessing the second location using the second URL. The second location is inaccessible via the first URL. The first location is inaccessible via the second URL.