Patents by Inventor Roberto Avanzi

Roberto Avanzi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220014379
    Abstract: Apparatuses and method are disclosed for protecting the integrity of data stored in a protected area of memory. Data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs.
    Type: Application
    Filed: July 10, 2020
    Publication date: January 13, 2022
    Inventors: Roberto AVANZI, Andreas Lars SANDBERG, Michael Andrew CAMPBELL, Matthias Lothar BOETTCHER, Prakash S. RAMRAKHYANI
  • Patent number: 11216592
    Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: January 4, 2022
    Inventors: Roberto Avanzi, Darren Lasko
  • Publication number: 20210370251
    Abstract: A machine to automatically dispense at least one fluid product, in particular a liquid dye, comprising support members configured to support one or more dispensing units each having a tank, in which said fluid product to be dispensed is contained, a dispensing nozzle and a pumping member, configured to selectively convey a desired quantity of the fluid product from the tank to the dispensing nozzle and from the latter to an external container. Rapid attachment means, drivable by an actuation element, which can also be possibly driven manually, are present to allow the easy and simple positioning of each dispensing unit on the support means and the equally easy and simple removal of each dispensing unit from the support members.
    Type: Application
    Filed: August 12, 2021
    Publication date: December 2, 2021
    Applicant: Corob S.P.A.
    Inventors: Andrea Alvisi, Roberto Avanzi
  • Publication number: 20210311640
    Abstract: An apparatus (4) comprises memory access circuitry (12) to control access to data stored in a memory; and memory integrity checking circuitry (20) to verify integrity of data stored in the memory, using an integrity tree (26) in which the association between parent and child nodes is provided by a pointer. This helps to reduce the memory footprint of the tree.
    Type: Application
    Filed: October 17, 2019
    Publication date: October 7, 2021
    Inventors: Yuval ELAD, Roberto AVANZI, Jason PARKER
  • Patent number: 10767638
    Abstract: A piston pump is disclosed suitable to be installed on machines for dispensing fluid products, comprising a jacket, a piston device mobile with alternate motion inside said jacket and comprising a rod and a head. The pump also comprises a pipe for fluids to enter and a pipe for fluids to exit, said pipes being disposed on the same side of the jacket and on opposite sides with respect to the piston device.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: September 8, 2020
    Assignee: Corob S.p.A.
    Inventor: Roberto Avanzi
  • Patent number: 10733313
    Abstract: A counter integrity tree for memory security includes at least one split-counter node specifying at least two counters each defined as a combination of a major count value shared between the at least two counters and a respective minor count value specified separately for each of the at least two counters. This increases the number of child nodes which can be provided per parent node of the tree, and hence reduces the number of tree levels that have to be traversed in a tree covering a given size of memory region. The minor counter size can be varied dynamically by allocating nodes in a mirror counter integrity tree for accommodating larger minor counters which do not fit in the corresponding node of the main counter integrity tree.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: August 4, 2020
    Assignee: Arm Limited
    Inventors: Prakash S. Ramrakhyani, Roberto Avanzi, Wendy Arnott Elsasser
  • Publication number: 20200042746
    Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.
    Type: Application
    Filed: August 2, 2018
    Publication date: February 6, 2020
    Inventors: Roberto AVANZI, Darren LASKO
  • Publication number: 20190384725
    Abstract: A method, apparatus, and system for storing memory encryption realm key IDs is disclosed. A method comprises accessing a memory ownership table with a physical address to determine a realm ID associated with the physical address, accessing a key ID association structure with the realm ID to determine a realm key IS associated with the realm ID, and initiating a memory transaction based on the realm key ID. Once retrieved, the realm key ID may be stored in a translation lookaside buffer.
    Type: Application
    Filed: August 21, 2019
    Publication date: December 19, 2019
    Inventors: Darren LASKO, Roberto AVANZI, Thomas Philip SPEIER, Harb ABDULHAMID, Vikramjit SETHI
  • Publication number: 20190251275
    Abstract: A counter integrity tree for memory security includes at least one split-counter node specifying at least two counters each defined as a combination of a major count value shared between the at least two counters and a respective minor count value specified separately for each of the at least two counters. This increases the number of child nodes which can be provided per parent node of the tree, and hence reduces the number of tree levels that have to be traversed in a tree covering a given size of memory region. The minor counter size can be varied dynamically by allocating nodes in a mirror counter integrity tree for accommodating larger minor counters which do not fit in the corresponding node of the main counter integrity tree.
    Type: Application
    Filed: February 9, 2018
    Publication date: August 15, 2019
    Applicant: Arm Limited
    Inventors: Prakash S. Ramrakhyani, Roberto Avanzi, Wendy Arnott Elsasser
  • Publication number: 20190215160
    Abstract: Embodiments of the disclosure include systems and methods for storage of a first plurality of cryptographic keys associated with a first plurality of corresponding Protected Software Environments (PSEs) supervised by a PSE-management software running on a computer system and configured to supervise a superset of the plurality of PSEs. The computer system stores currently unused keys of the superset in a relatively cheap, large, and slow memory and caches the keys of the first plurality in a relatively fast, small, and expensive memory. In one embodiment, in a computer system having a first processor, a first memory controller, and a first RAM, the first memory controller has a memory cryptography circuit connected between the first processor and the first RAM, the memory cryptography circuit has a keystore and a first cryptographic engine, and the keystore is configured to store a first plurality of cryptographic keys accessible by a cryptographic-key identification.
    Type: Application
    Filed: January 9, 2018
    Publication date: July 11, 2019
    Inventors: Darren LASKO, Roberto Avanzi, Thomas Speier, Harb Abdulhamid, Vikramjit Sethi
  • Publication number: 20190196984
    Abstract: In certain aspects of the disclosure, an apparatus, comprises a first memory having a plurality of bits. Each bit of the plurality of bits of the first memory is associated with a region of a second memory, and each bit indicates whether the associated region of the second memory is to be integrity-protected. The first memory further stores a first minimum set of data necessary for integrity protection (MSD) of an associated first integrity protection tree when a first bit of the plurality of bits is set to a value indicating that the first associated region of the second memory is to be integrity-protected. Regions of the second memory that are integrity-protected may be non-contiguous, and may be adjusted during run-time.
    Type: Application
    Filed: December 27, 2017
    Publication date: June 27, 2019
    Inventors: Darren LASKO, Roberto Avanzi
  • Patent number: 10235303
    Abstract: Techniques for protecting software in a computing device are provided. A method according to these techniques includes receiving a request from a non-secure software module to execute an instruction of a secure software module comprising encrypted program code, determining whether the instruction comprises an instruction associated with a controlled point of entry to the secure software module accessible outside of the secure software module, executing one or more instructions of the secure software module responsive to the instruction comprising an instruction associated with the controlled point of entry to the secure software module, and controlling exit from the secure software module to return execution to the non-secure software module.
    Type: Grant
    Filed: August 9, 2016
    Date of Patent: March 19, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: David Hartley, Roberto Avanzi, Rosario Cammarota
  • Patent number: 10223289
    Abstract: In an aspect, a cache memory device receives a request to read an instruction or data associated with a memory device. The request includes a first realm identifier and a realm indicator bit, where the first realm identifier enables identification of a realm that includes one or more selected regions in the memory device. The cache memory device determines whether the first realm identifier matches a second realm identifier in a cache tag when the instruction or data is stored in the cache memory device, where the instruction or data stored in the cache memory device has been decrypted based on an ephemeral encryption key associated with the second realm identifier when the first realm identifier indicates the realm and when the realm indicator bit is enabled. The cache memory device transmits the instruction or data when the first realm identifier matches the second realm identifier.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: March 5, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, David Hartley, Rosario Cammarota
  • Patent number: 10142303
    Abstract: In an aspect, a method for protecting software includes obtaining a payload including at least one of instructions or data, establishing a realm in a memory device, encrypting the payload based on an ephemeral encryption key (EEK) associated with the realm, and storing the encrypted payload in the realm of the memory device. In another aspect, a method for protecting software includes receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier (RID) and a realm indicator bit, obtaining the EEK associated with the RID when the RID indicates the realm and when the realm indicator bit is enabled, decrypting an instruction and/or data retrieved from the realm based on the EEK when the memory transaction is a read transaction, and encrypting second data for storage in the realm based on the EEK when the memory transaction is a write transaction.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: November 27, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, David Hartley, Rosario Cammarota
  • Patent number: 10102375
    Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: October 16, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Rosario Cammarota, Roberto Avanzi, Ramesh Chandra Chauhan, Harold Wade Cain, III, Darren Lasko
  • Patent number: 10027640
    Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: July 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, Rosario Cammarota, Ron Keidar
  • Patent number: 9949115
    Abstract: Various features pertain to embedded key generation and provisioning systems, such as systems installed within smartphones for generating public-key/private-key pairs for use in encryption/decryption and digital signature generation. In some examples, an embedded system is provided that generates two public-key/private-key pairs—one for encryption/decryption and the other for signing/verification—where the two public-key/private-key pairs share a common modulus but are otherwise distinct or uncorrelated. This allows the two key pairs to be generated more efficiently than if two entirely separate key pairs were generated and yet, at least in the context of embedded systems, satisfactory integrity and confidentiality is achieved.
    Type: Grant
    Filed: February 6, 2015
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventor: Roberto Avanzi
  • Patent number: 9897651
    Abstract: Various aspects include a clock monitoring unit/component that is configured to repeatedly/continuously monitor a clock with the speed required to support automobile automation systems without the use of a reference clock. The clock monitoring unit/component may be configured to identify, report, and/or respond to variations or abnormalities in the monitored clock, and initiate an action to prevent the variation from causing or resulting in a failure or a vulnerability to attack. The clock monitoring unit/component in the various aspects may be configured, organized, or arranged to operate so that the circuit is immune or resistant to manipulation, modification, tampering, hacks, and other attacks.
    Type: Grant
    Filed: March 3, 2016
    Date of Patent: February 20, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Virendra Bansal, Rahul Gulati, Palkesh Jain, Roberto Avanzi
  • Publication number: 20180046808
    Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.
    Type: Application
    Filed: August 11, 2016
    Publication date: February 15, 2018
    Inventors: Rosario CAMMAROTA, Roberto AVANZI, Ramesh Chandra CHAUHAN, Harold Wade CAIN, III, Darren LASKO
  • Publication number: 20180003164
    Abstract: A piston pump is disclosed suitable to be installed on machines for dispensing fluid products, comprising a jacket, a piston device mobile with alternate motion inside said jacket and comprising a rod and a head. The pump also comprises a pipe for fluids to enter and a pipe for fluids to exit, said pipes being disposed on the same side of the jacket and on opposite sides with respect to the piston device.
    Type: Application
    Filed: January 28, 2016
    Publication date: January 4, 2018
    Inventor: Roberto Avanzi