Patents by Inventor Roberto Avanzi
Roberto Avanzi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12124711Abstract: Apparatus, methods, and software for protecting a plurality of memory locations are disclosed. Logical addresses are translated into physical addresses in dependence on one of a first translation function and a second translation function. A transitional logical address and an associated transitional value are locally held in circuitry which applies the translation functions. A remapping of first to second translation function usage is performed by determining a new transitional physical address by applying the second translation function to the transitional logical address; determining a new transitional logical address by applying an inverse of the first translation function to the new transitional physical address; retrieving a new transitional value using the new transitional physical address; storing the old transitional value to the memory location indicated by the new transitional physical address; and locally storing the new transitional value.Type: GrantFiled: September 14, 2022Date of Patent: October 22, 2024Assignee: Arm LimitedInventor: Roberto Avanzi
-
Publication number: 20240346155Abstract: Apparatuses and methods for memory protection are disclosed. A memory protection apparatus is interposed between a system cache and a memory system. The apparatus comprises encryption circuitry, which encrypts data item in dependence on encryption metadata and decrypts encrypted data items in dependence on the encryption metadata. In response to a change in a metadata item of the encryption metadata, when no cached copy of an affected data item is currently in the system cache, the affected data item is retrieved from the memory system, re-encrypted using the updated metadata item and returned to the memory system. When there is a cached copy, in dependence on update control data, the copy is retrieved from the system cache, encrypted using the updated metadata item and written out to the memory system.Type: ApplicationFiled: April 12, 2023Publication date: October 17, 2024Inventors: Roberto AVANZI, Andreas Lars SANDBERG, Ionut Alexandru MIHALCEA, David Helmut SCHALL, Alexander KLIMOV
-
Patent number: 12073104Abstract: There is provided a memory protection unit configured to maintain region metadata associated with storage regions of off-chip storage and protection metadata associated with each of the storage regions. The protection metadata is stored in the off-chip storage, and the region metadata encodes whether each of the storage regions belongs to a set of protected storage regions or to a set of unprotected storage regions and encodes information indicating corresponding protection metadata associated with each storage region. The memory protection unit is configured to update the region metadata in response to a region update request identifying a given storage region for which the region metadata is to be modified and to dynamically adjust an amount of memory required to store protection metadata associated with the set of protected storage regions in response to the update to the region metadata.Type: GrantFiled: April 13, 2023Date of Patent: August 27, 2024Assignee: Arm LimitedInventors: Roberto Avanzi, Andreas Lars Sandberg, David Helmut Schall
-
Patent number: 12010242Abstract: To protect the integrity of data stored in a protected area of memory, data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs. The integrity of the first data block is contingent on the verification authentication code matching the retrieved authentication code.Type: GrantFiled: July 10, 2020Date of Patent: June 11, 2024Assignee: Arm LimitedInventors: Roberto Avanzi, Andreas Lars Sandberg, Michael Andrew Campbell, Matthias Lothar Boettcher, Prakash S. Ramrakhyani
-
Publication number: 20240086085Abstract: Apparatus, methods, and software for protecting a plurality of memory locations are disclosed. Logical addresses are translated into physical addresses in dependence on one of a first translation function and a second translation function. A transitional logical address and an associated transitional value are locally held in circuitry which applies the translation functions. A remapping of first to second translation function usage is performed by determining a new transitional physical address by applying the second translation function to the transitional logical address; determining a new transitional logical address by applying an inverse of the first translation function to the new transitional physical address; retrieving a new transitional value using the new transitional physical address; storing the old transitional value to the memory location indicated by the new transitional physical address; and locally storing the new transitional value.Type: ApplicationFiled: September 14, 2022Publication date: March 14, 2024Inventor: Roberto AVANZI
-
Publication number: 20240080193Abstract: An apparatus comprises counter integrity tree circuitry to maintain a counter integrity tree having a plurality of nodes. The counter integrity tree circuitry is configured to store, in a first node of the counter integrity tree, an encrypted representation of two or more non-repeating counters and in a second, parent, node, an indication of a function value equal to a non-repeating function of the two or more non-repeating counters of the first node. The apparatus comprises integrity checking circuitry configured to check the integrity of the first node using the function value retrieved from the second node.Type: ApplicationFiled: August 9, 2023Publication date: March 7, 2024Applicant: Arm LimitedInventors: Andreas Lars Sandberg, Roberto Avanzi, Alexander Klimov
-
Publication number: 20240078323Abstract: An apparatus comprises counter tree circuitry configured to store, in a first node of a counter tree, a representation of a parent counter value and in a second node of the counter tree, wherein the second node is a child node of the first node, an encrypted representation of two or more counter values. The encryption operation for forming the encrypted representation of the two or more counter values takes as an input the parent counter value. The apparatus also comprises integrity checking circuitry to check the integrity of an item of data retrieved from memory based on a comparison between a stored authentication code and a generated authentication code generated based on the item of data and a decrypted counter value determined from an encrypted representation of a counter value retrieved from the second node, decrypted using a parent counter value retrieved from the first node.Type: ApplicationFiled: August 9, 2023Publication date: March 7, 2024Applicant: Arm LimitedInventors: Alexander Klimov, Andreas Lars Sandberg, Roberto Avanzi
-
Publication number: 20230409492Abstract: A method, apparatus, and system for storing memory encryption realm key IDs is disclosed. A method comprises accessing a memory ownership table with a physical address to determine a realm ID associated with the physical address, accessing a key ID association structure with the realm ID to determine a realm key IS associated with the realm ID, and initiating a memory transaction based on the realm key ID. Once retrieved, the realm key ID may be stored in a translation lookaside buffer.Type: ApplicationFiled: August 28, 2023Publication date: December 21, 2023Inventors: Darren Lasko, Roberto Avanzi, Thomas Philip Speier, Harb Abdulhamid, Vikramjit Sethi
-
Patent number: 11789874Abstract: A method, apparatus, and system for storing memory encryption realm key IDs is disclosed. A method comprises accessing a memory ownership table with a physical address to determine a realm ID associated with the physical address, accessing a key ID association structure with the realm ID to determine a realm key IS associated with the realm ID, and initiating a memory transaction based on the realm key ID. Once retrieved, the realm key ID may be stored in a translation lookaside buffer.Type: GrantFiled: August 21, 2019Date of Patent: October 17, 2023Assignee: QUALCOMM IncorporatedInventors: Darren Lasko, Roberto Avanzi, Thomas Philip Speier, Harb Abdulhamid, Vikramjit Sethi
-
Patent number: 11775177Abstract: An apparatus (4) comprises memory access circuitry (12) to control access to data stored in a memory; and memory integrity checking circuitry (20) to verify integrity of data stored in the memory, using an integrity tree (26) in which the association between parent and child nodes is provided by a pointer. This helps to reduce the memory footprint of the tree.Type: GrantFiled: October 17, 2019Date of Patent: October 3, 2023Assignee: Arm LimitedInventors: Yuval Elad, Roberto Avanzi, Jason Parker
-
Publication number: 20230259660Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.Type: ApplicationFiled: June 25, 2021Publication date: August 17, 2023Inventors: Andreas Lars SANDBERG, Roberto AVANZI
-
Publication number: 20230113906Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.Type: ApplicationFiled: November 12, 2020Publication date: April 13, 2023Inventors: Hector MONTANER MAS, Andreas Lars SANDBERG, Roberto AVANZI
-
Publication number: 20220014379Abstract: Apparatuses and method are disclosed for protecting the integrity of data stored in a protected area of memory. Data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs.Type: ApplicationFiled: July 10, 2020Publication date: January 13, 2022Inventors: Roberto AVANZI, Andreas Lars SANDBERG, Michael Andrew CAMPBELL, Matthias Lothar BOETTCHER, Prakash S. RAMRAKHYANI
-
Patent number: 11216592Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.Type: GrantFiled: August 2, 2018Date of Patent: January 4, 2022Inventors: Roberto Avanzi, Darren Lasko
-
Publication number: 20210370251Abstract: A machine to automatically dispense at least one fluid product, in particular a liquid dye, comprising support members configured to support one or more dispensing units each having a tank, in which said fluid product to be dispensed is contained, a dispensing nozzle and a pumping member, configured to selectively convey a desired quantity of the fluid product from the tank to the dispensing nozzle and from the latter to an external container. Rapid attachment means, drivable by an actuation element, which can also be possibly driven manually, are present to allow the easy and simple positioning of each dispensing unit on the support means and the equally easy and simple removal of each dispensing unit from the support members.Type: ApplicationFiled: August 12, 2021Publication date: December 2, 2021Applicant: Corob S.P.A.Inventors: Andrea Alvisi, Roberto Avanzi
-
Publication number: 20210311640Abstract: An apparatus (4) comprises memory access circuitry (12) to control access to data stored in a memory; and memory integrity checking circuitry (20) to verify integrity of data stored in the memory, using an integrity tree (26) in which the association between parent and child nodes is provided by a pointer. This helps to reduce the memory footprint of the tree.Type: ApplicationFiled: October 17, 2019Publication date: October 7, 2021Inventors: Yuval ELAD, Roberto AVANZI, Jason PARKER
-
Patent number: 10767638Abstract: A piston pump is disclosed suitable to be installed on machines for dispensing fluid products, comprising a jacket, a piston device mobile with alternate motion inside said jacket and comprising a rod and a head. The pump also comprises a pipe for fluids to enter and a pipe for fluids to exit, said pipes being disposed on the same side of the jacket and on opposite sides with respect to the piston device.Type: GrantFiled: January 28, 2016Date of Patent: September 8, 2020Assignee: Corob S.p.A.Inventor: Roberto Avanzi
-
Patent number: 10733313Abstract: A counter integrity tree for memory security includes at least one split-counter node specifying at least two counters each defined as a combination of a major count value shared between the at least two counters and a respective minor count value specified separately for each of the at least two counters. This increases the number of child nodes which can be provided per parent node of the tree, and hence reduces the number of tree levels that have to be traversed in a tree covering a given size of memory region. The minor counter size can be varied dynamically by allocating nodes in a mirror counter integrity tree for accommodating larger minor counters which do not fit in the corresponding node of the main counter integrity tree.Type: GrantFiled: February 9, 2018Date of Patent: August 4, 2020Assignee: Arm LimitedInventors: Prakash S. Ramrakhyani, Roberto Avanzi, Wendy Arnott Elsasser
-
Publication number: 20200042746Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.Type: ApplicationFiled: August 2, 2018Publication date: February 6, 2020Inventors: Roberto AVANZI, Darren LASKO
-
Publication number: 20190384725Abstract: A method, apparatus, and system for storing memory encryption realm key IDs is disclosed. A method comprises accessing a memory ownership table with a physical address to determine a realm ID associated with the physical address, accessing a key ID association structure with the realm ID to determine a realm key IS associated with the realm ID, and initiating a memory transaction based on the realm key ID. Once retrieved, the realm key ID may be stored in a translation lookaside buffer.Type: ApplicationFiled: August 21, 2019Publication date: December 19, 2019Inventors: Darren LASKO, Roberto AVANZI, Thomas Philip SPEIER, Harb ABDULHAMID, Vikramjit SETHI