A method of enabling a user to access recorded data associated with an event, the method comprising determining the location of a user's device at a control unit, confirming the location is within a predetermined vicinity and that the user's device was at the location within a predetermined period and the control unit enabling access for the user to the data if the location of the user's device in the predetermined period is confirmed.
Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.
Aspects of the present disclose involve a method, a device, and a system comprising a processor and a machine-readable storage medium storing at a set of instructions for identification and authentication of user profiles associated with a digital television system and displaying information related thereto. In example embodiments, the method includes identifying a user profile registered with a content presentation device based on received identification data that includes biometric data. The method further includes receiving, from a server, identifiers of a set of recently watched channels associated with the user profile and causing presentation of a recent channels interface that includes selectable elements corresponding to the set of recently watched channels.
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/25 - Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication or learning user preferences for recommending movies
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/466 - Learning process for intelligent management, e.g. learning user preferences for recommending movies
H04N 21/4415 - Acquiring end-user identification using biometric characteristics of the user, e.g. by voice recognition or fingerprint scanning
H04N 21/658 - Transmission by the client directed to the server
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04N 21/458 - Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules
H04N 21/482 - End-user interface for program selection
In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.
A media device receives a domain key from a service provider. The media device further encrypts media with a media key and encrypts the media key with the domain key to form an encrypted media token: the protected media key is encapsulated in an encrypted media token. The service provider may then receive the encrypted media token and one or more receiving entity identifiers relating to a receiving entity and ascertain whether the receiving entity is entitled to access media from the media device. If the receiving entity is entitled to access media from the media device, the service provider decrypts the cryptographic media token using the domain key to obtain the media key and providing the media key to the receiving entity. As such, an authenticated receiving entity may obtain the media key necessary to decrypt the media. Moreover, there is no requirement for any intermediate entity to have similar access and thus the encryption provided by the media key is in place throughout the transport of the media from media device to receiving entity.
H04N 7/18 - Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
7.
TECHNIQUES FOR MANAGING GENERATION AND RENDERING OF USER INTERFACES ON CLIENT DEVICES
Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface event can be determined, and an interface model can be generated using the application associated with the user interface event. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.
The present disclosure relates to methods and devices for testing video data being rendered at or using a media device. A plurality of video frames to be rendered is received, each frame comprising one or more primary screen objects and at least one further screen object. The received frames are rendered at or using the media device wherein the at least one further screen object is superimposed on the one or more primary screen objects of a given frame during rendering. The rendered frames are provided to a data model. Extracted metadata indicating the presence or absence of further screen objects in the rendered video frames is the output of the data model. The data model is also provided with original metadata associated with the video frames prior to rendering. The rendering of each further screen object is then tested based on the original metadata and extracted metadata relating to a given video frame. The disclosure also extends to associated methods and devices for generating training data for testing rendering of video frame and training a data model using the training data.
H04N 21/43 - Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronizing decoder's clock; Client middleware
H04N 17/04 - Diagnosis, testing or measuring for television systems or their details for receivers
An integrated circuit device is disclosed, the device comprising a protective layer and a protected circuit on a substrate, the protective layer being configured to protect the protected circuit by absorbing laser radiation targeted at the protected circuit through the substrate. The device may be configured such that removal of the protective layer causes physical damage that disables the protected circuit. The device may comprise intermediate circuitry protruding into the substrate between the protective layer and the protected circuit, wherein the physical damage that disables the protected circuit is physical damage to the intermediate circuitry. The device may comprise detection circuitry configured to detect a change in an electrical property of the device indicative of removal of the protective layer, and, in response to detecting the change in the electrical property, cause the protected circuit to be disabled.
A content owner registers with an identity authority by providing information about the content owner and a public key of a public/private key pair. The content owner registers content to the identity authority and signs the multiple segments of the content with the private key of the public/private key pair. A system that receives the signed content determines an indicated content owner of the received media content and communicates with the identity authority to confirm that the media content was produced by the indicated content owner. The receiving system requests the public key of the content owner from the identity authority and uses the public key to verify the signature of each media content segment. Accordingly, the receiving system is able to determine if the media content was manipulated after being distributed by the content owner.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
11.
Method to transmit messages between a device and a remoter server
In order to allow access to the Internet, and therefore to a remote server, for a device having no connection with an Internet gateway, there is provided a method to transmit a message from a first device to a remote server, the first device having no connection with the remote server, the method including detecting a second device by the first device, establishing a communication channel between the first and the second device, transferring the message from the first to the second device, the message comprising an address of the remote server, and transferring, by the second device, the message to the remote server using the remote server address contained in the message.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04L 67/1034 - Reaction to server failures by a load balancer
H04L 51/48 - Message addressing, e.g. address format or anonymous messages, aliases
12.
SOFTWARE PROTECTION FROM ATTACKS USING SELF-DEBUGGING TECHNIQUES
In overview, methods, computer programs products and devices for securing software are provided. In accordance with the disclosure, a method may comprise attaching a debugger process to a software process. During execution of the software process, operations relevant to the functionality of the code process are carried out within the debugger process. As a result, the debugger process cannot be replaced or subverted without impinging on the functionality of the software process. The software process can therefore be protected from inspection by modified or malicious debugging techniques.
In overview, the disclosed methods, devices, and systems enable the location of the first device to be verified. In particular, second location verification data is generated using a current location of the second device is provided to a first device by a second device which can be matched with first location verification data received by the first device from a server, the first location verification data is generated using a stored location of the first device. If the first and second location verification data match, the location of the first device is considered to have been verified.
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
Example embodiments provide systems and methods for managing intelligent content queuing from a secondary device for content delivery to a primary device. A content queuing system on the secondary device generates and displays a playlist interface on the secondary device. A selection of a content item to be added to a playlist is received. The content queuing system determines that addition of the content item causes a live content item to overlap with an on-demand content item on the playlist. As a result, the content queuing system creates at least two segments for the on-demand content item. The live content item is positioned between the first and a second segment on the playlist. The first segment is scheduled to end at a start time of the live content item and the second segment is scheduled to begin at an ending time of the live content item.
G06F 3/0482 - Interaction with lists of selectable items, e.g. menus
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/436 - Interfacing a local distribution network, e.g. communicating with another STB or inside the home
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04N 21/482 - End-user interface for program selection
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/41 - Structure of client; Structure of client peripherals
G06F 3/0488 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
15.
METHOD, RECEIVER, MOBILE DISPLAY DEVICE AND SYSTEM FOR ACCESSING MEDIA CONTENT
The disclosure generally relates to a method for accessing media content, said method being used in a receiver. The method comprises a preparation phase and a use phase. The preparation phase comprises the steps of obtaining, by said receiver, a catalog of media content items, each media content item corresponding to a media content and comprising at least an item description and an item identification data and storing said catalog of media content items in a local database in a memory of the receiver. The use phase comprises the steps of accessing, by a mobile display device, said catalog of media content items through a local communication channel; displaying at least a part of the catalog of media content items on the mobile display device; selecting, by said mobile display device, at least one media content item displayed on the mobile display device; transmitting, by said mobile display device, a request to a content provider, the request comprising the item identification data corresponding to said selected media content item and additional data allowing for the receiver to be identified, said transmission using a first remote communication channel distinct from said local communication channel; and obtaining by the receiver, the media content corresponding to the media content item identified by the identification data contained in said request.
The disclosure generally relates to a method for accessing media content, said method being used in a receiver. The method comprises a preparation phase and a use phase. The preparation phase comprises the steps of obtaining, by said receiver, a catalog of media content items, each media content item corresponding to a media content and comprising at least an item description and an item identification data and storing said catalog of media content items in a local database in a memory of the receiver. The use phase comprises the steps of accessing, by a mobile display device, said catalog of media content items through a local communication channel; displaying at least a part of the catalog of media content items on the mobile display device; selecting, by said mobile display device, at least one media content item displayed on the mobile display device; transmitting, by said mobile display device, a request to a content provider, the request comprising the item identification data corresponding to said selected media content item and additional data allowing for the receiver to be identified, said transmission using a first remote communication channel distinct from said local communication channel; and obtaining by the receiver, the media content corresponding to the media content item identified by the identification data contained in said request.
The disclosure further relates to a receiver and a mobile display device for implementing the above described method and a system comprising at least said receiver and said mobile display device.
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/482 - End-user interface for program selection
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04L 65/612 - Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for unicast
H04N 21/462 - Content or additional data management e.g. creating a master electronic program guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabi
H04N 21/262 - Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission or generating play-lists
H04N 21/436 - Interfacing a local distribution network, e.g. communicating with another STB or inside the home
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04N 21/437 - Interfacing the upstream path of the transmission network, e.g. for transmitting client requests to a VOD server
16.
Techniques for incentivized intrusion detection system
The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
A method of enabling a user to access recorded data associated with an event, the method comprising determining the location of a user's device at a control unit, confirming the location is within a predetermined vicinity and that the user's device was at the location within a predetermined period and the control unit enabling access for the user to the data if the location of the user's device in the predetermined period is confirmed.
Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.
A consumable can be used to securely send data to devices. A security platform can produce a consumable, for example an ink cartridge, with data to be uploaded onto a device, such as a printer. If the consumable and device can perform a successful authentication, broadcast data can be delivered to the device via the consumable. Such techniques can help ensure that authentic consumables are being used in authentic devise. Further, such techniques can enable a licensing model where different consumables can be configured with different data to enable or disable different features of the device.
A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.
A device for securing a bottle's cap includes a first part; a second part mechanically connected to the first part through a mechanical connection; and a securing component including a radio frequency transponder, a first portion of the component being implemented in the first part of the device, a second portion of the component being implemented in the second part of the device, at least one portion of the component extending through the mechanical connection. The second part includes a device for fixing the device to a cap of a bottle. The mechanical connection is configured for breaking when a traction or a torsion is applied on the first part of the device versus the second part.
A method of registering or authenticating a user with a relying party is provided, the method including: receiving a request to generate a key pair, the request including key-generation data, the key-generation data including relying party information; deterministically generating, based on at least the key-generation data and a secret key stored in a memory of the authenticator, a key pair comprising a public key and a private key; either: transmitting the public key, or performing further processing using the private key; and deleting the key pair. An authenticator configured to perform the process is also provided.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A system (100) for actively monitoring and securing a CDI (110CDI) is proposed. Such system comprises a TEE (100TEE) implementing one or more monitoring policy rule for ruling the active monitoring of the CDI. The system further comprises an 1C (100IC) comprising one or more monitoring device for monitoring the CDI at a corresponding monitoring tapping point delivering a corresponding monitoring information element. The 1C is configured for providing to the TEE a monitoring information based on the monitoring information element. The 1C is subordinated to the TEE. The one or more monitoring device is configured by the TEE responsive to the implementation of the one or more monitoring policy rule.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Systems and techniques are described herein for processing media content. For example, a process can include obtaining a first media frame and a second media frame. The process can include generating, using a first change detector, a first tag indicating a change above a first change threshold has occurred in the second media frame relative to the first media frame. The process can further include generating, using a machine learning model, a second tag indicating that media content of the second media frame is associated with a particular type of media content. The process can further include determining, based the first tag and the second tag, that the media content of the second media frame is associated with the particular type of media content.
H04L 65/613 - Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for the control of the source by the destination
25.
Method and apparatus for peripheral context management
The present disclosure relates to a method and system for presenting a set of control functions via an interface of a peripheral control device (PCD). A control function can include a command associated with one or more media contexts of a host media device. The method decodes a payload, from the host media device, with an encoded context identifier, where the context identifier indicates a primary media context active on the host media device. The method determines one or more control functions corresponding to the context identifier, and changes the set of control functions on the interface of the PCD to include the one or more control functions that can command the primary media context.
H04N 21/482 - End-user interface for program selection
G06F 3/04886 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures by partitioning the display area of the touch-screen or the surface of the digitising tablet into independently controllable areas, e.g. virtual keyboards or menus
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/222 - Secondary servers, e.g. proxy server or cable television Head-end
H04N 21/84 - Generation or processing of descriptive data, e.g. content descriptors
26.
Media player for receiving media content from a remote server
An embodiment of the present invention may be deployed in a system comprising a media player and a remote server operably connected to communicate with one another. The invention allows for a settings file to be stored on the remote server, the settings file comprising parameters useful for adjusting different settings on the media player such that rendering of a particular content to be made possible on the media player according to a user's predetermined taste by downloading the settings from the server onto the media player.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 67/565 - Conversion or adaptation of application format or content
H04W 4/18 - Information format or content conversion, e.g. adaptation by the network of the transmitted or received information for the purpose of wireless delivery to users or terminals
A method for identifying a peripheral device from a digital content having been received by said peripheral device from a master device located at a user end is described. The master device can be connected to a server located at a back end, and the method includes receiving, by the master device from the peripheral device, at least peripheral identification data. The method also includes generating, at the master device, a first mark as a function of at least a part of the peripheral identification data, and watermarking the digital content using the first mark before transmitting the digital content to the peripheral device.
Systems and techniques are described herein for annotating media content. For example, a process can include obtaining media content and generate, use one or more machine learning models, a metadata file for at least a portion of the media content. The metadata file includes one or more metadata descriptions. The process can include generating a text description of the media content based on the one or more metadata descriptions of the metadata file. The process can include annotating the media content use the text description.
H04N 21/235 - Processing of additional data, e.g. scrambling of additional data or processing content descriptors
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
G06K 9/00 - Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.
H04W 4/40 - Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 67/12 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
30.
DEVICE FOR GENERATING AT LEAST ONE CRYPTOGRAPHIC KEY, CORRESPONDING METHODS AND COMPUTER PROGRAM PRODUCTS
A device (100) is proposed for generating at least one cryptographic key (Keu_Part1, Key_Part2, RootKey) by implementing: selecting at least three input data selected among, on one hand, a predetermined data and, on the other hand, a function of at least one piece of data having a type belonging to the group comprising: a physical unclonable type, corresponding to physical unclonable function data (ID, PUF); a hardwired type, corresponding to data hardwired within said device (GK, Soc_Key); and a software type, corresponding to software data (Seg_Partl, Seg_Part2), assembling the at least three input data to produce an assembled input data; applying the assembled input data into a cryptographic element to produce a cryptographic key.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
The present invention relates to a system for rendering a content, the rendering of which is subject to conditional access security conditions. A system is described, comprising a host device and a detachable security device, the security device configured to decrypt the encrypted content, re-encrypt it under a local key and to deliver the re-encrypted content to the host device while ensuring that the host device applies or otherwise enforces any conditions associated with the rendering of the content.
A content owner registers with an identity authority by providing information about the content owner and a public key of a public/private key pair. The content owner registers content to the identity authority and signs the multiple segments of the content with the private key of the public/private key pair. A system that receives the signed content determines an indicated content owner of the received media content and communicates with the identity authority to confirm that the media content was produced by the indicated content owner. The receiving system requests the public key of the content owner from the identity authority and uses the public key to verify the signature of each media content segment. Accordingly, the receiving system is able to determine if the media content was manipulated after being distributed by the content owner.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04N 19/61 - Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using transform coding in combination with predictive coding
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Vehicle locating, tracking, security, payment and retrieval
systems comprised of computer hardware and software,
computer application software for mobile phones, GPS units,
and radio telecommunications equipment, all for use in
connection with vehicle locating, vehicle tracking, vehicle
anti-theft, vehicle payment management, equipment locating,
namely, farming equipment, construction equipment, heavy
machinery equipment, manufacturing equipment locating,
equipment tracking, namely, farming equipment, construction
equipment, heavy machinery equipment, manufacturing
equipment tracking, equipment anti-theft, namely, farming
equipment, construction equipment, heavy machinery
equipment, manufacturing equipment anti-theft; wireless
transceivers with collection and display technology for
locating, tracking and monitoring vehicles and equipment,
namely, namely, farming equipment, construction equipment,
heavy machinery equipment, manufacturing equipment, and
instruction manuals used in connection therewith; wireless
electronic devices for tracking and condition monitoring of
mobile assets in the nature of automobiles, trucks,
trailers, cargo containers, equipment, namely, farming
equipment, construction equipment, heavy machinery
equipment, manufacturing equipment, machinery equipment and
other freight and transportation equipment, namely, portable
tracking units comprising wireless data transceivers, global
positioning satellite receivers, processors, sensors,
namely, temperature, pressure and acceleration sensors, and
computer software that combine GPS and cellular technologies
for determining mobile asset location information and
environmental information, for transmitting the mobile asset
location and environmental information, for transmitting
alert messages when a mobile asset moves beyond a preset
geographic area, and for transmitting alert messages when an
environmental condition of a mobile asset goes beyond a
preset boundary for the environmental condition. Providing business intelligence services in the fields of
mobile resource management, mobile asset tracking and
monitoring, namely, monitoring and tracking of vehicles and
equipment, namely, farming equipment, construction
equipment, heavy machinery equipment, manufacturing
equipment, for commercial purposes; providing business data
analytics related to mobile assets. Telecommunication services, namely, electronic transmission
of data in the field of sensors and sensor networks for
mobile resource management and tracking; transmission and
reception of sensor data via telecommunication networks for
tracking and monitoring mobile assets in the nature of
automobiles, trucks, trailers, cargo containers, equipment,
namely, farming equipment, construction equipment, heavy
machinery equipment, manufacturing equipment, and machinery
equipment. Tracking, locating and monitoring of mobile assets in the
nature of automobiles, trucks, trailers, cargo containers,
equipment, namely, farming equipment, construction
equipment, heavy machinery equipment, manufacturing
equipment, and other freight and transportation equipment,
namely, global positioning, tracking, and position
information transmission services for financial lending
institutions to monitor collateralized mobile assets. Software as a service (SAAS) services featuring software for
stolen vehicle recovery, vehicle tracking, vehicle status
monitoring, and generating vehicle alert messages related to
speeding or geofence boundary crossings; software as a
service (SaaS) services featuring software for mobile
resource management, mobile asset tracking and monitoring,
and business data analytics related to mobile assets;
electronic storage services for archiving electronic sensor
data; technical support and consulting services, namely,
monitoring technological functions of computer network
systems for tracking sensor network usage; computer
services, namely, acting as an application service provider
in the field of knowledge management to host computer
application software for the purpose of controlling,
viewing, storing and analyzing GPS tracking and sensor data;
application service provider, namely, hosting, managing,
developing, and maintaining applications in the field of
controlling, viewing, storing, and analyzing GPS tracking
and sensor data for wireless delivery of content to handheld
computers, laptops and mobile electronic devices.
In overview, the disclosed methods, devices, and systems enable the location of the first device to be verified. In particular, second location verification data is generated using a current location of the second device is provided to a first device by a second device which can be matched with first location verification data received by the first device from a server, the first location verification data is generated using a stored location of the first device. If the first and second location verification data match, the location of the first device is considered to have been verified.
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
A method for remotely programming a programmable device (35) designed to provide an expected sensitive result (45), the method comprising : - transmitting a first program code (41) to the programmable device (35), said first program code (41) being configured to get at least one distinctive data (35d) unique and physically inherent to the programmable device (35), - retrieving said distinctive data (35e) to generate a second program code (42) configured to provide the expected sensitive result (45) in case of the second program code (42) is executed on the programmable device (35) having produced the distinctive data (35d), and10 - transmitting said second program code (42) to the programmable device (35), so as to load the second program code (42) into the programmable device (35).
H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
36.
INTEGRATED CIRCUIT DEVICE WITH PROTECTION AGAINST MALICIOUS ATTACKS
Integrated circuit device with protection against malicious attacks The integrated circuit device (100) comprises a semiconductor substrate layer (10) and at least one active layer (20) including electronic components and supported by said semiconductor substrate layer (10). The semiconductor substrate layer (10) and the at least one active layer (20) are sandwiched between two protective layers (30A, 30B) acting as physical obstacles to prevent the passage of radiations. In addition, the two protective layers (30A, 30B) are electrically connected to a detection circuit (40) that can monitor an electrical information of the protective layers (30A, 30B) and detect a physical attack of at least one of the two protective layers (30A, 30B), based on the monitored electrical information.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/87 - Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
The disclosed method is concerned with a computer implemented method generating code for protecting sensitive data used by the program, by partitioning the program into a plurality of blocks of code, such that each code block in the program is registered using a code index in a code register created for the program. The code index for a given code block reflects current properties including the current location of the code block, at any given time. During execution of the program at runtime by the computing device, each code block of the program is moved from a first code location in a memory to a respective second code location in the memory, such that the code block is accessible from the second code location in the memory henceforth. The code index for the moved code block is updated to indicate updated current properties, such as the new location of the code block, i.e. the second code location, after moving the code block. In addition to moving the code to the second code location that is different to the first code location; one or more references stored in the memory and that are required for the execution of the code block, i.e. which are accessed by the code block and/or are required to access the code block, are also associated with the moved code block. To enable the association, the one or more references for the code block are registered in a reference register, such that a reference index reflecting current properties for each of the one or more references is adjusted based on updated current properties of the code index of the moved code block.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
38.
Techniques for managing generation and rendering of user interfaces on client devices
Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface event can be determined, and an interface model 5 can be generated using the application associated with the user interface event. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.
Aspects of the present disclose involve a method, a device, and a system comprising a processor and a machine-readable storage medium storing at a set of instructions for identification and authentication of user profiles associated with a digital television system and displaying information related thereto. In example embodiments, the method includes identifying a user profile registered with a content presentation device based on received identification data that includes biometric data. The method further includes receiving, from a server, identifiers of a set of recently watched channels associated with the user profile and causing presentation of a recent channels interface that includes selectable elements corresponding to the set of recently watched channels.
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/25 - Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication or learning user preferences for recommending movies
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/466 - Learning process for intelligent management, e.g. learning user preferences for recommending movies
H04N 21/4415 - Acquiring end-user identification using biometric characteristics of the user, e.g. by voice recognition or fingerprint scanning
H04N 21/658 - Transmission by the client directed to the server
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04N 21/458 - Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules
H04N 21/482 - End-user interface for program selection
40.
DISTRIBUTED ANONYMIZED COMPLIANT ENCRYPTION MANAGEMENT SYSTEM
A method for data security implemented as an application on a device includes generating a request for one or more secret shares needed to reconstruct a key. The device stores a first secret share in its memory. The method also includes signing the request with a certificate that identifies the request as valid without identifying the device, and sending the request, signed with the certificate, to at least one other device. The method further includes receiving, from the at least one other device, the one or more secret shares, determining whether the one or more secret shares received from the at least one other device is sufficient to reconstruct the key, and reconstructing the key using the first secret share and the one or more secret shares upon determining that the one or more secret shares are sufficient to reconstruct the key.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
41.
Method and system to share a snapshot extracted from a video transmission
The present invention refers to the field of television experience in particular the simultaneous use of the portable computing device and a television to share a user's experience. The present disclosure proposes a method to create a snapshot from a video transmission received by a receiver, said receiver being connected with a portable computing device and having a screen output, said method comprising the steps of receiving a video transmission by the receiver, converting by the receiver, the video transmission into a lower-bandwidth video transmission, sending the lower-bandwidth video transmission to the portable computing device, receiving from the portable computing device to the receiver, a command to execute a snapshot, producing by the receiver a snapshot from the video transmission, sending the snapshot to the portable computing device.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04N 21/2743 - Video hosting of uploaded data from client
H04N 21/475 - End-user interface for inputting end-user data, e.g. PIN [Personal Identification Number] or preference data
H04N 21/4788 - Supplemental services, e.g. displaying phone caller identification or shopping application communicating with other users, e.g. chatting
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04L 67/568 - Storing data temporarily at an intermediate stage, e.g. caching
H04N 21/61 - Network physical structure; Signal processing
H04N 21/8549 - Creating video summaries, e.g. movie trailer
42.
SECURE ELEMENT FOR SECURELY PROCESSING DIGITAL INFORMATION
The secure element (100) has a secure processor (110) for securely processing the digital information stored in a memory (200) external to the secure element, and a loading and pre-processing system configured to load the digital information from the external memory (200) into the secure element (100), and pre-process said digital information by executing a cryptographic algorithm before processing said digital information by the secure processor (110). The system reads a version number of the digital information that has been loaded, from an internal memory (122) of the secure element (100), and uses said version number in executing the cryptographic algorithm.
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 29/06 - Communication control; Communication processing characterised by a protocol
43.
Intelligent content queuing from a secondary device
Example embodiments provide systems and methods for managing intelligent content queuing from a secondary device for content delivery to a primary device. A content queuing system on the secondary device generates and displays a playlist interface on the secondary device. A selection of a content item to be added to a playlist is received. The content queuing system determines that addition of the content item causes a live content item to overlap with an on-demand content item on the playlist. As a result, the content queuing system creates at least two segments for the on-demand content item. The live content item is positioned between the first and a second segment on the playlist. The first segment is scheduled to end at a start time of the live content item and the second segment is scheduled to begin at an ending time of the live content item.
H04N 21/482 - End-user interface for program selection
G06F 3/0482 - Interaction with lists of selectable items, e.g. menus
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/436 - Interfacing a local distribution network, e.g. communicating with another STB or inside the home
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/41 - Structure of client; Structure of client peripherals
G06F 3/0488 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
a matching step to extract the biometric data from said marking area, to match them with the biometric data of the profiles stored in the database, and to assign the detected profile ID with the marking area.
transmitting the found profile ID to the application.
A chip includes a substrate having a first surface and a second surface opposite the first surface, and an integrated circuit mounted on a landing zone on the first surface of the substrate. The chip also includes contacts provided about the first surface in the peripheral region, and wire-bonds providing electrical connections between the integrated circuit and the contacts. The chip further includes solder ball connections provided in the peripheral region on the second surface, and connections provided in the substrate for connecting the electrical contacts on the first surface with the solder ball connections on the second surface. The substrate includes at least one conductive track routed through the landing zone region of the substrate, and the chip is configured such that an alteration in the at least one conductive track prevents operation of the integrated circuit.
H01L 23/538 - Arrangements for conducting electric current within the device in operation from one component to another the interconnection structure between a plurality of semiconductor chips being formed on, or in, insulating substrates
H01L 23/00 - SEMICONDUCTOR DEVICES NOT COVERED BY CLASS - Details of semiconductor or other solid state devices
H01L 23/552 - Protection against radiation, e.g. light
H01L 21/66 - Testing or measuring during manufacture or treatment
The digital information is stored in a plurality of segments (Si) in an external memory. The method is performed by a processing device and comprises the steps of : loading (S50) a first integrity table (MAC-Table 1) containing a plurality of first integrity elements (Ai) respectively authenticating the plurality of segments of digital information (Si), and an associated digital signature (SIG) of said plurality of first integrity elements (Ai), from the external memory; verifying (S51) the digital signature (SIG) associated with the first integrity table (MAC-Table 1), loading (S54) segments of digital information ([Si]) in a protected form from the external memory to the processing device.
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/235 - Processing of additional data, e.g. scrambling of additional data or processing content descriptors
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/462 - Content or additional data management e.g. creating a master electronic program guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabi
H04N 21/633 - Control signals issued by server directed to the network components or client
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
48.
METHOD FOR SECURELY PROCESSING DIGITAL INFORMATION IN A SECURE ELEMENT
G06F 21/79 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
G06F 21/55 - Detecting local intrusion or implementing counter-measures
The present disclosure relates to methods and devices for testing video data being rendered at or using a media device. A plurality of video frames to be rendered is received, each frame comprising one or more primary screen objects and at least one further screen object. The received frames are rendered at or using the media device wherein the at least one further screen object is superimposed on the one or more primary screen objects of a given frame during rendering. The rendered frames are provided to a data model. Extracted metadata indicating the presence or absence of further screen objects in the rendered video frames is the output of the data model. The data model is also provided with original metadata associated with the video frames prior to rendering. The rendering of each further screen object is then tested based on the original metadata and extracted metadata relating to a given video frame. The disclosure also extends to associated methods and devices for generating training data for testing rendering of video frame and training a data model using the training data.
H04N 21/43 - Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronizing decoder's clock; Client middleware
H04N 17/04 - Diagnosis, testing or measuring for television systems or their details for receivers
The present disclosure relates to the use of cryptographic techniques to facilitate local decision making at a gateway device (120) interfacing between an operator device (110) and edge devices (130), for example as can be found in Internet of Things infrastructures. Local decision making is facilitated in the context of end to end encryption of data between the edge device and operator device by enabling a function of the data to be computed at the gateway (120) without decrypting the data, for example using Functional Encryption (FE). The gateway determines an action based on the computed function, for example whether to transmit the data to the operator device (110). Examples of edge devices are video surveillance cameras or utility consumption meters but the disclosure is applicable to any edge device that produces data to be transmitted with end to end encryption. The disclosure is also not limited to IoT infrastructures.
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
H04L 29/06 - Communication control; Communication processing characterised by a protocol
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Vehicle locating, tracking, security, payment and retrieval systems comprised of computer hardware and software, computer application software for mobile phones, GPS units, and radio telecommunications equipment, all for use in connection with vehicle locating, vehicle tracking, vehicle anti-theft, vehicle payment management, equipment locating, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment locating, equipment tracking, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment tracking, equipment anti-theft, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment anti-theft; wireless transceivers with collection and display technology for locating, tracking and monitoring vehicles and equipment, namely, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and instruction manuals used in connection therewith; wireless electronic devices for tracking and condition monitoring of mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, machinery equipment and other freight and transportation equipment, namely, portable tracking units comprising wireless data transceivers, global positioning satellite receivers, processors, sensors, namely, temperature, pressure and acceleration sensors, and computer software that combine GPS and cellular technologies for determining mobile asset location information and environmental information, for transmitting the mobile asset location and environmental information, for transmitting alert messages when a mobile asset moves beyond a preset geographic area, and for transmitting alert messages when an environmental condition of a mobile asset goes beyond a preset boundary for the environmental condition. (1) Providing business intelligence services in the fields of mobile resource management, mobile asset tracking and monitoring, namely, monitoring and tracking of vehicles and equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, for commercial purposes; providing business data analytics related to mobile assets.
(2) Telecommunication services, namely, electronic transmission of data in the field of sensors and sensor networks for mobile resource management and tracking; transmission and reception of sensor data via telecommunication networks for tracking and monitoring mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and machinery equipment.
(3) Tracking, locating and monitoring of mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and other freight and transportation equipment, namely, global positioning, tracking, and position information transmission services for financial lending institutions to monitor collateralized mobile assets.
(4) Software as a service (SAAS) services featuring software for stolen vehicle recovery, vehicle tracking, vehicle status monitoring, and generating vehicle alert messages related to speeding or geofence boundary crossings; software as a service (SaaS) services featuring software for mobile resource management, mobile asset tracking and monitoring, and business data analytics related to mobile assets; electronic storage services for archiving electronic sensor data; technical support and consulting services, namely, monitoring technological functions of computer network systems for tracking sensor network usage; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for the purpose of controlling, viewing, storing and analyzing GPS tracking and sensor data; application service provider, namely, hosting, managing, developing, and maintaining applications in the field of controlling, viewing, storing, and analyzing GPS tracking and sensor data for wireless delivery of content to handheld computers, laptops and mobile electronic devices.
A system and method of transmitting respective audio streams to a plurality of end points, such as headphones, earphones, headsets, speakers, etc. is disclosed. Different audio streams are transmitted to each of the plurality of end points. The end points may be arranged to audibly output received audio streams, and so each end point may audibly output a respective different audio stream, i.e. the respective audio streams may be mutually different from each other.
H04N 21/485 - End-user interface for client configuration
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
53.
SECURED COMMUNICATION BETWEEN A DEVICE AND A REMOTE SERVER
Method for securing a communication between a remote server and a device equipped with a secure element, - device side profile data being stored in the device, - device side secure element data being stored in the secure element, - image data comprising : - server side profile data being stored in the remote server, - server side secure element data being stored in the remote server, or being retrievable from the remote server, the method comprising the steps of: a- associating the device with the secure element, b- generating, on the device side, a device key material, c- reporting the association to the remote server, d- generating, on the remote server side, a server key material e- authorizing a communication between the device and the remote server, after an authentication based at least on the basis of a comparison between the device key material and the server key material.
A method of acquiring access rights to conditional access content. The method comprises receiving an access right on a first terminal through a first communication channel; storing said access right in said first terminal; sending a request for said conditional access content to a content provider, said request containing at least an identifier of an account to which said first terminal is associated, an identifier of the requested content and a piece of information concerning said access right; verifying, by said content provider, the authenticity of said access right using said piece of information concerning the access right; and when there has been a successful verification, marking said access right as used, and sending said conditional access content to at least one terminal linked to said account. The first terminal using near field communication technology (NFC) during at least one transfer of said access rights.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
A method of providing a content stream based on capturing an initial delivery of the content stream. The method comprises obtaining manifest data related to the initial delivery of the content stream, the manifest data being obtained one or more times in a sequence during the initial delivery of the content stream to generate one or more manifest files; associating a time-stamp with each of the manifest files, the time stamp being indicative of a time of obtaining the associated manifest file; processing each of the manifest files to identify one or more addresses referenced in the manifest file of one or more segments comprising a portion of the content stream in the initial delivery; accessing one or more of the segments identified via the one or more addresses referenced in the manifest files; modifying a last one of the manifest files to include at least a portion of an earlier manifest file of the manifest files; and providing a client with access to the manifest files including the modified last manifest file and the accessed one or more segments, thereby enabling the client to receive at least a portion of the content stream.
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/222 - Secondary servers, e.g. proxy server or cable television Head-end
H04N 21/231 - Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers or prioritizing data for deletion
56.
TECHNIQUES FOR CONTROLLING ACCESS TO SEGMENTED DATA
Techniques for controlling access to segmented data of a plurality of users that is requested by at least one data consumer device. In response to conditions specified in communications between at least one data aggregator system and the at least one data consumer device, information of a number of users meeting specified search criteria are shared (e.g., for a limited time). Use of the data in violation of the specified conditions may trigger penalties under a smart contract on a distributed ledger or blockchain.
A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.
A method for detecting perturbations in a logic circuit comprising a plurality of datapaths coordinated by a clock signal and at least one test circuit (21) having a programmable length datapath (22) for varying a test propagation delay, said test circuit further comprising inputs (X, Y), an output (N) and an error generator (26) for providing an error (E) in case that the output (N) is different than an expected output (R1, R2) for said inputs, said test circuit having a calibration mode comprising: - determining a critical propagation delay by varying the programmable length datapath (22) until the error generator (26) outputs an error (E), - adjusting the programmable length datapath (22) to include therein a tolerance delay, - switching into a detection mode configured to detect a perturbation in the logic circuit along the programmable length datapath (22) in case the error generator outputs an error (E).
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
59.
METHOD FOR PROVIDING A CLIENT DEVICE WITH MANAGEMENT MESSAGES AND DEVICE FOR IMPLEMENTING THIS METHOD
Method for providing at least one client device (10), from a server (20) configured to control access to audio/video content, with management messages (40), comprising: - determining a first set (41) of management messages pertaining to said client device (10), - transmitting said first set through a first communication channel (51) in a repetitive manner, - receiving, from said client device, a notification (15) comprising at least a client device identifier (11), - determining a second set (42) of management messages, said second set comprising all or part of the first set, - determining a token (45) associated with the second set, - receiving, from the client device, a confirmation (15') comprising data pertaining to the token, - verifying the data pertaining to the token and, in case of a positive verification, removing all or part of the second set from the transmission through the first communication channel.
Methods and content consumption devices are disclosed that enable a revocation list to be securely enforced and managed, in terms of enforcing version control and providing granular control of individual capabilities, for example. Aspects also relate to enhanced enforcement control of content consumption control information more generally, for example by enforcing version control of activation messages, and/or granular management of individual capabilities.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/16 - Arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
62.
PLAYING DRM PROTECTED CONTENT FROM A PORTABLE FLASH DRIVE
A portable storage device (1) for storing protected content (111, 115, 119) is proposed. The portable storage device comprises connection means (14) for communicatively connecting the portable storage device to a play back device (2, 3, 4) for playing the protected content. The portable storage device further comprises a non-volatile memory (11) for storing the protected content. The protected content is protected by one or more digital rights management schemes (112-114, 116-118, 120-122). The portable storage device further comprises a chipset (10) comprising an embedded digital rights management server (101, 103, 104) configured to provide a digital rights management license to the play back device in response to a request from the play back device for the digital rights management license for playing the protected content.
A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.
The present disclosure relates to a method and system for presenting a set of control functions via an interface of a peripheral control device (PCD). A control function can include a command associated with one or more media contexts of a host media device. The method decodes a payload, from the host media device, with an encoded context identifier, where the context identifier indicates a primary media context active on the host media device. The method determines one or more control functions corresponding to the context identifier, and changes the set of control functions on the interface of the PCD to include the one or more control functions that can command the primary media context.
H04N 21/482 - End-user interface for program selection
G06F 3/0488 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/222 - Secondary servers, e.g. proxy server or cable television Head-end
H04N 21/84 - Generation or processing of descriptive data, e.g. content descriptors
65.
Method and device to transfer a video stream between a host device and an electronic descrambling device
A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/436 - Interfacing a local distribution network, e.g. communicating with another STB or inside the home
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/8352 - Generation of protective data, e.g. certificates involving content or source identification data, e.g. UMID [Unique Material Identifier]
H04N 21/84 - Generation or processing of descriptive data, e.g. content descriptors
A computer implemented method for sending context information between programs, the method including: displaying a graphical user interface including a plurality of selectable application icons; receiving a simultaneous selection of a first icon and a second icon from the plurality of selectable application icons; launching a first program associated with the first icon; launching a second program associated with the second icon; and sending context information between the first program and the second program.
Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.
The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
In overview, an integrated circuit in accordance with the disclosure comprises first and second network interface processors which are separate processors and which are connected by a first unidirectional interconnect. The first unidirectional interconnect allows data transfer from the first network interface processor to the second network interface processor, while preventing data transfer in the reverse direction. The first network interface processor is for communication with a first network which may be a secure network and the second network interface processor is for communication with second network which may be a public network, for example an insecure public network. In this way, the processing of data received from each of the first and second networks is performed by separate processors and data can only be sent from the first network to the second network, thereby protecting the first network from the second network.
System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
45 - Legal and security services; personal services for individuals.
Goods & Services
Vehicle locating, tracking, security, payment and retrieval systems comprised of computer hardware and downloadable software, downloadable computer application software for mobile phones, GPS units, and radio telecommunications equipment, all for use in connection with vehicle locating, vehicle tracking, vehicle anti-theft, vehicle payment management, equipment locating, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment locating, equipment tracking, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment tracking, equipment anti-theft, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment anti-theft; Wireless transceivers with collection and display technology for locating, tracking and monitoring vehicles and equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and downloadable instruction manuals used in connection therewith sold as a unit; Wireless electronic devices for tracking and condition monitoring of mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, machinery equipment and other freight and transportation equipment, namely, portable tracking units comprising wireless data transceivers, global positioning satellite receivers, processors, sensors, namely, temperature, pressure and acceleration sensors, and recorded computer software that combine GPS and cellular technologies for determining mobile asset location information and environmental information, for transmitting the mobile asset location and environmental information, for transmitting alert messages when a mobile asset moves beyond a preset geographic area, and for transmitting alert messages when an environmental condition of a mobile asset goes beyond a preset boundary for the environmental condition Providing business intelligence services in the fields of mobile resource management, mobile asset tracking and monitoring, namely, monitoring and tracking of vehicles and equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, for commercial inventory purposes; Providing business data analytics related to mobile assets; Tracking, locating and monitoring of mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and other freight and transportation equipment for commercial purposes, namely, global positioning, tracking, and position information transmission services for financial lending institutions to monitor collateralized mobile assets for business inventory purposes Telecommunication services, namely, electronic transmission of data in the field of sensors and sensor networks for mobile resource management and tracking; Transmission and reception of sensor data via telecommunication networks for tracking and monitoring mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and machinery equipment Software as a service (SAAS) services featuring software for stolen vehicle recovery, vehicle tracking, vehicle status monitoring, and generating vehicle alert messages related to speeding or geofence boundary crossings; Software as a service (SaaS) services featuring software for mobile resource management, mobile asset tracking and monitoring, and business data analytics related to mobile assets; Electronic storage services for archiving electronic sensor data; technical support and consulting services, namely, monitoring technological functions of computer network systems for tracking sensor network usage; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for the purpose of controlling, viewing, storing and analyzing GPS tracking and sensor data; Application service provider, namely, hosting, managing, developing, and maintaining applications in the field of controlling, viewing, storing, and analyzing GPS tracking and sensor data for wireless delivery of content to handheld computers, laptops and mobile electronic devices Providing business intelligence services in the fields of mobile resource management, mobile asset tracking and monitoring, namely, monitoring and tracking of vehicles and equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, for commercial stolen property recovery purposes; Tracking, locating and monitoring of mobile assets in the nature of automobiles, trucks, trailers, cargo containers, equipment, namely, farming equipment, construction equipment, heavy machinery equipment, manufacturing equipment, and other freight and transportation equipment for commercial purposes, namely, global positioning, tracking, and position information transmission services for financial lending institutions to monitor collateralized mobile assets for recovery of stolen property
72.
TECHNIQUES FOR INCENTIVIZED INTRUSION DETECTION SYSTEM
The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 21/55 - Detecting local intrusion or implementing counter-measures
75.
WATERMARKING VIDEO FRAGMENTS INTO TWO OR MORE VARIANTS
A method of processing a video fragment into two or more variants of the video fragment, each variant having a different watermark, the method comprising: fragmenting a video content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/236 - Assembling of a multiplex stream, e.g. transport stream, by combining a video stream with other content or additional data, e.g. inserting a URL [Uniform Resource Locator ] into a video stream, multiplexing software data into a video stream; Remultiplexing of multiplex streams; Insertion of stuffing bits into the multiplex stream, e.g. to obtain a constant bit-rate; Assembling of a packetised elementary stream
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
76.
Key sequence generation for cryptographic operations
Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack. At the same time, by using the main key only once (rather than using the main key each time a sub-key is generated), the vulnerability of the main key to a side-channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced. Specific embodiments use parallel or chained execution of sub-functions to generate respective sub-keys. Other specific embodiments generate all sub-keys from a single one-way function in one go.
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
77.
A HARDWARE COMPONENT AND A METHOD FOR IMPLEMENTING A CAMOUFLAGE OF CURRENT TRACES GENERATED BY A DIGITAL SYSTEM
Implementing a camouflage of current traces generated by a hardware component having one or more set of digital elements defining a plurality of operational datapaths comprises adjusting (761) one or more working condition(s) of the hardware component, measuring (762) a reaction of the hardware component to the working condition(s) by a logic test circuit through processing data operations along a reference datapath having a minimum duration corresponding to at least the longest of the operational datapaths, and in response to detecting an error (763) along the reference datapath, modifying (764) the working condition(s) so that the error generated by the logic test circuit is cancelled. Applications to countermeasures to side-channel attacks.
Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.
H04N 21/431 - Generation of visual interfaces; Content or additional data rendering
G06F 16/78 - Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
G06F 16/9535 - Search customisation based on user profiles and personalisation
G06F 3/0482 - Interaction with lists of selectable items, e.g. menus
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
An integrated circuit and a method of configuring a plurality of integrated circuits are disclosed. Each integrated circuit comprises a cryptographic key specific to it. Each integrated circuit comprises a cryptographic key specific to it. Each cryptographic key can be generated on the respective integrated circuit using a physical unclonable function and data associated with the cryptographic key, e.g. a configuration message comprising instructions for generating the cryptographic key using the physical unclonable function. The cryptographic key specific to the integrated circuit is not stored on the integrated circuit. Each of the plurality of integrated circuits are configured using a data file that is encrypted with the respective cryptographic key specific to the integrated circuit, circuit.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.
A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Example embodiments provide systems and methods for securing a deployed camera. A security apparatus is coupled to the deployed camera and accesses video content from the coupled camera. The security apparatus accesses video content from the coupled camera, splits the video content within a plurality of RTP packets, encrypts payloads of the RTP packets, embeds in a header of the encrypted RTP packets, at least two key identifications for decryption of the encrypted RTP packets, and transmits the plurality of RTP packets over a network to a video management system.
H04L 9/16 - Arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
83.
Securing digital data transmission in a communication network
A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method of transmitting data to a receiver via a network includes transmitting a sequence of first data packets to the receiver via the network, each first data packet including payload data and identification data, the identification data identifying the respective first data packet, the identification data being different for each first data packet. The method also includes transmitting a corresponding second data packet for each first data packet to the receiver via the network, each second data packet including the data enabling identification of the corresponding first data packet and additional data related to the corresponding first data packet, the data enabling identification of the corresponding first data packet enabling the receiver to associate each second data packet with the corresponding first data packet.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method for initiating a transmission of a program stream for delivery from a local access point to a client device, said program stream being structured as a plurality of regular segments relating to a single event. This method comprises the steps of: (a) processing at least one of the regular segments into a set of particular segments, where the at least one regular segment carries a payload of a first playback duration and the payload of said set represents a second playback duration that is greater than that of the first playback duration, and where the second playback duration is sufficient to comply with a client device requirement for initiating a rendering of the event, and (b) transmitting, during an initial period, from the local access point said set of particular segments.
H04N 7/173 - Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
H04N 21/2343 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/236 - Assembling of a multiplex stream, e.g. transport stream, by combining a video stream with other content or additional data, e.g. inserting a URL [Uniform Resource Locator ] into a video stream, multiplexing software data into a video stream; Remultiplexing of multiplex streams; Insertion of stuffing bits into the multiplex stream, e.g. to obtain a constant bit-rate; Assembling of a packetised elementary stream
86.
Method for detecting at least one glitch in an electrical signal and device for implementing this method
A method for detecting at least one glitch in an electrical signal. This method comprises: generating, from said electrical signal, at least one digital oscillating signal which is sensitive to glitches; and—performing the following steps as a repeatable round: (a) assigning a time window to at least one digital oscillating signal; said time window being implemented on the basis of a clock signal substantially insensitive to said at least one glitch to be detected; (b) determining from said time window a sampling value of the digital oscillating signal, said sampling value being characteristic of said digital oscillating signal throughout its time window; (c) detecting any potential glitch in said electrical signal by comparing said sampling value with an expected reference value; and (d) outputting a response typifying a result of the comparison step. Also, a device for implementing said method is described.
G06F 1/08 - Clock generators with changeable or programmable clock frequency
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
In overview, the disclosed methods, devices, and systems enable the location of the first device to be verified. In particular, second location verification data is generated using a current location of the second device is provided to a first device by a second device which can be matched with first location verification data received by the first device from a server, the first location verification data is generated using a stored location of the first device. If the first and second location verification data match, the location of the first device is considered to have been verified.
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/658 - Transmission by the client directed to the server
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
A method for anti-replay protection of a memory of a device, wherein the memory is used by and external to a secure element of the device, the method comprising the following steps, wherein the steps are performed in the device after a content of the memory is modified: generating device state data indicative of a state of the content of the memory; transmitting the device state data to a remote system for updating an authentication key of the device stored in a data storage of the remote system and for use by the remote system in an authentication procedure; and providing authentication information based on the device state data from the secure element to the remote system in the authentication procedure between the device and the remote system to verify a validity of the content of the memory.
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.
Virtual platform system for use in a cloud-based system, comprising: a virtual platform simulator configured to represent in software a physical remote client device and to have this representation interact with a virtual platform application; a process virtual machine configured to execute program instructions of the virtual platform application and comprising a code morpher component for transforming the program instructions of the virtual platform application into native program instructions for execution on a physical host machine of the cloud-based system; and interception components for capturing transactions from the virtual platform simulator and the process virtual machine. The transactions are related to the execution of the program instructions of the virtual platform application. The virtual platform system is configured to compare the captured transactions with pre-stored transactions, preferably stored in a blockchain, to obtain a comparison result, and to allow the execution of the program instructions depending on the comparison result.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
91.
METHODS AND DEVICES FOR REMOTE INTEGRITY VERIFICATION
A computer-implemented method for use by a client device is provided. The client device comprises a memory and is configured to send data according to a cryptographic protocol that uses a key. The method comprises: generating a data unit and a seed related to the data unit; generating a measurement result of the client device related to the seed; generating an attestation key based on the measurement result and a key that is agreed in accordance with the cryptographic protocol; encrypting the data unit at least in part based on the attestation key; and generating an output comprising the encrypted data unit. Related methods for use by a server device and a network component, and related client device, server device and network component are also provided.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
A method for securing a beacon signal in a network comprising a transmitter for broadcasting the beacon signal and one or more receivers for receiving the beacon signal, wherein the beacon signal comprises a data packet (103) including a payload (106) that comprises a first field containing broadcast information from the transmitter and a second field (204) for storing authentication information, the method comprising: computing, using a secret key, a message authentication code over the payload; extracting bytes from the message authentication code to obtain the authentication information; and encrypting the first field using a symmetric cipher which takes as parameter the secret key and a nonce, wherein the nonce comprises the authentication information, the encrypting resulting in an encrypted first field, the resulting secure beacon signal (200) comprising the encrypted first field (203) and the second field (204) with the authentication information.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
The disclosure enables securing a transmission of content from a surveillance device to a remote server. The surveillance device is configured to obtain the content from observing a surroundings. The surveillance device is e.g. a security camera, in which case the content can comprise video data. The remote server is e.g. a centralized monitoring system or VMS. An encryption key that is generated in the remote server is received in the surveillance device from the remote server. The content is encrypted in the surveillance device using the encryption key and transmitted from the surveillance device to the remote server. The encryption key can be a control word that is received in an entitlement control message generated in the remote server.
H04W 12/00 - Security arrangements; Authentication; Protecting privacy or anonymity
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
H04N 7/18 - Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
The present disclosure proposes method and systems for establishing secure communication session (s) between a first device and a second device, where the first device operates in a user network and implements a first key exchange protocol for secure communication. The second device is capable of communicating with the first device over a wireless communication network. The second device implements a second key exchange protocol that is different to the first key exchange protocol for secure communication. A proxy entity configured for implementing the first and the second key exchange protocols for secure communication is provided. The proxy entity is configured for generating and/or provisioning one or more session keys for the first and the second devices using the key exchange protocols specific to each device for establishing secure communication between the first and second device based on the generated session key(s).
Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface event can be determined, and an interface model 5 can be generated using the application associated with the user interface event. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.
The disclosure related to methods and associated devices and/or systems for authorising at least one operation associated with a device, the device operating in a communication network, such as a user network, that comprises a plurality of devices communicatively coupled to a server computer, such as a control server. The disclosed method comprises generating a data model based on a plurality of patterns of actions for one or more devices among the plurality of devices. The data model is configured to detect and/or store at least one regular pattern of actions for each device among the one or more devices, each action corresponding to an operating state of the device. The disclosed method comprises receiving a request for an operation associated with a first device among the plurality of devices and determining if the received request satisfies a first criterion, the first criterion being based on or associated with the data model. Then, based on a determination that the first criterion is not satisfied, the disclosed method comprises generating at least one query based on a regular pattern of actions of at least one device among the one or more devices and sending the at least one query to a user interface. The disclosed method comprises determining if a response to the at least one query received from the user interface satisfies a second criterion. The second criterion is based on a comparison of the response received with the regular pattern of actions associated with the query in the data model. Then, based on a determination that the second condition is satisfied, the disclosed method comprises authorising the received request for the operation and providing a setting for the first device and/or control server based on the authorisation.
The disclosure relates to a method for sealing into a device (1) device information, which enable the secure functions of the device (1), managed by a RoT (2) of the device (1) by the security owner, furthermore to bootstrap the device (1) to a system (10) and to finally authenticate the combination of RoT (2) and device information in the device (1). This method has the minimum impact on the device (1) production flow.
A system (1) for asymmetrical cryptography, comprising a device (10) and a network storage (30), wherein the device is communicatively connected to the network storage, wherein the network storage is configured to store a private key, wherein the device is configured to retrieve the private key from the network storage to perform a cryptographic operation using the private key in a secure execution environment (12) of the device, and wherein the secure execution environment is configured to only temporarily store the private key for the cryptographic operation.
A system for handling data content is provided. The system comprises a transmitting module, a receiving module and an examination module. The transmitting module is arranged to transmit data content in a first format to a device for rendering the data content in a second format. The receiving module is arranged to receive a signal comprising at least a part of the data content rendered by the device for rendering the data content in a second format. The examination module is coupled to the receiving module and arranged to examine the signal received by the receiving module so as to determine whether the data content transmitted in the first format has been rendered in the second format.
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
H04H 60/31 - Arrangements for monitoring the use made of the broadcast services
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
100.
METHOD OF MANAGING NETWORK ACCESS OF A DEVICE AND DEVICE
In overview, disclosed methods and devices enable managing of the network access of a device by the selection of a network access profile from a plurality of network access profiles stored on the device. In order to select a network access profile, a security state of the device is determined at the device. A local decision rule is then executed based on a security state and a network access profile is selected based on an outcome of the execution of the local decision rule.
