A system (100) for actively monitoring and securing a CDI (110CDI) is proposed. Such system comprises a TEE (100TEE) implementing one or more monitoring policy rule for ruling the active monitoring of the CDI. The system further comprises an 1C (100IC) comprising one or more monitoring device for monitoring the CDI at a corresponding monitoring tapping point delivering a corresponding monitoring information element. The 1C is configured for providing to the TEE a monitoring information based on the monitoring information element. The 1C is subordinated to the TEE. The one or more monitoring device is configured by the TEE responsive to the implementation of the one or more monitoring policy rule.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
2.
DEVICE FOR GENERATING AT LEAST ONE CRYPTOGRAPHIC KEY, CORRESPONDING METHODS AND COMPUTER PROGRAM PRODUCTS
A device (100) is proposed for generating at least one cryptographic key (Keu_Part1, Key_Part2, RootKey) by implementing: selecting at least three input data selected among, on one hand, a predetermined data and, on the other hand, a function of at least one piece of data having a type belonging to the group comprising: a physical unclonable type, corresponding to physical unclonable function data (ID, PUF); a hardwired type, corresponding to data hardwired within said device (GK, Soc_Key); and a software type, corresponding to software data (Seg_Partl, Seg_Part2), assembling the at least three input data to produce an assembled input data; applying the assembled input data into a cryptographic element to produce a cryptographic key.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
A content owner registers with an identity authority by providing information about the content owner and a public key of a public/private key pair. The content owner registers content to the identity authority and signs the multiple segments of the content with the private key of the public/private key pair. A system that receives the signed content determines an indicated content owner of the received media content and communicates with the identity authority to confirm that the media content was produced by the indicated content owner. The receiving system requests the public key of the content owner from the identity authority and uses the public key to verify the signature of each media content segment. Accordingly, the receiving system is able to determine if the media content was manipulated after being distributed by the content owner.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04N 19/61 - Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using transform coding in combination with predictive coding
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
4.
METHOD FOR REMOTELY PROGRAMMING A PROGRAMMABLE DEVICE
A method for remotely programming a programmable device (35) designed to provide an expected sensitive result (45), the method comprising : - transmitting a first program code (41) to the programmable device (35), said first program code (41) being configured to get at least one distinctive data (35d) unique and physically inherent to the programmable device (35), - retrieving said distinctive data (35e) to generate a second program code (42) configured to provide the expected sensitive result (45) in case of the second program code (42) is executed on the programmable device (35) having produced the distinctive data (35d), and10 - transmitting said second program code (42) to the programmable device (35), so as to load the second program code (42) into the programmable device (35).
H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
5.
INTEGRATED CIRCUIT DEVICE WITH PROTECTION AGAINST MALICIOUS ATTACKS
Integrated circuit device with protection against malicious attacks The integrated circuit device (100) comprises a semiconductor substrate layer (10) and at least one active layer (20) including electronic components and supported by said semiconductor substrate layer (10). The semiconductor substrate layer (10) and the at least one active layer (20) are sandwiched between two protective layers (30A, 30B) acting as physical obstacles to prevent the passage of radiations. In addition, the two protective layers (30A, 30B) are electrically connected to a detection circuit (40) that can monitor an electrical information of the protective layers (30A, 30B) and detect a physical attack of at least one of the two protective layers (30A, 30B), based on the monitored electrical information.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/87 - Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
6.
DISTRIBUTED ANONYMIZED COMPLIANT ENCRYPTION MANAGEMENT SYSTEM
A method for data security implemented as an application on a device includes generating a request for one or more secret shares needed to reconstruct a key. The device stores a first secret share in its memory. The method also includes signing the request with a certificate that identifies the request as valid without identifying the device, and sending the request, signed with the certificate, to at least one other device. The method further includes receiving, from the at least one other device, the one or more secret shares, determining whether the one or more secret shares received from the at least one other device is sufficient to reconstruct the key, and reconstructing the key using the first secret share and the one or more secret shares upon determining that the one or more secret shares are sufficient to reconstruct the key.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
7.
SECURE ELEMENT FOR SECURELY PROCESSING DIGITAL INFORMATION
The secure element (100) has a secure processor (110) for securely processing the digital information stored in a memory (200) external to the secure element, and a loading and pre-processing system configured to load the digital information from the external memory (200) into the secure element (100), and pre-process said digital information by executing a cryptographic algorithm before processing said digital information by the secure processor (110). The system reads a version number of the digital information that has been loaded, from an internal memory (122) of the secure element (100), and uses said version number in executing the cryptographic algorithm.
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 29/06 - Communication control; Communication processing characterised by a protocol
The digital information is stored in a plurality of segments (Si) in an external memory. The method is performed by a processing device and comprises the steps of : loading (S50) a first integrity table (MAC-Table 1) containing a plurality of first integrity elements (Ai) respectively authenticating the plurality of segments of digital information (Si), and an associated digital signature (SIG) of said plurality of first integrity elements (Ai), from the external memory; verifying (S51) the digital signature (SIG) associated with the first integrity table (MAC-Table 1), loading (S54) segments of digital information ([Si]) in a protected form from the external memory to the processing device.
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/79 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
G06F 21/55 - Detecting local intrusion or implementing counter-measures
10.
SECURED COMMUNICATION BETWEEN A DEVICE AND A REMOTE SERVER
Method for securing a communication between a remote server and a device equipped with a secure element, - device side profile data being stored in the device, - device side secure element data being stored in the secure element, - image data comprising : - server side profile data being stored in the remote server, - server side secure element data being stored in the remote server, or being retrievable from the remote server, the method comprising the steps of: a- associating the device with the secure element, b- generating, on the device side, a device key material, c- reporting the association to the remote server, d- generating, on the remote server side, a server key material e- authorizing a communication between the device and the remote server, after an authentication based at least on the basis of a comparison between the device key material and the server key material.
Techniques for controlling access to segmented data of a plurality of users that is requested by at least one data consumer device. In response to conditions specified in communications between at least one data aggregator system and the at least one data consumer device, information of a number of users meeting specified search criteria are shared (e.g., for a limited time). Use of the data in violation of the specified conditions may trigger penalties under a smart contract on a distributed ledger or blockchain.
A method of providing a content stream based on capturing an initial delivery of the content stream. The method comprises obtaining manifest data related to the initial delivery of the content stream, the manifest data being obtained one or more times in a sequence during the initial delivery of the content stream to generate one or more manifest files; associating a time-stamp with each of the manifest files, the time stamp being indicative of a time of obtaining the associated manifest file; processing each of the manifest files to identify one or more addresses referenced in the manifest file of one or more segments comprising a portion of the content stream in the initial delivery; accessing one or more of the segments identified via the one or more addresses referenced in the manifest files; modifying a last one of the manifest files to include at least a portion of an earlier manifest file of the manifest files; and providing a client with access to the manifest files including the modified last manifest file and the accessed one or more segments, thereby enabling the client to receive at least a portion of the content stream.
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/222 - Secondary servers, e.g. proxy server or cable television Head-end
H04N 21/231 - Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers or prioritizing data for deletion
13.
METHOD FOR DETECTING PERTURBATIONS IN A LOGIC CIRCUIT AND LOGIC CIRCUIT FOR IMPLEMENTING THIS METHOD
A method for detecting perturbations in a logic circuit comprising a plurality of datapaths coordinated by a clock signal and at least one test circuit (21) having a programmable length datapath (22) for varying a test propagation delay, said test circuit further comprising inputs (X, Y), an output (N) and an error generator (26) for providing an error (E) in case that the output (N) is different than an expected output (R1, R2) for said inputs, said test circuit having a calibration mode comprising: - determining a critical propagation delay by varying the programmable length datapath (22) until the error generator (26) outputs an error (E), - adjusting the programmable length datapath (22) to include therein a tolerance delay, - switching into a detection mode configured to detect a perturbation in the logic circuit along the programmable length datapath (22) in case the error generator outputs an error (E).
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
14.
METHOD FOR PROVIDING A CLIENT DEVICE WITH MANAGEMENT MESSAGES AND DEVICE FOR IMPLEMENTING THIS METHOD
Method for providing at least one client device (10), from a server (20) configured to control access to audio/video content, with management messages (40), comprising: - determining a first set (41) of management messages pertaining to said client device (10), - transmitting said first set through a first communication channel (51) in a repetitive manner, - receiving, from said client device, a notification (15) comprising at least a client device identifier (11), - determining a second set (42) of management messages, said second set comprising all or part of the first set, - determining a token (45) associated with the second set, - receiving, from the client device, a confirmation (15') comprising data pertaining to the token, - verifying the data pertaining to the token and, in case of a positive verification, removing all or part of the second set from the transmission through the first communication channel.
A portable storage device (1) for storing protected content (111, 115, 119) is proposed. The portable storage device comprises connection means (14) for communicatively connecting the portable storage device to a play back device (2, 3, 4) for playing the protected content. The portable storage device further comprises a non-volatile memory (11) for storing the protected content. The protected content is protected by one or more digital rights management schemes (112-114, 116-118, 120-122). The portable storage device further comprises a chipset (10) comprising an embedded digital rights management server (101, 103, 104) configured to provide a digital rights management license to the play back device in response to a request from the play back device for the digital rights management license for playing the protected content.
The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 21/55 - Detecting local intrusion or implementing counter-measures
17.
WATERMARKING VIDEO FRAGMENTS INTO TWO OR MORE VARIANTS
A method of processing a video fragment into two or more variants of the video fragment, each variant having a different watermark, the method comprising: fragmenting a video content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/236 - Assembling of a multiplex stream, e.g. transport stream, by combining a video stream with other content or additional data, e.g. inserting a URL [Uniform Resource Locator ] into a video stream, multiplexing software data into a video stream; Remultiplexing of multiplex streams; Insertion of stuffing bits into the multiplex stream, e.g. to obtain a constant bit-rate; Assembling of a packetised elementary stream
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
18.
A HARDWARE COMPONENT AND A METHOD FOR IMPLEMENTING A CAMOUFLAGE OF CURRENT TRACES GENERATED BY A DIGITAL SYSTEM
Implementing a camouflage of current traces generated by a hardware component having one or more set of digital elements defining a plurality of operational datapaths comprises adjusting (761) one or more working condition(s) of the hardware component, measuring (762) a reaction of the hardware component to the working condition(s) by a logic test circuit through processing data operations along a reference datapath having a minimum duration corresponding to at least the longest of the operational datapaths, and in response to detecting an error (763) along the reference datapath, modifying (764) the working condition(s) so that the error generated by the logic test circuit is cancelled. Applications to countermeasures to side-channel attacks.
In overview, the disclosed methods, devices, and systems enable the location of the first device to be verified. In particular, second location verification data is generated using a current location of the second device is provided to a first device by a second device which can be matched with first location verification data received by the first device from a server, the first location verification data is generated using a stored location of the first device. If the first and second location verification data match, the location of the first device is considered to have been verified.
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/658 - Transmission by the client directed to the server
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
A method for anti-replay protection of a memory of a device, wherein the memory is used by and external to a secure element of the device, the method comprising the following steps, wherein the steps are performed in the device after a content of the memory is modified: generating device state data indicative of a state of the content of the memory; transmitting the device state data to a remote system for updating an authentication key of the device stored in a data storage of the remote system and for use by the remote system in an authentication procedure; and providing authentication information based on the device state data from the secure element to the remote system in the authentication procedure between the device and the remote system to verify a validity of the content of the memory.
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.
Virtual platform system for use in a cloud-based system, comprising: a virtual platform simulator configured to represent in software a physical remote client device and to have this representation interact with a virtual platform application; a process virtual machine configured to execute program instructions of the virtual platform application and comprising a code morpher component for transforming the program instructions of the virtual platform application into native program instructions for execution on a physical host machine of the cloud-based system; and interception components for capturing transactions from the virtual platform simulator and the process virtual machine. The transactions are related to the execution of the program instructions of the virtual platform application. The virtual platform system is configured to compare the captured transactions with pre-stored transactions, preferably stored in a blockchain, to obtain a comparison result, and to allow the execution of the program instructions depending on the comparison result.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
23.
METHODS AND DEVICES FOR REMOTE INTEGRITY VERIFICATION
A computer-implemented method for use by a client device is provided. The client device comprises a memory and is configured to send data according to a cryptographic protocol that uses a key. The method comprises: generating a data unit and a seed related to the data unit; generating a measurement result of the client device related to the seed; generating an attestation key based on the measurement result and a key that is agreed in accordance with the cryptographic protocol; encrypting the data unit at least in part based on the attestation key; and generating an output comprising the encrypted data unit. Related methods for use by a server device and a network component, and related client device, server device and network component are also provided.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
A method for securing a beacon signal in a network comprising a transmitter for broadcasting the beacon signal and one or more receivers for receiving the beacon signal, wherein the beacon signal comprises a data packet (103) including a payload (106) that comprises a first field containing broadcast information from the transmitter and a second field (204) for storing authentication information, the method comprising: computing, using a secret key, a message authentication code over the payload; extracting bytes from the message authentication code to obtain the authentication information; and encrypting the first field using a symmetric cipher which takes as parameter the secret key and a nonce, wherein the nonce comprises the authentication information, the encrypting resulting in an encrypted first field, the resulting secure beacon signal (200) comprising the encrypted first field (203) and the second field (204) with the authentication information.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
The disclosure enables securing a transmission of content from a surveillance device to a remote server. The surveillance device is configured to obtain the content from observing a surroundings. The surveillance device is e.g. a security camera, in which case the content can comprise video data. The remote server is e.g. a centralized monitoring system or VMS. An encryption key that is generated in the remote server is received in the surveillance device from the remote server. The content is encrypted in the surveillance device using the encryption key and transmitted from the surveillance device to the remote server. The encryption key can be a control word that is received in an entitlement control message generated in the remote server.
H04W 12/00 - Security arrangements; Authentication; Protecting privacy or anonymity
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
H04N 7/18 - Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
The present disclosure proposes method and systems for establishing secure communication session (s) between a first device and a second device, where the first device operates in a user network and implements a first key exchange protocol for secure communication. The second device is capable of communicating with the first device over a wireless communication network. The second device implements a second key exchange protocol that is different to the first key exchange protocol for secure communication. A proxy entity configured for implementing the first and the second key exchange protocols for secure communication is provided. The proxy entity is configured for generating and/or provisioning one or more session keys for the first and the second devices using the key exchange protocols specific to each device for establishing secure communication between the first and second device based on the generated session key(s).
The disclosure relates to a method for sealing into a device (1) device information, which enable the secure functions of the device (1), managed by a RoT (2) of the device (1) by the security owner, furthermore to bootstrap the device (1) to a system (10) and to finally authenticate the combination of RoT (2) and device information in the device (1). This method has the minimum impact on the device (1) production flow.
A system (1) for asymmetrical cryptography, comprising a device (10) and a network storage (30), wherein the device is communicatively connected to the network storage, wherein the network storage is configured to store a private key, wherein the device is configured to retrieve the private key from the network storage to perform a cryptographic operation using the private key in a secure execution environment (12) of the device, and wherein the secure execution environment is configured to only temporarily store the private key for the cryptographic operation.
The disclosure related to methods and associated devices and/or systems for authorising at least one operation associated with a device, the device operating in a communication network, such as a user network, that comprises a plurality of devices communicatively coupled to a server computer, such as a control server. The disclosed method comprises generating a data model based on a plurality of patterns of actions for one or more devices among the plurality of devices. The data model is configured to detect and/or store at least one regular pattern of actions for each device among the one or more devices, each action corresponding to an operating state of the device. The disclosed method comprises receiving a request for an operation associated with a first device among the plurality of devices and determining if the received request satisfies a first criterion, the first criterion being based on or associated with the data model. Then, based on a determination that the first criterion is not satisfied, the disclosed method comprises generating at least one query based on a regular pattern of actions of at least one device among the one or more devices and sending the at least one query to a user interface. The disclosed method comprises determining if a response to the at least one query received from the user interface satisfies a second criterion. The second criterion is based on a comparison of the response received with the regular pattern of actions associated with the query in the data model. Then, based on a determination that the second condition is satisfied, the disclosed method comprises authorising the received request for the operation and providing a setting for the first device and/or control server based on the authorisation.
A system for handling data content is provided. The system comprises a transmitting module, a receiving module and an examination module. The transmitting module is arranged to transmit data content in a first format to a device for rendering the data content in a second format. The receiving module is arranged to receive a signal comprising at least a part of the data content rendered by the device for rendering the data content in a second format. The examination module is coupled to the receiving module and arranged to examine the signal received by the receiving module so as to determine whether the data content transmitted in the first format has been rendered in the second format.
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
H04H 60/31 - Arrangements for monitoring the use made of the broadcast services
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
31.
METHOD OF MANAGING NETWORK ACCESS OF A DEVICE AND DEVICE
In overview, disclosed methods and devices enable managing of the network access of a device by the selection of a network access profile from a plurality of network access profiles stored on the device. In order to select a network access profile, a security state of the device is determined at the device. A local decision rule is then executed based on a security state and a network access profile is selected based on an outcome of the execution of the local decision rule.
Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface event can be determined, and an interface model 5 can be generated using the application associated with the user interface event. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.
The present application is directed at protecting integrated circuits which are packaged in a wire-bond ball grid array form of package and in particular is directed at preventing an attack through the substrate of the package directly underneath the integrated circuit.
H01L 23/00 - SEMICONDUCTOR DEVICES NOT COVERED BY CLASS - Details of semiconductor or other solid state devices
H01L 23/58 - Structural electrical arrangements for semiconductor devices not otherwise provided for
H01L 23/488 - Arrangements for conducting electric current to or from the solid state body in operation, e.g. leads or terminal arrangements consisting of soldered or bonded constructions
H01L 21/02 - Manufacture or treatment of semiconductor devices or of parts thereof
The present disclosure relates to software tampering resistance. In one aspect, a method for generating protected code is provided, comprising identifying a primary function in code to be obscured, the primary function being a function used to verify the integrity of the code run-time. The method then comprises generating a finite state machine from the primary function, wherein a state of the finite state machine at a given instance defines an element of the primary function to be executed. The method then comprises distributing the finite state machine throughout the code to obscure one or more areas of the code.
The present disclosure relates to the use of cryptographic techniques to facilitate local decision making at a gateway device (120) interfacing between an operator device (110) and edge devices (130), for example as can be found in Internet of Things infrastructures. Local decision making is facilitated in the context of end to end encryption of data between the edge device and operator device by enabling a function of the data to be computed at the gateway (120) without decrypting the data, for example using Functional Encryption (FE). The gateway determines an action based on the computed function, for example whether to transmit the data to the operator device (110). Examples of edge devices are video surveillance cameras or utility consumption meters but the disclosure is applicable to any edge device that produces data to be transmitted with end to end encryption. The disclosure is also not limited to loT infrastructures.
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
36.
SECURING DATA STORED IN A MEMORY OF AN IOT DEVICE DURING A LOW POWER MODE
The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/81 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations
The present disclosure relates to the exchange of information between a message sending device and a message receiving device with message authentication and proposes to reduce the time required for message authentication by pre-computing a message tag, such as a MAC, and subsequently replacing the computation of the MAC when the tag is to be validated (or indeed also on sending) by a table look-up. The approach requires a set of messages and works particularly well for small sets of messages, for example as small as two or three messages, or less than five or ten messages. The approach finds particular application in control networks where control decisions have to be taken quickly and securely, for example in the control of a vehicle, for example an autonomous vehicle, or the control of a smart electricity grid.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
The present disclosure relates to methods and devices for testing video data being rendered at or using a media device. A plurality of video frames to be rendered is received, each frame comprising one or more primary screen objects and at least one further screen object. The received frames are rendered at or using the media device wherein the at least one further screen object is superimposed on the one or more primary screen objects of a given frame during rendering. The rendered frames are provided to a data model. Extracted metadata indicating the presence or absence of further screen objects in the rendered video frames is the output of the data model. The data model is also provided with original metadata associated with the video frames prior to rendering. The rendering of each further screen object is then tested based on the original metadata and extracted metadata relating to a given video frame. The disclosure also extends to associated methods and devices for generating training data for testing rendering of video frame and training a data model using the training data.
H04N 21/43 - Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronizing decoder's clock; Client middleware
H04N 21/84 - Generation or processing of descriptive data, e.g. content descriptors
H04N 21/434 - Disassembling of a multiplex stream, e.g. demultiplexing audio and video streams or extraction of additional data from a video stream; Remultiplexing of multiplex streams; Extraction or processing of SI; Disassembling of packetised elementary stream
H04N 21/4425 - Monitoring of client processing errors or hardware failure
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
The disclosure is related to a computer implemented method for assessing a dataset of integers, where the dataset previously is split into a plurality of subsets of the integers. In some embodiments, the integers are integer public keys for encryption or decryption. According to a first aspect, each subset in the dataset has a product data structure that is generated for the product of the integers in the subset. Each ordered pair of subsets has a remainder data structure for computing the factors of the integers in the subsets of the ordered pair. When one or more integers are to be added to the dataset, the disclosed method proposes that a subset is created to include the one or more integers be added. A product data structure is then generated for the created subset to obtain the product of the integer(s) in the created subset. Distinct ordered pairs of subsets comprising a subset from the dataset and the created subset are then identified. For each distinct ordered pair identified, using the product data structure of the subsets, a remainder data structure is computed for obtaining common factors of the integers in the subsets of the distinct ordered pair. It is then determined if the common factors obtained for the integers in the subsets of each distinct ordered pair satisfies a given threshold. If so, it is validated that at least the one or more integers in the created subset do not have a common factor with any other integer in the dataset and an output is generated accordingly. If not, it is inferred that at least one of the one or more integers in the created subset share a common factor with at least one other integer in the dataset and an output is generated accordingly.
The disclosure relates to a method of obtaining a cryptographic key in a chipset (1). An initial configuration message may be generated using a physical unclonable function (hereinafter: PUF) (22) of the chipset (1). Said PUF (22) may generate a predetermined value when using the initial configuration message as input to the PUF (22). The initial configuration message may be transmitted to a client access server (31). An altered configuration message may be received from the client access server (31), wherein the altered configuration message is generated by the client access server (31) based on the initial configuration message. The cryptographic key may be obtained from the PUF (22) using the altered configuration message as input to the PUF (22).
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include: authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network; responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and provide the configuration information from the token to the given device using the temporary secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.
An internet of things is disclosed, comprising plural SDR receivers and possibly a centralised system, where one or more of the receivers may be mobile. The internet of things thus allows for a very large proportion of RF signals present within a city, for example, to be monitored and analysed for the purpose of identifying, tracking and/or preventing criminal behaviour. The receivers may be equipped with secure SDRs for increased security and privacy and the system preferably includes artificial intelligence using machine learning technology, for increased adaptability among others. The system is flexible due to the programmability of the SDRs.
Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04W 4/40 - Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Methods and devices in accordance with the disclosure relate to the secure provision of one or more keys or key pairs to protect secret data for, or associated, with a computing device. The device is typically a computing device with at least one processor or processing module configured for executing one or more applications using the secret data. The present disclosure ensures secure key provisioning by ensuring that each key in a key pair, or at least one key among a plurality of keys is associated with a device or hardware module that is distinct to the device(s) or hardware module associated with the other or remaining keys. For asymmetric key provisioning, this relates to utilizing digital signatures verified by separate devices. For symmetric key provisioning, this relates to utilizing a secret key derivation function that will operates with secret seeds that are input from two separate sources.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
In overview, an integrated circuit in accordance with the disclosure comprises first and second network interface processors which are separate processors and which are connected by a first unidirectional interconnect. The first unidirectional interconnect allows data transfer from the first network interface processor to the second network interface processor, while preventing data transfer in the reverse direction. The first network interface processor is for communication with a first network which may be a secure network and the second network interface processor is for communication with second network which may be a public network, for example an insecure public network. In this way, the processing of data received from each of the first and second networks is performed by separate processors and data can only be sent from the first network to the second network, thereby protecting the first network from the second network.
Disclosed methods, transmitters and receivers enable authentication data, or other additional data, related to a payload of a network packet to be added in a network operating with a protocol having a limited packet size. The protocols of some networks, in particular legacy sensor networks, define a limited data packet size which can be transmitted across the networks. In such networks, there is a limit to how much data can be included in any single packet. Often it is not possible to add any additional data, such as authentication data, to each data packet sent across the network as measurement data can take up the available space in each data packet. Changing the protocol of existing networks in the field can be problematic or even impossible. Accordingly, it can be difficult to introduce further functionality, in particular authentication, into networks where no additional data can be added to data packets.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks
47.
NETWORK SECURITY INTERFACE COMPONENT AND DATA TRANSMISSION METHOD
In overview, disclosed components and methods relate to a network security interface component with a first network interface and a second network interface, separate from the first network interface, connected by a unidirectional connection. The unidirectional connection allows data transfer from the first network interface to the second network interface and prevents data transfer from the second network interface to the first network interface via the unidirectional connection. The network security interface component also includes an authentication module. The authentication module adds authentication data to data received at the first network interface. In this way, a network component is provided in which the first network interface is shielded from the second network interface and in which authentication data can be provided for data received at the first interface, by which the data can subsequently be authenticated as having passed through the network security interface component.
The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly low bandwidth for transfer of keys for execution of the respective application on the device.
The present invention relates to a software-defined radio chip or module suitable for integration on a host device. The software-defined radio chip comprises digital signal processing capability which includes standard digital signal processing hardware and reconfigurable programmable logic, the reconfigurable programmable logic is configured in such a way as to provide secure digital signal processing capability to the software-defined radio, thereby providing a secure software-defined radio.
H04B 1/00 - TRANSMISSION - Details of transmission systems not characterised by the medium used for transmission
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Example embodiments provide systems and methods for securing a deployed camera. A security apparatus is coupled to the deployed camera and accesses video content from the coupled camera. The security apparatus accesses video content from the coupled camera, splits the video content within a plurality of RTP packets, encrypts payloads of the RTP packets, embeds in a header of the encrypted RTP packets, at least two key identifications for decryption of the encrypted RTP packets, and transmits the plurality of RTP packets over a network to a video management system.
A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.
Methods and content consumption devices are disclosed that enable a revocation list to be securely enforced and managed, in terms of enforcing version control and providing granular control of individual capabilities, for example. Aspects also relate to enhanced enforcement control of content consumption control information more generally, for example by enforcing version control of activation messages, and/or granular management of individual capabilities.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
In overview, methods, computer programs products and devices for securing software are provided. In accordance with the disclosure, a method may comprise attaching a debugger process to a software process. During execution of the software process, operations relevant to the functionality of the code process are carried out within the debugger process. As a result, the debugger process cannot be replaced or subverted without impinging on the functionality of the software process. The software process can therefore be protected from inspection by modified or malicious debugging techniques.
A method of displaying content items, for example message items in a messaging application or service, is disclosed. The method comprises receiving encrypted content items in a chronological sequence; decrypting the content items; causing display of a display sequence, in order of the chronological sequence, of a respective place holder in place of each of the decrypted content items, and, in response to a user input, causing display of the respective content item in place of one or more of the place holders. Each place holder has an appearance of a scrambled version of the respective content item. The display sequence may be contiguous in received items or sent content items may be interleaved with received content items in the display sequence, in which case sent content items may be displayed with place holders in the same way as received items. A corresponding system and corresponding computer readable medium or media are also disclosed.
H04N 21/454 - Content filtering, e.g. blocking advertisements
G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors
G09C 5/00 - Ciphering or deciphering apparatus or methods not provided for in other groups of this subclass, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
An integrated circuit and a method of configuring a plurality of integrated circuits are disclosed. Each integrated circuit comprises a cryptographic key specific to it. Each integrated circuit comprises a cryptographic key specific to it. Each cryptographic key can be generated on the respective integrated circuit using a physical unclonable function and data associated with the cryptographic key, e.g. a configuration message comprising instructions for generating the cryptographic key using the physical unclonable function. The cryptographic key specific to the integrated circuit is not stored on the integrated circuit. Each of the plurality of integrated circuits are configured using a data file that is encrypted with the respective cryptographic key specific to the integrated circuit, circuit.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 21/79 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
56.
A METHOD FOR DELIVERING DIGITAL CONTENT TO AT LEAST ONE CLIENT DEVICE
The present disclosure provides a watermarking scheme for providing traceability of leaked or otherwise illegally re-distributed over-the-top streaming content. The watermarking scheme is a two-step scheme wherein the content is pre-marked server side by providing part of the content, encrypted under a global key, and a first set of complementary parts of the content comprising a first mark and encrypted under a set of first keys, and a second set of complementary parts of the content comprising a second mark and encrypted under a set of second keys. A marked encrypted content is then made available to a client device by providing a particular combination of the parts of the content encrypted under the global key, parts of the content having a first mark, encrypted under the set of first keys, and parts of the content having a second mark, encrypted under the second set of keys, the particular combination being based on an identifier associated with a client device.
H04N 1/32 - Circuits or arrangements for control or supervision between transmitter and receiver
H04N 21/2343 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
G06F 21/16 - Program or content traceability, e.g. by watermarking
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
H04N 21/2389 - Multiplex stream processing, e.g. multiplex stream encrypting
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/4408 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
There is provided a system and method for decoding an encoded video. The method comprises receiving an encoded video comprising a plurality of access units (AUs), performing a masking function to form a masked encoded video, transmitting the encoded masked video to a decoder arranged to decode the encoded masked video, receiving the decoded masked video from the decoder, and performing an unmasking function to form an unmasked decoded video. The masking function can comprise inserting at least one dummy access unit (AU) into the encoded video to form a masked encoded video and the unmasking function can comprise removing a frame corresponding to each of the at least one inserted dummy AUs to form an unmasked decoded video. The masking function can comprise selecting an access unit (AU) of the plurality of AUs of the encoded video and splitting the selected AU into at least one set of sub dummy AUs to form a masked encoded video, and the unmasking function can comprise combining frames corresponding to each of the sub dummy AUs of the at least one set of sub dummy AUs into a frame representative of the selected AU to form an unmasked decoded video.
H04N 19/70 - Methods or arrangements for coding, decoding, compressing or decompressing digital video signals characterised by syntax aspects related to video coding, e.g. related to compression standards
H04N 19/573 - Motion compensation with multiple frame prediction using two or more reference frames in a given prediction direction
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/4408 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
In overview, disclosed methods of operating a content management comprise collecting or receiving data which relates to a user's behaviour when using a digital content catalogue, and prior to the consumption of a content item. This collected or received data is processed and analysed to create a data table which may be used to demonstrate to a content manager which items in the digital content catalogue are most difficult to discover in order that the catalogue be re-ordered appropriately. In this way, user behaviour may be used to optimise digital content management systems. Once it is known, for a given digital content item, how discoverable, or indeed undiscoverable it is based on a user's behaviour prior to consuming the content item, that item may be promoted to a more prominent location in the catalogue, or relocated to a different location so as to allow a user to more easily locate it.
A method of digitally signing a message is disclosed, using a family of algorithms based on operations in a abelian group and the difficulty of computing the operation corresponding to the discrete logarithm in the group, with ECDSA and DSA being example of such algorithms. The method comprises computing a signature (r,s), wherein s is calculated using three intermediary random variables. The method may also comprise calculating an ephemeral key used in the computation as a product of two random numbers.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
60.
METHOD FOR DETECTING AT LEAST ONE GLITCH IN AN ELECTRICAL SIGNAL AND DEVICE FOR IMPLEMENTING THIS METHOD
The present invention relates to a method for detecting at least one glitch (1) in an electrical signal (2). This method comprises: - generating, from said electrical signal (2), at least one digital oscillating signal (3) which is sensitive to glitches (1); and - performing the following steps as a repeatable round: - assigning a time window (5) to at least one digital oscillating signal (3), said time window (5) being implemented on the basis of a clock signal (4) substantially insensitive to said at least one glitch (1) to be detected; - determining from said time window (5) a sampling value (13) of the digital oscillating signal (3), said sampling value (13) being characteristic of said digital oscillating signal (3) throughout its time window (5); - detecting any potential glitch (1) in said electrical signal (2) by comparing said sampling value (13) with an expected reference value (23); and - outputting a response typifying a result of the comparison step. The invention also relates to a device for implementing said method.
G06K 19/073 - Special arrangements for circuits, e.g. for protecting identification code in memory
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
A media device receives a domain key from a service provider. The media device further encrypts media with a media key and encrypts the media key with the domain key to form an encrypted media token: the protected media key is encapsulated in an encrypted media token. The service provider may then receive the encrypted media token and one or more receiving entity identifiers relating to a receiving entity and ascertain whether the receiving entity is entitled to access media from the media device. If the receiving entity is entitled to access media from the media device, the service provider decrypts the cryptographic media token using the domain key to obtain the media key and providing the media key to the receiving entity. As such, an authenticated receiving entity may obtain the media key necessary to decrypt the media. Moreover, there is no requirement for any intermediate entity to have similar access and thus the encryption provided by the media key is in place throughout the transport of the media from media device to receiving entity.
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
There is provided a system and method for assessing activity within a network. The method comprises requesting a first set of data logs from a plurality servers in the network, the data logs comprising entries indicating details of network entities that have received one or more communications from the servers. The method further comprises requesting a second set of data logs from the plurality of servers in the network and comparing the first and second set of data logs to calculate a volume of data communication to one or more network entities from the servers. Also provided are computer executable instructions for carrying out this method for assessing activity within a network.
The generation of hash values become popular with the storage of pin code by an authentication server, since the authentication server knows only the result of the hash function and not the pin code itself. Each time an authentication is requested, a hash function is executed on the received pin code and then compared with the stored reference hash value of the initial pin code. In order to improve the security of the hash value, it is proposed a method to produce a secure hash value (R) from a plaintext (P), said method comprising : - producing a first result (H) using an hash function of the plaintext (P), - obtaining an initial floating value (U0) by converting the first result (H) into a floating number representation of the first value (H), - updating a floating value (Un) by executing at least once a Transcendental function (TF) on the initial floating value (Un-1), - obtaining the secure hash value (R) by mixing the first result (H) with the updated floating value (Un).
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
G06F 9/30 - Arrangements for executing machine instructions, e.g. instruction decode
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
The present disclosure provides content source and sink devices and methods that help to guard against compromising the security of content transferred from a source device to a sink device, for example where a primary encryption mechanism protecting the content has been compromised. A content source device is disclosed. The content source device is configured to connect to a content sink device to transmit digital media content to the content sink device. The content source device comprises a connection module configured to establish a connection to the sink device, encrypt digital media content for transmission across the connection with a first cipher using a connection key and transmit the encrypted digital media content to the sink device over the connection. The content source also comprises a protection module configured to prevent the sink device from using the digital media content without authorisation. The protection module receives a digital certificate identifying the sink device, verifies the digital certificate and determines if the digital certificate identifies a sink device authorised to receive digital media content over the connection. If the determination is positive, the protection module enables the sink device to use the digital media content.
H04N 21/43 - Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronizing decoder's clock; Client middleware
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
A system and method for outputting an interactive media content item are disclosed. The interactive media content item comprises a video stream and a plurality of audio streams. The video stream is captured by a camera having a field of view, and each audio stream is associated with a respective portion of the field of view of the camera.
H04N 21/4728 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content for selecting a ROI [Region Of Interest], e.g. for requesting a higher resolution version of a selected region
H04N 21/439 - Processing of audio elementary streams
H04N 21/218 - Source of audio or video content, e.g. local disk arrays
H04N 21/2368 - Multiplexing of audio and video streams
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
In overview, methods, computer programs products and devices for securing software are provided. In accordance with the disclosure, a method may comprise attaching a debugger process to a software process. During execution of the software process, operations relevant to the functionality of the code process are carried out within the debugger process. As a result, the debugger process cannot be replaced or subverted without impinging on the functionality of the software process. The software process can therefore be protected from inspection by modified or malicious debugging techniques.
A method of scanning a plurality of ports at one or more target IP addresses is disclosed. Each of the plurality of ports corresponds to a port number at one of the one or more target IP addresses, for example an IPv4 or IPv6 address. The method comprises assigning each port to one of a plurality of sets of ports and executing a plurality of port scanning processes at the same time on a common source machine (virtual or physical). Each port scanning process sends port probe requests to the ports of a respective set of the plurality of sets from a different respective source IP addresses. Thus, a different respective source IP address is associated with each set of the plurality of sets of ports, different from the source IP addresses associated with the remaining sets, and each set of target IP addresses receives probe requests from a different respective source IP address. The sets may be aligned with target addresses or may spread several target addresses or only part of the ports of a target address. For example, one or more of the plurality of port scanning processes may send port probe requests to more than one target IP address and/or two or more of the plurality of port scanning processes may send port probe requests to the same target IP address.
The disclosure generally relates to a method for accessing media content, said method being used in a receiver (10). The method comprises a preparation phase and a use phase. The preparation phase comprises the steps of obtaining, by said receiver (10), a catalog of media content items, each media content item corresponding to a media content and comprising at least an item description and an item identification data and storing said catalog of media content items in a local database in a memory (13) of the receiver (10). The use phase comprises the steps of accessing, by a mobile display device (11), said catalog of media content items through a local communication channel (16); displaying at least a part of the catalog of media content items on the mobile display device (11); selecting, by said mobile display device (11), at least one media content item displayed on the mobile display device; transmitting, by said mobile display device (11), a request to a content provider (12), the request comprising the item identification data corresponding to said selected media content item and additional data allowing for the receiver (10) to be identified, said transmission using a first remote communication channel (17) distinct from said local communication channel (16); and obtaining by the receiver (10), the media content corresponding to the media content item identified by the identification data contained in said request. The disclosure further relates to a receiver (10) and a mobile display device (11) for implementing the above described method and a system comprising at least said receiver and said mobile display device.
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04N 21/436 - Interfacing a local distribution network, e.g. communicating with another STB or inside the home
H04N 21/437 - Interfacing the upstream path of the transmission network, e.g. for transmitting client requests to a VOD server
H04N 21/462 - Content or additional data management e.g. creating a master electronic program guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabi
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
H04L 29/06 - Communication control; Communication processing characterised by a protocol
70.
A METHOD OF AND A DEVICE FOR RENDERING CONTENT DATA OF A CONTENT DATA STREAM BASED ON A LEVEL OF TOXICITY OF THE CONTENT DATA STREAM
A method (1) of and a device for rendering content data of a content data stream. From content data identified in the content data stream, a level of toxicity is determined (4). The level of toxicity represents a measure of authenticity of the received content data stream. Content data of the received content data stream is rendered (6) based on an aggregated level of toxicity.
H04N 21/8352 - Generation of protective data, e.g. certificates involving content or source identification data, e.g. UMID [Unique Material Identifier]
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/466 - Learning process for intelligent management, e.g. learning user preferences for recommending movies
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/658 - Transmission by the client directed to the server
71.
METHOD TO TRANSMIT AN AUDIO/VIDEO STREAM OF TO A DESTINATION DEVICE
The present disclosure refers to the field of streaming media content to a client device. In the frame of the present disclosure, it is proposed a method and system to transmit an audio/video stream of to a destination device, said audio/video stream comprising a plurality first segments, each representing a first duration of video at original bit-rate, said method comprising : - receiving and decompressing by a transcoding node the audio/video stream to obtain a decompressed video stream and an audio stream, - dividing the decompressed video stream into a plurality of second segments, each segment representing a second duration of video at original bit-rate, said second duration being smaller than the first duration, - generating at least one low bit-rate version of the second segment, and compressing the at least one low bit-rate segment and the second segment, multiplexing the at least one low bit-rate segment, the second segment and the audio segment to produce a multi-bit-rate stream, transmitting the multi-bit-rate stream to at least one Network Access Point, - demultiplexing by the Network Access Point the multi-bit-rate stream to obtain the second segment and the at least one lower bit-rate segment, - receiving by the Network Access Point from the destination device a request to the audio/video stream, selecting the original bit-rate segment or one of the lower bit-rate segments, multiplexing the selected segment with the audio segment to form a multiplexed segment, transmitting the multiplexed segment to the destination device, receiving at least one acknowledgement message from the destination device that the multiplexed segment has been received, determining, by the Network Access Point, a level of completion of the multiplexed segment by the destination device, said level of completion being derived from the acknowledgment message, selecting the original bit-rate segment or one of the lower bit-rate segment based on the level of completion for the further multiplexed segment.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04N 21/6377 - Control signals issued by the client directed to the server or network components directed to server
H04N 21/6373 - Control signals issued by the client directed to the server or network components for rate control
H04N 21/2343 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
H04N 21/262 - Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission or generating play-lists
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
72.
METHOD, SYSTEM AND DEVICE FOR UPDATING A USER ACCOUNT USING A CREDIT OBTAINED BY PLAYING AN ADVERTISING CONTENT
A method for updating a user account (42) at a service provider (40) using at least one credit (12) obtained by playing an advertising content (15) to be transmitted from a media server (10) to a user device (20) identified by a device identifier (21) designed to identify said user account and a record (32) stored in a database (30) configured to be connected to the media server. This method comprises: a registration phase for populating the record with a service provider application identifier (41) assigned to said user account; an identification phase for receiving the device identifier at the media server; a crediting phase for: activating, during the playing of the advertising content, a user device credit indicator (22); activating the detection of a crediting condition (23) required to obtain said credit; transmitting to the service provider, crediting information (24); updating the user account thanks to said crediting information.
The present disclosure relates to a method and a device for detecting an attack on an integrated circuit. Attacks which are detectable using an active shield as described herein include physical and electrical contacting using a probe and modification of interconnect routing, including modification through the use of focused ion beam technology.
A system and a method for monitoring the integrity of code are provided. Dummy code is provided in an on demand decryption area of an object file while runtime code is provided elsewhere (and may be in the same object file or another object file). A compensation area is also provided which is initially blank. During execution, checksums can be calculated based on the result of an exclusive or (XOR) operation between contents of the on demand code decryption area and a compensation area such as a compensation area. As the runtime code populates the on demand code decryption area with the runtime code (potentially with the exception of areas masked to maintain integrity of relocation instructions allowed to remain in the dummy code) the compensation area is populated with the result of an XOR operation between the dummy code and the runtime code. As a result, the checksums will be the same throughout execution as long as integrity of the code has not been compromised.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/14 - Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
75.
METHODS AND SYSTEMS FOR LINK-BASED ENFORCEMENT OF ROUTING OF COMMUNICATION SESSIONS VIA AUTHORIZED MEDIA RELAYS
Disclosed herein are methods and systems for link-based enforcement of routing of communication sessions via authorized media relays. In an embodiment, a media relay receives encrypted first payloads from a first endpoint and encrypted second payloads from a second endpoint as part of a session. The encrypted first payloads require a first key for decryption and the encrypted second payloads requite a second key for decryption. The media relay is preconfigured prior to the session with secrets useable for identifying the first and second keys. The media relay decrypts the first payloads using the first key and decrypts the second payloads using the second key, and transmits the first payloads to the second endpoint and the second payloads to the first endpoint as part of the session.
The present invention relates to a system for rendering a content, the rendering of which is subject to conditional access security conditions. A system is described, comprising a host device and a detachable security device, the security device configured to decrypt the encrypted content, re-encrypt it under a local key and to deliver the re-encrypted content to the host device while ensuring that the host device applies or otherwise enforces any conditions associated with the rendering of the content.
The present disclosure is in the field the access control to multimedia content by a home device, in particular the access to encrypted multimedia content. It is proposed a method to create a secure channel between a host device and a external device, said external device being in charge of receiving encrypted multimedia content from the host device, to decrypt said multimedia content, re-encrypt it and returning it via the secure channel to the host device, said host device comprising a system on chip (SoC) comprising at least a secure execution environment and a memory, a host processing platform (HPD) comprising at least a central unit, a reception module, a video processing unit and a storage unit, said system on chip comprising a SoC private key and a SoC certificate comprising a SoC type ID, a SoC Binding unique ID and a SoC public key, said host processing platform (HPD) comprising a HPD certificate comprising a HPD type ID, the SoC binding unique ID, the SoC certificate and the HPD certificate being trusted by a common root authority, said method comprising : - initializing a communication between the external device and the host device, - receiving, by the external device, the SoC certificate, the Soc unique Binding ID of the Soc and the HPD certificate from the host device, - checking the binding of the SoC and the HPD by verifying that the HPD certificate contains the SoC Binding unique ID of the SoC, - in response to a positive verification, creating a secure channel between the external device and the host device.
A method to tag a host rendering device by using a portable multimedia processing device configured to grant access to conditional access multimedia content provided by a specific operator. The multimedia content is rendered by the host rendering device that is connected to the portable multimedia processing device via a communication link. The portable multimedia processing device stores operating specific data comprising an operator identifier and a portable multimedia processing device identifier. This operator specific data is transmitted to the host rendering device to be stored in a non-volatile memory, the host rendering device thus becomes tagged with the operator specific data. The disclosure further relates to a dongle to be connected via the communication link to the host rendering device including a television set, the communication link including a USB link or a HDMI link or a combination thereof. The dongle tags the television set with its identifier and the identifier of the operator.
A computer implemented method for sending context information between programs is provided, the method comprising: displaying a graphical user interface comprising a plurality of selectable application icons; receiving a simultaneous selection of a first icon and a second icon from the plurality of selectable application icons; launching a first program associated with the first icon; launching a second program associated with the second icon; and sending context information between the first program and the second program.
A method of monitoring execution in an execution environment of an operation, for example a cryptographic operation, comprising a sequence of instructions, is disclosed. Instructions sent in the sequence from a main processor to one or more auxiliary processors, for example cryptographic processors, to execute the operation are monitored and the sequence of instructions is verified using verification information. The method comprises enabling output from the execution environment of a result of the operation in response to a successful verification of the sequence, or generating a verification failure signal in response to a failed verification of the sequence.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/55 - Detecting local intrusion or implementing counter-measures
The present disclosure proposes a method to determine if a randomly generated number n is prime. This method comprises : a. generating randomly a value s1 and a value d1, b. calculating a value dp = (n-1) * 2∧s1 * d1, c. calculating a value d2 and a value s2 such as dp = 2s2 * d2, and computing a value s = s2-s1, d. initializing a first counter c1, d. generating randomly a value α, e. calculating a value dm=d2*α/d1, f. generating randomly a value A, g. initializing a second counter c2, h. calculating a value r= Adm mod n, i. verifying that the value r=1 or r=n-1, in the positive event : j. updating the first counter c1, k. if the first counter is below a first threshold T1, continuing with the step d.; I. otherwise, considering that the number n is prime; m. in the negative event : n. updating the value r = r2 mod n; o. verifying that the value r=1, in the positive event, continuing with the step j; p. in the negative event : q. updating the second counter c2, r. if the second counter c2 is below a second threshold T2, continuing with the step n; s. otherwise, considering the number n is not prime.
The present disclosure concerns a method and a system for managing users of public transportation. The method of the disclosure comprises the steps of : − determining by a user detection device, the presence of at least one user; − determining whether a personal identifier is detected for the at least one detected user; − if no personal identifier is detected for said user, transmitting a first piece of information to a management center, the first piece of information recording the presence of an unidentified user; − if a personal identifier for the user is detected, transmitting the personal identifier to said management center; − determining whether said personal identifier detected corresponds to a user registered with the management center; − if the personal identifier transmitted does not match a user registered with the management center, recording the presence of an unregistered user; − if the personal identifier transmitted corresponds to a user registered with the management center, determining a user profile associated with the personal identifier and sending a second piece of information to the user, the second piece of information taking into account the user profile and statistical information; − providing usage information, taking into account the statistical data and second piece of information transmitted to registered users.
The present disclosure provides a system and method of traitor tracing by identifying an original receiver of a media stream that has been re-transmitted comprises detecting sets of content items, such as adverts, that are embedded in the media stream. The sets of content items can then be used to determine receivers of the media streams comprising the detected sets of content items.
H04N 21/254 - Management at additional data server, e.g. shopping server or rights management server
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/234 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs
A system and a method for protecting code are provided. Extraction of code to be protected takes place during an object-to-object transformation and that code is replaced with fake binary code. The extracted code to be protected may then be encrypted or otherwise obscured and stored in a separate region of an object file. A prior source-to- source file transformation can be provided to isolate and mark the code to be protected, and to inject additional source code to handle later decryption.
A device (40) for generating a watermarked stream (39), comprising: at least one input interface (41) configured to receive encrypted control messages (20) and conditional access streams (30) including a main stream (33) and protected watermarking data streams (35) from which a watermarking information (38) can be embedded in said watermarked stream (39); a security module (43) configured to process said control messages (20) and to control access to said conditional access streams (30); a descrambler (45) configured to remove protection applied on at least some of said conditional access streams (30); a watermarking unit (47) configured to generate the watermarked stream (39) from said conditional access streams (30) by selectively processing said watermarking data streams (35) depending on access data (AC, AR) included in some of said control messages (20).
H04N 21/2389 - Multiplex stream processing, e.g. multiplex stream encrypting
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/6547 - Transmission by server directed to the client comprising parameters, e.g. for client setup
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
86.
USER UNIT FOR WATERMARKING DIGITAL CONTENT, METHOD FOR TRANSMITTING AND FOR WATERMARKING CONTENT AND METHOD FOR DETECTING AT LEAST ONE WATERMARK
The present disclosure concerns a user unit and a method for watermarking digital content distributed to at least one user unit in compressed form, wherein the user is implementing said method. The disclosure also concerns a method for transmitting video content from a content provider to at least one user unit and a for detecting at least one watermark in a video content that has been marked with the above mentioned watermarking method.
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 21/16 - Program or content traceability, e.g. by watermarking
87.
METHOD AND DEVICE TO PROTECT A CRYPTOGRAPHIC EXPONENT
Since the publication of its principle, public-key cryptography has known important theoretical and practical developments. Notably, public-key cryptography has allowed putting into practice the concepts of digital signatures and of public-key key exchange; these methods are used on a daily basis in uncountable many digital systems. It is therefore proposed a method to generate a protected secret value k' used as a first operand in a cryptographic group operation involving a base group element G of order n and comprising: - generating random positive integers k1 and k2, that are strictly smaller than the order of the group element G thanks to a cryptographically secure random number generator, such that the generated random positive integers k1 and k2 do not share any divisor with the order n other than 1, - generating the protected secret value k' based on said generating random positive integers such as k' = k1 * k2, said protected secret value k' being used as a second operand in the group operation.
A content handling device comprises a plurality of content transformation modules that can define one or more paths from a content source module to a content sink module. The content is associated with one or more usage rules requiring one or more transformations to be applied to the content. To enforce usage rules, each content transformation module is configured to receive the content, apply a transformation to the content in accordance with the usage rules and apply a tagging operation corresponding to the transformation to the content. In some embodiments output of the content by the content sink module is prevented if all tagging operations corresponding to the usage rules have not been applied. While in some embodiments usage rule tags corresponding to the usage rules are embedded locally at the content handling device, the disclosure also extends to a content distribution system with a usage rule tag embedding functionality.
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/4402 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
An integrated circuit device is disclosed, the device comprising a protective layer and a protected circuit on a substrate, the protective layer being configured to protect the protected circuit by absorbing laser radiation targeted at the protected circuit through the substrate. The device may be configured such that removal of the protective layer causes physical damage that disables the protected circuit. The device may comprise intermediate circuitry protruding into the substrate between the protective layer and the protected circuit, wherein the physical damage that disables the protected circuit is physical damage to the intermediate circuitry. The device may comprise detection circuitry configured to detect a change in an electrical property of the device indicative of removal of the protective layer, and, in response to detecting the change in the electrical property, cause the protected circuit to be disabled.
The present disclosure is in the field of surveillance system of a network, in particular of an industrial network connecting various devices in charge of collecting data or giving commands. According to one embodiment, it is proposed a surveillance system connectable to a network, comprising a communication module and a management module, said system being configured to, during an initialization phase: a. intercept a first message, being sent to a first device, b. intercept a second message being a response from the first device to the first message, c. calculate a time interval between the interception of the first message and the interception of the second message, d. repeat the steps a to c in order to determine further time intervals, e. determine a distribution of said time intervals, f. storing in reference with the first device, the distribution of time intervals, and during a surveillance phase, said system being configured to: g. intercept a third message being sent to the first device, h. intercept a fourth message being a response from the first device to the third message, i. calculate a new time interval between the interception of the third and the fourth message, j. verify that the new time interval is within the distribution of time intervals.
A method of programming a device comprising acquiring configuration data, loading the configuration data onto a programmable device, processing at least a portion of the configuration data through a one way function to form processed configuration data, and configuring at least one configurable module of the programmable device using the processed configuration data from the processing step.
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Disclosed herein are methods and systems for encrypting communications using a secure element. An embodiment takes the form of a method including the steps of performing a key- exchange procedure with an endpoint via a voice-communication device to obtain a symmetric seed key for a secure voice session with the endpoint; generating first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key; receiving outbound voice packets from the voice-communication device in connection with the secure voice session, each outbound voice packet including a header and an unencrypted payload; using a first symmetric encryption algorithm and the first symmetric session key, followed by a second symmetric encryption algorithm and the second symmetric session key to generate and output twice-encrypted outbound-voice-packet payloads to the voice-communication device for transmission to the endpoint in connection with the secure voice session.
A secure encryption element negotiates cryptographic session keys with remote devices using randomly generated secret keys, and encrypts and decrypts data with the negotiated session keys during communication sessions with the remote devices. The secure encryption element receives and authenticates an intercept-mode command, and responsively negotiates a predictable cryptographic session key at least in part by: accessing a first key-negotiation parameter originating in a secure- encryption-element provider and a second key-negotiation parameter originating in a service provider; generating a pseudorandom secret key based on the first and second key-negotiation parameters; generating and sharing a first shared intermediate value based on the pseudorandom secret key; receiving a second shared intermediate value; generating the predictable cryptographic session key based on the pseudorandom secret key and the second shared intermediate value; and encrypting and decrypting data with the generated predictable cryptographic session key during a communication session with a remote device.
A method for identifying a peripheral device (30) from a digital content (11) having been received by said peripheral device (30) from a master device (20) located at a user end (2), said master device (20) being further configured to be connected to a server (10) located at a back end (1), said method comprising the steps of: receiving, by the master device (20) from the peripheral device (30), at least peripheral identification data (33); generating, at the master device (20), a first mark (31 ) as a function of at least a part of said peripheral identification data (33); watermarking said digital content (11) using said first mark (31) before transmitting said digital content (11) to said peripheral device (30).
The present invention refers to the field of television experience in particular the simultaneous use of the mobile device and a television to share a user's experience. The present disclosure proposes a method to create a snapshot from a video transmission received by a receiver, said receiver being connected with a mobile device and having a screen output, said method comprising the steps of: receiving a video transmission by the receiver, converting by the receiver, the video transmission into a lower-bandwidth video transmission, sending the lower-bandwidth video transmission to the mobile device, receiving from the mobile device to the receiver, a command to execute a snapshot, producing by the receiver a snapshot from the video transmission, sending the snapshot to the mobile device.
H04N 21/433 - Content storage operation, e.g. storage operation in response to a pause request or caching operations
H04N 21/475 - End-user interface for inputting end-user data, e.g. PIN [Personal Identification Number] or preference data
H04N 21/4788 - Supplemental services, e.g. displaying phone caller identification or shopping application communicating with other users, e.g. chatting
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
96.
A REMOVABLE SECURITY DEVICE AND A METHOD TO PREVENT UNAUTHORIZED EXPLOITATION AND CONTROL ACCESS TO FILES
A removable security device configured to prevent unauthorized exploitation of files, connectable with a host device, the removable security device comprising a central processor, an operating system, a graphic processor, memories and a communication link configured to exchange data with the host device. The removable security device further comprises an identification module for verifying conformity of at least one user credential received from the host device via the communication link. The operating system enables through a remote desktop agent remote access to at least one file and executes a file processing application with the at least one file. The operating system, the remote desktop agent and the file processing application are stored in a non-volatile memory of the removable security device. The graphic processor generates displayable frames corresponding to the execution of the application with the file. A watermarking module coupled to the graphic processor inserts additional data into the displayable frames, said additional data forming a watermark generated on all or part of the displayable frame. The additional data allows retrieving at least the identifier of the removable security device. The communication link transmits the watermarked displayable frames to the host device.
The disclosure provides a method of making watermarking data embedded in an Elementary Stream ES accessible to a receiver. The ES comprises video and/or audio data and is to be transmitted as a Packetized Elementary Stream PES in a Transport Stream TS such that the receiver can use the watermarking data to watermark the video and/or audio data in the ES without reconstructing the ES from the TS. The watermarking data identifies one or more watermarking locations in the video and/or audio data in the ES to be modified by the receiver in accordance with the watermarking data. The method comprises determining respective one or more watermarking TS locations in the TS corresponding to the one or more watermarking locations. The method further comprises embedding, in the ES, the watermarking data including watermarking location information identifying the one or more watermarking TS locations, or modifying watermarking data embedded in the ES by adding the watermarking location information. The method may further comprise subsequent to embedding or modifying the watermarking data, packetizing the ES into one or more PES packets, each packet comprising a packet header, and adding watermarking data location information identifying a location in the TS corresponding to a location of the watermarking data in the ES to the packet header of a PES packet (or in a TS header or elsewhere in the TS). The disclosure also provides a corresponding method of watermarking and related systems, devices, computer programs and Transport Streams.
H04N 21/2343 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
H04N 21/2362 - Generation or processing of SI [Service Information]
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.
A method and system for managing social media spoilers includes recording a scheduled media event and using a filter to block social media content relevant to the recorded program. The blocked content is accessed and displayed in synchronisation with the recorded program when it is played back.
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.
patents
