There is described a method, at a server system, of providing a mobile network operator (MNO) profile to a client device. The client device has a SIM software application stored thereon so as to provide the client device with a secured software implementation of SIM card functionality. The method comprises: (a) based on a unique identifier of the client device, identifying a unique key, KSIM, of the SIM software application stored on the client device; (b) based on an MNO associated with the client device, identifying an unused MNO profile associated with the MNO; (c) encrypting the identified MNO profile so as to provide an encrypted MNO profile, wherein the encrypting comprises encrypting at least part of the identified MNO profile using KSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
A machine learning model protection method comprising: generating, based on a set of parameters that define a machine learning model, an item of software which, when executed by one or more processors, provides an implementation for the machine learning model; and applying one or more software protection techniques to the item of software.
A system and method for creating secure software code. Original code is processed to determine memory states, which are dynamic during execution of the code. Selected functions of the code are duplicated and placed in parallel alternative control paths in order to create protected code with increased path diversity. The state of the memory, or a variable derived therefrom is used to select one of the alternative paths during execution of the protected code.
A method of protecting an implementation of a neural network against a cloning attack, the neural network configured to generate a result based on an input sample from a predetermined domain of possible samples, the neural network trained to provide functionality corresponding to a subset of the domain, wherein the method comprises: receiving, from a user, a plurality of queries having a corresponding query sample from the domain and, for each query, performing a first test to determine whether or not the corresponding query sample is a member of the subset; performing a second test to identify whether the user is performing a cloning attack against the neural network, wherein the second test identifies that the user is performing a cloning attack against the neural network if a number of queries from the plurality of queries for which the corresponding query sample is determined to not be a member of the subset exceeds a first threshold value; and in response to the second test identifying that the user is performing a cloning attack against the neural network, performing one or more countermeasures for the cloning attack.
A method for a testing system to perform fuzzy testing of a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed, wherein the mutation process is configured, at least in part, by mutation guidance information; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in the ranked plurality of queues has an associated seed addition criterion and wherein performing each test comprises either (a) adding the test seed to the highest ranked queue in the ranked plurality of queues for which the test seed meets the seed addition criterion associated with that queue; or (b) discarding the test seed if the test seed does not meet the seed addition criterion associated with any of the queues in the ranked plurality of queues; wherein the seed addition criteria are configured so that, if processing of a first test seed by the software system involves execution of, or an execution path approaching, a callable unit of interest and if processing of a second test seed by the software system does not involve execution of, or an execution path approaching, a callable unit of interest, then the queue to which the first test seed is added is of higher rank than the queue to which the second test seed is added, wherein a callable unit is a callable unit of interest if the current number of tests that have resulted in execution of that callable unit is less than the target number of times that callable unit is to be tested.
There is provided systems and methods for operating a keyless vehicle system of a vehicle. One such method comprises, receiving, at a Bluetooth module of the keyless vehicle system a connection request from a mobile device, wherein the Bluetooth module of the keyless vehicle system is bonded as a human interface device (HID) to the mobile device. In response to the mobile device being verified by the Bluetooth module, a Bluetooth connection between the mobile device and the Bluetooth module is established. In response to the vehicle detecting physical interaction, the presence of the mobile device determined. Operation of the keyless vehicle system is allowed based on the presence of the mobile device.
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
G07C 9/00 - Enregistrement de l’entrée ou de la sortie d'une entité isolée
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p.ex. communication véhicule-piétons
H04W 4/02 - Services utilisant des informations de localisation
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
09 - Appareils et instruments scientifiques et électriques
38 - Services de télécommunications
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Electronic and/or multi-media communication, recording, transmission, broadcasting, storage, display, reception and reproduction devices; data processing equipment; computers, computer programs, computer software, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software and apparatus and instruments for use in connection with the Internet; smart cards; encoded cards Broadcasting and communication services, whether television, satellite, radio, cable, internet, broadband and/or other Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and design services for others; design services for others in the field of artificial intelligence; developmental research conducted in relation to the enhancement of technology and technological products for use in the telecommunications industry and broadband industry whether via cable, telephone or satellite
8.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING SECURED COMPUTER CODE
Systems, methods, and storage media for creating secured computer code are disclosed. Exemplary implementations may: access computer code; convert the computer code into a numeric description of characteristics of the code; partition the computer code into blocks of code; determine a corresponding ranking of at least some of the blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code; select anomalous blocks of the blocks of code by applying a threshold to the rankings; and apply code security techniques to at least one of the anomalous blocks of code to thereby create secured computer code.
A method for identifying whether a classification system is configured to use a specific machine-learning classification model, the method comprising: using the classification system to generate, for each test sample in a predetermined test set that comprises a plurality of test samples, a corresponding classification result; and identifying either (i) that the classification system is using the specific machine-learning classification model if, for each test sample in the test set, the corresponding classification result matches a classification result produced for that test sample using the specific machine-learning classification model or (ii) that the classification system is not using the specific machine-learning classification model if there is a test sample in the test set for which the corresponding classification result does not match the classification result produced for that test sample using the specific machine-learning classification model; wherein the test set is associated with the specific machine-learning classification model and, for each test sample in the test set, there is a corresponding small modification for that test sample that causes a change in the classification result produced for that test sample using the specific machine-learning classification model.
A method of performing a cryptographic process in a secured manner, wherein the cryptographic process generates output data based on input data, the generating of the output data involving generating a value y based on an amount of data x, the value y representing a combination, according to a linear transformation L, of respective outputs from a plurality of S-boxes Sn (n=0, . . . , N−1) for integer N>1, wherein each S-box Sn (n=0, . . . , N−1) implements a respective function Hn that is either (a) the composition of a respective first function Fn and a respective linear or affine second function Gn so that Hn=Gn∘Fn, or (b) the composition of a respective first function Fn, a respective linear or affine second function Gn and a respective third function Wn so that Hn=Gn∘Fn∘Wn, wherein the method comprises: performing a first processing stage and a second processing stage to generate the value y based on the amount of data x, wherein: the first processing stage uses a plurality of first lookup tables to generate respective outputs, each output being based on at least part of the amount of data x, wherein, for each S-box Sn (n=0, . . . , N−1), the respective first function Fn is implemented by a corresponding first lookup table; and the second processing stage combines outputs from a plurality of second lookup tables to generate the value y, wherein the input to each second lookup table is formed from the output of a plurality of the first lookup tables, and wherein the set of second lookup tables is based on the second functions Gn (n=0, . . . , N−1) and the linear transformation L.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
11.
SECURED PERFORMANCE OF AN ELLIPTIC CURVE CRYPTOGRAPHIC PROCESS
A method for performing an elliptic curve cryptographic process to generate output data based on input data, the elliptic curve cryptographic process based on an elliptic curve over a finite field, wherein the generation of the output data comprises generating, based on a predetermined point V of the elliptic curve and a positive R-bit integer k, a first point of the elliptic curve that is based, at least in part, on the point kV of the elliptic curve, wherein k=Σr=0R−1 2rbr and, for each r=0,1, . . . , R−1, br is the bit value of k at bit position r of k, wherein the method comprises: storing, according to a partition of the R bit positions for k into T groups of bit positions Pt (t=0, 1, . . . , T−1), a corresponding lookup table Lt having, for each of the 2|Pt|possible options for assigning to the |Pt| bit positions s ∈ Pt a respective bit value xs, a corresponding point of the elliptic curve that is based, at least in part, on the point (Σs∈Pt2sxs)V of the elliptic curve; obtaining k; and determining the first point as Σt=0T−1lt, where lt is the point of the elliptic curve that corresponds, in lookup table Lt, to the option for assigning to the |Pt| bit positions s ∈ Pt the corresponding bit value bs.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
12.
METHOD AND SYSTEM FOR PREVENTING AND DETECTING SECURITY THREATS
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
There is described a method of generating a protected data package from an initial file. The initial file has a predetermined file format, the method comprises: (a) identifying a code portion of the initial file to be protected; (b) generating a supplementary file comprising a copy (or version) of the code portion; and (c) modifying the initial file, wherein the modifying comprises replacing at least the code portion of the initial file with replacement data to thereby provide a modified file, wherein the modified file has the same predetermined file format as the initial file, and wherein the modification is arranged to cause a failure when a reader for the predetermined file format tries to load the code portion from the modified file. The protected data package comprises the modified file and the supplementary file. There is also described a method for a reader of a predetermined file format to execute a protected data package. The protected data package comprises a modified file and a supplementary file. The modified file comprises replacement data that has replaced at least a code portion of an initial file on which the modified file is based. The modified file and the initial file have the predetermined file format. The supplementary file comprises a copy (or version) of the code portion. The method comprising, at runtime: responsive to a failure when trying to load the code portion from the modified file, processing the supplementary file so as to load the code portion from the supplementary file.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/50 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
14.
SYSTEMS AND METHODS FOR DETERMINING EXECUTION STATE
There is described a method of enabling identification of the execution state of an item of software at runtime. The method comprises receiving from one or more clients one or more respective labelled sets of invocation data generated at the one or more clients by the execution of an executable of the item of software configured to cause the collection of invocation data at runtime for one or more callable units of the item of software, wherein each labelled set of invocation data comprises a label indicating an execution state of the item of software during a respective portion of runtime and invocation data corresponding to said respective portion of runtime; training, based on said collection of invocation data, an identification algorithm to identify the execution state of the item of software from collected invocation data of the item of software. There is also described a related method of identifying the execution state of an executable during a portion of runtime, as well as related apparatus and computer programs.
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
15.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR GENERATING SYNTHESIZED DEPTH DATA
Disclosed implementations include a depth generation method using a novel teacher-student GAN architecture (TS-GAN) to generate depth images for 2-D images, such as RGB images, where no corresponding depth information is available. An example model consists of two components, a teacher and a student. The teacher consists of a fully convolutional encoder-decoder network as a generator along with a fully convolution classification network as the discriminator. The generator takes 2-D images as inputs and aims to output the corresponding depth images. The teacher learns an initial latent mapping between 2-dimensional and co-registered depth images and the student applies the latent mapping to provide feedback to the classification network for refinement.
Disclosed implementations include a method, apparatus and computer media for learning an optimal graph in the form of a tree topology defining a sequence that can be used by a learning network for image recognition. Image data representing the image of an object is received and N landmarks are detected on the image using a deep regression algorithm, wherein N is an integer. A weighted, fully connected, graph is constructed from the landmarks by assigning initial weights for the landmarks randomly. An optimized tree structure is determined based on the initial weights. A sequence is generated by traversing nodes of the tree structure and a series of embeddings representing the object image are generated based on the sequence. The embeddings can be processed by a neural network to generate an image recognition signal based on the embeddings.
G06V 40/16 - Visages humains, p.ex. parties du visage, croquis ou expressions
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
17.
Secured computer code and systems, methods, and storage media for creating the secured computer code from original computer code
Systems, methods, and storage media for creating secured computer code from original computer code are disclosed. The secured computer code is created from original computer code and has a secured interface between a first code domain and a second code domain of the original computer code, the first code domain including code in a first coding language and the second code domain including code in a second coding language, the first code domain being compiled separately from the second code domain. Exemplary implementations may: identify a code method defined in the first code domain that is declared in the second code domain; create a corresponding code method in the second code domain that has a signature that corresponds to a signature of the code method; and create a transformed code method in the first code domain.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
18.
PROVIDING AND MANAGING MOBILE NETWORK OPERATOR PROFILES
SIMSIMSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
H04W 4/60 - Services basés sur un abonnement qui utilisent des serveurs d’applications ou de supports d’enregistrement, p.ex. boîtes à outils d’application SIM
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
The disclosure is directed to a method, system and a computer readable medium of fuzzy testing a software system, using a grey-box fuzzy testing framework that optimizes the vulnerability exposure process while addressing security testing challenges. The grey-box fuzzy testing framework, unlike white-box testing, provides a focused and efficient assessment of a software system without analyzing each line of code. The disclosed embodiments provide a robust security mechanism that accumulates information about the system without increasing testing complexity, enabling fast and efficient security testing. The disclosed embodiments use security vulnerability metrics designed to identify vulnerable components in the software systems and ensures thorough testing of these components by assigning weights. A mutation engine may perform small data type mutations at the input's high-level design. The grey-box approach addresses three testing challenges: the system's complexity and size by avoiding intensive code analysis, outsourcing by limiting the knowledge about the system, and input and output fluctuation by creating a massive number of inputs.
G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
G06N 5/04 - Modèles d’inférence ou de raisonnement
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
20.
Method and apparatus for policy-based management of assets
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective second threshold for said first test, the respective second threshold greater than the respective first threshold; and when the respective first log-likelihood ratio exceeds the respective first threshold and the respective first log-likelihood ratio does not exceed the respective second threshold, either (a) determining to perform a further first test when a number of times that the first test has been performed is less than a predetermined maximum number of times or (b) determining to perform a second test when the number of times that the first test has been performed equals the predetermined maximum number of times; wherein performing the second test comprises: obtaining a second input for the second test based on the one or more biometric characteristics of the first user; and determining that the first user is the predetermined user when a second log-likelihood ratio for a third likelihood and a fourth likelihood exceeds a third threshold, wherein the third likelihood is a likelihood of receiving the respective second input based on the first model, and wherein the fourth likelihood is a likelihood of receiving the second input based on the second model; determining that the first user is not the predetermined user when the second log-likelihood ratio does not exceed the third threshold.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
09 - Appareils et instruments scientifiques et électriques
38 - Services de télécommunications
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software applications for smart phones and tablet devices, namely, software for use in cybersecurity and risk management; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, recorded computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content; downloadable computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; downloadable computer software for use in connection with content delivery for the internet; downloadable software for the protection of internet communications; downloadable software for the protection of data storage on computers; downloadable software for the protection of advertisement delivery; downloadable software for use in protection of internet communications; downloadable software for the protection of computer software including virus and fraud protection; computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards Providing an online forum in the cybersecurity field relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing industry, and the video gaming industry; communication services, namely, transmission of voice, data, sound and images by telecommunications network, wireless communication networks, the internet, information services networks and data; radio, television, satellite and cable broadcasting services; rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; providing access to and leasing access time to computer data bases Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing industry, and the video gaming industry provision of cloud-based software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing
A method for detection of modification of an item of content, the method comprising: obtaining, for the item of content, a respective first value of each attribute in a set of one or more attributes of the item of content, the set of one or more attributes selected such that, for each of one or more predetermined types of modification, said type of modification affects the value of at least one attribute in the set of one or more attributes; performing a watermark decoding operation on the item of content; and in response to the watermark decoding operation producing payload data from the item of content: determining that the one or more predetermined types of modification have not been applied to the item of content if, for each attribute in the set of one or more attributes, the respective first value for that attribute matches a respective second value for that attribute determined using the payload; or determining that a modification has been applied to the item of content if, for at least one attribute in the set of one or more attributes, the respective first value for that attribute does not match a respective second value for that attribute determined using the payload.
09 - Appareils et instruments scientifiques et électriques
38 - Services de télécommunications
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer software applications for smart phones and tablet devices; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content, computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software for use in connection with content delivery for the internet; software for the protection of internet communications; software for the protection of data storage on computers; software for the protection of advertisement delivery; software for the protection of computer software including virus and fraud protection; computers, handheld computers, set-top boxes, televisions and digital media streaming devices; apparatus and instruments for use in connection with the internet, namely, computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards. Providing access to forums; telecommunications portal services; voice, data, sound and image communication services; multi-media communication services; telecommunications services; radio, television, satellite and cable broadcasting services; transmission, provision and display of information for business or domestic purposes from a computer stored databank; hiring, rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; Providing access to websites on the Internet or any other communications network; providing access to and leasing access time to computer data bases. Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software; provision of cloud-based software; software as a service; provision of technical advice in respect of software for the protection of internet communications, software for the protection of data storage on computers; Providing temporary use of non-downloadable software.
26.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method for a computer to execute an item of software, the method comprising: the computer executing one or more security modules; the computer executing the item of software, said executing the item of software comprising, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function by: sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request comprising an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.
A method for a computer to execute an item of software, the method comprising: the computer executing one or more security modules; the computer executing the item of software, said executing the item of software comprising, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function by: sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request comprising an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.
Methods and systems for providing secure digital access to services are described. Embodiments include user behavior tracking, learning, and updating one or more contextual access algorithms and thereafter can act as multi-factor authentications. The method may include receiving data for a group of users and initializing a machine learning algorithm with the group data. The method may also collect individual user data and context data periodically, including characteristic behavior data, and update the machine learning algorithm with the individual user data. The method may further calculate a threshold for tolerance based on the updated algorithm, and verify user requests for access to the service. A multi-factor authentication may be presented to the user when the verifications are not acceptable, such as by being below a threshold. A permissions data structure can be generated and used to control access to the service.
G07C 9/29 - Enregistrement de l’entrée ou de la sortie d'une entité isolée comportant l’utilisation d’un laissez-passer le laissez-passer comportant des éléments électroniques actifs, p.ex. des cartes à puce
Methods and systems for continuously authenticating a user of a device by comparing current sensor data of the device being used with a fingerprint generated from sensor data collected from the device during use by an authorized user. A likelihood value, indicating the likelihood that the user is an authorized user of the device, is generated and the user is authenticated when the likelihood value is determined to be acceptable.
A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective second threshold for said first test, the respective second threshold greater than the respective first threshold; and when the respective first log-likelihood ratio exceeds the respective first threshold and the respective first log-likelihood ratio does not exceed the respective second threshold, either (a) determining to perform a further first test when a number of times that the first test has been performed is less than a predetermined maximum number of times or (b) determining to perform a second test when the number of times that the first test has been performed equals the predetermined maximum number of times; wherein performing the second test comprises: obtaining a second input for the second test based on the one or more biometric characteristics of the first user; and determining that the first user is the predetermined user when a second log-likelihood ratio for a third likelihood and a fourth likelihood exceeds a third threshold, wherein the third likelihood is a likelihood of receiving the respective second input based on the first model, and wherein the fourth likelihood is a likelihood of receiving the second input based on the second model; determining that the first user is not the predetermined user when the second log-likelihood ratio does not exceed the third threshold.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G07C 9/37 - Enregistrement de l’entrée ou de la sortie d'une entité isolée ne comportant pas l’utilisation d’un laissez-passer combiné à une vérification d’identité utilisant des données biométriques, p.ex. des empreintes digitales, un balayage de l’iris ou une reconnaissance de la voix
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
32.
Apparatus for monitoring and/or controlling mechanical equipment
0, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module.
The present application also relates to the apparatus for monitoring and/or controlling the mechanical equipment, and to a method of use of the apparatus with mechanical equipment.
H02K 35/02 - Génératrices avec système de bobines, aimant, induit, ou autre partie du circuit magnétique à mouvement alternatif, oscillant ou vibrant avec des aimants mobiles et des systèmes de bobines fixes
F16F 15/02 - Suppression des vibrations dans les systèmes non rotatifs, p.ex. dans des systèmes alternatifs; Suppression des vibrations dans les systèmes rotatifs par l'utilisation d'organes ne se déplaçant pas avec le système rotatif
G05D 19/02 - Commande des oscillations mécaniques, p.ex. de l'amplitude, de la fréquence, de la phase caractérisée par l'utilisation de moyens électriques
G06Q 30/06 - Transactions d’achat, de vente ou de crédit-bail
G06Q 30/0645 - Transactions de location; Transactions de crédit-bail
H02K 11/00 - Association structurelle de machines dynamo-électriques à des organes électriques ou à des dispositifs de blindage, de surveillance ou de protection
H02J 7/32 - Circuits pour la charge ou la dépolarisation des batteries ou pour alimenter des charges par des batteries pour la charge de batteries par un ensemble comprenant une machine motrice non électrique
33.
APPARATUS FOR MONITORING AND/OR CONTROLLING MECHANICAL EQUIPMENT
vibration0vibration00, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module. The present application also relates to the apparatus for monitoring and/or controlling the mechanical equipment, and to a method of use of the apparatus with mechanical equipment.
H02J 7/32 - Circuits pour la charge ou la dépolarisation des batteries ou pour alimenter des charges par des batteries pour la charge de batteries par un ensemble comprenant une machine motrice non électrique
H02J 50/00 - Circuits ou systèmes pour l'alimentation ou la distribution sans fil d'énergie électrique
34.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING SECURED COMPUTER CODE HAVING ENTANGLED TRANSFORMATIONS
Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.
Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.
Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user.
There are also described corresponding apparatuses, computer programs, and computer-readable media.
H04N 21/442 - Surveillance de procédés ou de ressources, p.ex. détection de la défaillance d'un dispositif d'enregistrement, surveillance de la bande passante sur la voie descendante, du nombre de visualisations d'un film, de l'espace de stockage disponible dans l
38.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
42.
METHOD AND APPARATUS FOR FEEDBACK-BASED PIRACY DETECTION
Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique indentification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-on watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermarking patterns and detection and watermark pattern reconfiguration can be accomplished in an interative manner to find a specific node without the need to create unique watermark patterns for each node.
Systems, methods, and storage media for producing protected code in which functionality of the protected code can be verified are disclosed. Exemplary implementations may: receive computer source code that, when compiled and executed, produces functionality in accordance with code specifications, the code including executable code and annotations; apply transformations to at least one portion of the computer source code to produce transformed code having at least one transformed portion of executable code and annotations; store the transformed source code; create an additional annotation which includes verification properties and/or verification conditions that must hold true for the transformed code if the transformed code conforms to the code specifications, the annotation also including at least one hint; and store the annotation in correspondence to the relevant at least one transformed portion of the transformed source code to produce protected code.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
44.
METHOD AND APPARATUS FOR IMPLEMENTING A WHITE-BOX CIPHER
An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application. An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
45.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR OBFUSCATING A COMPUTER PROGRAM BY REPRESENTING THE CONTROL FLOW OF THE COMPUTER PROGRAM AS DATA
Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data that is not source code are disclosed. Exemplary implementations may: receive source code of a computer program; parse the source code; extract the control flow of the source code; represent at least a portion of the control flow as a control flow model using a mathematical modeling language; store the control flow model as control flow data that represents the control flow of the program and is not executable code; and remove the at least a portion of the control flow from the source code, to thereby obfuscate the control flow of the source code and render the source code more resistant to tampering.
09 - Appareils et instruments scientifiques et électriques
38 - Services de télécommunications
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer software applications for smart phones and tablet devices; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content, computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software for use in connection with content delivery for the internet; software for the protection of internet communications; software for the protection of data storage on computers; software for the protection of advertisement delivery; software for the protection of computer software including virus and fraud protection; computers, handheld computers, home video game consoles, set-top boxes, televisions and digital media streaming devices; apparatus and instruments for use in connection with the internet, namely, computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards. Forum services; portal services; voice, data, sound and image communication services; multi-media communication services; telecommunications services; radio, television, satellite and cable broadcasting services; transmission, provision and display of information for business or domestic purposes from a computer stored databank; hiring, rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; Providing access to websites on the Internet or any other communications network; providing access to and leasing access time to computer data bases. Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software; provision of cloud-based software; software as a service; provision of technical advice in respect of software for the protection of internet communications, software for the protection of data storage on computers; Providing temporary use of non-downloadable software.
09 - Appareils et instruments scientifiques et électriques
38 - Services de télécommunications
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Computer software applications for smart phones and tablet devices; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content, computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software for use in connection with content delivery for the internet, software for the protection of internet communications; software for the protection of data storage on computers; software for the protection of advertisement delivery; service for the protection of internet communications; software for the protection of computer software including virus and fraud protection; computers, handheld computers, home video game consoles, set-top boxes, televisions and digital media streaming devices; apparatus and instruments for use in connection with the internet, namely, computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards (1) Forum services; portal services; voice, data, sound and image communication services; multi-media communication services; telecommunications services; radio, television, satellite and cable broadcasting services; transmission, provision and display of information for business or domestic purposes from a computer stored databank; hiring, rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; provision of web sites; providing access to and leasing access time to computer data bases
(2) Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software; provision of cloud-based software; software as a service; provision of technical advice in respect of software for the protection of internet communications, software for the protection of data storage on computers; software for the protection of advertisement delivery; software for the protection of internet communication, software for the protection of computer software including virus and fraud protection
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
G10L 25/51 - Techniques d'analyses de la parole ou de la voix qui ne se limitent pas à un seul des groupes spécialement adaptées pour un usage particulier pour comparaison ou différentiation
G10L 25/78 - Détection de la présence ou de l’absence de signaux de voix
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06K 9/46 - Extraction d'éléments ou de caractéristiques de l'image
A computer-implemented method, in which an access request in relation to data is received. There is Error Correcting Code (ECC) data relating to the data, and the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. The ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. A first integrity verification verifies the integrity of at least the data. If the first integrity verification procedure fails, an error analysis procedure is performed based on the data and the ECC data. Responsive to generation of corrected data by the error analysis procedure, a second integrity verification verifies the integrity of the corrected data. If the second integrity verification is successful, the access request is allowed using the corrected data.
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
51.
CHANGE-TOLERANT METHOD OF GENERATING AN IDENTIFIER FOR A COLLECTION OF ASSETS IN A COMPUTING ENVIRONMENT
A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or more predetermined parameters; and wherein, in the absence of a modification relating to the verification code, use of the one or more predetermined parameters by the verification code ensures that the verification data represents an element of the second set and use of the runtime data by the verification code controls which element of the second set is represented by the generated verification data.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G07C 5/00 - Enregistrement ou indication du fonctionnement de véhicules
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions being satisfied, the first entity and the second entity together performing shared secret establishment to establish the secret, wherein performing the shared secret establishment comprises the first entity using the public key of the second entity as represented in the message and the second entity using the public key of the first entity as represented in the protected item of software, wherein one of the conditions is performance by the first entity of a successful verification of the integrity of the message using the verification key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions being satisfied, the first entity and the second entity together performing shared secret establishment to establish the secret, wherein performing the shared secret establishment comprises the first entity using the public key of the second entity as represented in the message and the second entity using the public key of the first entity as represented in the protected item of software, wherein one of the conditions is performance by the first entity of a successful verification of the integrity of the message using the verification key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
58.
Generating and executing protected items of software
A method of generating a protected item of software, there being an execution path within code for the protected item of software that causes code for one or more second functions to be executed before executing code for a first function, wherein execution of the code for the one or more second functions causes data to be stored at one or more memory locations, the data satisfying a set of one or more predetermined properties, wherein, in the absence of an attack against the protected item of software when the code for the protected item of software is being executed, the first function is arranged to provide first functionality, the method comprising: configuring the code for the first function so that execution, by one or more processors, of the code for the first function provides the first functionality only if the set of one or more predetermined properties is satisfied by data being stored, when the first function is executed, at the one or more memory locations.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
59.
Method and apparatus for feedback-based piracy detection
Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermark patterns and detection and watermark pattern reconfiguration can be accomplished in an iterative manner to find a specific node without the need to create unique watermark patterns for each node.
H04N 7/167 - Systèmes rendant le signal de télévision inintelligible et ensuite intelligible
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/8352 - Génération de données de protection, p.ex. certificats impliquant des données d’identification du contenu ou de la source, p.ex. "identificateur unique de matériel" [UMID]
G06T 1/00 - Traitement de données d'image, d'application générale
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user.
There are also described corresponding apparatuses, computer programs, and computer-readable media.
A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 23/00 - DISPOSITIFS À SEMI-CONDUCTEURS NON COUVERTS PAR LA CLASSE - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
H01J 37/317 - Tubes à faisceau électronique ou ionique destinés aux traitements localisés d'objets pour modifier les propriétés des objets ou pour leur appliquer des revêtements en couche mince, p.ex. implantation d'ions
H01L 23/544 - Marques appliquées sur le dispositif semi-conducteur, p.ex. marques de repérage, schémas de test
H01L 25/065 - Ensembles consistant en une pluralité de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide les dispositifs étant tous d'un type prévu dans le même sous-groupe des groupes , ou dans une seule sous-classe de , , p.ex. ensembles de diodes redresseuses les dispositifs n'ayant pas de conteneurs séparés les dispositifs étant d'un type prévu dans le groupe
62.
Systems and methods for creating individualized processing chips and assemblies
Systems and methods for producing individualized processing chips, each individualized processing chip being arranged to carry out a common processing operation are disclosed. A processing chip design is received, wherein the common processing operation is specified, at least in part, by the processing chip design. For each individualized processing chip the processing chip design is individualized to produce an individualized processing chip design, in accordance with an individualized set of transformations for the individualized processing chip, by including a respective set of modifications as part of the individualized processing chip design that implement the individualized set of transformations. Each transformation of the individualized set of transformations is a transform for an interconnect, specified in the processing chip design, of at least two logic cells specified in the processing chip design. For each individualized processing chip the individualized processing chip design is provided for fabrication of the individualized processing chip according to the individualized processing chip design. The individualized set of transformations for one individualized chip is different to the individualized set of transformations for at least one other individualized chip.
H01L 27/00 - Dispositifs consistant en une pluralité de composants semi-conducteurs ou d'autres composants à l'état solide formés dans ou sur un substrat commun
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H01L 27/02 - Dispositifs consistant en une pluralité de composants semi-conducteurs ou d'autres composants à l'état solide formés dans ou sur un substrat commun comprenant des éléments de circuit passif intégrés avec au moins une barrière de potentiel ou une barrière de surface
G06F 30/39 - Conception de circuits au niveau physique
G06F 30/32 - Conception de circuits au niveau numérique
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
G06F 111/20 - CAO de configuration, p.ex. conception par assemblage ou positionnement de modules sélectionnés à partir de bibliothèques de modules préconçus
63.
Method and apparatus for session-based watermarking of streamed content
Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.
H04N 7/167 - Systèmes rendant le signal de télévision inintelligible et ensuite intelligible
H04N 21/2389 - Traitement de flux multiplexé, p.ex. cryptage de flux multiplexé
H04N 21/845 - Structuration du contenu, p.ex. décomposition du contenu en segments temporels
H04N 21/6377 - Signaux de commande émis par le client et dirigés vers les éléments du serveur ou du réseau vers le serveur
H04N 21/236 - Assemblage d'un flux multiplexé, p.ex. flux de transport, en combinant un flux vidéo avec d'autres contenus ou données additionnelles, p.ex. insertion d'une adresse universelle [URL] dans un flux vidéo, multiplexage de données de logiciel dans un flu; Remultiplexage de flux multiplexés; Insertion de bits de remplissage dans le flux multiplexé, p.ex. pour obtenir un débit constant; Assemblage d'un flux élémentaire mis en paquets
H04N 21/238 - Interfaçage de la voie descendante du réseau de transmission, p.ex. adaptation du débit de transmission d'un flux vidéo à la bande passante du réseau; Traitement de flux multiplexés
H04N 21/8352 - Génération de données de protection, p.ex. certificats impliquant des données d’identification du contenu ou de la source, p.ex. "identificateur unique de matériel" [UMID]
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
64.
METHOD AND APPARATUS FOR SESSION-BASED WATERMARKING OF STREAMED CONTENT
Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.
H04N 21/2389 - Traitement de flux multiplexé, p.ex. cryptage de flux multiplexé
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/6377 - Signaux de commande émis par le client et dirigés vers les éléments du serveur ou du réseau vers le serveur
H04N 21/236 - Assemblage d'un flux multiplexé, p.ex. flux de transport, en combinant un flux vidéo avec d'autres contenus ou données additionnelles, p.ex. insertion d'une adresse universelle [URL] dans un flux vidéo, multiplexage de données de logiciel dans un flu; Remultiplexage de flux multiplexés; Insertion de bits de remplissage dans le flux multiplexé, p.ex. pour obtenir un débit constant; Assemblage d'un flux élémentaire mis en paquets
H04N 21/238 - Interfaçage de la voie descendante du réseau de transmission, p.ex. adaptation du débit de transmission d'un flux vidéo à la bande passante du réseau; Traitement de flux multiplexés
H04N 21/845 - Structuration du contenu, p.ex. décomposition du contenu en segments temporels
65.
Method and apparatus for policy-based management of assets
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
G06F 21/10 - Protection de programmes ou contenus distribués, p.ex. vente ou concession de licence de matériel soumis à droit de reproduction
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method and system for watermarking content utilizing a user device GPU, Embodiments include receiving on a processing server a request from a video server for a video to be played on the user's device. The processing server may extract a set of identifying information, such as user information, from the request for the video. The processing server may further prepare shader software code which is to be executed on a GPU present on the user's device. The code preparation may include creating a watermarking procedure to be executed during playback on the user device. The processing server may further transmit the shader software code to the streaming video server to be transmitted to the user device for execution during video playback.
A method and system for watermarking content utilizing a user device GPU, Embodiments include receiving on a processing server a request from a video server for a video to be played on the user's device. The processing server may extract a set of identifying information, such as user information, from the request for the video. The processing server may further prepare shader software code which is to be executed on a GPU present on the user's device. The code preparation may include creating a watermarking procedure to be executed during playback on the user device. The processing server may further transmit the shader software code to the streaming video server to be transmitted to the user device for execution during video playback.
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06K 9/46 - Extraction d'éléments ou de caractéristiques de l'image
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
G10L 15/16 - Classement ou recherche de la parole utilisant des réseaux neuronaux artificiels
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06F 17/30 - Recherche documentaire; Structures de bases de données à cet effet
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
G10L 25/51 - Techniques d'analyses de la parole ou de la voix qui ne se limitent pas à un seul des groupes spécialement adaptées pour un usage particulier pour comparaison ou différentiation
G10L 25/78 - Détection de la présence ou de l’absence de signaux de voix
G06K 9/46 - Extraction d'éléments ou de caractéristiques de l'image
G06F 16/583 - Recherche caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
G10L 15/16 - Classement ou recherche de la parole utilisant des réseaux neuronaux artificiels
There is described a computer-implemented method comprising: receiving an access request in relation to data, wherein there exists ECC data relating to the data, and wherein the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data; performing a first integrity verification procedure to verify the integrity of at least the data; responsive to a finding of non-integrity by the first integrity verification procedure, performing an error analysis procedure based on the data and the ECC data; responsive to generation of corrected data by the error analysis procedure, performing a second integrity verification procedure to verify the integrity of at least the corrected data; and responsive to a finding of integrity by the second integrity verification procedure, allowing the access request using the corrected data. Related methods, apparatuses, computer programs, and computer-readable media are also described.
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
A method for accessing content at a device, wherein the device is arranged to execute a digital rights management (DRM) client of a DRM system and wherein the device is arranged to receive a broadcast signal comprising a plurality of encrypted portions of content for an item of content, each encrypted portion being packaged in a format of a conditional access system and being decryptable using a corresponding decryption key, wherein the method comprises an application executing on the device performing the steps of: for each of one or more of the encrypted portions: converting said encrypted portion from being packaged in the format of the conditional access system to being packaged in a format of the DRM system; providing said encrypted portion is packaged in the format of the DRM system to the DRM client; and either (a) providing a rights object according to the DRM system to the DRM client or (b) triggering the DRM client to obtain a rights object according to the DRM system; wherein the rights object corresponds to said encrypted portion by comprising decryption key data for use by the DRM client to obtain the decryption key corresponding to said encrypted portion.
G06F 21/10 - Protection de programmes ou contenus distribués, p.ex. vente ou concession de licence de matériel soumis à droit de reproduction
H04N 21/2347 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant le cryptage de flux vidéo
H04N 21/4385 - Traitement de flux multiplexé, p.ex. décryptage de flux multiplexé
H04N 21/6334 - Signaux de commande issus du serveur dirigés vers des éléments du réseau ou du client vers le client pour l’autorisation, p.ex. en transmettant une clé
H04N 21/8355 - Génération de données de protection, p.ex. certificats impliquant des données sur l’utilisation, p.ex. nombre de copies ou de visualisations autorisées
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
75.
Enabling a software application to be executed on a mobile station
The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication center. The software application is then enabled to be executed in further dependence of the second response data.
H04B 1/3816 - TRANSMISSION - Détails des systèmes de transmission non caractérisés par le milieu utilisé pour la transmission Émetteurs-récepteurs, c. à d. dispositifs dans lesquels l'émetteur et le récepteur forment un ensemble structural et dans lesquels au moins une partie est utilisée pour des fonctions d'émission et de réception avec des connecteurs pour programmer des dispositifs d’identification
There is described a method of monitoring a peer-to-peer network. The method comprises: (i) monitoring network traffic between a first peer and the peer-to-peer network so as to identify a first subset of peers in the peer-to-peer network; and (ii) preventing the first peer from communicating with at least one peer in the first subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to-peer network so as to enable identification of the at least one further peer. In addition, there is described a peer-to-peer network monitor for monitoring a peer-to-peer network, wherein the monitor is operable to monitor network traffic between a first peer and the peer-to-peer network so as to identify a subset of peers in the peer-to-peer network in communication with the first peer, and wherein the monitor is operable to prevent the first peer from communicating with at least one peer in the subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to-peer network so as to enable the monitor to identify the at least one further peer. Corresponding computer programs and computer-readable media are also described.
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
79.
Enabling a software application to be executed on a hardware device
The invention provides a method, a hardware circuit and a hardware device for enabling a software application to be executed on a hardware device in dependence of the hardware circuit, while preventing the execution of a binary copy of the application in another hardware device. Challenge data originating from the software application is input to a hardware circuit of the hardware device, wherein the hardware circuit is configured to perform a deterministic function. Response data is generated by the hardware device, which is used to manipulate at least a part of the software application to thereby enable the software application to be executed.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or more predetermined parameters; and wherein, in the absence of a modification relating to the verification code, use of the one or more predetermined parameters by the verification code ensures that the verification data represents an element of the second set and use of the runtime data by the verification code controls which element of the second set is represented by the generated verification data.
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
81.
Method and apparatus for executing a process on a device using memory privileges
A method and apparatus for executing a process on a device, the device including one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege. The method includes obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, and wherein the portion of the memory has an associated second type of privilege that is different from the first type of privilege.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
A method for a first entity to protect a first amount of data and to enable a second entity to perform data processing based on the first amount of data, the method comprising the first entity: applying a predetermined function to the first amount of data to generate a first value; and generating a second amount of data for the second entity to process, said generating comprising combining, using a first combination function, each of a number N of elements of the first amount of data with the first value; wherein the predetermined function is a function for which application of the predetermined function to an input quantity of data generates a corresponding output value, and the predetermined function has a property that, given a second quantity of data generated by modifying each of N elements of a first quantity of data by combining, using the first combination function, each of those N of elements of the first quantity of data with the output value generated by applying the predetermined function to the first quantity of data, the first quantity of data is regenerated from the second quantity of data by combining, using a second combination function, each of the N modified elements with the output value produced by applying the predetermined function to the second quantity of data.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
84.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
85.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
86.
System and method for encapsulating and enabling protection through diverse variations in software libraries
A flexible software library in which the software modules are defined as an abstract intermediate representation. The flexible library allows security transformation and performance attribute selections to be made by the end-user, rather than the library creator. Furthermore, since the flexible library contains an abstract representation of the software modules, the library can also be provisioned to contain an arbitrary number of named instances, representing specific sets of values for security and performance decisions, along with the corresponding native object-code resulting from those decisions. This permits distribution of software modules in a completely platform-independent manner while avoiding the disclosure of proprietary information, such as source-files.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user. There are also described corresponding apparatuses, computer programs, and computer-readable media.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
H04N 21/431 - Génération d'interfaces visuelles; Rendu de contenu ou données additionnelles
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
A63F 13/00 - Jeux vidéo, c. à d. jeux utilisant un affichage à plusieurs dimensions généré électroniquement
H04N 21/2743 - Hébergement vidéo de données téléchargées à partir du dispositif client
88.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 23/00 - DISPOSITIFS À SEMI-CONDUCTEURS NON COUVERTS PAR LA CLASSE - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
H01L 23/544 - Marques appliquées sur le dispositif semi-conducteur, p.ex. marques de repérage, schémas de test
H01L 25/065 - Ensembles consistant en une pluralité de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide les dispositifs étant tous d'un type prévu dans le même sous-groupe des groupes , ou dans une seule sous-classe de , , p.ex. ensembles de diodes redresseuses les dispositifs n'ayant pas de conteneurs séparés les dispositifs étant d'un type prévu dans le groupe
: A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, =falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defmed by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 21/82 - Fabrication ou traitement de dispositifs consistant en une pluralité de composants à l'état solide ou de circuits intégrés formés dans ou sur un substrat commun avec une division ultérieure du substrat en plusieurs dispositifs individuels pour produire des dispositifs, p.ex. des circuits intégrés, consistant chacun en une pluralité de composants
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
H01L 21/00 - Procédés ou appareils spécialement adaptés à la fabrication ou au traitement de dispositifs à semi-conducteurs ou de dispositifs à l'état solide, ou bien de leurs parties constitutives
H01L 21/027 - Fabrication de masques sur des corps semi-conducteurs pour traitement photolithographique ultérieur, non prévue dans le groupe ou
H01L 23/544 - Marques appliquées sur le dispositif semi-conducteur, p.ex. marques de repérage, schémas de test
H03M 13/00 - Codage, décodage ou conversion de code pour détecter ou corriger des erreurs; Hypothèses de base sur la théorie du codage; Limites de codage; Méthodes d'évaluation de la probabilité d'erreur; Modèles de canaux; Simulation ou test des codes
A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 23/00 - DISPOSITIFS À SEMI-CONDUCTEURS NON COUVERTS PAR LA CLASSE - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
H01L 25/065 - Ensembles consistant en une pluralité de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide les dispositifs étant tous d'un type prévu dans le même sous-groupe des groupes , ou dans une seule sous-classe de , , p.ex. ensembles de diodes redresseuses les dispositifs n'ayant pas de conteneurs séparés les dispositifs étant d'un type prévu dans le groupe
H01L 23/544 - Marques appliquées sur le dispositif semi-conducteur, p.ex. marques de repérage, schémas de test
92.
Challenge-response method and associated computing device
There is described a challenge-response method for a computing device. The method comprises steps of: (a) receiving challenge data at a secured module of the computing device, the challenge data comprising image content encrypted using an encryption key, and the image content including a nonce; (b) the secured module recovering the image content through decryption using one or more keys associated with the encryption key; (c) the secured module of the computing device outputting the recovered image content; (d) capturing the image content as output by the secured module; (e) processing the captured image content so as to obtain the nonce; and (f) providing the nonce as a response. There is also described a computing device arranged to carry out the challenge-response method, a computer program for causing a processor to carry out the challenge-response method, and a computer readable medium storing such a computer program.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/10 - Protection de programmes ou contenus distribués, p.ex. vente ou concession de licence de matériel soumis à droit de reproduction
A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secure software agent is provided for embedding within the abstraction layer forming the operating system. A secure store is provided for storing security information unique to one or more instances of the application software. The secure software agent uses the security information for continuous runtime assurance of ongoing operational integrity of the operating system and application software and thus operational integrity of the device.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
A method of providing access to content at a first device, the method comprising: receiving an item of content, wherein at least part of the item of content is encrypted, the encrypted at least part of the item of content being decryptable using at least one decryption key; in a first software client: obtaining a transformed version of the at least one decryption key; performing a decryption operation on the encrypted at least part of the item of content based on the at least one decryption key to obtain an intermediate version of the at least part of the item of content, wherein said performing the decryption operation uses a white-box implementation of the decryption operation that forms part of the first software client and that operates using the transformed version of the at least one decryption key; and performing an encryption operation on at least a portion of the intermediate version based on at least one encryption key to obtain re-encrypted content, wherein said performing the encryption operation uses a white-box implementation of the encryption operation that forms part of the first software client; and providing, to a digital rights management client that executes on the first device, (a) a rights object that enables the digital rights management client to obtain one or more second decryption keys corresponding to the at least one encryption key, the one or more second decryption keys enabling the digital rights management client to decrypt the re-encrypted content and (b) the re-encrypted content.
There is described a method for a first software application to access a secured software application on a computing device. The first software application is not configured to interface with the secured software application. The computing device includes an interfacing application configured to interface with the secured software application. The method comprises the first software application interfacing with the interfacing application to thereby cause the interfacing application to access the secured software application. The first software application is configured to interface with the interfacing application.
There is also described a method of generating an encrypted version of an image using a library of pre-encrypted blocks of data, the same content encryption key having been used to encrypt each of the pre-encrypted blocks of data. The method comprises forming the encrypted version of the image from an ordered sequence of pre-encrypted blocks of data from the library, wherein each pre-encrypted block of data in the ordered sequence corresponds to a respective sub-image of a plurality of sub-images making up the image.
There are also described corresponding computing devices, computer programs and computer-readable media.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04N 21/254 - Gestion au sein du serveur de données additionnelles, p.ex. serveur d'achat ou serveur de gestion de droits
There is described a method of protecting an item of software so as to obfuscate a condition which causes a variation in control flow through a portion of the item of software dependent on whether the condition is satisfied, wherein satisfaction of the condition is based on evaluation of one or more condition variables. The method comprises: (i) modifying the item of software such that the control flow through said portion is not dependent on whether the condition is satisfied; and (ii) inserting a plurality of identity transformations into expressions in said portion of the modified item of software, wherein the identity transformations are defined and inserted such that, in the absence of tampering, they maintain the results of the expressions if the condition is satisfied and such that they alter the results of the expressions if the condition is not satisfied, wherein each identity transformation is directly or indirectly dependent on at least one of the one or more condition variables. New variables may be defined as part of this method. There are also described associated apparatuses, computer programs and the like.
A method, apparatus and product for identifying a bot agent using behavioral features. The method comprising obtaining a set of behavioral features of a usage of an input device during an interaction of an agent with a page, wherein the set of behavioral features are consistent with a human-generated interaction, wherein the set of behavioral features are generated based on events obtained from a client device used by the agent; automatically estimating whether the agent is a bot based on comparison of the set of behavioral features with one or more additional sets of behavioral features, wherein the one or more additional sets of behavioral features were previously obtained based on interactions of one or more agents with one or more pages; and in response to an estimation that the agent is a bot, performing a responsive action.
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
