There is provided systems and methods for operating a keyless vehicle system of a vehicle. One such method comprises, receiving, at a Bluetooth module of the keyless vehicle system a connection request from a mobile device, wherein the Bluetooth module of the keyless vehicle system is bonded as a human interface device (HID) to the mobile device. In response to the mobile device being verified by the Bluetooth module, a Bluetooth connection between the mobile device and the Bluetooth module is established. In response to the vehicle detecting physical interaction, the presence of the mobile device determined. Operation of the keyless vehicle system is allowed based on the presence of the mobile device.
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
G07C 9/00 - Enregistrement de l’entrée ou de la sortie d'une entité isolée
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p.ex. communication véhicule-piétons
H04W 4/02 - Services utilisant des informations de localisation
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
There is described a method of generating a protected data package from an initial file. The initial file has a predetermined file format, the method comprises: (a) identifying a code portion of the initial file to be protected; (b) generating a supplementary file comprising a copy (or version) of the code portion; and (c) modifying the initial file, wherein the modifying comprises replacing at least the code portion of the initial file with replacement data to thereby provide a modified file, wherein the modified file has the same predetermined file format as the initial file, and wherein the modification is arranged to cause a failure when a reader for the predetermined file format tries to load the code portion from the modified file. The protected data package comprises the modified file and the supplementary file. There is also described a method for a reader of a predetermined file format to execute a protected data package. The protected data package comprises a modified file and a supplementary file. The modified file comprises replacement data that has replaced at least a code portion of an initial file on which the modified file is based. The modified file and the initial file have the predetermined file format. The supplementary file comprises a copy (or version) of the code portion. The method comprising, at runtime: responsive to a failure when trying to load the code portion from the modified file, processing the supplementary file so as to load the code portion from the supplementary file.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/50 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
3.
PROVIDING AND MANAGING MOBILE NETWORK OPERATOR PROFILES
SIMSIMSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
H04W 4/60 - Services basés sur un abonnement qui utilisent des serveurs d’applications ou de supports d’enregistrement, p.ex. boîtes à outils d’application SIM
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective second threshold for said first test, the respective second threshold greater than the respective first threshold; and when the respective first log-likelihood ratio exceeds the respective first threshold and the respective first log-likelihood ratio does not exceed the respective second threshold, either (a) determining to perform a further first test when a number of times that the first test has been performed is less than a predetermined maximum number of times or (b) determining to perform a second test when the number of times that the first test has been performed equals the predetermined maximum number of times; wherein performing the second test comprises: obtaining a second input for the second test based on the one or more biometric characteristics of the first user; and determining that the first user is the predetermined user when a second log-likelihood ratio for a third likelihood and a fourth likelihood exceeds a third threshold, wherein the third likelihood is a likelihood of receiving the respective second input based on the first model, and wherein the fourth likelihood is a likelihood of receiving the second input based on the second model; determining that the first user is not the predetermined user when the second log-likelihood ratio does not exceed the third threshold.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G07C 9/37 - Enregistrement de l’entrée ou de la sortie d'une entité isolée ne comportant pas l’utilisation d’un laissez-passer combiné à une vérification d’identité utilisant des données biométriques, p.ex. des empreintes digitales, un balayage de l’iris ou une reconnaissance de la voix
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
5.
APPARATUS FOR MONITORING AND/OR CONTROLLING MECHANICAL EQUIPMENT
vibration0vibration00, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module. The present application also relates to the apparatus for monitoring and/or controlling the mechanical equipment, and to a method of use of the apparatus with mechanical equipment.
H02J 7/32 - Circuits pour la charge ou la dépolarisation des batteries ou pour alimenter des charges par des batteries pour la charge de batteries par un ensemble comprenant une machine motrice non électrique
H02J 50/00 - Circuits ou systèmes pour l'alimentation ou la distribution sans fil d'énergie électrique
6.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING SECURED COMPUTER CODE HAVING ENTANGLED TRANSFORMATIONS
Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.
Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
9.
METHOD AND APPARATUS FOR FEEDBACK-BASED PIRACY DETECTION
Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique indentification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-on watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermarking patterns and detection and watermark pattern reconfiguration can be accomplished in an interative manner to find a specific node without the need to create unique watermark patterns for each node.
Systems, methods, and storage media for producing protected code in which functionality of the protected code can be verified are disclosed. Exemplary implementations may: receive computer source code that, when compiled and executed, produces functionality in accordance with code specifications, the code including executable code and annotations; apply transformations to at least one portion of the computer source code to produce transformed code having at least one transformed portion of executable code and annotations; store the transformed source code; create an additional annotation which includes verification properties and/or verification conditions that must hold true for the transformed code if the transformed code conforms to the code specifications, the annotation also including at least one hint; and store the annotation in correspondence to the relevant at least one transformed portion of the transformed source code to produce protected code.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
11.
METHOD AND APPARATUS FOR IMPLEMENTING A WHITE-BOX CIPHER
An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application. An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
12.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR OBFUSCATING A COMPUTER PROGRAM BY REPRESENTING THE CONTROL FLOW OF THE COMPUTER PROGRAM AS DATA
Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data that is not source code are disclosed. Exemplary implementations may: receive source code of a computer program; parse the source code; extract the control flow of the source code; represent at least a portion of the control flow as a control flow model using a mathematical modeling language; store the control flow model as control flow data that represents the control flow of the program and is not executable code; and remove the at least a portion of the control flow from the source code, to thereby obfuscate the control flow of the source code and render the source code more resistant to tampering.
A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions being satisfied, the first entity and the second entity together performing shared secret establishment to establish the secret, wherein performing the shared secret establishment comprises the first entity using the public key of the second entity as represented in the message and the second entity using the public key of the first entity as represented in the protected item of software, wherein one of the conditions is performance by the first entity of a successful verification of the integrity of the message using the verification key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
16.
METHOD AND APPARATUS FOR SESSION-BASED WATERMARKING OF STREAMED CONTENT
Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.
H04N 21/2389 - Traitement de flux multiplexé, p.ex. cryptage de flux multiplexé
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/6377 - Signaux de commande émis par le client et dirigés vers les éléments du serveur ou du réseau vers le serveur
H04N 21/236 - Assemblage d'un flux multiplexé, p.ex. flux de transport, en combinant un flux vidéo avec d'autres contenus ou données additionnelles, p.ex. insertion d'une adresse universelle [URL] dans un flux vidéo, multiplexage de données de logiciel dans un flu; Remultiplexage de flux multiplexés; Insertion de bits de remplissage dans le flux multiplexé, p.ex. pour obtenir un débit constant; Assemblage d'un flux élémentaire mis en paquets
H04N 21/238 - Interfaçage de la voie descendante du réseau de transmission, p.ex. adaptation du débit de transmission d'un flux vidéo à la bande passante du réseau; Traitement de flux multiplexés
H04N 21/845 - Structuration du contenu, p.ex. décomposition du contenu en segments temporels
17.
METHOD AND APPARATUS FOR POLICY-BASED MANAGEMENT OF ASSETS
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
A method and system for watermarking content utilizing a user device GPU, Embodiments include receiving on a processing server a request from a video server for a video to be played on the user's device. The processing server may extract a set of identifying information, such as user information, from the request for the video. The processing server may further prepare shader software code which is to be executed on a GPU present on the user's device. The code preparation may include creating a watermarking procedure to be executed during playback on the user device. The processing server may further transmit the shader software code to the streaming video server to be transmitted to the user device for execution during video playback.
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06K 9/46 - Extraction d'éléments ou de caractéristiques de l'image
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
G10L 15/16 - Classement ou recherche de la parole utilisant des réseaux neuronaux artificiels
There is described a computer-implemented method comprising: receiving an access request in relation to data, wherein there exists ECC data relating to the data, and wherein the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data; performing a first integrity verification procedure to verify the integrity of at least the data; responsive to a finding of non-integrity by the first integrity verification procedure, performing an error analysis procedure based on the data and the ECC data; responsive to generation of corrected data by the error analysis procedure, performing a second integrity verification procedure to verify the integrity of at least the corrected data; and responsive to a finding of integrity by the second integrity verification procedure, allowing the access request using the corrected data. Related methods, apparatuses, computer programs, and computer-readable media are also described.
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or more predetermined parameters; and wherein, in the absence of a modification relating to the verification code, use of the one or more predetermined parameters by the verification code ensures that the verification data represents an element of the second set and use of the runtime data by the verification code controls which element of the second set is represented by the generated verification data.
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user. There are also described corresponding apparatuses, computer programs, and computer-readable media.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
H04N 21/431 - Génération d'interfaces visuelles; Rendu de contenu ou données additionnelles
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
A63F 13/00 - Jeux vidéo, c. à d. jeux utilisant un affichage à plusieurs dimensions généré électroniquement
H04N 21/2743 - Hébergement vidéo de données téléchargées à partir du dispositif client
A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 23/00 - DISPOSITIFS À SEMI-CONDUCTEURS NON COUVERTS PAR LA CLASSE - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
H01L 25/065 - Ensembles consistant en une pluralité de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide les dispositifs étant tous d'un type prévu dans le même sous-groupe des groupes , ou dans une seule sous-classe de , , p.ex. ensembles de diodes redresseuses les dispositifs n'ayant pas de conteneurs séparés les dispositifs étant d'un type prévu dans le groupe
H01L 23/544 - Marques appliquées sur le dispositif semi-conducteur, p.ex. marques de repérage, schémas de test
A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/16 - Traçabilité de programme ou de contenu, p.ex. par filigranage
A method for enabling a content player (212) to access an item of content (224) from a content provider (220), wherein the item of content (224) comprises a plurality of content chunks (225), the method comprising the content player (212): generating, in the content player (212), content metadata (223-1) based at least in part on content selection data(422), wherein the content metadata (223-1) comprises one or more references, each reference being either (a) a content chunk reference or (b) a content item reference that references one or more respective content chunk references, wherein each content chunk reference corresponds to a respective content chunk of the plurality of content chunks; and using at least one of the content chunk references to obtain at least one respective content chunk.
A cryptographic method comprising sequentially performing a number of rounds, each round comprising performing a respective round function on respective input data for that round to generate respective output data for that round, wherein for each of the second and subsequent rounds, the input data for that round is the output data of the preceding round, wherein for each round the respective round function comprises: applying a respective bijective operation to a first amount of data to produce a first result, the bijective operation corresponding to at least part of a cryptographic key; and processing a second amount of data by applying a plurality of processing operations to produce a second result, wherein at least one of the processing operations is the bijective operation; wherein the first amount of data and the second amount of data are based on the input for said round and wherein the output data for said round is based on the first result and the second result; wherein one or both of the following apply: (a) for each of one or more of the processing operations, that processing operation comprises functionality that is dependent on a respective part of the first result; and (b) for each of one or more of the processing operations, a number of times that processing operation is applied when processing the second amount of data is dependent on a respective part of the first result.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
There are disclosed techniques for averting advertising fraud, for example a method of operating a server to deliver an online advert to a client device, the method comprising: receiving at the server, from a web document executing in a web browser on the client device, a request for an advert; in response to the request for an advert, preparing, at the server, advert code for execution within the web document at the client device so as to display the advert to a user of the client device, at least a portion of the prepared advert code being in a protected form for averting advertising fraud; and transmitting the advert code to the client device for execution on the browser for execution so as to display the advert to a user of the client device.
There is described a method of monitoring a peer-to-peer network. The method comprises: (i) monitoring network traffic between a first peer and the peer-to-peer network so as to identify a first subset of peers in the peer-to-peer network; and (ii) preventing the first peer from communicating with at least one peer in the first subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to-peer network so as to enable identification of the at least one further peer. In addition, there is described a peer-to-peer network monitor for monitoring a peer-to-peer network, wherein the monitor is operable to monitor network traffic between a first peer and the peer-to-peer network so as to identify a subset of peers in the peer-to-peer network in communication with the first peer, and wherein the monitor is operable to prevent the first peer from communicating with at least one peer in the subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to- peer network so as to enable the monitor to identify the at least one further peer. Corresponding computer programs and computer-readable media are also described.
A method for a first entity to protect a first amount of data and to enable a second entity to perform data processing based on the first amount of data, the method comprising the first entity: applying a predetermined function to the first amount of data to generate a first value; and generating a second amount of data for the second entity to process, said generating comprising combining, using a first combination function, each of a number N of elements of the first amount of data with the first value; wherein the predetermined function is a function for which application of the predetermined function to an input quantity of data generates a corresponding output value, and the predetermined function has a property that, given a second quantity of data generated by modifying each of N elements of a first quantity of data by combining, using the first combination function, each of those N of elements of the first quantity of data with the output value generated by applying the predetermined function to the first quantity of data, the first quantity of data is regenerated from the second quantity of data by combining, using a second combination function, each of the N modified elements with the output value produced by applying the predetermined function to the second quantity of data.
A method for accessing content at a device, wherein the device is arranged to execute a digital rights management (DRM) client of a DRM system and wherein the device is arranged to receive a broadcast signal comprising a plurality of encrypted portions of content for an item of content, each encrypted portion being packaged in a format of a conditional access system and being decryptable using a corresponding decryption key, wherein the method comprises an application executing on the device performing the steps of: for each of one or more of the encrypted portions: converting said encrypted portion from being packaged in the format of the conditional access system to being packaged in a format of the DRM system; providing said encrypted portion packaged in the format of the DRM system to the DRM client; and either (a) providing a rights object according to the DRM system to the DRM client or (b) triggering the DRM client to obtain a rights object according to the DRM system; wherein the rights object corresponds to said encrypted portion by comprising decryption key data for use by the DRM client to obtain the decryption key corresponding to said encrypted portion.
A method of providing access to content at a first device, the method comprising: receiving an item of content, wherein at least part of the item of content is encrypted, the encrypted at least part of the item of content being decryptable using at least one decryption key; in a first software client: obtaining a transformed version of the at least one decryption key; performing a decryption operation on the encrypted at least part of the item of content based on the at least one decryption key to obtain an intermediate version of the at least part of the item of content, wherein said performing the decryption operation uses a white-box implementation of the decryption operation that forms part of the first software client and that operates using the transformed version of the at least one decryption key; and performing an encryption operation on at least a portion of the intermediate version based on at least one encryption key to obtain re-encrypted content, wherein said performing the encryption operation uses a white-box implementation of the encryption operation that forms part of the first software client; and providing, to a digital rights management client that executes on the first device, (a) a rights object that enables the digital rights management client to obtain one or more second decryption keys corresponding to the at least one encryption key, the one or more second decryption keys enabling the digital rights management client to decrypt the re-encrypted content and (b) the re-encrypted content.
There is described a challenge-response method for a computing device. The method comprises steps of: (a) receiving challenge data at a secured module of the computing device, the challenge data comprising image content encrypted using an encryption key, and the image content including a nonce; (b) the secured module recovering the image content through decryption using one or more keys associated with the encryption key; (c) the secured module of the computing device outputting the recovered image content; (d) capturing the image content as output by the secured module; (e) processing the captured image content so as to obtain the nonce; and (f) providing the nonce as a response. There is also described a computing device arranged to carry out the challenge-response method, a computer program for causing a processor to carry out the challenge-response method, and a computer readable medium storing such a computer program.
A method of generating a protected item of software, there being an execution path within code for the protected item of software that causes code for one or more second functions to be executed before executing code for a first function, wherein execution of the code for the one or more second functions causes data to be stored at one or more memory locations, the data satisfying a set of one or more predetermined properties, wherein, in the absence of an attack against the protected item of software when the code for the protected item of software is being executed, the first function is arranged to provide first functionality, the method comprising: configuring the code for the first function so that execution, by one or more processors, of the code for the first function provides the first functionality only if the set of one or more predetermined properties is satisfied by data being stored, when the first function is executed, at the one or more memory locations.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method for executing a process on a device, the device comprising one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege, the method comprising: obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, wherein the portion of the memory has an associated second type of privilege that is different from the first type of privilege.
There is described a method for a first software application to access a secured software application on a computing device. The first software application is not configured to interface with the secured software application. The computing device includes an interfacing application configured to interface with the secured software application. The method comprises the first software application interfacing with the interfacing application to thereby cause the interfacing application to access the secured software application. The first software application is configured to interface with the interfacing application. There is also described a method of generating an encrypted version of an image using a library of pre-encrypted blocks of data, the same content encryption key having been used to encrypt each of the pre-encrypted blocks of data. The method comprises forming the encrypted version of the image from an ordered sequence of pre-encrypted blocks of data from the library, wherein each pre-encrypted block of data in the ordered sequence corresponds to a respective sub-image of a plurality of sub-images making up the image. There are also described corresponding computing devices, computer programs and computer-readable media.
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
There is described a method for a first software application to access a secured software application on a computing device. The first software application is not configured to interface with the secured software application. The computing device includes an interfacing application configured to interface with the secured software application. The method comprises the first software application interfacing with the interfacing application to thereby cause the interfacing application to access the secured software application. The first software application is configured to interface with the interfacing application. There are also described corresponding computing devices, computer programs and computer-readable media.
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
An apparatus, computer-readable medium, and computer-implemented method for obfuscating execution of an application on a virtual machine (VM), includes receiving a custom VM definition corresponding to a custom VM, generating custom application bytecode from application source code based at least in part on the custom VM definition, the custom application bytecode being configured to run on the custom VM, generating custom VM source code based at least in part on the custom VM definition, compiling the custom VM source code with one or more target system compilers to generate one or more instances of the custom VM, the one or more instances of the custom VM being configured to run on the one or more target systems, and packaging the custom application bytecode and the one or more instances of the custom VM into an installable application.
A method of protecting an item of software, said item of software arranged to perform data processing based on one or more items of data, the method comprising: applying one or more software protection techniques to said item of software to generate a protected item of software, wherein said one or more software protection techniques are arranged so that said protected item of software implements said data processing at least in part as one or more linear algebra operations over a finite ring.
A method of obfuscated performance of a predetermined function, wherein for the predetermined function there is a corresponding plurality of first functions so that, for a set of inputs for the function, a corresponding set of outputs may be generated by (a) representing the set of inputs as a corresponding set of values, wherein each value comprises at least part of each input of a corresponding plurality of the inputs, (b) generating a set of one or more results from the set of values, where each result is generated by applying a corresponding first function to a corresponding set of one or more values in the set of values, and (c) forming each output as either a part of a corresponding one of the results or as a combination of at least part of each result of a corresponding plurality of the results; wherein the method comprises: obtaining, for each value in the set of values, one or more corresponding transformed versions of said value, wherein a transformed version of said value is the result of applying a bijection, that corresponds to said transformed version, to said value; and generating a set of transformed results corresponding to the set of results, wherein each transformed result corresponds to a respective result and is generated by applying a second function, that corresponds to the first function that corresponds to the respective result, to a transformed version of the one or more values of the respective set of one or more values for the corresponding first function.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
There is described a method of protecting an item of software. The method comprises (a) identifying an invariant which holds true at a specified point in the item of software; and (b) generating a protected item of software by inserting code at the specified point in the item of software. The code, when executed by a processor, is arranged to check whether the invariant holds true and, in response to the invariant not holding true, is arranged to invoke a security incident procedure. There is further described an apparatus arranged to carry out the method of protecting an item of software. There is also described a computer program which, when executed by a processor, causes the processor to carry out the method of protecting an item of software. There is additionally described a computer-readable medium storing the aforementioned computer program. Moreover, there is described an item of software comprising code at a first location, wherein the code, when executed by a processor, is arranged to check whether an invariant holds true at the first location and, in response to the invariant not holding true, is arranged to invoke a security incident procedure.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
A method comprising: providing a protected item of software to a device, wherein the protected item of software is in a scripted language or an interpreted language or source code, wherein the protected item of software, when executed by the device, is arranged to perform a security-related operation for the device, wherein the security-related operation is implemented, at least in part, by at least one protected portion of code in the protected item of software, wherein the at least one protected portion of code is arranged so that (a) the at least one protected portion of code has resistance against a white-box attack and/or (b) the at least one protected portion of code may only be executed on one or more predetermined devices.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
There is described a chip for performing cryptographic operations. The chip comprises a key storage module, a rule storage module, an interface module and a cryptographic module. The key storage module is configured to store one or more cryptographic keys. The rule storage module is configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation. The interface module is configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed. The cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request. The chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module. There is also described a set top box comprising the chip, a chip-implemented method of performing a cryptographic operation, and a method of loading a new rule into a rule storage module of a chip.
There is described a method of protecting an item of software so as to obfuscate a condition which causes a variation in control flow through a portion of the item of software dependent on whether the condition is satisfied, wherein satisfaction of the condition is based on evaluation of one or more condition variables. The method comprises: (i) modifying the item of software such that the control flow through said portion is not dependent on whether the condition is satisfied; and (ii) inserting a plurality of identity transformations into expressions in said portion of the modified item of software, wherein the identity transformations are defined and inserted such that, in the absence of tampering, they maintain the results of the expressions if the condition is satisfied and such that they alter the results of the expressions if the condition is not satisfied, wherein each identity transformation is directly or indirectly dependent on at least one of the one or more condition variables. New variables may be defined as part of this method There are also described associated apparatuses, computer programs and the like.
A method comprising: carrying out optimization of an item of software in a first intermediate representation; carrying out protection of the item of software in a second intermediate representation different to the first intermediate representation.
An electronics device comprising one or more modules that implement a security-related operation in an obfuscated manner to thereby provide the security-related operation with resistance against a hardware attack, wherein the electronics device is either (a) a printed electronics device or (b) a device created using e-beam lithography.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
A method for a computer to execute an item of software, the method comprising: the computer executing one or more security modules; the computer executing the item of software, said executing the item of software comprising, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function by: sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request comprising an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.
Computer-implemented systems, methods, and computer-readable media for selecting a sequence of content parts from polymorphic content of an audiovisual presentation based on at least one profile of a user include receiving content information associated with polymorphic content, receiving profile information of a user, and selecting for rendering, from amongst the alternative content parts, a sequence of content parts from the polymorphic content based on at least a portion of the profile information.
H04N 21/8541 - Création de contenu impliquant des embranchements, p.ex. vers des fins d’histoire différentes
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/845 - Structuration du contenu, p.ex. décomposition du contenu en segments temporels
H04N 21/45 - Opérations de gestion réalisées par le client pour faciliter la réception de contenu ou l'interaction avec le contenu, ou pour l'administration des données liées à l'utilisateur final ou au dispositif client lui-même, p.ex. apprentissage des préféren
H04N 21/435 - Traitement de données additionnelles, p.ex. décryptage de données additionnelles ou reconstruction de logiciel à partir de modules extraits du flux de transport
H04N 21/4405 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant le décryptage de flux vidéo
A63F 13/00 - Jeux vidéo, c. à d. jeux utilisant un affichage à plusieurs dimensions généré électroniquement
A method of adding a watermark to an executable file, the method comprising: identifying a plurality of parts of the watermark, the plurality of parts of the watermark forming an ordered sequence of parts, wherein each of the plurality of parts of the watermark has a corresponding index in the ordered sequence of parts; identifying a plurality of sections of the executable file, the plurality of sections of the executable file forming an ordered sequence of sections, wherein each of the plurality of sections of the executable file has a corresponding index in the ordered sequence of sections; for each of the plurality of parts of the watermark: selecting one or more sections of the plurality of sections of the executable file based on the index of said part of the watermark and the indices of the sections of the executable file; and for each of the one or more selected sections of the executable file, modifying a portion of the executable file associated with that selected section of the executable file to thereby encode said part of the watermark within that portion of the executable file.
There is provided a method of protecting the execution of a software application, the method performed by a plurality of processes comprising a process for executing the software application and a plurality of protection processes, wherein each protection process in the plurality of protection processes is configured to: monitor a process state of at least one other process in the plurality of processes to determine whether said process state corresponds to a predetermined process state; and perform a predetermined action in response to a determination that said process state corresponds to the predetermined process state; wherein the plurality of protection processes are configured such that a process state of the process for executing the software application is monitored by at least one protection process and a process state of each protection process is monitored by at least one other protection process in the plurality of protection processes. Additionally provided is a computer program and a system for carrying out the method and a computer readable medium for storing such a computer program.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
52.
A CHALLENGE-RESPONSE METHOD AND ASSOCIATED CLIENT DEVICE
There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
There is described a method of executing a software application on a device by including a secured cored within the software application, and providing a system verification function within the secured core. The system verification function is used to scan for exploits against the application, for example local exploits seeking to recover cryptographic keys which may be found within the application when executing, with reference to exploit signature data which may be provided by an external server.
A method of storing an amount of data D in association with a device, the method comprising: obtaining a characteristic C of the device; generating error correction data R for the characteristic C, the error correction data R enabling correction of up to a predetermined number of errors in a version of the characteristic C; combining the characteristic C with the amount of data D and an authentication key K to generate storage data P, wherein said combining is arranged so that the amount of data D and the authentication key K are obtainable using the characteristic C and the storage data P; generating a signature using a signature key, the signature being a digital signature of a quantity of data comprising the storage data P, the amount of data D and the authentication key K, wherein the signature key corresponds to a verification key accessible by the device; generating an authentication code for the error correction data R using the authentication key K, wherein the authenticity of the error correction data R is verifiable using the authentication code and the authentication key K; and storing the error correction data R, the storage data P, the signature and the authentication code to thereby store the amount of data D.
A method of processing data according to a first predetermined function, the method comprising: receiving an encoded amount of data, wherein the encoded amount of data is an amount of data that has been encoded using an error control code; and processing the encoded amount of data using a second predetermined function to generate an output; wherein the second predetermined function corresponds to the first predetermined function in that the result of processing, with the second predetermined function, a quantity of data encoded using the error control code equals the result of encoding with the error control code the result of processing the quantity of data with the first predetermined function.
There is described a method of obfuscating access to a data store by a software application. The method comprises accessing the data store using access operations. The access operations comprise real access operations and dummy access operations. Each real access operation is operable to access the data store as part of the execution of the software application. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above method. There is also described a computer readable medium storing the above computer program. There is also described a system configured to carry out the above method.
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
57.
METHOD AND SYSTEM FOR PLATFORM AND USER APPLICATION SECURITY ON A DEVICE
A method and system for platform and user application security on a computing device is provided. The method includes: verifying integrity of operating system code on the computing device to establish a trusted execution environment in the operating system of the computing device; and in response to success of the integrity verification of the operating system code, binding a user-space application on the computing device to the operating system on the computing device.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
There are described methods and apparatus for generating an identifier of a computer device, which may also be an identifier of a software application installed on the computer device such as a web browser. Parameters of the computer device are collected, extended with dummy values, and reordered, to form a permuted extended set of parameters, which in turn is used to generate the identifier.
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
A method for a device to obtain a cryptographic key for use in a cryptographic process, the method comprising: receiving key data, the key data comprising a message and a verification code; deriving an authentication code based on the message; determining whether the verification code matches the authentication code; and if the verification code matches the authentication code then enabling the device to perform a cryptographic operation on the received key data using a key associated with the device to obtain the cryptographic key for use in the cryptographic process, and if the verification code does not match the authentication code then not enabling the device to perform the cryptographic operation on the received key data.
There is provided a method of performing a cryptographic algorithm in software, the cryptographic algorithm comprising one or more processing steps, wherein each processing step is arranged to process a respective input to the processing step so as to generate an output corresponding to the input, characterized in that, for each of at least one of the one or more processing steps, the method comprises: providing a respective input for the processing step as an input to a plurality of implementations of the processing step, wherein each implementation is arranged to output a corresponding intermediate result represented using a respective predetermined output representation; and using the representation of the intermediate results to generate a result for the processing step that is based on each of the intermediate results, wherein, if each intermediate result is the output that corresponds to the input for the processing step then the result for the processing step is the output that corresponds to the input for the processing step. Additionally provided is a method of enabling a data processor to perform a cryptographic algorithm in software, the method comprising: generating an implementation of the cryptographic algorithm, the implementation being arranged such that execution of the implementation by a processor causes the processor to carry out a method according to any one of the preceding claims; and configuring the data processor to execute the implementation of the cryptographic algorithm. There is further provided a system and computer program for carrying out such methods, as well as a computer readable medium for storing such a computer program.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A method of cryptographically processing a block of data, the method comprising: receiving an encoded version of the block of data, wherein the encoded version of the block of data comprises the block of data encoded, at least in part, using an error control code; and processing the encoded version of the block of data using a predetermined function to generate an output, wherein the predetermined function is arranged so that the result of processing, with the predetermined function, a quantity of data encoded, at least in part, using the error control code equals the result of encoding, at least in part, with the error control code the result of performing encryption or decryption of the quantity of data according to the Advanced Encryption Standard, AES.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
There are described methods and apparatus for scrambling digital content, such as video or audio content, by dividing the digital content into blocks set out in an original arrangement, and reordering the blocks from the original arrangement to a scrambled arrangement. Additional manipulation transforms such as rotations and reflections may be applied to individual blocks. A subsequent compression step may then be carried out. Methods and apparatus for carrying out corresponding descrambling of digital content are also described.
H04N 5/913 - Traitement du signal de télévision pour l'enregistrement pour la transposition
H04N 21/2347 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant le cryptage de flux vidéo
Protection of digital content, for example content on an optical disk, is discussed. A first content protection system such as AACS processes its specific content protection information to yield a first result which is differently obscured for different media players. A second content protection system such as BD+ processes the first result and its own specific content protection information to yield a second result which can be used to reproduce protected content such as encrypted video on the optical disk.
There is described a method of enabling a content receiver to access encrypted content, the content receiver forming part of a home network. The method comprises executing, on a device that also forms part of the home network, a key provisioning application. The method further comprises the key provisioning application receiving a key provisioning message and, based on the key provisioning message, providing to the content receiver via the home network one or more content decryption keys for decrypting the encrypted content. There is also described a device arranged to carry out this method. In addition, there is described a content receiver arranged to (a) receive from the aforementioned device, via a home network, one or more content decryption keys for accessing encrypted content; and (b) decrypt encrypted content using the one or more content decryption keys. Related computer programs and computer readable mediums are also described.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
A method for controlling the operation of a content receiver, the content receiver forming part of a home network, the method comprising: executing, at a device that is in communication with the home network, a browser-based control application in a browser that is executing on the device; the control application sending a command to the content receiver via the home network, the command comprising one or more of (a) instructions for controlling playback of content (b) instructions relating to a webpage and (c) data for outputting a webpage; wherein the command is arranged to cause a receiver application executing at the content receiver, in response to receipt of the command, to execute the instructions and/or to process the data.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
The present disclosure provides a system for media path security includes an authoring system having a content stream transform and corrupter for corrupting content data and providing decorrupting data, a media container tor conveying the corrupted content data and decorrupting data, and a client system having a fix-up component for fixing the corrupted content data in dependence upon the decorrupting data. A client system is also provided as having an input for receiving a media container and a fix-up component tor fixing the corrupted content data in dependence upon the decorrupting data.
There is described a proxy module for use in a head-end. The head-end comprises an entitlement control message (ECM) generator arranged to generate ECMs. The head-end further comprises an encryption module arranged to encrypt content using a control word. The proxy module is arranged to: access a content control word; use the ECM generator to generate a content ECM including the content control word; generate a supplementary control word; use the ECM generator to generate a supplementary ECM including the supplementary control word; use the encryption module to encrypt the content ECM using the supplementary control word; and use the encryption module to encrypt content using the content control word. A corresponding method of providing encrypted content is also provided. There is also described a proxy module for use in a receiver arranged to receive entitlement control messages (ECMs) and encrypted content. The receiver comprises a secured module arranged to process an ECM so as to provide a control word. The receiver further comprises a decryption module arranged to decrypt encrypted content using a control word. The proxy module is arranged to: use the secured module to obtain a supplementary control word from a supplementary ECM; use the supplementary control word in the decryption module to obtain a content ECM from an encrypted version of the content ECM; use the secured module to obtain a content control word from the content ECM; and use the content control word in the decryption module to decrypt encrypted content. A corresponding method of enabling a receiver to access encrypted content is also provided.
H04H 60/23 - Dispositions d'accès conditionnel aux informations radiodiffusées ou aux services relatifs à la radiodiffusion au moyen de la cryptographie, p.ex. le chiffrement, l’authentification ou la distribution de clés
H04N 21/266 - Gestion de canal ou de contenu, p.ex. génération et gestion de clés et de messages de titres d'accès dans un système d'accès conditionnel, fusion d'un canal de monodiffusion de VOD dans un canal multidiffusion
H04N 21/4623 - Traitement de messages de titres d'accès, p.ex. message de contrôle d'accès [ECM], message de gestion d'accès [EMM]
A method of facilitating a device to obtain a version of an item of content, wherein, for each of a plurality of sections of the item of content, a content distribution system is arranged to provide one or more versions of that section, wherein there is at least one section for which the content distribution system is arranged to provide a plurality of differently watermarked versions of that section, the method comprising: receiving, from the device, a request for a section of the item of content, wherein the request also comprises an identifier of the device; if the requested section is a section for which the content distribution system is arranged to provide a plurality of differently watermarked versions of that section: identifying, based on the identifier of the device, a particular version out of the plurality of differently watermarked versions of the requested section; and providing the device with a response to the request, wherein the response contains an indication of the particular version of the requested section, and wherein the response is arranged to cause the device to request the particular version of the requested section from a corresponding location on the content distribution system.
There is described a chip comprising a one-time programmable (OTP) memory programmable to store chip configuration data, and a verification module operable to access the OTP memory. The verification module is operable to receive a verification request relating to a specified portion of the OTP memory, the verification request comprising mask data defining the specified portion of the OTP memory. In response to the verification request, the verification module is operable to use the mask data and the OTP memory to generate verification data relating to the specified portion of the OTP memory, the verification data further being generated based on a secret key of the chip. There is also described a chip-implemented method of generating verification data relating to a specified portion of a one-time programmable (OTP) memory of the chip. There are also described methods for primary or secondary verification systems to verify a configuration of a specified portion of the OTP memory the above mentioned-chip.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
70.
OBTAINING CONTROL WORDS USING MULTIPLE KEY LADDERS
A method for a receiver device to obtain a control word, the control word for decrypting encrypted content received from a content provider system, the method comprising the receiver device: obtaining a plurality of amounts of key data, wherein, for each amount of key data, said obtaining comprises using one or more corresponding keys to obtain said amount of key data from a secured form of said amount of key data received by said receiver device, and wherein, for each amount of key data, said one or more corresponding keys comprises at least one key shared between the receiver device and a respective security system associated with the content provider system; and obtaining said control word using said plurality of amounts of key data.
There is described a method of controlling access to IP streaming content by a plurality of receivers. The method comprises the steps of (a) for each receiver in the plurality of receivers, providing that receiver with access to first control information for that receiver to enable that receiver to access a first portion of the content; (b) identifying a receiver from the plurality of receivers as an identified receiver; (c) updating the first control information so as to provide updated control information for each receiver, the updated control information being associated with a second portion of the content; and (d) configuring each receiver to fetch the updated control information for that receiver. For the identified receiver, the updated control information is invalid such that the identified receiver is unable to fully access the second portion of the content. A server configured to carry out the method is also described.
H04N 21/258 - Gestion de données liées aux clients ou aux utilisateurs finaux, p.ex. gestion des capacités des clients, préférences ou données démographiques des utilisateurs, traitement des multiples préférences des utilisateurs finaux pour générer des données co
A method of providing a receiver with a version of an initial item of software, the method comprising: for each of a plurality of sections of the initial item of software that together form the initial item of software, obtaining one or more respective versions of that section, wherein for at least one of the sections a respective plurality of different versions of that section are obtained; for each of the plurality of sections of the initial item of software, selecting a respective version of that section to be used by the receiver, said selecting being arranged so that the receiver is identifiable from the set of selected versions; and providing the receiver with a version of the initial item of software by providing the receiver with access to the selected versions of the sections of the initial item of software.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A method of maintaining a list of recommended content items, the method comprising: receiving content list data, the content list data identifying a plurality of content items and comprising relationship data that identifies, for each of one of more of the plurality of content items, an associated set of one or more other content items in the plurality of content items; storing a current list of recommended content items; receiving an identification of a content item in the plurality of content items that has been selected by a user; and forming an updated list of recommended content items based on (a) the current list of recommended content items,(b) the selected content item and (c) the content list data.
H04N 5/445 - Circuits de réception pour visualisation d'information additionnelle
G06F 17/30 - Recherche documentaire; Structures de bases de données à cet effet
H04N 21/472 - Interface pour utilisateurs finaux pour la requête de contenu, de données additionnelles ou de services; Interface pour utilisateurs finaux pour l'interaction avec le contenu, p.ex. pour la réservation de contenu ou la mise en place de rappels, pour la requête de notification d'événement ou pour la transformation de contenus affichés
G06Q 30/02 - Marketing; Estimation ou détermination des prix; Collecte de fonds
A method of providing key information from a sender to one or more receivers, the method comprising: obtaining initial key information comprising a plurality of units that assume respective values; forming encoded key information from the initial key information, wherein the encoded key information comprises a plurality of encoded units that correspond to respective units of the initial key information, wherein said forming comprises, for each unit of the initial key information, selecting an encoding from a plurality of invertible encodings associated with said unit and encoding said value assumed by said unit with said selected encoding to form the corresponding encoded unit; and providing the encoded key information to said one or more receivers.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
There is disclosed a method of controlling use of encrypted content by a plurality of client terminals each provided with a digital rights management (DRM) client and a content decryption module separate to the DRM client. First key information is provided for use by one or more selected ones of the DRM clients, and second key information is provided for use by one or more selected ones of the content decryptions modules. Content key information is encrypted to form encrypted content key information such that the selected ones of the content decryption modules are enabled by the second key information to recover the content key information from encrypted content key information. The encrypted content key information is further encrypted to form super-encrypted content key information such that the selected ones of the DRM clients are enabled by the first key information to recover the encrypted content key information from the super-encrypted content key information. Corresponding head-end and client terminal apparatus are also disclosed.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
76.
GENERATING FINGERPRINTED CONTENT DATA FOR PROVISION TO RECEIVERS
A method for generating, from initial content data, output content data for provision to one or more receivers, wherein the initial content data is encoded according to a coding scheme, wherein for a quantity of data encoded according to the coding scheme, the coding scheme provides a mechanism for including in the quantity of encoded data additional data such that a decoder for the coding scheme, upon decoding the quantity of encoded data, does not use the additional data to generate decoded data, the method comprising: selecting one or more portions of the initial content data; for each selected portion, generating a data construct that comprises a plurality of data structures, each data structure comprising data, including a version of the selected portion, that is encrypted using a corresponding encryption process different from each encryption process used to encrypt data in the other data structures, wherein the data construct is arranged such that using a decryption process that corresponds to the encryption process for one data structure on the encrypted data in each data structure in the data construct produces a quantity of data encoded according to the coding scheme that uses the mechanism so that a decoder for the coding scheme would not use any data structure in the data construct other than said one data structure; and using the generated data constructs in the initial content data instead of their corresponding selected portions to form the output content data.
H04N 21/234 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/4405 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant le décryptage de flux vidéo
H04N 21/2389 - Traitement de flux multiplexé, p.ex. cryptage de flux multiplexé
G06T 1/00 - Traitement de données d'image, d'application générale
H04N 21/2347 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant le cryptage de flux vidéo
77.
DISTRIBUTING CONTENT TO MULTIPLE RECEIVERS USING MULTICAST CHANNELS
There is described a method of distributing a first piece of content to multiple receivers. The first piece of content comprises a plurality of content portions. The method comprises: (a) for each of a plurality of selected content portion of the plurality of content portions, there being two or more versions of each said selected content portion,, allocating each version of that selected content portion to a respective multicast channel; and (b) providing each receiver with access to a respective group of the multicast channels, each receiver being identifiable at least in part by means of the respective group of multicast channels for that receiver. A corresponding multicast system and receiver are also described.
There is disclosed a head-end system in which differently processed copies of content portions are reordered such that copies from different content portions are not interleaved in the final transport stream.
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/2347 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant le cryptage de flux vidéo
H04N 21/236 - Assemblage d'un flux multiplexé, p.ex. flux de transport, en combinant un flux vidéo avec d'autres contenus ou données additionnelles, p.ex. insertion d'une adresse universelle [URL] dans un flux vidéo, multiplexage de données de logiciel dans un flu; Remultiplexage de flux multiplexés; Insertion de bits de remplissage dans le flux multiplexé, p.ex. pour obtenir un débit constant; Assemblage d'un flux élémentaire mis en paquets
H04N 21/2365 - Multiplexage de plusieurs flux vidéo
H04N 21/2362 - Génération ou traitement d'informations de service [SI]
H04N 21/418 - Carte externe destinée à être utilisée en combinaison avec le dispositif client, p.ex. pour l'accès conditionnel
H04N 21/4405 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant le décryptage de flux vidéo
H04N 21/434 - Désassemblage d'un flux multiplexé, p.ex. démultiplexage de flux audio et vidéo, extraction de données additionnelles d'un flux vidéo; Remultiplexage de flux multiplexés; Extraction ou traitement de SI; Désassemblage d'un flux élémentaire mis en paquets
H04N 21/4623 - Traitement de messages de titres d'accès, p.ex. message de contrôle d'accès [ECM], message de gestion d'accès [EMM]
H04N 21/835 - Génération de données de protection, p.ex. certificats
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
There are disclosed methods and apparatus enabling selected use of control words distributed to each of a plurality of receivers or groups of receivers, for example as part of an MPEG-2 transport stream. A plurality of sets of primary product keys is established or generated, each set containing at least two different primary product keys. One primary product key of each set is made available to each receiver or group of receivers, such that each receiver or group of receivers is provided with a different combination of said primary product keys. For each set of primary product keys, the plurality of receivers or groups of receivers is provided with a different primary entitlement control message corresponding to each primary product key of said set, each such primary entitlement control message distributing a primary control word for recovery through decryption using the corresponding primary product key. The primary control words can then be used for purposes such as tracing compromise of the conditional access system, or arranging for differently fingerprinted content to be decoded at different receivers or groups of receivers.
H04N 21/2347 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant le cryptage de flux vidéo
H04N 21/236 - Assemblage d'un flux multiplexé, p.ex. flux de transport, en combinant un flux vidéo avec d'autres contenus ou données additionnelles, p.ex. insertion d'une adresse universelle [URL] dans un flux vidéo, multiplexage de données de logiciel dans un flu; Remultiplexage de flux multiplexés; Insertion de bits de remplissage dans le flux multiplexé, p.ex. pour obtenir un débit constant; Assemblage d'un flux élémentaire mis en paquets
H04N 21/2365 - Multiplexage de plusieurs flux vidéo
H04N 21/2362 - Génération ou traitement d'informations de service [SI]
H04N 21/418 - Carte externe destinée à être utilisée en combinaison avec le dispositif client, p.ex. pour l'accès conditionnel
H04N 21/4405 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant le décryptage de flux vidéo
H04N 21/434 - Désassemblage d'un flux multiplexé, p.ex. démultiplexage de flux audio et vidéo, extraction de données additionnelles d'un flux vidéo; Remultiplexage de flux multiplexés; Extraction ou traitement de SI; Désassemblage d'un flux élémentaire mis en paquets
H04N 21/4623 - Traitement de messages de titres d'accès, p.ex. message de contrôle d'accès [ECM], message de gestion d'accès [EMM]
H04N 21/835 - Génération de données de protection, p.ex. certificats
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
There is described a method of generating a recommendation value for a specific user-item pair based on known recommendation values for other user-item pairs. A user-item pair corresponds to one of m users and one of n items such that the recommendation value for said specific user-item pair is a recommendation value of a specific item of the n items for a specific user of the m users. Each user of the m users is associated with a corresponding user vector. Each item of the n items is associated with a corresponding item vector. The method comprises the steps of: generating the user vector associated with the specific user; generating the item vector associated with the specific item; and generating the recommendation value for the specific user-item pair based on a dot product of the user vector associated with the specific user and the item vector associated with the specific item. The method includes steps (a) to (c) for each stage in a series of stages. Step (a) involves identifying selected users from the m users and selected items from the n items so as to define a subset of user-item pairs that has a given density of known recommendation values. At each subsequent stage, the density of known recommendation values in the subset is reduced. For each selected user that has not been selected in any preceding stages, step (b) involves calculating the associated user vector based on known recommendation values for user-item pairs in the subset corresponding to said selected user and based on any corresponding item vectors calculated in any preceding stages. For each selected item that has not been selected in any preceding stages, step (c) involves calculating the associated item vector based on known recommendation values for user-item pairs in the subset corresponding to said selected item and based on any corresponding user vectors calculated in any preceding stages.
A method of obtaining descrambling information at a receiver, the descrambling information for enabling descrambling of scrambled content, the method comprising: using a provider verification key to access a software image, said software image having been secured by a provider using a provider signature key corresponding to the provider verification key; receiving a secured version of the descrambling information; using the accessed software image to obtain virtual descrambling information from the secured version of the descrambling information; providing the virtual descrambling information and said provider verification key as inputs to a cryptographic function to produce a given output comprising said descrambling information, wherein the cryptographic function has the property that it is infeasible to determine a key pair including a signature key and a verification key associated with the signature key, and another virtual descrambling information, such that the determined verification key and the another virtual descrambling information map to the given output of the cryptographic function.
H04N 21/266 - Gestion de canal ou de contenu, p.ex. génération et gestion de clés et de messages de titres d'accès dans un système d'accès conditionnel, fusion d'un canal de monodiffusion de VOD dans un canal multidiffusion
A fingerprinting method comprising, for each round in a series of rounds: providing to each receiver in a set of receivers a version of a source item of content, the source item of content corresponding to the round, wherein for the round there is a corresponding part of a fingerprint-code for the receiver, the part comprising one or more symbols, wherein the version provided to the receiver represents those one or more symbols; obtaining, from a suspect item of content one or more corresponding symbols as a corresponding part of a suspect-code; for each receiver in the set of receivers, updating a corresponding score that indicates a likelihood that the receiver is a colluding-receiver, wherein a colluding-receiver is a receiver that has been provided with a version of a source item of content that has been used to generate a suspect item of content, wherein said updating is based on the fingerprint-code for the receiver and the suspect-code; for each receiver in the set of receivers, if the score for the receiver exceeds a threshold, updating the set of receivers by removing the receiver from the set of receivers so that the receiver is not provided with a further version of a source item of content, wherein the threshold is set such that the probability that a receiver that is not a colluding-receiver has a score exceeding the threshold is at most a predetermined probability.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
83.
METHOD OF SECURING MEMORY AGAINST MALICIOUS ATTACK
A method and system for secure dynamic memory management using heap memory, or analogous dynamic memory allocation, that includes initializing a heap memory segment, having a plurality of buffers, within a random access memory. When an allocation request to store data in the heap memory segment is received, one of the buffers is randomly selected. Metadata, containing details of allocated and unallocated buffers of the heap memory segment, is then maintained in a portion of the memory separate from the heap object. According to certain embodiments, the secure heap of the present disclosure can securely implement the functions of those portions of the C/C++ stdlib library related to dynamic memory management, specifically malloc ( ), free ( ) and their variants.
G06F 12/02 - Adressage ou affectation; Réadressage
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
84.
METHOD AND SYSTEM FOR PROTECTING EXECUTION OF CRYPTOGRAPHIC HASH FUNCTIONS
A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 7/00 - Procédés ou dispositions pour le traitement de données en agissant sur l'ordre ou le contenu des données maniées
A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
86.
ENABLING A SOFTWARE APPLICATION TO BE EXECUTED ON A HARDWARE DEVICE
The invention provides a method, a hardware circuit and a hardware device for enabling a software application to be executed on a hardware device in dependence of the hardware circuit, while preventing the execution of a binary copy of the application in another hardware device. Challenge data originating from the software application is input to a hardware circuit of the hardware device, wherein the hardware circuit is configured to perform a deterministic function. Response data is generated by the hardware device, which is used to manipulate at least a part of the software application to thereby enable the software application to be executed.
The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication centre. The software application is then enabled to be executed in further dependence of the second response data.
The invention relates to a computer-implemented method for providing a data stream comprising a plurality of content elements. At least one of two or more copies of a first content element of the data stream has been watermarked with a different watermark. The method includes watermarking at least one of two or more copies of a second content element with a different watermark. In a rendering order of the data stream, the second content element is at an interval equal to or greater than a watermark interval from the first content element. The watermark interval is set to be sufficiently long so that the output quality of the rendered data stream can either completely recover or at least return to a predetermined acceptable level following the watermarking of the copies of the first content element before watermarking the copies of the next content element.
H04N 7/26 - utilisant la réduction de la largeur de bande (réduction d'information par conversion de code en général H03M 7/30)
H04N 7/32 - comportant un codage par prédiction (H04N 7/48, H04N 7/50 ont priorité);;
H04N 21/8358 - Génération de données de protection, p.ex. certificats impliquant des filigranes numériques
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
Methods and systems related to producing chips with the uniqueness property are disclosed. A random bit vector is generated using a hardware random number generator on the chip or "on the fly" as a hardware component is being produced. The generated random bit vector is stored in a one-time programmable memory of the chip. A value is derived in the chip from the random bit vector programmed in the one-time programmable memory of the chip. The derived value is exported to an external receiving module communicably connected to the chip to enable a security application provider to encrypt a message that is decryptable by the chip using a key based on the random bit vector programmed in the one-time programmable memory of the chip.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
G06F 21/77 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les cartes à puce intelligentes
G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p.ex. les mémoires adressables directement
90.
SYSTEM AND METHOD PROVIDING DEPENDENCY NETWORKS THROUGHOUT APPLICATIONS FOR ATTACK RESISTANCE
A method and system is provided to automatically propagate dependencies from one part of a software application to another previously unrelated part. Propagation of essential code functionality and data to other parts of the program serves to augment common arithmetic functions with Mixed Boolean Arithmetic (MBA) formulae that are bound to pre-existing parts of the program. A software application is first analyzed on a compiler level to determine the program properties which hold in the program. Thereafter, conditions are constructed based on these properties and encoded in formulae that encode the condition in data and operations. Real dependencies throughout the application are therefore created such that if a dependency is broken the program will no longer function correctly.
A system and method is disclosed for securely binding an arbitrary program to an authorized instance of a generic execution platform. Once the binding process occurs, the protected software application will not exhibit correct behavior unless run on the execution platform to which it is bound. The system and method withstands repeated attacks which tamper with the software application and the execution platform. The system and method present a mechanism to bind a program, P, to any un-trusted execution platform, E, which contains a Trusted Signing Authority (TSA). The TSA may take many alternate forms including a trusted platform module, secure processor, kernel driver, and hardened software agents.
A secure and change-tolerant method for obtaining an identifier for a collection of assets associated with a computing environment. Each asset has an asset parameter and the computing environment has a fingerprint based on an original collection of assets and on a codeword generation algorithm on the original collection of assets. The method comprises: retrieving the asset parameters of the collection of assets and processing the retrieved asset parameters to obtain code symbols. An error- correction algorithm is applied to the code symbols to obtain the identifier. The method can be used in node-locking.
The invention involves the migration of at least some of the content discovery and/or resource management tasks from a home network to a remote server by using a proxy device, such as e.g. a DLNA-compatible proxy server or a proxy server compatible with other and/or multiple standards, connected to the devices within the home network and also connected to the resource server via an external, network. The proxy device can obtain content- relation information and, possibly, also: device-related information from the devices within the home network and provide that information to the. remote server which can use the information to create an integrated navigation interface for navigating and/or managing content available to all of the devices within the home network.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
94.
CHANGE-TOLERANT METHOD OF GENERATING AN IDENTIFIER FOR A COLLECTION OF ASSETS IN A COMPUTING ENVIRONMENT USING A SECRET SHARING SCHEME
A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secure software agent is provided for embedding within the abstraction layer forming the operating system. A secure store is provided for storing security information unique to one or more instances of the application software. The secure software agent uses the security information for continuous runtime assurance of ongoing operational integrity of the operating system and application software and thus operational integrity of the device.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
The invention enables the generation of an obfuscated bytecode for execution in an adaptive VM execution environment. A VM compiler compiles a high level code to obtain the bytecode 15b and applies a V-ISA definition to generate an optimized instruction combining two or more individual instructions in the bytecode. The VM execution environment is adapted to interpret and execute the optimized instruction.
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
The invention relates to a method and system for watermarking in a content providing system having multiple parties. A first party system selects a first party watermark by selecting a watermarked copy of at least one first content element of the content elements. A second party system selects a second party watermark by selecting a watermarked copy of at least one second content element, different from the at least one first content element, of the content elements. Watermarked content is delivered to an end user device, the watermarked content containing the watermarked copy for the first content element selected by the first party system and the watermarked copy for the second content element selected by the second party system such that the watermarked content contains the first party watermark and the second party watermark.
The invention enables a chip set of a receiver of a conditional access system to receive control words securely from a head-end system in the content delivery network. Hereto the chip set comprises means for processing an incoming message to obtain a virtual control word, and using the virtual control word to generate the control word used for descrambling content received from the content delivery network. The authenticity of incoming messages is verified, in the sense that content descrambling fails if an incoming message is not authentic.
The invention enables the transport of a key from a sender to a receiver. The sender comprises means for generating or obtaining a virtual key and securing the virtual key to protect its authenticity and confidentiality. The secured virtual key is provided to the receiver. The receiver comprises means to derive the virtual key from the secured virtual key. The sender and the receiver comprise means to provide the virtual key and a signature verification key associated with the sender as inputs to a cryptographic function to generate an output. The output includes at least one key. The at least one key may be in turn used as input to a cryptographic mechanism, providing a service to a security application. Examples of such services are encryption or decryption of content, or generating a response to a challenge.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04N 21/4623 - Traitement de messages de titres d'accès, p.ex. message de contrôle d'accès [ECM], message de gestion d'accès [EMM]
H04N 21/6334 - Signaux de commande issus du serveur dirigés vers des éléments du réseau ou du client vers le client pour l’autorisation, p.ex. en transmettant une clé
H04N 21/266 - Gestion de canal ou de contenu, p.ex. génération et gestion de clés et de messages de titres d'accès dans un système d'accès conditionnel, fusion d'un canal de monodiffusion de VOD dans un canal multidiffusion
A method for securely obtaining a control word in a chip set of a receiver, said control word for descrambling scrambled content received by the receiver, the method comprising, at the chip set: receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; obtaining the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input that comprises the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, each signature verification key being associated with a conditional access/digital rights management system, the given output comprising at least one control word, wherein the first cryptographic function has the property that it is infeasible to determine a key pair including a signature key and a signature verification key and an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04N 5/00 - TRANSMISSION D'IMAGES, p.ex. TÉLÉVISION - Détails des systèmes de télévision
H04N 7/16 - Systèmes à secret analogiques; Systèmes à abonnement analogiques
H04N 7/167 - Systèmes rendant le signal de télévision inintelligible et ensuite intelligible
H04N 21/266 - Gestion de canal ou de contenu, p.ex. génération et gestion de clés et de messages de titres d'accès dans un système d'accès conditionnel, fusion d'un canal de monodiffusion de VOD dans un canal multidiffusion
H04N 21/6334 - Signaux de commande issus du serveur dirigés vers des éléments du réseau ou du client vers le client pour l’autorisation, p.ex. en transmettant une clé
H04N 21/835 - Génération de données de protection, p.ex. certificats