A method of performing a cryptographic process in a secured manner, wherein the cryptographic process generates output data based on input data, the generating of the output data involving generating a value y based on an amount of data x, the value y representing a combination, according to a linear transformation L, of respective outputs from a plurality of S-boxes Sn (n=0, . . . , N−1) for integer N>1, wherein each S-box Sn (n=0, . . . , N−1) implements a respective function Hn that is either (a) the composition of a respective first function Fn and a respective linear or affine second function Gn so that Hn=Gn∘Fn, or (b) the composition of a respective first function Fn, a respective linear or affine second function Gn and a respective third function Wn so that Hn=Gn∘Fn∘Wn, wherein the method comprises: performing a first processing stage and a second processing stage to generate the value y based on the amount of data x, wherein: the first processing stage uses a plurality of first lookup tables to generate respective outputs, each output being based on at least part of the amount of data x, wherein, for each S-box Sn (n=0, . . . , N−1), the respective first function Fn is implemented by a corresponding first lookup table; and the second processing stage combines outputs from a plurality of second lookup tables to generate the value y, wherein the input to each second lookup table is formed from the output of a plurality of the first lookup tables, and wherein the set of second lookup tables is based on the second functions Gn (n=0, . . . , N−1) and the linear transformation L.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
2.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING IMAGE DATA EMBEDDINGS TO BE USED FOR IMAGE RECOGNITION
Disclosed implementations include a method, apparatus and computer media for learning an optimal graph in the form of a tree topology defining a sequence that can be used by a learning network for image recognition. Image data representing the image of an object is received and N landmarks are detected on the image using a deep regression algorithm, wherein N is an integer. A weighted, fully connected, graph is constructed from the landmarks by assigning initial weights for the landmarks randomly. An optimized tree structure is determined based on the initial weights. A sequence is generated by traversing nodes of the tree structure and a series of embeddings representing the object image are generated based on the sequence. The embeddings can be processed by a neural network to generate an image recognition signal based on the embeddings.
A method and system for improving the efficiency of locating a pool operator in a Plug and Charge ecosystem. The method includes receiving an identifier associated with a user, using a Domain Name System (DNS) as a reference engine for the received identifier, generating a fully qualified domain name using the received identifier, and directing the fully qualified domain name to an internet address of a corresponding pool operator. The system includes one or more processors, a DNS, a fully qualified domain name generator, and a directing module. A non-transitory computer-readable medium storing instructions for performing the method is also disclosed.
H04L 61/3015 - Name registration, generation or assignment
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
B60L 53/00 - Methods of charging batteries, specially adapted for electric vehiclesCharging stations or on-board charging equipment thereforExchange of energy storage elements in electric vehicles
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 101/35 - Types of network names containing special prefixes
4.
Method and Apparatus for Utilization of Domain Name System for Efficient Certificate Data Retrieval in Plug and Charge Ecosystems
A method and system for improving the efficiency of locating a pool operator in a Plug and Charge ecosystem. The method includes receiving an identifier associated with a user, using a Domain Name System (DNS) as a reference engine for the received identifier, generating a fully qualified domain name using the received identifier, and directing the fully qualified domain name to an internet address of a corresponding pool operator. The system includes one or more processors, a DNS, a fully qualified domain name generator, and a directing module. A non-transitory computer-readable medium storing instructions for performing the method is also disclosed.
There is provided systems and methods for operating a keyless vehicle system of a vehicle. One such method comprises, receiving, at a Bluetooth module of the keyless vehicle system a connection request from a mobile device, wherein the Bluetooth module of the keyless vehicle system is bonded as a human interface device (HID) to the mobile device. In response to the mobile device being verified by the Bluetooth module, a Bluetooth connection between the mobile device and the Bluetooth module is established. In response to the vehicle detecting physical interaction, the presence of the mobile device determined. Operation of the keyless vehicle system is allowed based on the presence of the mobile device.
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system, The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A control system for use at a mobile device to control a digital key system of a vehicle, wherein the digital key system is implemented according to a predetermined vehicle digital key specification to enable one or more vehicle functions to be performed at the vehicle without using a physical key for the vehicle, and wherein the control system, when executed by a processor of the mobile device, is arranged to: communicate, in accordance with the predetermined vehicle digital key specification, with the digital key system via at least one short range communication protocol to cause performance of at least one of the one or more vehicle functions; and provide a secured software runtime environment at the mobile device for the control system to perform one or more secured operations, the one or more secured operations including the control system acting as a software root of trust, in accordance with the predetermined vehicle digital key specification, for performance of at least one of the one or more vehicle functions.
B60R 25/24 - Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
B60R 25/01 - Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens
B60R 25/20 - Means to switch the anti-theft system on or off
E05F 15/73 - Power-operated mechanisms for wings with automatic actuation responsive to movement or presence of persons or objects
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method for generating synthetic anomalous samples for a system, wherein each anomalous sample is representative of an anomaly for the system, wherein the method comprises: training an autoencoder based on a first set of samples obtained from the system; applying the trained autoencoder to a second set of samples obtained from the system to identify a set of anomalous samples; training a model based on the set of anomalous samples; and using the trained model to generate said synthetic anomalous samples for the system.
A method for a computer game, executing at a computer game system of an end-user, to embed information in video content, the video content comprising a sequence of video images generated for the computer game, the method comprising: for each of one or more video images of the sequence of video images, generating a watermarked image for display to the end-user, said generating comprising combining the video image and a watermark pattern representative of at least a part of the information using a shader of the computer game.
A method of embedding information in an initial image, the initial image comprising an array of image elements, the method comprising: obtaining a watermark pattern representative of the information, the watermark pattern comprising an array of watermark elements, each watermark element indicative of a change to be made to a corresponding image element, the watermark pattern forming a plurality of non-overlapping watermark blocks of watermark elements, each watermark block corresponding to an image block of image elements; determining, for each image element that corresponds to a watermark element, a respective threshold indicative of a maximum magnitude of change for that image element; and generating a watermarked image by combining the watermark pattern and the initial image according to the determined thresholds; wherein said determining comprises: for each image block, determining a corresponding masking value indicative of a degree to which that image block is able to mask the corresponding watermark block, based on intra-band and inter-band frequency perceptual masking capabilities of that image block for the corresponding watermark block; based on a target number of blocks, identifying one or more image blocks, said identifying biased towards identifying image blocks that have a higher corresponding masking value than non-identified image blocks; wherein for each image block, the threshold for each image element of said image block is weighted based on whether said image block has been identified, wherein said weighting is arranged to provide a higher threshold for identified image blocks than for non-identified image blocks.
A method of operating a first neural network, the first neural network configured to generate a result based on an input sample from a predetermined domain of possible samples, the first neural network trained to provide functionality corresponding to a subset of the domain, wherein the method comprises: receiving, from a user, a query having a query sample from the domain; and generating a response to the query; wherein generating the response to the query comprises: performing a test to determine whether or not the query sample is a member of the subset; in response to one or more first conditions being met, using the first neural network to generate a first result based on the query sample, and generating the response to the query based on the first result, wherein at least one first condition is that the test determines that the query sample is a member of the subset; and in response to one or more second conditions being met, using a watermarked version of the first neural network to generate a second result based on the query sample, and generating the response to the query based on the second result, wherein at least one second condition is that the test determines that the query sample is not a member of the subset.
There is disclosed a method of executing computer program code comprising a code portion, the method comprising: loading said computer program code into a program memory space as first executable code such as a memory-mapped executable file; instantiating a plurality of threads for execution of said computer program code; dynamically allocating a thread memory space for each thread; for each thread, reproducing said code portion into the corresponding dynamically allocated thread memory space; and during execution of each thread, executing the reproduced code portion in said dynamically allocated thread memory space instead of executing the code portion in the first executable code file. Also disclosed are a computer system arranged to carry out the method, and a method of modifying an existing computer program to function in this way.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
13.
SYSTEM AND METHOD FOR CREATING SECURED NEURAL NETWORKS
A method of embedding an implementation of a shared-secret obfuscation mechanism into an existing neural network to provide the neural network with more secure data interfaces is disclosed. Disclosed implementations leverage a novel form of transcoding that can be implemented within a conventional neural network. This transcoding maps a span along a continuous number line on to a segment that defines a multidimensional projection. A definition of the transcoding properties (the mapping of spans to segments) is supplied to a form of compiler which produces a transcoding neural network (architecture+weights and biases) that can be embedded within an existing neural to cause the neural network to output transcoded data.
Disclosed implementations include a method for creating a secured neural network model. A programmatically generated “transcoding” layer can be added to the input and output of an existing neural network model. The transcoding, can be produced using a deterministic algorithm and can leverage known data transforms to protect input data by obfuscating and transforming the input and output data of the model.
A method of embedding an implementation of a shared-secret obfuscation mechanism into an existing neural network to provide the neural network with more secure data interfaces is disclosed. Disclosed implementations leverage a novel form of transcoding that can be implemented within a conventional neural network. This transcoding maps a span along a continuous number line on to a segment that defines a multidimensional projection. A definition of the transcoding properties (the mapping of spans to segments) is supplied to a form of compiler which produces a transcoding neural network (architecture + weights and biases) that can be embedded within an existing neural to cause the neural network to output transcoded data.
Disclosed implementations include a method for creating a secured neural network model. A programmatically generated "transcoding" layer can be added to the input and output of an existing neural network model. The transcoding, can be produced using a deterministic algorithm and can leverage known data transforms to protect input data by obfuscating and transforming the input and output data of the model.
There is described a method, at a server system, of providing a mobile network operator (MNO) profile to a client device. The client device has a SIM software application stored thereon so as to provide the client device with a secured software implementation of SIM card functionality. The method comprises: (a) based on a unique identifier of the client device, identifying a unique key, KSIM, of the SIM software application stored on the client device; (b) based on an MNO associated with the client device, identifying an unused MNO profile associated with the MNO; (c) encrypting the identified MNO profile so as to provide an encrypted MNO profile, wherein the encrypting comprises encrypting at least part of the identified MNO profile using KSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
There is described a method of generating a protected data package from an initial file. The initial file has a predetermined file format, the method comprises: (a) identifying a code portion of the initial file to be protected; (b) generating a supplementary file comprising a copy (or version) of the code portion; and (c) modifying the initial file, wherein the modifying comprises replacing at least the code portion of the initial file with replacement data to thereby provide a modified file, wherein the modified file has the same predetermined file format as the initial file, and wherein the modification is arranged to cause a failure when a reader for the predetermined file format tries to load the code portion from the modified file. The protected data package comprises the modified file and the supplementary file. There is also described a method for a reader of a predetermined file format to execute a protected data package. The protected data package comprises a modified file and a supplementary file. The modified file comprises replacement data that has replaced at least a code portion of an initial file on which the modified file is based. The modified file and the initial file have the predetermined file format. The supplementary file comprises a copy (or version) of the code portion. The method comprising, at runtime: responsive to a failure when trying to load the code portion from the modified file, processing the supplementary file so as to load the code portion from the supplementary file.
Methods and systems for continuing authenticating a user of a device based on external conditions. A likelihood value, indicating the likelihood that the external conditions have been satisfied, is generated and the user is permitted to continue the authenticated use when the value is determined to be acceptable.
B60W 40/08 - Estimation or calculation of driving parameters for road vehicle drive control systems not related to the control of a particular sub-unit related to drivers or passengers
20.
IDENTIFYING WHETHER A SAMPLE WILL TRIGGER MISCLASSIFICATION FUNCTIONALITY OF A CLASSIFICATION MODEL
A method of identifying whether an input sample, for input to a classification model for classification by the classification model according to a predetermined set of classes for the classification model, will trigger a misclassification functionality of the classification model, the misclassification functionality due to the classification model having been trained, at least in part, on mislabelled samples, the method comprising: obtaining the input sample, the input sample comprising a first number of input sample components; generating, based on the input sample, one or more test samples, wherein, for each test sample of the one or more test samples, said test sample comprises a corresponding plurality of test sample components, wherein a second number of test sample components of the plurality of test sample components are set to match a corresponding input sample component, the second number being less than the first number; for each of the one or more test samples, using the classification model to generate one or more confidence scores for said test sample, wherein each confidence score is indicative of a confidence that said test sample belongs to a corresponding class of the predetermined set of classes; and providing a result, wherein the result comprises an indication that the input sample will trigger the misclassification functionality if there is at least one confidence score for at least one test sample that exceeds a predetermined threshold.
G06V 10/764 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using classification, e.g. of video objects
G06V 10/94 - Hardware or software architectures specially adapted for image or video understanding
G06V 10/98 - Detection or correction of errors, e.g. by rescanning the pattern or by human interventionEvaluation of the quality of the acquired patterns
21.
PROTECTION OF NEURAL NETWORKS AGAINST CLONING ATTACKS
A method of protecting an implementation of a neural network against a cloning attack, the neural network configured to generate a result based on an input sample from a predetermined domain of possible samples, the neural network trained to provide functionality corresponding to a subset of the domain, wherein the method comprises: receiving, from a user, a plurality of queries having a corresponding query sample from the domain and, for each query, performing a first test to determine whether or not the corresponding query sample is a member of the subset; performing a second test to identify whether the user is performing a cloning attack against the neural network, wherein the second test identifies that the user is performing a cloning attack against the neural network if a number of queries from the plurality of queries for which the corresponding query sample is determined to not be a member of the subset exceeds a first threshold value; and in response to the second test identifying that the user is performing a cloning attack against the neural network, performing one or more countermeasures for the cloning attack.
A method for a testing system to perform fuzzy testing of a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed, wherein the mutation process is configured, at least in part, by mutation guidance information; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in the ranked plurality of queues has an associated seed addition criterion and wherein performing each test comprises either (a) adding the test seed to the highest ranked queue in the ranked plurality of queues for which the test seed meets the seed addition criterion associated with that queue; or (b) discarding the test seed if the test seed does not meet the seed addition criterion associated with any of the queues in the ranked plurality of queues; wherein the seed addition criteria are configured so that, if processing of a first test seed by the software system involves execution of, or an execution path approaching, a callable unit of interest and if processing of a second test seed by the software system does not involve execution of, or an execution path approaching, a callable unit of interest, then the queue to which the first test seed is added is of higher rank than the queue to which the second test seed is added, wherein a callable unit is a callable unit of interest if the current number of tests that have resulted in execution of that callable unit is less than the target number of times that callable unit is to be tested.
There is provided systems and methods for operating a keyless vehicle system of a vehicle. One such method comprises, receiving, at a Bluetooth module of the keyless vehicle system a connection request from a mobile device, wherein the Bluetooth module of the keyless vehicle system is bonded as a human interface device (HID) to the mobile device. In response to the mobile device being verified by the Bluetooth module, a Bluetooth connection between the mobile device and the Bluetooth module is established. In response to the vehicle detecting physical interaction, the presence of the mobile device determined. Operation of the keyless vehicle system is allowed based on the presence of the mobile device.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
G07C 9/00 - Individual registration on entry or exit
H04W 4/40 - Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
H04W 4/02 - Services making use of location information
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Communication services via the internet, namely, providing an online forum in the cybersecurity field relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, and the video gaming industry; communication services, namely, transmission of voice, data, sound and images by telecommunications network, wireless communication networks, the internet, information services networks and data networks; radio, television, satellite and cable broadcasting services; subscription television and Internet broadcasting services; communication services via the internet, namely, providing user access to computer programmes in data networks Downloadable computer software applications for smart phones and tablet devices, namely, software for providing cybersecurity and risk management services; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, recorded computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content; downloadable computer software for use in the distribution of digital content; computer chips; apparatus and instruments for the encoding and decoding of electrical signals; downloadable computer software for delivering user generated content via the internet; downloadable software for protection of internet communications; downloadable software for the protection of data storage on computers; downloadable software for the protection of advertisement delivery; downloadable software for use in protection of internet communications; downloadable software for the protection of computer software in the nature of virus and fraud protection; computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; providing online non-downloadable software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, and the video gaming industry; providing online non-downloadable cloud-based software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries and the video gaming industry
25.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING SECURED COMPUTER CODE
Systems, methods, and storage media for creating secured computer code are disclosed. Exemplary implementations may: access computer code; convert the computer code into a numeric description of characteristics of the code; partition the computer code into blocks of code; determine a corresponding ranking of at least some of the blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code; select anomalous blocks of the blocks of code by applying a threshold to the rankings; and apply code security techniques to at least one of the anomalous blocks of code to thereby create secured computer code.
A method for identifying whether a classification system is configured to use a specific machine-learning classification model, the method comprising: using the classification system to generate, for each test sample in a predetermined test set that comprises a plurality of test samples, a corresponding classification result; and identifying either (i) that the classification system is using the specific machine-learning classification model if, for each test sample in the test set, the corresponding classification result matches a classification result produced for that test sample using the specific machine-learning classification model or (ii) that the classification system is not using the specific machine-learning classification model if there is a test sample in the test set for which the corresponding classification result does not match the classification result produced for that test sample using the specific machine-learning classification model; wherein the test set is associated with the specific machine-learning classification model and, for each test sample in the test set, there is a corresponding small modification for that test sample that causes a change in the classification result produced for that test sample using the specific machine-learning classification model.
A system and method for train control system intrusion detection that uses Machine Learning (ML) to detect attacks on traction and braking operations performed by a TCMS. Control message history, which includes previously generated operational commands and control messages sent to each train and mobility information for each train at predetermined time intervals, is received. The received input data is checked for misbehavior and detect attacks.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
29.
Secured performance of an elliptic curve cryptographic process
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
30.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
There is described a method of generating a protected data package from an initial file. The initial file has a predetermined file format, the method comprises: (a) identifying a code portion of the initial file to be protected; (b) generating a supplementary file comprising a copy (or version) of the code portion; and (c) modifying the initial file, wherein the modifying comprises replacing at least the code portion of the initial file with replacement data to thereby provide a modified file, wherein the modified file has the same predetermined file format as the initial file, and wherein the modification is arranged to cause a failure when a reader for the predetermined file format tries to load the code portion from the modified file. The protected data package comprises the modified file and the supplementary file. There is also described a method for a reader of a predetermined file format to execute a protected data package. The protected data package comprises a modified file and a supplementary file. The modified file comprises replacement data that has replaced at least a code portion of an initial file on which the modified file is based. The modified file and the initial file have the predetermined file format. The supplementary file comprises a copy (or version) of the code portion. The method comprising, at runtime: responsive to a failure when trying to load the code portion from the modified file, processing the supplementary file so as to load the code portion from the supplementary file.
There is described a method of enabling identification of the execution state of an item of software at runtime. The method comprises receiving from one or more clients one or more respective labelled sets of invocation data generated at the one or more clients by the execution of an executable of the item of software configured to cause the collection of invocation data at runtime for one or more callable units of the item of software, wherein each labelled set of invocation data comprises a label indicating an execution state of the item of software during a respective portion of runtime and invocation data corresponding to said respective portion of runtime; training, based on said collection of invocation data, an identification algorithm to identify the execution state of the item of software from collected invocation data of the item of software. There is also described a related method of identifying the execution state of an executable during a portion of runtime, as well as related apparatus and computer programs.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 11/36 - Prevention of errors by analysis, debugging or testing of software
33.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR GENERATING SYNTHESIZED DEPTH DATA
Disclosed implementations include a depth generation method using a novel teacher-student GAN architecture (TS-GAN) to generate depth images for 2-D images, such as RGB images, where no corresponding depth information is available. An example model consists of two components, a teacher and a student. The teacher consists of a fully convolutional encoder-decoder network as a generator along with a fully convolution classification network as the discriminator. The generator takes 2-D images as inputs and aims to output the corresponding depth images. The teacher learns an initial latent mapping between 2-dimensional and co-registered depth images and the student applies the latent mapping to provide feedback to the classification network for refinement.
Disclosed implementations include a method, apparatus and computer media for learning an optimal graph in the form of a tree topology defining a sequence that can be used by a learning network for image recognition. Image data representing the image of an object is received and N landmarks are detected on the image using a deep regression algorithm, wherein N is an integer. A weighted, fully connected, graph is constructed from the landmarks by assigning initial weights for the landmarks randomly. An optimized tree structure is determined based on the initial weights. A sequence is generated by traversing nodes of the tree structure and a series of embeddings representing the object image are generated based on the sequence. The embeddings can be processed by a neural network to generate an image recognition signal based on the embeddings.
Systems, methods, and storage media for creating secured computer code from original computer code are disclosed. The secured computer code is created from original computer code and has a secured interface between a first code domain and a second code domain of the original computer code, the first code domain including code in a first coding language and the second code domain including code in a second coding language, the first code domain being compiled separately from the second code domain. Exemplary implementations may: identify a code method defined in the first code domain that is declared in the second code domain; create a corresponding code method in the second code domain that has a signature that corresponds to a signature of the code method; and create a transformed code method in the first code domain.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
36.
Method and apparatus for implementing a white-box cipher
An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
SIMSIMSIM; (d) generating an MNO profile download message comprising the encrypted MNO profile and the unique identifier of the client device; and (e) broadcasting the MNO profile download message over a broadcast network so as to enable the client device to access the MNO profile download message. There is also described a related method at a client device, as well as related computer programs and computer-readable media.
The disclosure is directed to a method, system and a computer readable medium of fuzzy testing a software system, using a grey-box fuzzy testing framework that optimizes the vulnerability exposure process while addressing security testing challenges. The grey-box fuzzy testing framework, unlike white-box testing, provides a focused and efficient assessment of a software system without analyzing each line of code. The disclosed embodiments provide a robust security mechanism that accumulates information about the system without increasing testing complexity, enabling fast and efficient security testing. The disclosed embodiments use security vulnerability metrics designed to identify vulnerable components in the software systems and ensures thorough testing of these components by assigning weights. A mutation engine may perform small data type mutations at the input's high-level design. The grey-box approach addresses three testing challenges: the system's complexity and size by avoiding intensive code analysis, outsourcing by limiting the knowledge about the system, and input and output fluctuation by creating a massive number of inputs.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
39.
Method and apparatus for policy-based management of assets
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective second threshold for said first test, the respective second threshold greater than the respective first threshold; and when the respective first log-likelihood ratio exceeds the respective first threshold and the respective first log-likelihood ratio does not exceed the respective second threshold, either (a) determining to perform a further first test when a number of times that the first test has been performed is less than a predetermined maximum number of times or (b) determining to perform a second test when the number of times that the first test has been performed equals the predetermined maximum number of times; wherein performing the second test comprises: obtaining a second input for the second test based on the one or more biometric characteristics of the first user; and determining that the first user is the predetermined user when a second log-likelihood ratio for a third likelihood and a fourth likelihood exceeds a third threshold, wherein the third likelihood is a likelihood of receiving the respective second input based on the first model, and wherein the fourth likelihood is a likelihood of receiving the second input based on the second model; determining that the first user is not the predetermined user when the second log-likelihood ratio does not exceed the third threshold.
G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing an online forum in the cybersecurity field relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing industry, and the video gaming industry; communication services, namely, transmission of voice, data, sound and images by telecommunications network, wireless communication networks, the internet, information services networks and data; radio, television, satellite and cable broadcasting services; rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; providing access to and leasing access time to computer data bases Downloadable computer software applications for smart phones and tablet devices, namely, software for use in cybersecurity and risk management; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, recorded computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content; downloadable computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; downloadable computer software for use in connection with content delivery for the internet; downloadable software for the protection of internet communications; downloadable software for the protection of data storage on computers; downloadable software for the protection of advertisement delivery; downloadable software for use in protection of internet communications; downloadable software for the protection of computer software including virus and fraud protection; computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing industry, and the video gaming industry provision of cloud-based software for use in the field of cybersecurity and risk management in the nature of restricting unauthorized access to computer systems relating to media, entertainment, broadband and mobile industries, automotive, e-charging and rail industries, medical device manufacturing
A method for detection of modification of an item of content, the method comprising: obtaining, for the item of content, a respective first value of each attribute in a set of one or more attributes of the item of content, the set of one or more attributes selected such that, for each of one or more predetermined types of modification, said type of modification affects the value of at least one attribute in the set of one or more attributes; performing a watermark decoding operation on the item of content; and in response to the watermark decoding operation producing payload data from the item of content: determining that the one or more predetermined types of modification have not been applied to the item of content if, for each attribute in the set of one or more attributes, the respective first value for that attribute matches a respective second value for that attribute determined using the payload; or determining that a modification has been applied to the item of content if, for at least one attribute in the set of one or more attributes, the respective first value for that attribute does not match a respective second value for that attribute determined using the payload.
09 - Scientific and electric apparatus and instruments
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer software applications for smart phones and tablet devices; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content, computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software for use in connection with content delivery for the internet; software for the protection of internet communications; software for the protection of data storage on computers; software for the protection of advertisement delivery; software for the protection of computer software including virus and fraud protection; computers, handheld computers, set-top boxes, televisions and digital media streaming devices; apparatus and instruments for use in connection with the internet, namely, computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards. Providing access to forums; telecommunications portal services; voice, data, sound and image communication services; multi-media communication services; telecommunications services; radio, television, satellite and cable broadcasting services; transmission, provision and display of information for business or domestic purposes from a computer stored databank; hiring, rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; Providing access to websites on the Internet or any other communications network; providing access to and leasing access time to computer data bases. Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software; provision of cloud-based software; software as a service; provision of technical advice in respect of software for the protection of internet communications, software for the protection of data storage on computers; Providing temporary use of non-downloadable software.
45.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Apparatus and instruments for recording, transmitting, reproducing or processing sound, images or data; recorded and downloadable media; computer software; computer software applications; blank digital or analogue recording and storage media; computers and computer peripheral devices; Content marketing analytics software and mobile applications; Content management and control software and mobile applications; Web content management software and mobile applications; Downloadable computer programs using artificial intelligence in the field of marketing; Search engine software and mobile applications; Business intelligence software; Computer software and mobile applications used for measuring, analysing and reporting on website content, traffic and usage based on collected web data; computer software and mobile applications used for measuring, analysing and reporting on mobile application content, traffic and usage based on collected web data; Computer software and mobile applications for use in organizing, coordinating, streamlining, distributing, posting, and timing the publication of text, audio, visual and multimedia data and content on websites via computers, mobile phones, tablets, wired and wireless communication devices, and optical and electronic communications networks. Advertising, marketing and promotional services; business management, organization and administration; office functions; Advertising, marketing and promotional consultancy, advisory and assistance services; Content marketing strategies; Content marketing analytics services; Website traffic optimization services; Search engine optimization services; Marketing and advertising services in the field of web site traffic optimisation; Business monitoring services, namely, tracking web sites of others to provide details about user click traffic or visits to the web site; Business intelligence services; Business intelligence reporting services; Online business research services that allow users to analyse marketing trends; Planning, design, development, maintenance, tracking and reporting of online marketing activities for third parties; Reviewing, planning and creating marketing and advertising campaigns and material by means of online web and content marketing analytics data and analysing website and mobile application traffic reports; Providing advertising, marketing and market share statistics and analysis reports; Marketing management, forecasting, information, analysis, research, consultancy and advisory services; Marketing strategy planning; Provision of marketing reports; Compilation, production and dissemination of advertising and promotional material; Marketing services, namely, conducting consumer tracking behaviour research and consumer trend analysis; Marketing consulting, namely, design and development of marketing campaigns for others, tracking and reporting online marketing activities of others; Online media monitoring services using computer software to automatically monitor internet websites and online publications for customer-specified topics and to capture relevant content on those topics, and providing documentation and analysis of that online content to others for business purposes; Business monitoring and consulting services, namely, tracking web sites and applications of others to provide strategy, insight, marketing, sales, operation, product design, particularly specializing in the use of analytic and statistic models for the understanding and predicting of consumers, businesses, and market trends and actions; Online monitoring services using computer software to automatically monitor internet websites and for customer-specified topics and to capture relevant content on those topics and providing documentation and analysis of that online content to others for business purposes. Scientific and technological services and research and design relating thereto; industrial analysis, industrial research and industrial design services; quality control and authentication services; design and development of computer hardware and software; Enterprise content management; Software as a service (SaaS); Providing temporary use of non-downloadable software and non-downloadable software tools; Designing, operating and providing search engines; Providing temporary use of non-downloadable software to enable content providers to track multimedia content; Providing temporary use of non-downloadable content marketing analytics software; Computer services, namely, monitoring, testing, analysing, and reporting on the Internet traffic control and content control of the web sites of others; Measuring, analysing and reporting on website content, traffic and usage based on collected web data by means of web analytics, for the purpose of optimizing, improving, designing, creating and developing websites or advertising and marketing campaigns; measuring, analysing and reporting on mobile application content, traffic and usage based on collected web data by means of web analytics, for the purpose of optimizing, improving, designing, creating and developing mobile applications or advertising and marketing campaigns; Providing temporary use of non-downloadable computer software for use in organizing, coordinating, streamlining, distributing, posting, and timing the publication of text, audio, visual and multimedia data and content on websites via computers, mobile phones, tablets, wired and wireless communication devices, and optical and electronic communications networks; Software as a service (SaaS) services featuring software for use by others for tracking web sites and mobile sites, and providing the user with related metrics, analytics, feedback, recommendations, strategy, insight, and predictions; Providing information in the field of users' generated keywords, search requests and domains via an online searchable database.
A system and method for a computer to execute an item of software. The computer executes security modules, each performing a respective security-related operation. The computer executes the item of software and, at a point during execution of the item of software at which a predetermined function is to be performed, the computer attempts to perform the predetermined function by sending, to an address system, a request message, including and identifier of the predetermined function, for an address of instructions for carrying out the predetermined function. In response to the request message, the computer receives, from the address system, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the plurality of security modules. Execution is the continued at the address received from the address system.
A method for a computer to execute an item of software including, the software including one or more security modules. At at least one point during execution of the item of software at which a predetermined function is to be performed, a request is sent to an address system for carrying out the predetermined function, the request including an identifier of the predetermined function. In response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules is received from the address system. The address is based, at least in part, on the identifier and verification data provided to the address system from at least one of the security modules. Execution of the item of software is then continued at the address received from the address system.
Methods and systems for providing secure digital access to services are described. Embodiments include user behavior tracking, learning, and updating one or more contextual access algorithms and thereafter can act as multi-factor authentications. The method may include receiving data for a group of users and initializing a machine learning algorithm with the group data. The method may also collect individual user data and context data periodically, including characteristic behavior data, and update the machine learning algorithm with the individual user data. The method may further calculate a threshold for tolerance based on the updated algorithm, and verify user requests for access to the service. A multi-factor authentication may be presented to the user when the verifications are not acceptable, such as by being below a threshold. A permissions data structure can be generated and used to control access to the service.
A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective second threshold for said first test, the respective second threshold greater than the respective first threshold; and when the respective first log-likelihood ratio exceeds the respective first threshold and the respective first log-likelihood ratio does not exceed the respective second threshold, either (a) determining to perform a further first test when a number of times that the first test has been performed is less than a predetermined maximum number of times or (b) determining to perform a second test when the number of times that the first test has been performed equals the predetermined maximum number of times; wherein performing the second test comprises: obtaining a second input for the second test based on the one or more biometric characteristics of the first user; and determining that the first user is the predetermined user when a second log-likelihood ratio for a third likelihood and a fourth likelihood exceeds a third threshold, wherein the third likelihood is a likelihood of receiving the respective second input based on the first model, and wherein the fourth likelihood is a likelihood of receiving the second input based on the second model; determining that the first user is not the predetermined user when the second log-likelihood ratio does not exceed the third threshold.
G06K 9/00 - Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
G07C 9/37 - Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
51.
Apparatus for monitoring and/or controlling mechanical equipment
0, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module.
The present application also relates to the apparatus for monitoring and/or controlling the mechanical equipment, and to a method of use of the apparatus with mechanical equipment.
H02K 35/02 - Generators with reciprocating, oscillating or vibrating coil system, magnet, armature or other part of the magnetic circuit with moving magnets and stationary coil systems
F16F 15/02 - Suppression of vibrations of non-rotating, e.g. reciprocating, systemsSuppression of vibrations of rotating systems by use of members not moving with the rotating system
G05D 19/02 - Control of mechanical oscillations, e.g. of amplitude, of frequency, of phase characterised by the use of electric means
G06Q 30/06 - Buying, selling or leasing transactions
H02K 11/00 - Structural association of dynamo-electric machines with electric components or with devices for shielding, monitoring or protection
H02J 7/32 - Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries for charging batteries from a charging set comprising a non-electric prime mover
52.
APPARATUS FOR MONITORING AND/OR CONTROLLING MECHANICAL EQUIPMENT
vibration0vibration00, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module. The present application also relates to the apparatus for monitoring and/or controlling the mechanical equipment, and to a method of use of the apparatus with mechanical equipment.
H02J 7/32 - Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries for charging batteries from a charging set comprising a non-electric prime mover
H02J 50/00 - Circuit arrangements or systems for wireless supply or distribution of electric power
53.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR CREATING SECURED COMPUTER CODE HAVING ENTANGLED TRANSFORMATIONS
Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.
Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user.
There are also described corresponding apparatuses, computer programs, and computer-readable media.
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
56.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/14 - Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/16 - Program or content traceability, e.g. by watermarking
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
60.
METHOD AND APPARATUS FOR FEEDBACK-BASED PIRACY DETECTION
Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique indentification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-on watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermarking patterns and detection and watermark pattern reconfiguration can be accomplished in an interative manner to find a specific node without the need to create unique watermark patterns for each node.
Systems, methods, and storage media for producing protected code in which functionality of the protected code can be verified are disclosed. Exemplary implementations may: receive computer source code that, when compiled and executed, produces functionality in accordance with code specifications, the code including executable code and annotations; apply transformations to at least one portion of the computer source code to produce transformed code having at least one transformed portion of executable code and annotations; store the transformed source code; create an additional annotation which includes verification properties and/or verification conditions that must hold true for the transformed code if the transformed code conforms to the code specifications, the annotation also including at least one hint; and store the annotation in correspondence to the relevant at least one transformed portion of the transformed source code to produce protected code.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
62.
METHOD AND APPARATUS FOR IMPLEMENTING A WHITE-BOX CIPHER
An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application. An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, Including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
63.
SYSTEMS, METHODS, AND STORAGE MEDIA FOR OBFUSCATING A COMPUTER PROGRAM BY REPRESENTING THE CONTROL FLOW OF THE COMPUTER PROGRAM AS DATA
Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data that is not source code are disclosed. Exemplary implementations may: receive source code of a computer program; parse the source code; extract the control flow of the source code; represent at least a portion of the control flow as a control flow model using a mathematical modeling language; store the control flow model as control flow data that represents the control flow of the program and is not executable code; and remove the at least a portion of the control flow from the source code, to thereby obfuscate the control flow of the source code and render the source code more resistant to tampering.
09 - Scientific and electric apparatus and instruments
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer software applications for smart phones and tablet devices; electronic apparatus for broadcasting, recording, transmitting, or reproduction of sound or images; blank tapes for storage of computer data; data processing equipment, namely, computers, computer programs for use in the reproduction, processing and streaming of audio, video and multimedia content, computer software for use in the distribution of digital content, computer chips; apparatus and instruments for the encoding and decoding of electrical signals; computer software for use in connection with content delivery for the internet; software for the protection of internet communications; software for the protection of data storage on computers; software for the protection of advertisement delivery; software for the protection of computer software including virus and fraud protection; computers, handheld computers, home video game consoles, set-top boxes, televisions and digital media streaming devices; apparatus and instruments for use in connection with the internet, namely, computers, handheld computers, set-top boxes, televisions and digital media streaming devices; blank smart cards; encoded smart cards containing programming used for the distribution of digital content; magnetically encoded identity cards. Forum services; portal services; voice, data, sound and image communication services; multi-media communication services; telecommunications services; radio, television, satellite and cable broadcasting services; transmission, provision and display of information for business or domestic purposes from a computer stored databank; hiring, rental and leasing of communication apparatus and instruments; subscription television and Internet broadcasting services; Providing access to websites on the Internet or any other communications network; providing access to and leasing access time to computer data bases. Design, installation, maintenance and repair of computer software; maintenance and updating of computer network software; computer hardware and software development; computer programming and computer software design services for others; design services for others in the field of computer networks, software, and engineering for the artificial intelligence field; product developmental research conducted in the fields of technology enhancement and technological products for use in the telecommunications industry and broadband industry via cable, telephone or satellite; provision of non-downloadable software; provision of cloud-based software; software as a service; provision of technical advice in respect of software for the protection of internet communications, software for the protection of data storage on computers; Providing temporary use of non-downloadable software.
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/62 - Methods or arrangements for recognition using electronic means
G10L 25/51 - Speech or voice analysis techniques not restricted to a single one of groups specially adapted for particular use for comparison or discrimination
G10L 25/78 - Detection of presence or absence of voice signals
G06K 9/00 - Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
G06K 9/46 - Extraction of features or characteristics of the image
A computer-implemented method, in which an access request in relation to data is received. There is Error Correcting Code (ECC) data relating to the data, and the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. The ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. A first integrity verification verifies the integrity of at least the data. If the first integrity verification procedure fails, an error analysis procedure is performed based on the data and the ECC data. Responsive to generation of corrected data by the error analysis procedure, a second integrity verification verifies the integrity of the corrected data. If the second integrity verification is successful, the access request is allowed using the corrected data.
A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
68.
CHANGE-TOLERANT METHOD OF GENERATING AN IDENTIFIER FOR A COLLECTION OF ASSETS IN A COMPUTING ENVIRONMENT
A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or more predetermined parameters; and wherein, in the absence of a modification relating to the verification code, use of the one or more predetermined parameters by the verification code ensures that the verification data represents an element of the second set and use of the runtime data by the verification code controls which element of the second set is represented by the generated verification data.
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G07C 5/00 - Registering or indicating the working of vehicles
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions being satisfied, the first entity and the second entity together performing shared secret establishment to establish the secret, wherein performing the shared secret establishment comprises the first entity using the public key of the second entity as represented in the message and the second entity using the public key of the first entity as represented in the protected item of software, wherein one of the conditions is performance by the first entity of a successful verification of the integrity of the message using the verification key.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions being satisfied, the first entity and the second entity together performing shared secret establishment to establish the secret, wherein performing the shared secret establishment comprises the first entity using the public key of the second entity as represented in the message and the second entity using the public key of the first entity as represented in the protected item of software, wherein one of the conditions is performance by the first entity of a successful verification of the integrity of the message using the verification key.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
75.
Method and apparatus for feedback-based piracy detection
Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermark patterns and detection and watermark pattern reconfiguration can be accomplished in an iterative manner to find a specific node without the need to create unique watermark patterns for each node.
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/8352 - Generation of protective data, e.g. certificates involving content or source identification data, e.g. UMID [Unique Material Identifier]
A method of generating a protected item of software, there being an execution path within code for the protected item of software that causes code for one or more second functions to be executed before executing code for a first function, wherein execution of the code for the one or more second functions causes data to be stored at one or more memory locations, the data satisfying a set of one or more predetermined properties, wherein, in the absence of an attack against the protected item of software when the code for the protected item of software is being executed, the first function is arranged to provide first functionality, the method comprising: configuring the code for the first function so that execution, by one or more processors, of the code for the first function provides the first functionality only if the set of one or more predetermined properties is satisfied by data being stored, when the first function is executed, at the one or more memory locations.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction. A second such method comprises: (a) providing access to one or more frames of pre-generated video content encoded in compressed video format; (b) displaying to a user initial video content encoded in compressed video format, the initial video content being based on one or more frames of the pre-generated video content, and the initial video content representing a plurality of graphical elements for selection by a user; (c) detecting a first user interaction occurring in response to the displayed initial video content; (d) determining a first graphical element selected by the user based on one or more properties of the detected first user interaction; (e) in response to the first user interaction, generating new video content encoded in compressed video format based on one or more frames of the pre-generated video content and the one or more properties of the first user interaction; and (f) displaying the new video content to the user.
There are also described corresponding apparatuses, computer programs, and computer-readable media.
A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.
H01L 23/00 - Details of semiconductor or other solid state devices
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
H01J 37/317 - Electron-beam or ion-beam tubes for localised treatment of objects for changing properties of the objects or for applying thin layers thereon, e.g. ion implantation
H01L 23/544 - Marks applied to semiconductor devices, e.g. registration marks, test patterns
H01L 25/065 - Assemblies consisting of a plurality of individual semiconductor or other solid-state devices all the devices being of a type provided for in a single subclass of subclasses , , , , or , e.g. assemblies of rectifier diodes the devices not having separate containers the devices being of a type provided for in group
79.
Systems and methods for creating individualized processing chips and assemblies
Systems and methods for producing individualized processing chips, each individualized processing chip being arranged to carry out a common processing operation are disclosed. A processing chip design is received, wherein the common processing operation is specified, at least in part, by the processing chip design. For each individualized processing chip the processing chip design is individualized to produce an individualized processing chip design, in accordance with an individualized set of transformations for the individualized processing chip, by including a respective set of modifications as part of the individualized processing chip design that implement the individualized set of transformations. Each transformation of the individualized set of transformations is a transform for an interconnect, specified in the processing chip design, of at least two logic cells specified in the processing chip design. For each individualized processing chip the individualized processing chip design is provided for fabrication of the individualized processing chip according to the individualized processing chip design. The individualized set of transformations for one individualized chip is different to the individualized set of transformations for at least one other individualized chip.
H01L 27/02 - Devices consisting of a plurality of semiconductor or other solid-state components formed in or on a common substrate including integrated passive circuit elements with at least one potential-jump barrier or surface barrier
G06F 21/14 - Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 111/20 - Configuration CAD, e.g. designing by assembling or positioning modules selected from libraries of predesigned modules
80.
Method and apparatus for session-based watermarking of streamed content
Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
H04N 21/2389 - Multiplex stream processing, e.g. multiplex stream encrypting
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
H04N 21/6377 - Control signals issued by the client directed to the server or network components directed to server
H04N 21/236 - Assembling of a multiplex stream, e.g. transport stream, by combining a video stream with other content or additional data, e.g. inserting a URL [Uniform Resource Locator ] into a video stream, multiplexing software data into a video streamRemultiplexing of multiplex streamsInsertion of stuffing bits into the multiplex stream, e.g. to obtain a constant bit-rateAssembling of a packetised elementary stream
H04N 21/238 - Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidthProcessing of multiplex streams
H04N 21/8352 - Generation of protective data, e.g. certificates involving content or source identification data, e.g. UMID [Unique Material Identifier]
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
81.
METHOD AND APPARATUS FOR SESSION-BASED WATERMARKING OF STREAMED CONTENT
Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.
H04N 21/2389 - Multiplex stream processing, e.g. multiplex stream encrypting
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/6377 - Control signals issued by the client directed to the server or network components directed to server
H04N 21/236 - Assembling of a multiplex stream, e.g. transport stream, by combining a video stream with other content or additional data, e.g. inserting a URL [Uniform Resource Locator ] into a video stream, multiplexing software data into a video streamRemultiplexing of multiplex streamsInsertion of stuffing bits into the multiplex stream, e.g. to obtain a constant bit-rateAssembling of a packetised elementary stream
H04N 21/238 - Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidthProcessing of multiplex streams
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
82.
Method and apparatus for policy-based management of assets
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.
A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method and system for watermarking content utilizing a user device GPU, Embodiments include receiving on a processing server a request from a video server for a video to be played on the user's device. The processing server may extract a set of identifying information, such as user information, from the request for the video. The processing server may further prepare shader software code which is to be executed on a GPU present on the user's device. The code preparation may include creating a watermarking procedure to be executed during playback on the user device. The processing server may further transmit the shader software code to the streaming video server to be transmitted to the user device for execution during video playback.
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.
G06K 9/00 - Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
G06F 17/30 - Information retrieval; Database structures therefor
G06K 9/62 - Methods or arrangements for recognition using electronic means
G10L 25/51 - Speech or voice analysis techniques not restricted to a single one of groups specially adapted for particular use for comparison or discrimination
G10L 25/78 - Detection of presence or absence of voice signals
G06K 9/46 - Extraction of features or characteristics of the image
G06N 3/04 - Architecture, e.g. interconnection topology
G06F 16/583 - Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
G10L 15/16 - Speech classification or search using artificial neural networks
There is described a computer-implemented method comprising: receiving an access request in relation to data, wherein there exists ECC data relating to the data, and wherein the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data; performing a first integrity verification procedure to verify the integrity of at least the data; responsive to a finding of non-integrity by the first integrity verification procedure, performing an error analysis procedure based on the data and the ECC data; responsive to generation of corrected data by the error analysis procedure, performing a second integrity verification procedure to verify the integrity of at least the corrected data; and responsive to a finding of integrity by the second integrity verification procedure, allowing the access request using the corrected data. Related methods, apparatuses, computer programs, and computer-readable media are also described.
A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/16 - Program or content traceability, e.g. by watermarking
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
A method for accessing content at a device, wherein the device is arranged to execute a digital rights management (DRM) client of a DRM system and wherein the device is arranged to receive a broadcast signal comprising a plurality of encrypted portions of content for an item of content, each encrypted portion being packaged in a format of a conditional access system and being decryptable using a corresponding decryption key, wherein the method comprises an application executing on the device performing the steps of: for each of one or more of the encrypted portions: converting said encrypted portion from being packaged in the format of the conditional access system to being packaged in a format of the DRM system; providing said encrypted portion is packaged in the format of the DRM system to the DRM client; and either (a) providing a rights object according to the DRM system to the DRM client or (b) triggering the DRM client to obtain a rights object according to the DRM system; wherein the rights object corresponds to said encrypted portion by comprising decryption key data for use by the DRM client to obtain the decryption key corresponding to said encrypted portion.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
H04N 21/4385 - Multiplex stream processing, e.g. multiplex stream decrypting
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
H04L 29/06 - Communication control; Communication processing characterised by a protocol
91.
Enabling a software application to be executed on a mobile station
The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication center. The software application is then enabled to be executed in further dependence of the second response data.
H04B 1/3816 - Mechanical arrangements for accommodating identification devices, e.g. cards or chipsTransceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving with connectors for programming identification devices
There is described a method of monitoring a peer-to-peer network. The method comprises: (i) monitoring network traffic between a first peer and the peer-to-peer network so as to identify a first subset of peers in the peer-to-peer network; and (ii) preventing the first peer from communicating with at least one peer in the first subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to-peer network so as to enable identification of the at least one further peer. In addition, there is described a peer-to-peer network monitor for monitoring a peer-to-peer network, wherein the monitor is operable to monitor network traffic between a first peer and the peer-to-peer network so as to identify a subset of peers in the peer-to-peer network in communication with the first peer, and wherein the monitor is operable to prevent the first peer from communicating with at least one peer in the subset of peers to thereby cause the first peer to communicate with at least one further peer in the peer-to-peer network so as to enable the monitor to identify the at least one further peer. Corresponding computer programs and computer-readable media are also described.
A method of operating a system, wherein the system comprises a plurality of components, the method comprising: maintaining a distributed ledger, wherein the distributed ledger comprises data records, wherein each data record stores information concerning one or more respective components of the plurality of components; at least one component of the plurality of components processing the information stored in one or more respective data records of the distributed ledger to determine whether the system meets one or more respective security criteria; and one or both of: (i) the at least one component performing a respective first action if the at least one component determines that the system meets the one or more respective security criteria; and (ii) the at least one component performing a respective second action if the at least one component determines that the system does not meet the one or more respective security criteria.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
94.
Enabling a software application to be executed on a hardware device
The invention provides a method, a hardware circuit and a hardware device for enabling a software application to be executed on a hardware device in dependence of the hardware circuit, while preventing the execution of a binary copy of the application in another hardware device. Challenge data originating from the software application is input to a hardware circuit of the hardware device, wherein the hardware circuit is configured to perform a deterministic function. Response data is generated by the hardware device, which is used to manipulate at least a part of the software application to thereby enable the software application to be executed.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or more predetermined parameters; and wherein, in the absence of a modification relating to the verification code, use of the one or more predetermined parameters by the verification code ensures that the verification data represents an element of the second set and use of the runtime data by the verification code controls which element of the second set is represented by the generated verification data.
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
96.
Method and apparatus for executing a process on a device using memory privileges
A method and apparatus for executing a process on a device, the device including one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege. The method includes obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, and wherein the portion of the memory has an associated second type of privilege that is different from the first type of privilege.
A method for a first entity to protect a first amount of data and to enable a second entity to perform data processing based on the first amount of data, the method comprising the first entity: applying a predetermined function to the first amount of data to generate a first value; and generating a second amount of data for the second entity to process, said generating comprising combining, using a first combination function, each of a number N of elements of the first amount of data with the first value; wherein the predetermined function is a function for which application of the predetermined function to an input quantity of data generates a corresponding output value, and the predetermined function has a property that, given a second quantity of data generated by modifying each of N elements of a first quantity of data by combining, using the first combination function, each of those N of elements of the first quantity of data with the output value generated by applying the predetermined function to the first quantity of data, the first quantity of data is regenerated from the second quantity of data by combining, using a second combination function, each of the N modified elements with the output value produced by applying the predetermined function to the second quantity of data.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
G06F 21/14 - Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
99.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 12/14 - Protection against unauthorised use of memory
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 9/44 - Arrangements for executing specific programs
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
100.
Method and system for preventing and detecting security threats
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
