Abstract: The invention relates to embedding data into a luminance output generated by an illumination system comprising a light source and a controller. The controller is configured to embed data by modulating a drive signal applied to the light source with an information signal comprising a shifted base code and a synchronization code. The synchronization code serves to provide synchronization for the receiver, while the shifted base code serves to carry the embedded data. A cyclic phase shift that is applied to a base code to generate the shifted base code corresponds to particular data, such as, for example, light source identification, that needs to be embedded into the luminance output of the illumination system. In this manner, data may be embedded into the luminance output generated by a light source without requiring synchronization of this light source with other light sources.

Abstract: The invention relates to a method of copy-protection of information stored on an information carrying medium. The method allows a reading device (e.g. a DVD drive) and an application device (e.g. an MPEG decoder) to exchange copy-protection information regarding the information carrying medium (e.g. an optical record carrier like a CD or DVD) and the content on that medium. The method is cryptographically secure, taking into account the situation where reading device and application device are connected to an open bus in a personal computer. In view of the high-volume nature of the drive, the method can be implemented cheaply. The inventive method is robust against a so-called man-in-the-middle attack. The invention relates also to a method of exchanging copy-protection information, to a copy-protection system and to devices for carrying out these methods, in particular a reading device, an application device and a device for playback and/or recording of information.

Abstract: A method of generating an authorization status list, comprising generating a run-length encoded representation of an authorization status of a number of devices and storing the representation in the authorization status list. Preferably comprises generating the representation by indicating, for each of a number of ranges of devices, the devices in a particular range having a same authorization status, the number of devices in each of said ranges, together with for each of said ranges the authorization status shared by the devices in each of said ranges. A range may then be omitted if it is of a predetermined length.

Abstract: This invention relates to an authentication method for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a subauthorization, the operation is still performed. Further, a device that comprises a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list.

Abstract: The present invention relates to a content protection method and system as well as to a reproduction method and device providing copy protection of electronic content. In order to provide protection against illicit copying by consumers as well as by authoring and formatting facilities content-dependent encryption of the content is proposed. In an encryption step the content (C0) is encrypted using an application key (AK) and/or a disc key (DK). Further, a content-dependent content mark (AK?, H, MAC) is generated using said content (C0), which content mark is to be evaluated during decryption of said encrypted content (C2).

Abstract: To prevent copying of content on interfaces, a secure authenticated channel (SAC) must be set up. This requires authentication between devices. The invention proposes an authentication protocol where a first device (e.g. a PC) authenticates itself to a second device (e.g. a peripheral device) using a challenge/response protocol and a second device authenticates itself using a zero knowledge protocol, where preferably a secret of the zero knowledge protocol is scrambled and cryptographically bound to the key-block.

Abstract: The invention relates to a method, a device, a client-server system as well as a computer program product and computer program element for handling digital silence when fingerprinting digital media signals. A fingerprint comprising a number of sub-fingerprints for at least a part of the digital media signal is generated, (step 42), and the influence of at least one piece of the media signal on the fingerprint is removed or changed, (step 48), which piece corresponds to digital silence. The invention in a reliable way avoids a wrong identification of media signals, such as audio signals, where digital silence is included. The invention is also easy to implement by only requiring some of the functionalities already provided in a computer.

Abstract: Watermark-detection in the graphics card of a personal computer, for the purpose of copy-protection, has recently started to draw a lot of attention in standardization. Detection in the graphics card has problems completely different from the formerly considered detection in the DVD-drive, having to do with high data-rates, large scale-ranges and presence of multiple video-streams in the display area. This invention proposes conversion (32) of the computer's RGB output into a luminance signal (Y) prior to watermark detection by a conventional watermark detector (31) being arranged to detect the watermark in a such a luminance signal. The resolution of the monitor image to be inspected is preferably converted (33) to the conventional TV resolution of the (MPEG2-compressed) contents being played back on the computer's DVD drive. In graphic cards providing multiple outputs (VGA, TV, DVI), the same watermark detector may be time-sequentiall connected (34) to each of the outputs.

Abstract: Watermark-detection in the graphics card of a personal computer, for the purpose of copy-protection, has recently started to draw a lot of attention in standardization. Detection in the graphics card has problems completely different from the formerly considered detection in the DVD-drive, having to do with high data-rates, large scale-ranges and presence of multiple video-streams in the display area This invention proposes examining (36) the video signal being generated by the computer system to locate image areas in which the video signal changes from frame to frame, and defining (37) a bounding box around said image areas and considering an area of interest this found as being a window in which an application is running. After approriate scale conversion (32), conventional watermark detection (31) is subsequently applied to said window. This prevents hackers from rendering illegal contents in one window while playing back a compliant disk in the DVD drive (10).

Abstract: A method of and device for controlling import of content into a domain comprising a number of devices. The method comprises checking for the presence of a domain watermark in the content, and if the domain watermark is found in the content, refusing import of the content into the domain, and if the domain watermark is not found in the content, allowing import of the content into the domain and causing the domain watermark to be embedded into the content. Optionally, re-importing into the “original” domain might be allowed. In this embodiment the method further comprises refusing import of the content into the domain if the domain watermark is found in the content unless the identifier matches an identifier for the domain. Other payloads in the domain watermark can be used to e.g. implement location- or time-based restrictions on import.

Abstract: The rewritable data storage medium (1) has a rewritable recording layer (9) provided with a tracking structure (8). Said layer (9) has a data recording area (5). An erasable identification mark is present in an identification mark area (4, 4?) other than the data recording area (5). The data recording area (5) has a first tracking structure (8?), whereas the identification mark area (4, 4?) is substantially free from a tracking structure or has a second tracking structure (8?) substantially different from the first tracking structure (8?). Thus erasure of the identification mark is practically impossible, because the location of the erasing spot of a recorder cannot be controlled precisely in radial direction.

Abstract: The invention relates to methods and arrangements for processing a signal using a digital processor having a given word length.

Abstract: In whilelist-based authentication, a first device (102) in a system (100) authenticates itself to a second device (103) using a group certificate identifying a range of non-revoked device identifiers, said range encompassing the device identifier of the first device (102). Preferably the device identifiers correspond to leaf nodes in a hierarchically ordered tree, and the group certificate identifies a node (202-207) in the tree representing a subtree in which the leaf nodes correspond to said range. The group certificate can also identify a further node (308, 310, 312) in the subtree which represents a sub-subtree in which the leaf nodes correspond to revoked device identifiers. Alternatively, the device identifiers are selected from a sequentially ordered range, and the group certificate identifies a subrange of the sequentially ordered range, said subrange encompassing the whitelisted device identifiers.

Abstract: A certifying authority provides a method for whitelist-based controlling of authentication of a first device (102) in a system (100) to a second device (103). The method comprises issuing to the first device (102) a group certificate identifying a range of non-revoked device identifiers, said range encompassing the device identifier of the first device (102). Preferably the device identifiers correspond to leaf nodes in a hierarchically ordered tree, and the group certificate identifies a node (202-207) in the tree representing a subtree in which the leaf nodes correspond to said range. The group certificate can also identify a further node (308, 310, 312) in the subtree which represents a sub-subtree in which the leaf nodes correspond to revoked device identifiers. Alternatively, the device identifiers are selected from a sequentially ordered range, and the group certificate identifies a subrange of the sequentially ordered range, said subrange encompassing the whitelisted device identifiers.

Abstract: The present invention relates to a method of verifying the integrity of system data, particularly of copy protection information like an Effective Key Block or a Media Key Block including revocation data for revoking untrusted devices. At present cryptographic information relating to content-protection is prerecorded on disks. In order to avoid that this information is changed which poses a security risk, a cryptographic hash of the cryptographic information is stored on the disk in read-only manner according to a known method. However, the processing according to a known method is slow and increases the start-up time. This problem is solved according to the present invention by a method of verifying the integrity of system data, comprising the steps of: generating a cryptographic key from said system data, generating check data from said cryptographic key using a hash function, and verifying the integrity of said system data by comparing the generated check data with a trusted version of said check data.