Abstract: A method for generating a secure one-time network for a new device includes receiving an instruction at an access point for generation of a one-time network. A wireless network adapter is configured by the access point when connected to the access point. The wireless network adapter is moved to the new device and the one-time network is activated by the access point. The new device uses the wireless network adapter to access the resources of the access point via the one-time network. Access to the one-time network via the wireless adapter is performed without exposing any network keys to the user of the new device.

Abstract: Passing messages between two virtual machines that use a single multicore processor having inclusive cache includes using a cache-based covert channel. A message bit in a first machine is interpreted as a lowest level cache flush. The cache flush in the first machine clears a L1 level cache in the second machine because of the inclusiveness property of the multicore processor cache. The second machine reads its cache and records access time. If the access time is long, then the cache was previously cleared and a logical 1 was sent by the first machine. A short access time is interpreted as a logical 0 by the second machine. By sending many bits, a message can be sent from the first virtual machine to the second virtual machine via the cache-based covert channel without using non-cache memory as a covert channel.

Abstract: A method and an apparatus for providing feedback on input of data. A processor iteratively receives a character of the data and generates a feedback output from the received character and a feedback output generated previously. The processor also outputs the feedback output. The processor preferably belongs to an apparatus that further comprises a user interface, through which the data is received. It is preferred that the feedback output is an image, preferably generated from at least one of geometric shapes, colours, rotations of the image and flips of the image. The feedback output for a first received character can be based on the first received character and a starting output and it is preferable that when the data are a password, the starting output is generated from user related data.

Abstract: A controlled system performs internal taint tracking of data items. When a data item is created, the controlled system computes a name and a taint for the data item and performs an initialization function, thus informing a tracking entity that of the name and data of the data item. The taint is propagated to further data items, while the name may change, and when a data item is exported to or imported from a further device, the controlled system informs the tracking entity of the name and taint of the exported or imported data item as well as its source and destination. A controlled system may request a propagation history from the tracking entity. As the tracking entity is shared by more than one controlled system, it is possible to perform taint tracking across controlled systems even if these do not use the same taint tracking framework.

Abstract: A method of protecting a graphical object represented by a list of vertices and a list of surfaces, each surface being defined by a number N vertices. A device selects a surface S with N vertices; computes a new vertex d using a random or pseudo-random function; inserts the new vertex d into the list of vertices; creates N new surfaces S1-SN from the surface S and the new vertex d; and replaces the selected surface S by the new surfaces S1-SN in the list of surfaces. The device preferably iterates the method. The device may shuffle the list of vertices with the inserted vertices. Also provided is an unprotection method and corresponding devices and computer readable storage media.

Abstract: A method and a fingerprinting device for countering fingerprint forgery in a communication system. The fingerprinting device obtains and stores a reference fingerprint for a client device, generates and transmits decoy traffic that appears to originate from the client device, the decoy traffic having different fingerprinting properties than real traffic from the client device, generates a fingerprint for non-decoy traffic purportedly from the client device, and compares the generated fingerprint with a reference fingerprint. A forged fingerprint is detected if there is a mismatch. The decoy traffic preferably comprises frames to which no response is needed. The invention is particularly suited for 802.11 using fingerprints based on duration fields of received frames and the decoy traffic is then preferably probe request frames and null data frames.

Abstract: A method for discovering emulated clients. A verifier sends a cryptographic challenge C to a client and preferably starts a timer. The client uses a deterministic key search algorithm to find the correct key and returns the result as a number of tries needed. The verifier then stops the timer if this was started and verifies that the result is correct and preferably that the response was timely. Also provided is a verifier.

Abstract: Enforcing a global access policy, comprising a global access rule for a user's devices, for consumption of a content item. The user's devices advantageously comprise a set-top box, a tablet and a gateway. The gateway is configured to split the global access rule into local access rules for the set-top box and the tablet so that independent consumption of the content item by the set-top box and the tablet according to the respective local access rules does not violate the global access rule; and to send the local access rules to a first and a second enforcement point, which are configured to receive a request to access the content item from a user device; and allow or inhibit access to the content item depending on whether or not access to the content item is authorized by the local access rule for the user device from which the request was received.

Abstract: A method for fingerprinting at least one network device is disclosed which comprises, in a monitoring device, computing a passive fingerprint from a plurality of parameters of the at least one network device. And in the at least one network device, modifying at least one parameter among the plurality of parameters of the at least one network device by applying to the at least one parameter a diversity function; wherein the diversity function is chosen in such a way that variations of the modified parameter of each network devices are not correlated; and wherein a variation range of the at least one modified parameter is inferior to a first value so that a variation range of the passive fingerprint for each of the at least one network device is limited to a determined range. A network device, modifying at least one parameter among the plurality of parameters of the at least one network device by applying to the at least one parameter a diversity function is further disclosed.

Abstract: To code a digital object, a sender encrypts its data to obtain a bitstream that is converted into a set of points that are then packaged and the coded object is output. A receiver receives and unpacks the coded object to obtain the set of points, converts the set of points to a bitstream that is decrypted to generate the original object that is output. The invention is particularly suited for protection of 3D objects, but it can also be used to protect any kind of digital data, in which case it may be possible to append the protected data of another kind to a 3D object.

Abstract: A user device encrypts data and privacy attributes associated with the data. A processing device receives the encrypted data and privacy attributes, receives a signed script from a requester and verifies the signature. If successfully verified, the private key is unsealed and used to decrypt the privacy attributes and script attributes, which are compared to determine if the script respects the privacy attributes. If so, the encrypted data are decrypted and the script processes the private data to generate a result that is encrypted using a key of the requester and the encrypted result is then output. The device is preferably configured to inhibit the output of any information while the data is unencrypted. This way, the user can be ensured that the processing of the private data respects the privacy attributes set by the user.

Abstract: A network, advantageously a home network, comprises a number of user devices, for example personal computers, game consoles and smartphones, each having an estimator application, preferably voluntarily installed by the user. The network further comprises a network device that acts as an interface between the network and an external network. The estimator applications measure the network traffic for its user device, while the network device in parallel generates an independent measurement of the network consumption. The measurements are then compared. If the difference between the sum of the measurements from the estimator applications and the measurement of the network device is below a fixed threshold, it is assumed that the measurements are valid for the considered measurement time interval. Otherwise, the difference is an indication that at least one estimation was incorrect.

Abstract: Rendering second screen information on a second screen device. A user device receives information characterizing the source of a content data stream and the content data stream; generates a watermark payload using a plurality of parameters comprising the information and a time of the user device; and inserts a watermark comprising the watermark payload into the content data stream that is rendered. The second screen device captures the watermark and extracts the watermark payload and then at least one of the plurality of parameters; generates, using the at least one extracted parameter, a request that is sent the request to a server; receives information from the server in response to the request; and displays the received information on a screen of the second screen.

Abstract: A distributed communication and data sharing system that provides anonymity and unlinkability. A group comprising a number of structures, each having a public/private key pair, is stored on a plurality of nodes in a Distributed Hash Table. Advantageous features of the group management system are provided through the use of Cryptographically Generated Addresses (CGA) for the structures, a secure capture method that enables a user to capture an address and be the only one authorized to request certain operations for the address, and an anonymous get/set mechanism in which a user signs messages, encloses the public key in the message and encrypts the message and public key using the public key of the receiver. The distributed communication and data sharing system of the invention can advantageously be used for group management of social networks.

Abstract: A method and a fingerprinting device for countering fingerprint forgery in a communication system. The fingerprinting device obtains and stores a reference fingerprint for a client device, generates and transmits decoy traffic that appears to originate from the client device, the decoy traffic having different fingerprinting properties than real traffic from the client device, generates a fingerprint for non-decoy traffic purportedly from the client device, and compares the generated fingerprint with a reference fingerprint. A forged fingerprint is detected if there is a mismatch. The decoy traffic preferably comprises frames to which no response is needed. The invention is particularly suited for 802.11 using fingerprints based on duration fields of received frames and the decoy traffic is then preferably probe request frames and null data frames.

Abstract: A method of protecting a graphical object represented by a list of vertices and a list of surfaces, each surface being defined by a number N vertices. A device selects a surface S with N vertices; computes a new vertex d using a random or pseudo-random function; inserts the new vertex d into the list of vertices; creates N new surfaces S1-SN from the surface S and the new vertex d; and replaces the selected surface S by the new surfaces S1-SN in the list of surfaces. The device preferably iterates the method. The device may shuffle the list of vertices with the inserted vertices. Also provided is an unprotection method and corresponding devices and computer readable storage media.

Abstract: A method for fingerprinting wireless devices and a method for using a device fingerprint for identifying wireless devices. A monitoring station listens to a channel. For each received frame, the station measures the inter-arrival time from the end of the previously received frame to the end of the present frame, if possible, the station obtains the identity of the sender of the frame. If the sender is known, then the station stores the inter-arrival time in a histogram for the sender; the histogram becomes the fingerprint for the sender. Identification of a device begins by obtaining a number of inter-arrival times for an unknown sender and then matching these to stored fingerprints using a suitable similarity measure. The invention is particularly suitable for IEEE 802.11 and may for example be used to detect so-called MAC spoofing and as an additional layer of an identification protocol.

Abstract: The invention relates to a method for inserting a new device in a community of devices wherein each device of the community is able to store insertion requests received from at least one new device and to forward these insertion requests to a device chosen by a user of the community for confirming authorization to join the community.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: A network, advantageously a home network, comprises a number of user devices, for example personal computers, game consoles and smartphones, each having an estimator application, preferably voluntarily installed by the user. The network further comprises a network device that acts as an interface between the network and an external network. The estimator applications measure the network traffic for its user device, while the network device in parallel generates an independent measurement of the network consumption. The measurements are then compared. If the difference between the sum of the measurements from the estimator applications and the measurement of the network device is below a fixed threshold, it is assumed that the measurements are valid for the considered measurement time interval. Otherwise, the difference is an indication that at least one estimation was incorrect.