Abstract: Techniques for authentication of digital recordings are provided. An element of encrypted data is output in a recording environment. The element of encrypted data, embedded in a digital recording comprising at least one of audio data and image data captured in the recording environment, is extracted. A decrypted value is generated based on a private key and the first element of encrypted data, and the first decrypted value and a stored value associated with a first element of the digital recording are compared. The digital recording is authenticated based on the first decrypted value substantially matching the stored value.

Abstract: A method for generating a signature is disclosed. As part of the method, a first number of bits are identified in respective rows of an audio signature matrix that are determined to be the strongest bits in the row, bits of the audio signature matrix are replaced with respective cells having values depending on whether the respective bits are included in the first number of bits, a set of uniformly distributed numbers are generated within a range of numbered locations corresponding to cells of the audio signature matrix; numerical distances are determined, from respective numbers in the set of uniformly distributed numbers, to the numbered locations of the matrix, associated with nearest occurrences of a first value. A set of integers is generated based on the distances.

Abstract: At a high level, embodiments of the invention relate to augmenting video data with presence data derived from one or more proximity tags. More specifically, embodiments of the invention generate forensically authenticated recordings linking video imagery to the presence of specific objects in or near the recording. One embodiment of the invention includes video recording system comprising a camera, a wireless proximity tag reader, a storage memory and control circuitry operable to receive image data from the camera receive a proximity tag identifier identifying a proximity tag from the proximity tag reader, and store an encoded frame containing the image data and the proximity tag identity in the storage memory.

Abstract: A process control system software security architecture, that is more effective at preventing zero-day or other types of malware attacks, implements the use of “least privileges” when executing the applications and services run within a computer device. The least privileges based architecture separates “service” processes from desktop applications that run on behalf of a logged-on user by partitioning the global namespace of the software system into service namespaces and logged-on user namespaces, and by strictly controlling communications between the applications and services in these different namespaces using interprocess communications. Moreover, the security architecture uses custom accounts to assure that each service process has the least set of privileges that are needed for implementing its function regardless of the privileges associated with the calling application or user.

Abstract: Methods, systems, and computer programs are presented for a self-encrypting device (SED) incorporated into a host system. In one example, the host system includes a memory, a processor, a data channel in communication with the memory and the processor, and the SED. The SED comprises an authentication subsystem, a storage subsystem that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem, a radio frequency (RF) transceiver, and a data interface in electrical contact with the data channel. The data interface is locked from sending and receiving data until the SED is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

Abstract: Methods, systems, and computer programs are presented for managing electronic devices with autonomous wireless authentication. In one example, the security system includes one or more computer processors, a memory, and a communication channel configured to be coupled to an electronic system. The security system further includes a radio frequency (RF) transceiver configured to receive user-authentication information from a wireless device, and an authentication subsystem for authenticating a user. The authentication subsystem enables the use of the electronic system based on the received user-authentication information. Further, the authentication subsystem sends, over the communication channel, an enable command to the electronic system after the user is authenticated, and the electronic system is not operable until the enable command is received.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: In one embodiment, a video stream is received, and a spatially distinct region of a frame in the received video stream to be modified is identified, the spatially distinct region of the frame being encoded separately from any other region in the frame. A segment of the spatially distinct region of the frame to be modified is extracted. The extracted segment of the spatially distinct region is modified. The extracted segment of the spatially distinct region into a single-segment spatially distinct region is encoded. A network abstraction layer (NAL) header is associated with the encoded single-segment spatially distinct region. The encoded single-segment spatially distinct region and its associated NAL header is inserted into the received video stream following the identified spatially distinct region of the frame to be modified. Related methods, systems and apparatus are also described.

Abstract: A method of anonymously matching a buyer to a seller comprises receiving, at a server from the buyer, an approval model in byte code format, encrypting, by the seller, customer data to produce encrypted customer data, executing, by the server, the approval model using the encrypted customer data as an input, generating, by the server from the executed approval model, a transaction response, determining, by the server, that the transaction response comprises an approval of at least one product, publishing, to the server by the seller, the product lead, receiving, at the server from the buyer, an acceptance of the product lead based on the approval, and sending, by the server, the customer data to the buyer in response to receiving the acceptance of the product lead. The customer data can correspond to a product lead.

Abstract: A portable storage apparatus and method used for storing sensitive data of a user and/or of an external device, said portable storage apparatus comprising an authentication unit adapted to authenticate the user and/or the external device connected to the portable storage device; at least one processing unit adapted to encrypt the sensitive data requiring a high security level, SL, with a secure encryption key, K, loaded from a key storage of the portable storage apparatus; and a switching unit adapted to switch the processing unit to a high security level, SL, data memory of the portable storage apparatus to store the encrypted sensitive data if the high security level, SL, data memory is selected by an authenticated user or by an authenticated external device.

Abstract: An information processing apparatus includes a first network interface configured to accept access from a terminal on a first network, a second network interface configured to accept access from a terminal on a second network, a hardware processor configured to process access from a terminal on the first network and a terminal on the second network, and a memory. The memory includes a first area configured to store data received from the terminal on the second network. The second network is higher in security level than the first network. Access to data stored in the first area from the terminal on the second network is permitted and access to data stored in the first area from the terminal on the first network is restricted.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: A wearable camera system includes a wearable camera, an in-car recorder, and an in-car camera. One of the in-car recorder and the wearable camera transmits video recording starting information including information indicating that video recording has been started to the other of the in-car recorder and the wearable camera when one of the in-car recorder and the wearable camera starts the video recording. The other of the in-car recorder and the wearable camera starts video recording after the video recording starting information is received.

Abstract: In one embodiment, an apparatus includes a processor to receive a primary video, select first sections of the primary video in which to include units of data for use in watermarking, select second sections of the primary video, each second section including a first data item without which at least one video unit of the primary video cannot be rendered or rendered correctly, replace each first section with at least two watermark variants, replace each second section with at least two watermark variant decoys, wherein the apparatus is operative to operate in an environment including an end-user device operative to select one of the watermark variants for each first section and one of the watermark variant decoys for each second section for rendering as part of an interleaved video stream including the primary video in order to embed units of data of an identification in the interleaved video stream.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: A wearable camera system includes a wearable camera, an in-car recorder, and an in-car camera. One of the in-car recorder and the wearable camera transmits video recording starting information including information indicating that video recording has been started to the other of the in-car recorder and the wearable camera when one of the in-car recorder and the wearable camera starts the video recording. The other of the in-car recorder and the wearable camera starts video recording after the video recording starting information is received.

Abstract: The VIDEO DELIVERY EXPEDITION APPARATUSES, METHODS AND SYSTEMS (“VDE”) transform Internet content data access request via VDE components into media content playback at a client device. In one implementation, the VDE may issue a notification or a user interface element to a user after delivery of a process one data from the server to a client; and trigger a background delivery of a process two data, wherein the triggering occurs when the user initiates playback of said process one data.

Abstract: A method for generating a signature is disclosed. As part of the method, a first number of bits are identified in respective rows of an audio signature matrix that are determined to be the strongest bits in the row, bits of the audio signature matrix are replaced with respective cells having values depending on whether the respective bits are included in the first number of bits, a set of uniformly distributed numbers are generated within a range of numbered locations corresponding to cells of the audio signature matrix; numerical distances are determined, from respective numbers in the set of uniformly distributed numbers, to the numbered locations of the matrix, associated with nearest occurrences of a first value. A set of integers is generated based on the distances.

Abstract: An apparatus includes a processor configured to execute a process including: acquiring purchase propriety information and purchase condition information of software by unit of an account or a device before receiving a purchase request of the software, determining propriety of the purchase request based on the acquired purchase propriety information and purchase condition information when the purchase request of the software is received, and transmitting the purchase request when the purchase request is determined to be valid.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: Systems and methods for detecting potential steganography use to hide content in computer files transmitted via electronic communications are provided. An electronic communication associated with a computer file may be identified. The communication and the computer file may be analyzed to determine whether the computer file potentially includes hidden content. To determine whether the computer file potentially includes hidden content, a set of steganographic criteria may be analyzed. If at least a portion of the steganographic criteria are satisfied, then it may be determined that the computer file potentially includes hidden content. If at least a portion of the steganographic criteria are not satisfied, then it may be determined that the computer file does not potentially include hidden content. If the computer file is determined to potentially include hidden content, an individual may be notified of the communication associated with the computer file.

Abstract: Tracking lineage of data. A method may be practiced in a network computing environment including a plurality of interconnected systems where data is shared between the systems. A method includes accessing a dataset. The dataset is associated with lineage metadata. The lineage metadata includes data indicating the original source of the data, one or more intermediary entities that have performed operations on the dataset, and the nature of operations performed on the dataset. A first entity performs an operation on the dataset. As a result of performing a first operation on the dataset, the method includes updating the lineage metadata to indicate that the first entity performed the operation on the dataset. The method further includes providing functionality for determining if the lineage metadata has been compromised in that the lineage metadata has been at least one of removed from association with the dataset, is corrupted, or is incomplete.

Abstract: A privacy-preserving verification methodology for SoC computing systems is described. The verification methodology utilizes the principles of Multi-Party Computation (“MPC”), and enables meaningful manipulation of encrypted data in the encrypted domain through the use of a fully homomorphic encryption (“FHE”) scheme. In the described verification methodology, IP logic is transformed and test vectors utilized to verify the IP logic are encrypted. The parties involved in the verification (e.g., the designer, the manufacturer, a third-party verification service, etc.) can functionally verify the IP core via the encrypted test vectors while the encrypted test vectors remain in the encrypted domain. Accordingly, the IP core is verified without revealing unwarranted information, such as the underlying IP behind the SoC.

Abstract: A service provider based security system of a cellular network includes a security device that is deployed in the cellular network. The security device receives and monitors cellular network traffic to identify a data packet of the cellular network traffic that is associated with a graphics protocol. Responsively, the security device creates a digital fingerprint using unique service provider specific information and/or a portion of the data packet. The security device encrypts the digital fingerprint. Further, the encrypted digital fingerprint is embedded in a header of the identified data packet and/or stored in a database coupled to the security device for further access by authorized users. Additionally, the security device determines a security action that is to be executed in association with the identified data packet.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: Debugging information for content rendered for display on a client device can be included in one or more watermarks inserted into the content. Performance, state, configuration, debugging, and other information can be encoded into a watermark and placed in rendered content in such a way that the information is imperceptible to most users. When a user reports a potential issue or problem, the user (or another source) can provide a version of the image frame corresponding to the issue, which enables the watermark to be located and the data extracted. A checksum or other value can be used to ensure that a complete and valid watermark was obtained. The data extracted from the watermark can then be used to attempt to identify and/or diagnose the potential issue without having to have access to the client device or communication with the user.

Abstract: According to one example, a method performed by a computing system includes determining that a size of key data to be stored within a kernel memory is greater than a threshold value. The threshold value is based on a size value associated with maintaining the key data outside of the kernel memory. The method further includes allocating a block of memory within a volatile memory store, the block of memory being outside the kernel memory, storing the key data within the block of memory, and storing, within the kernel memory, a pointer to the key data.

Abstract: A browser includes modules to provide markup language applications with access to cryptographic functions executing in a secure zone. Non-secure operations associated with the cryptographic functions called by the markup language application may be executed in a virtual machine. Sensitive data such as cryptographic keys may be “wrapped” or encrypted by the secure zone using a key. The encrypted sensitive data may then be stored in non-secure memory for further use. Upon request by the cryptographic functions, the encrypted sensitive data may be retrieved and decrypted with the secure zone for use.

Abstract: The present invention relates to a method to access a data store previously locked using a passphrase from a device. The method includes the following steps, when the user requests access to the data store: requesting the user to enter the personal code; generating an access code by applying a first function to at least the entered personal code; sending out, to the server, at least an identifier of the device and the access code; for the server, comparing the access code with the preliminary received first function; for the server, if the access code is correct, returning the passphrase to the device; and for the device, unlocking the data store using the received passphrase in combination with the entered personal code.

Abstract: Computing devices having access control are disclosed. The computing device may include a display, one or more processors, a non-transitory storage media, a communication interface, and an operating system. The storage media may include instructions stored therein that are configured to be executed by the one or more processors. The stored instructions may include instructions for reading an identifier (ID) of a physical key via the communication interface. The stored instructions may additionally include instructions for determining whether the ID read from the physical key is included on a list of paired physical keys. The stored instructions may further include instructions to communicate to the operating system an authorization signal equivalent to input of a valid password when the ID read from the physical key is included on the list of paired physical keys.

Abstract: Methods are provided for encoding watermark information into media data containing a series of digital samples in a sample domain. The methods involve: dividing the series of digital samples into a plurality of sections in the sample domain, each section comprising a corresponding plurality of samples; processing the corresponding plurality of samples in each section to obtain a single energy value associated with each section; grouping the sections into groups, each group containing three or more sections; for each group, assigning a nominal bit value according to a bit assignment rule, assigning a watermark bit value and comparing the watermark bit value to the nominal bit value. If the nominal bit value and the watermark bit value do not match, modifying one or more energy values of one or more corresponding sections in the group where re-application of the bit assignment rule would assign the watermark bit value to the group.

Abstract: A computer system for managing toilet training of a person is provided. The computer system includes a memory device, a display device, and a processor in communication with the memory device and the display device. The processor is programmed to receive a first trigger event associated with a toilet training event. The processor is also programmed to display, on the display device, a first multi-media presentation based at least in part on said receipt of the first trigger event. The processor is further programmed to collect feedback data from a user. The processor is also programmed to store the feedback data in the memory device.

Abstract: A system and method to watermark an uncompressed content received at a client device in a compressed form and encrypted by at least one content key, said content key as well as watermark instruction forming Conditional Access Module (CAS) data, said CAS data being encrypted by a transmission key and comprising at least one signature to authenticate the CAS data, said client device comprising a CAS configured to process the CAS data, a descrambler having an input to receive the encrypted compressed content and an output to produce an compressed content, a decoder to convert the compressed content into uncompressed content, a watermark inserter connected to the output of the decoder, a secure activation module connected with the watermark inserter, a secure element connected with the watermark inserter and the secure activation module.

Abstract: Systems and methods are presented for presenting segments of an uncensored version of a media asset on a second device while a censored version of the media asset is displayed on a first device. These systems and methods allow a user to view only the segments of the uncensored version of the media asset that do not overlap with the censored version, i.e., the inappropriate content that is censored. During a defined timeframe, the system presents the audio portion or the audio and video portion of the uncensored media asset on the second device, but does not present them otherwise. In some instances, the system enables both the audio and video of the uncensored version on the second device throughout the entirety of the media asset, but selectively mutes and unmutes the audio based on determining non-overlapping segments.

Abstract: Methods and apparatuses are presented for securely providing digital streaming data to subscriber devices using encrypted wavelet meshes. A recorded image may be subdivided into three sources of data: light sources, camera angles, and the objects themselves. Each of these sources of data may be considered unique from each other, and the totality of the three sources of data may comprise a complete image. Without one of the sources of data, the image may not be complete. Each of the three sources of data may therefore be characterized as key spaces, wherein encrypting part of or the entirety of even one of these key spaces prevents the complete image from being viewed. Methods and apparatuses are provided for utilizing the concept of encrypting at least a portion of at least one of the three key spaces in order to securely and/or privately transmit image data to subscribers.

Abstract: Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.

Abstract: A method, system, apparatus, and computer program product are provided for facilitating individual-specific content management. For example, a method is provided that includes receiving information regarding at least one prerequisite condition relating to at least one individual, receiving information regarding the at least one individual, determining whether the at least one prerequisite condition is satisfied, and causing individual-specific content associated with the at least one individual to be transmitted. At least a portion of the individual-specific content comprises protected content configured to be unviewable and/or unmodifiable. The method further includes receiving at least one access credential and causing at least a portion of the protected content to be viewable and/or modifiable.

Abstract: The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.

Abstract: A progress recording method and a corresponding recovering method adapted to an encoding operation performed on a storage area of a storage device are provided. The progress recording method includes the following steps. A variable set is initialized and stored. The encoding operation includes a plurality of sub-operations, and each of the sub-operations is corresponding to at least one flag variable in the variable set. The flag variables are used for recording execution progresses of the sub-operations. When each of the sub-operations is executed, the corresponding flag variable in the variable set is updated according to the execution progress of the sub-operation.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: Techniques described in this disclosure may implement a bit budget-based scheme that indicates the available bit budget for a current image data block to achieve the target compression. The techniques may continuously update the bit budget after the compression of the current image data block to determine the bit budget for the next image data block.

Abstract: A recording device configured to store content data in an encrypted manner, the recording device comprises a memory unit which stores various data, and a controller which controls the memory unit. The controller possesses a controller key and unique identification information, and is configured to generate a controller-unique key unique for each controller in accordance with the controller key and the identification information. The memory unit stores an MKB generated by encrypting a medium key with a device key set that is a collection of a plurality of device keys, an encrypted device key set generated by encrypting the device key set with the controller-unique key, and a device-key-set index which uniquely identifies the device key set.

Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.

Abstract: Providing authorized copies of encrypted media content including: receiving application for authentication to make copies of the media content; providing forensic decryption tools to process the media content; transmitting a permission to make copies of the media content using the forensic decryption tools; performing authorized decryption of the media content; and making and forensically marking copies of the decrypted media content.

Abstract: Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device.

Abstract: According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization.

Abstract: An electronic device configured for adaptively encoding a watermarked signal is described. The electronic device includes modeler circuitry that determines watermark data based on a first signal. The electronic device also includes coder circuitry coupled to the modeler circuitry. The coder circuitry determines a low priority portion of a second signal and embeds the watermark data into the low priority portion of the second signal to produce a watermarked second signal.

Abstract: The present invention provides an encryption method in which the encryption device stores data to be encrypted received via the input/output interface in its own memory, converts the data to be encrypted in the memory into a format required by the output device and transmits the converted data to the output device via the management interface, and the output device outputs the received information. The present invention also provides an encryption device for implementing the above method. The encryption device determines whether confirmation information has been received from a management interface, encrypts the data to be encrypted in the memory if the answer is positive, while performs no encryption or prompting to input correct confirmation information if the answer is negative. With the present invention, the user is allowed to view the contents to be actually encrypted, thereby avoiding such a case as signature counterfeiting or tampering.