Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: A method for detection of modification of an item of content, the method comprising: obtaining, for the item of content, a respective first value of each attribute in a set of one or more attributes of the item of content, the set of one or more attributes selected such that, for each of one or more predetermined types of modification, said type of modification affects the value of at least one attribute in the set of one or more attributes; performing a watermark decoding operation on the item of content; and in response to the watermark decoding operation producing payload data from the item of content: determining that the one or more predetermined types of modification have not been applied to the item of content if, for each attribute in the set of one or more attributes, the respective first value for that attribute matches a respective second value for that attribute determined using the payload; or determining that a modification has been applied to the item of content if, for at least one attribute i

Abstract: A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or m

Abstract: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.

Abstract: A method for securely executing an item of software. One or more security modules are executed by a computer and a computer executes the item of software. The execution of the item of software includes, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function. The attempt to perform the predetermined function including sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request including an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.

Abstract: Systems and methods for producing individualized processing chips, each individualized processing chip being arranged to carry out a common processing operation are disclosed. A processing chip design is received, wherein the common processing operation is specified, at least in part, by the processing chip design. For each individualized processing chip the processing chip design is individualized to produce an individualized processing chip design, in accordance with an individualized set of transformations for the individualized processing chip, by including a respective set of modifications as part of the individualized processing chip design that implement the individualized set of transformations. Each transformation of the individualized set of transformations is a transform for an interconnect, specified in the processing chip design, of at least two logic cells specified in the processing chip design.

Abstract: There is described a system comprising mechanical equipment and an apparatus for monitoring and/or controlling the mechanical equipment. The mechanical equipment vibrates at a frequency fvibration in use, and the apparatus is attached to the mechanical equipment such that the apparatus also vibrates when the mechanical equipment is in use. The apparatus comprises an electronics module and a resonant electric generator. The resonant electric generator has a resonant frequency f0 comparable to the vibrational frequency fvibration of the mechanical equipment. The resonant electric generator comprises a magnet having an associated a magnetic field, a coil electrically coupled to the electronics module, and a resilient member. The resilient member is configured, when the apparatus is vibrated at or around the resonant frequency f0, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module.

Abstract: Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.

Abstract: Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.

Abstract: There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction.

Abstract: A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.

Abstract: Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermark patterns and detection and watermark pattern reconfiguration can be accomplished in an iterative manner to find a specific node without the need to create unique watermark patterns for each node.

Abstract: A plurality of sets of primary product keys is established or generated, each set containing at least two different primary product keys. One primary product key of each set is made available to each receiver or group of receivers, such that each receiver or group of receivers is provided with a different combination of said primary product keys. For each set of primary product keys, the plurality of receivers or groups of receivers is provided with a different primary entitlement control message corresponding to each primary product key of said set, each such primary entitlement control message distributing a primary control word for recovery through decryption using the corresponding primary product key. The primary control words can then be used for purposes such as tracing compromise of the conditional access system, or arranging for differently fingerprinted content to be decoded at different receivers or groups of receivers.

Abstract: A method of obfuscated performance of a predetermined function, wherein for the predetermined function there is a corresponding plurality of first functions so that, for a set of inputs for the function, a corresponding set of outputs may be generated by (a) representing the set of inputs as a corresponding set of values, wherein each value comprises at least part of each input of a corresponding plurality of the inputs, (b) generating a set of one or more results from the set of values, where each result is generated by applying a corresponding first function to a corresponding set of one or more values in the set of values, and (c) forming each output as either a part of a corresponding one of the results or as a combination of at least part of each result of a corresponding plurality of the results; wherein the method comprises: obtaining, for each value in the set of values, one or more corresponding transformed versions of said value, wherein a transformed version of said value is the result of applying

Abstract: A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.

Abstract: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.

Abstract: A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.

Abstract: A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.