Abstract: A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective seco

Abstract: The disclosure is directed to a method, system and a computer readable medium of fuzzy testing a software system, using a grey-box fuzzy testing framework that optimizes the vulnerability exposure process while addressing security testing challenges. The grey-box fuzzy testing framework, unlike white-box testing, provides a focused and efficient assessment of a software system without analyzing each line of code. The disclosed embodiments provide a robust security mechanism that accumulates information about the system without increasing testing complexity, enabling fast and efficient security testing. The disclosed embodiments use security vulnerability metrics designed to identify vulnerable components in the software systems and ensures thorough testing of these components by assigning weights. A mutation engine may perform small data type mutations at the input's high-level design.

Abstract: There is described a method of protecting an item of software so as to obfuscate a condition which causes a variation in control flow through a portion of the item of software dependent on whether the condition is satisfied, wherein satisfaction of the condition is based on evaluation of one or more condition variables. The method comprises: (i) modifying the item of software such that the control flow through said portion is not dependent on whether the condition is satisfied; and (ii) inserting a plurality of identity transformations into expressions in said portion of the modified item of software, wherein the identity transformations are defined and inserted such that, in the absence of tampering, they maintain the results of the expressions if the condition is satisfied and such that they alter the results of the expressions if the condition is not satisfied, wherein each identity transformation is directly or indirectly dependent on at least one of the one or more condition variables.

Abstract: A method of fuzzy testing a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: A method for detection of modification of an item of content, the method comprising: obtaining, for the item of content, a respective first value of each attribute in a set of one or more attributes of the item of content, the set of one or more attributes selected such that, for each of one or more predetermined types of modification, said type of modification affects the value of at least one attribute in the set of one or more attributes; performing a watermark decoding operation on the item of content; and in response to the watermark decoding operation producing payload data from the item of content: determining that the one or more predetermined types of modification have not been applied to the item of content if, for each attribute in the set of one or more attributes, the respective first value for that attribute matches a respective second value for that attribute determined using the payload; or determining that a modification has been applied to the item of content if, for at least one attribute i

Abstract: A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or m

Abstract: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.

Abstract: A method for securely executing an item of software. One or more security modules are executed by a computer and a computer executes the item of software. The execution of the item of software includes, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function. The attempt to perform the predetermined function including sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request including an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.

Abstract: Systems and methods for producing individualized processing chips, each individualized processing chip being arranged to carry out a common processing operation are disclosed. A processing chip design is received, wherein the common processing operation is specified, at least in part, by the processing chip design. For each individualized processing chip the processing chip design is individualized to produce an individualized processing chip design, in accordance with an individualized set of transformations for the individualized processing chip, by including a respective set of modifications as part of the individualized processing chip design that implement the individualized set of transformations. Each transformation of the individualized set of transformations is a transform for an interconnect, specified in the processing chip design, of at least two logic cells specified in the processing chip design.

Abstract: There is described a system comprising mechanical equipment and an apparatus for monitoring and/or controlling the mechanical equipment. The mechanical equipment vibrates at a frequency fvibration in use, and the apparatus is attached to the mechanical equipment such that the apparatus also vibrates when the mechanical equipment is in use. The apparatus comprises an electronics module and a resonant electric generator. The resonant electric generator has a resonant frequency f0 comparable to the vibrational frequency fvibration of the mechanical equipment. The resonant electric generator comprises a magnet having an associated a magnetic field, a coil electrically coupled to the electronics module, and a resilient member. The resilient member is configured, when the apparatus is vibrated at or around the resonant frequency f0, to cause relative oscillation of the coil and the magnet so as to induce an electric current in the coil to thereby power the electronics module.

Abstract: Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.

Abstract: Systems, methods, and storage media for creating secured transformed code from input code, the input code having at least one code function that includes at least one function value are disclosed. Exemplary implementations may: receive input code; apply an obfuscation algorithm to at least a portion of a selected code function of the input code to thereby create an obfuscated code portion having at least one obfuscated value that is different from the at least one function value; and store the obfuscated code portion on non-transient computer media to create obfuscated code having substantially the same function as the input code.

Abstract: There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction.

Abstract: A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.

Abstract: Watermarking of a content stream is accomplished in a session-based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements. Groups of nodes can be provided with unique watermark patterns and detection and watermark pattern reconfiguration can be accomplished in an iterative manner to find a specific node without the need to create unique watermark patterns for each node.