Abstract: A method and apparatus for executing a process on a device, the device including one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege. The method includes obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, and wherein the portion of the memory has an associated second type of privilege that is different from the first type of privilege.

Abstract: There is described a challenge-response method for a computing device. The method comprises steps of: (a) receiving challenge data at a secured module of the computing device, the challenge data comprising image content encrypted using an encryption key, and the image content including a nonce; (b) the secured module recovering the image content through decryption using one or more keys associated with the encryption key; (c) the secured module of the computing device outputting the recovered image content; (d) capturing the image content as output by the secured module; (e) processing the captured image content so as to obtain the nonce; and (f) providing the nonce as a response. There is also described a computing device arranged to carry out the challenge-response method, a computer program for causing a processor to carry out the challenge-response method, and a computer readable medium storing such a computer program.

Abstract: A method of facilitating a device to obtain a version of an item of content. For each section of the item of content, a content distribution system is arranged to provide one or more versions of that section. At least one section includes a plurality of differently watermarked versions of that section. A request for a section of the item of content is received. If the requested section is a section for which the content distribution system is arranged to provide a plurality of differently watermarked versions of that section, a particular version is identified based on an identifier of the device and a response a response containing an indication of the particular version of the requested section is provided to the device. The response is arranged to cause the device to request the particular version of the requested section from a corresponding location on the content distribution system.

Abstract: A method of individualizing a semiconductor chip of a batch of semiconductor chips with respective individualization data of the semiconductor chip, the method comprising, applying a plurality of circuit layouts to the semiconductor chip to form a plurality of circuits on the semiconductor chip, wherein for each circuit layout, said circuit layout is arranged such that, (a) the corresponding circuit, when triggered, falls into any one of two or more respective triggered states, and (b) one of the two or more respective triggered states is a respective preferred state defined by said circuit layout, wherein the plurality of respective preferred states of the circuits in the plurality of circuits encode the individualization data, and wherein each individualized semiconductor chip of the batch of semiconductor chips comprises a generic circuit.

Abstract: There is described a method for a first software application to access a secured software application on a computing device. The first software application is not configured to interface with the secured software application. The computing device includes an interfacing application configured to interface with the secured software application. The method comprises the first software application interfacing with the interfacing application to thereby cause the interfacing application to access the secured software application. The first software application is configured to interface with the interfacing application. There is also described a method of generating an encrypted version of an image using a library of pre-encrypted blocks of data, the same content encryption key having been used to encrypt each of the pre-encrypted blocks of data.

Abstract: A method for identifying an object within a video sequence, wherein the video sequence comprises a sequence of images, wherein the method comprises, for each of one or more images of the sequence of images: using a first neural network to determine whether or not an object of a predetermined type is depicted within the image; and in response to the first neural network determining that an object of the predetermined type is depicted within the image, using an ensemble of second neural networks to identify the object determined as being depicted within the image.

Abstract: A method comprising: carrying out optimization of an item of software in a first intermediate representation; carrying out protection of the item of software in a second intermediate representation different to the first intermediate representation.

Abstract: A method for rendering a software program resistant to reverse engineering analysis. At least one first expression in a computational expression or statement of the software program is replaced with a second expression. The first expression being simpler than said second expression and the second expression being based on a value or variables found in said first expression. The second expression produces a value which preserves the value of said first expression. The conversion of the first expression is performed according to a mathematical identity of the form ?i=1k ai ei=E, where ai, are coefficients, ei, are bitwise expressions, whether simple or complex, and E is said first expression.

Abstract: A method for accessing content at a device, wherein the device is arranged to execute a digital rights management (DRM) client of a DRM system and wherein the device is arranged to receive a broadcast signal comprising a plurality of encrypted portions of content for an item of content, each encrypted portion being packaged in a format of a conditional access system and being decryptable using a corresponding decryption key, wherein the method comprises an application executing on the device performing the steps of: for each of one or more of the encrypted portions: converting said encrypted portion from being packaged in the format of the conditional access system to being packaged in a format of the DRM system; providing said encrypted portion is packaged in the format of the DRM system to the DRM client; and either (a) providing a rights object according to the DRM system to the DRM client or (b) triggering the DRM client to obtain a rights object according to the DRM system; wherein the rights object corr

Abstract: Watermarking of a content stream is accomplished in a session based manner to provide watermarking based on a uniquely generated manifest that will result in a stream that allows for unique identification of information. The manifest specifies a sequence of watermarks for successive segments of a content stream designated for a specific receiver. The system and method leverages existing content distribution infrastructure and has many of the benefits of conventional head-end watermarking, allows unique identification of small segments of the data stream and reduces content distribution network storage requirements.

Abstract: Systems and methods for producing individualized processing chips, each individualized processing chip being arranged to carry out a common processing operation are disclosed. A processing chip design is received, wherein the common processing operation is specified, at least in part, by the processing chip design. For each individualized processing chip the processing chip design is individualized to produce an individualized processing chip design, in accordance with an individualized set of transformations for the individualized processing chip, by including a respective set of modifications as part of the individualized processing chip design that implement the individualized set of transformations. Each transformation of the individualized set of transformations is a transform for an interconnect, specified in the processing chip design, of at least two logic cells specified in the processing chip design.

Abstract: A method for generating, from initial content data, output content data for provision to one or more receivers, wherein the initial content data is encoded according to a coding scheme, wherein for a quantity of data encoded according to the coding scheme, the coding scheme provides a mechanism for including in the quantity of encoded data additional data such that a decoder for the coding scheme, upon decoding the quantity of encoded data, does not use the additional data to generate decoded data, the method comprising: selecting one or more portions of the initial content data; for each selected portion, generating a data construct that comprises a plurality of data structures, each data structure comprising data, including a version of the selected portion, that is encrypted using a corresponding encryption process different from each encryption process used to encrypt data in the other data structures, wherein the data construct is arranged such that using a decryption process that corresponds to the encr

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secure software agent is provided for embedding within the abstraction layer forming the operating system. A secure store is provided for storing security information unique to one or more instances of the application software. The secure software agent uses the security information for continuous runtime assurance of ongoing operational integrity of the operating system and application software and thus operational integrity of the device.

Abstract: A method of providing key information from a sender to one or more receivers, the method comprising: obtaining initial key information comprising a plurality of units that assume respective values; forming encoded key information from the initial key information, wherein the encoded key information comprises a plurality of encoded units that correspond to respective units of the initial key information, wherein said forming comprises, for each unit of the initial key information, selecting an encoding from a plurality of invertible encodings associated with said unit and encoding said value assumed by said unit with said selected encoding to form the corresponding encoded unit; and providing the encoded key information to said one or more receivers.

Abstract: A method of providing access to content at a first device, the method comprising: receiving an item of content, wherein at least part of the item of content is encrypted, the encrypted at least part of the item of content being decryptable using at least one decryption key; in a first software client: obtaining a transformed version of the at least one decryption key; performing a decryption operation on the encrypted at least part of the item of content based on the at least one decryption key to obtain an intermediate version of the at least part of the item of content, wherein said performing the decryption operation uses a white-box implementation of the decryption operation that forms part of the first software client and that operates using the transformed version of the at least one decryption key; and performing an encryption operation on at least a portion of the intermediate version based on at least one encryption key to obtain re-encrypted content, wherein said performing the encryption operation

Abstract: The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication center. The software application is then enabled to be executed in further dependence of the second response data.

Abstract: A method and system for watermarking content utilizing a user device GPU. Embodiments include receiving on a processing server a request from a video server for a video to be played on the user's device. The processing server may extract a set of identifying information, such as user information, from the request for the video. The processing server may further prepare shader software code which is to be executed on a GPU present on the user's device. The code preparation may include creating a watermarking procedure to be executed during playback on the user device. The processing server may further transmit the shader software code to the streaming video server to be transmitted to the user device for execution during video playback.

Abstract: A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.