Abstract: Method to customize an application associated with a television experience based on the recognition of users located in front of a display and in the field of view of a camera, comprising the following steps: an initialization step during which each user is enrolled in a database of a computer system and is defined by a profile referenced by a profile ID and comprising the user name, biometric data and additional personal data, a finding step during which a wide image, acquired by said camera is scanned to isolate at least one user's faces, to define a marking area surrounding it, to memorize the position of said marking areas, a matching step to extract the biometric data from said marking area, to match them with the biometric data of the profiles stored in the database, and to assign the detected profile ID with the marking area.

Abstract: A method is disclosed for controlling the operating of a consumption appliance by way of a selector switch controlled by an energy saving device connected to a management center. The consumption appliance is kept in its default power mode, until receiving, by the energy saving device, an authentic secured control message sent by the management center. This message includes a command onto the mode in which the consumption appliance has to be switched. A counter is initialized with an initialization value before to be triggered. The consumption appliance is switched in the mode indicated by the command, either until the counter has reached a threshold value, or until receiving another authentic control message. If the counter has reached the threshold value, then the consumption appliance is switched in its default power mode. If another authentic secured control message has been received, then returning to the step of initializing the counter.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: A method of scanning a plurality of ports at one or more target IP addresses is disclosed. Each of the plurality of ports corresponds to a port number at one of the one or more target IP addresses, for example an IPv4 or IPv6 address. The method comprises assigning each port to one of a plurality of sets of ports and executing a plurality of port scanning processes at the same time on a common source machine (virtual or physical). Each port scanning process sends port probe requests to the ports of a respective set of the plurality of sets from a different respective source IP addresses. Thus, a different respective source IP address is associated with each set of the plurality of sets of ports, different from the source IP addresses associated with the remaining sets, and each set of target IP addresses receives probe requests from a different respective source IP address. The sets may be aligned with target addresses or may spread several target addresses or only part of the ports of a target address.

Abstract: A system and method for searching for a specific datum among data stored in a permanent memory of a user unit linked to a central authority, comprising: receiving in the user unit, a processing key derived, in said central authority, using a key derivation function applied on a secret piece of information, said key derivation function being a first iterative one-way function; storing said processing key in a temporary memory of the user unit; receiving from said central authority the specific datum converted by a second one-way function using said processing key; in the user unit, converting at least a part of the data stored in the permanent memory using said second one-way function and said processing key; comparing said converted specific datum received from the central authority with the converted data from the permanent memory, thereby providing a search result; and deleting said processing key from the temporary memory.

Abstract: A method of monitoring execution in an execution environment of an operation, for example a cryptographic operation, comprising a sequence of instructions, is disclosed. Instructions sent in the sequence from a main processor to one or more auxiliary processors, for example cryptographic processors, to execute the operation are monitored and the sequence of instructions is verified using verification information. The method comprises enabling output from the execution environment of a result of the operation in response to a successful verification of the sequence, or generating a verification failure signal in response to a failed verification of the sequence.

Abstract: Methods and content consumption devices are disclosed that enable a revocation list to be securely enforced and managed, in terms of enforcing version control and providing granular control of individual capabilities, for example. Aspects also relate to enhanced enforcement control of content consumption control information more generally, for example by enforcing version control of activation messages, and/or granular management of individual capabilities.

Abstract: A method is disclosed for controlling the operating of a consumption appliance by way of a selector switch controlled by an energy saving device connected to a management center. The consumption appliance is kept in its default power mode, until receiving, by the energy saving device, an authentic secured control message sent by the management center. This message includes a command onto the mode in which the consumption appliance has to be switched. A counter is initialized with an initialization value before to be triggered. The consumption appliance is switched in the mode indicated by the command, either until the counter has reached a threshold value, or until receiving another authentic control message. If the counter has reached the threshold value, then the consumption appliance is switched in its default power mode. If another authentic secured control message has been received, then returning to the step of initializing the counter.

Abstract: A device (40) for generating a watermarked stream (39), comprising: at least one input interface (41) configured to receive encrypted control messages (20) and conditional access streams (30) including a main stream (33) and protected watermarking data streams (35) from which a watermarking information (38) can be embedded in said watermarked stream (39); a security module (43) configured to process said control messages (20) and to control access to said conditional access streams (30); a descrambler (45) configured to remove protection applied on at least some of said conditional access streams (30); a watermarking unit (47) configured to generate the watermarked stream (39) from said conditional access streams (30) by selectively processing said watermarking data streams (35) depending on access data (AC, AR) included in some of said control messages (20).

Abstract: Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface evet can be determined, and an interface model 5 can be generated using the application associated with the user interface evet. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.

Abstract: Method to customize an application associated with a television experience based on the recognition of users located in front of a display and in the field of view of a camera, comprising the following steps: an initialization step during which each user is enrolled in a database of a computer system and is defined by a profile referenced by a profile ID and comprising the user name, biometric data and additional personal data, a finding step during which a wide image, acquired by said camera is scanned to isolate at least one user's faces, to define a marking area surrounding it, to memorize the position of said marking areas, a matching step to extract the biometric data from said marking area, to match them with the biometric data of the profiles stored in the database, and to assign the detected profile ID with the marking area.

Abstract: A method is disclosed for controlling the operating of a consumption appliance by way of a selector switch controlled by an energy saving device connected to a management center. The consumption appliance is kept in its default power mode, until receiving, by the energy saving device, an authentic secured control message sent by the management center. This message includes a command onto the mode in which the consumption appliance has to be switched. A counter is initialized with an initialization value before to be triggered. The consumption appliance is switched in the mode indicated by the command, either until the counter has reached a threshold value, or until receiving another authentic control message. If the counter has reached the threshold value, then the consumption appliance is switched in its default power mode. If another authentic secured control message has been received, then returning to the step of initializing the counter.

Abstract: A broadcast receiving system is disclosed that verifies a current digital certificate extracted from a digital broadcast signal using a previous digital certificate previously stored as trusted. The current and previous digital certificates are associated with digital signatures with which data received with the broadcast signal has been signed. Also disclosed is a system for signing application data to be broadcast together with a digital certificate in a digital broadcast signal. A current digital certificate attesting the validity of a digital signature attached to broadcast data is in turn signed with a digital signature using one or more previous private keys associated with respective previous certificates identifying the issuer of the current digital certificate. These disclosures are in particular applicable to HbbTV.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method, system, device, and/or a non-transitory computer readable medium to provide a customized application associated with a television experience based on the recognition of users located in front of a television display and in the field of view of a camera. The method may include performing an initializing operation, the initializing operation including enrolling a plurality of users in a database of a computer system, acquiring a wide image using the camera and scanning the wide image for biometric information; and performing an identification operation requested by the application including, acquiring a second wide image with the camera, extracting an active area from the second wide image, storing the extracted active area as a second fast scanning area image, and extracting the biometric data of a face appearing in the second fast scanning area image.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method to verify, by a verification server, an execution integrity of an application in a target device, comprising the steps of sending to the target device a message comprising a challenge and a first function, said first function defining an aggregation method, said challenge defining an aggregation instruction, receiving an attestation from the target device, this attestation being generated by the target device by determining for each block of the application, the corresponding digest for said block, aggregating the digests of the blocks according to the aggregation method of the first function and the challenge to produce the attestation, applying a second function to the attestation by the verification server, said second function undoing the effect of the challenge thus producing an application signature independent of the challenge, and verifying the execution integrity of the application by comparing the produced application signature with a reference signature.