Abstract: A method and a device for detecting an attack on an integrated circuit. Attacks which are detectable using an active shield as described herein include physical and electrical contacting using a probe and modification of interconnect routing, including modification through the use of focused ion beam technology.

Abstract: A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Abstract: A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

Abstract: An integrated circuit and a method of configuring a plurality of integrated circuits are disclosed. Each integrated circuit comprises a cryptographic key specific to it. Each integrated circuit comprises a cryptographic key specific to it. Each cryptographic key can be generated on the respective integrated circuit using a physical unclonable function and data associated with the cryptographic key, e.g. a configuration message comprising instructions for generating the cryptographic key using the physical unclonable function. The cryptographic key specific to the integrated circuit is not stored on the integrated circuit. Each of the plurality of integrated circuits are configured using a data file that is encrypted with the respective cryptographic key specific to the integrated circuit, circuit.

Abstract: A network security interface component includes a first network interface, a second network interface separate from the first network interface, and a unidirectional connection connecting the first network interface to the second network interface. The network security interface component also includes an authentication module connected between the first network interface and the unidirectional connection. The unidirectional connection is configured to allow data transfer from the first network interface to the second network interface via the unidirectional connection and to prevent data transfer from the second network interface to the first network interface via the unidirectional connection. The authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: A method to verify, by a verification server, an execution integrity of an application in a target device, comprising the steps of sending to the target device a message comprising a challenge and a first function, said first function defining an aggregation method, said challenge defining an aggregation instruction, receiving an attestation from the target device, this attestation being generated by the target device by determining for each block of the application, the corresponding digest for said block, aggregating the digests of the blocks according to the aggregation method of the first function and the challenge to produce the attestation, applying a second function to the attestation by the verification server, said second function undoing the effect of the challenge thus producing an application signature independent of the challenge, and verifying the execution integrity of the application by comparing the produced application signature with a reference signature.

Abstract: The disclosure provides a method of making watermarking data embedded in an Elementary Stream ES accessible to a receiver. The ES comprises video and/or audio data and is to be transmitted as a Packetized Elementary Stream PES in a Transport Stream TS such that the receiver can use the watermarking data to watermark the video and/or audio data in the ES without reconstructing the ES from the TS. The watermarking data identifies one or more watermarking locations in the video and/or audio data in the ES to be modified by the receiver in accordance with the watermarking data. The method comprises determining respective one or more watermarking TS locations in the TS corresponding to the one or more watermarking locations. The method further comprises embedding, in the ES, the watermarking data including watermarking location information identifying the one or more watermarking TS locations, or modifying watermarking data embedded in the ES by adding the watermarking location information.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly low bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: A method of transmitting data to a receiver via a network includes transmitting a sequence of first data packets to the receiver via the network, each first data packet including payload data and identification data, the identification data identifying the respective first data packet, the identification data being different for each first data packet. The method also includes transmitting a corresponding second data packet for each first data packet to the receiver via the network, each second data packet including the data enabling identification of the corresponding first data packet and additional data related to the corresponding first data packet, the data enabling identification of the corresponding first data packet enabling the receiver to associate each second data packet with the corresponding first data packet.

Abstract: A content handling device comprises a plurality of content transformation modules that can define one or more paths from a content source module to a content sink module. The content is associated with one or more usage rules requiring one or more transformations to be applied to the content. To enforce usage rules, each content transformation module is configured to receive the content, apply a transformation to the content in accordance with the usage rules and apply a tagging operation corresponding to the transformation to the content. In some embodiments output of the content by the content sink module is prevented if all tagging operations corresponding to the usage rules have not been applied. While in some embodiments usage rule tags corresponding to the usage rules are embedded locally at the content handling device, the disclosure also extends to a content distribution system with a usage rule tag embedding functionality.

Abstract: Public-key cryptography allows putting into practice concepts of digital signatures and public-key key exchange; methods used on a daily basis in digital systems. A method generates a protected secret value k? used as a first operand in a cryptographic group operation involving a base group element G of order n and including: generating random positive integers k1 and k2, that are strictly smaller than the order of the group element G due to a cryptographically secure random number generator, such that the generated random positive integers k1 and k2 do not share any divisor with the order n other than 1; generating the protected secret value k? based on the generating random positive integers such as k?=k1*k2, the protected secret value k? being used as a second operand in the group operation.

Abstract: A watermarking scheme for traceability of leaked or illegally re-distributed over-the-top streaming content includes a two-step scheme in which the content is pre-marked server side by providing part of the content, encrypted under a global key, and a first set of complementary parts of the content including a first mark and encrypted under a set of first keys, and a second set of complementary parts of the content including a second mark and encrypted under a set of second keys. A marked encrypted content is made available to a client device via a particular combination of the parts of the content encrypted under the global key, parts of the content having a first mark, encrypted under the set of first keys, and parts of the content having a second mark, encrypted under the second set of keys. The particular combination is based on an identifier of a client device.

Abstract: A method for initiating a transmission of a program stream for delivery from a local access point to a client device, said program stream being structured as a plurality of regular segments relating to a single event. This method comprises the steps of: (a) processing at least one of the regular segments into a set of particular segments, where the at least one regular segment carries a payload of a first playback duration and the payload of said set represents a second playback duration that is greater than that of the first playback duration, and where the second playback duration is sufficient to comply with a client device requirement for initiating a rendering of the event, and (b) transmitting, during an initial period, from the local access point said set of particular segments.

Abstract: Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack.

Abstract: A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.

Abstract: Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.