Abstract: A method to verify, by a verification server, an execution integrity of an application in a target device, comprising the steps of sending to the target device a message comprising a challenge and a first function, said first function defining an aggregation method, said challenge defining an aggregation instruction, receiving an attestation from the target device, this attestation being generated by the target device by determining for each block of the application, the corresponding digest for said block, aggregating the digests of the blocks according to the aggregation method of the first function and the challenge to produce the attestation, applying a second function to the attestation by the verification server, said second function undoing the effect of the challenge thus producing an application signature independent of the challenge, and verifying the execution integrity of the application by comparing the produced application signature with a reference signature.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.

Abstract: The disclosure provides a method of making watermarking data embedded in an Elementary Stream ES accessible to a receiver. The ES comprises video and/or audio data and is to be transmitted as a Packetized Elementary Stream PES in a Transport Stream TS such that the receiver can use the watermarking data to watermark the video and/or audio data in the ES without reconstructing the ES from the TS. The watermarking data identifies one or more watermarking locations in the video and/or audio data in the ES to be modified by the receiver in accordance with the watermarking data. The method comprises determining respective one or more watermarking TS locations in the TS corresponding to the one or more watermarking locations. The method further comprises embedding, in the ES, the watermarking data including watermarking location information identifying the one or more watermarking TS locations, or modifying watermarking data embedded in the ES by adding the watermarking location information.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly low bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: A method of transmitting data to a receiver via a network includes transmitting a sequence of first data packets to the receiver via the network, each first data packet including payload data and identification data, the identification data identifying the respective first data packet, the identification data being different for each first data packet. The method also includes transmitting a corresponding second data packet for each first data packet to the receiver via the network, each second data packet including the data enabling identification of the corresponding first data packet and additional data related to the corresponding first data packet, the data enabling identification of the corresponding first data packet enabling the receiver to associate each second data packet with the corresponding first data packet.

Abstract: A content handling device comprises a plurality of content transformation modules that can define one or more paths from a content source module to a content sink module. The content is associated with one or more usage rules requiring one or more transformations to be applied to the content. To enforce usage rules, each content transformation module is configured to receive the content, apply a transformation to the content in accordance with the usage rules and apply a tagging operation corresponding to the transformation to the content. In some embodiments output of the content by the content sink module is prevented if all tagging operations corresponding to the usage rules have not been applied. While in some embodiments usage rule tags corresponding to the usage rules are embedded locally at the content handling device, the disclosure also extends to a content distribution system with a usage rule tag embedding functionality.

Abstract: Public-key cryptography allows putting into practice concepts of digital signatures and public-key key exchange; methods used on a daily basis in digital systems. A method generates a protected secret value k? used as a first operand in a cryptographic group operation involving a base group element G of order n and including: generating random positive integers k1 and k2, that are strictly smaller than the order of the group element G due to a cryptographically secure random number generator, such that the generated random positive integers k1 and k2 do not share any divisor with the order n other than 1; generating the protected secret value k? based on the generating random positive integers such as k?=k1*k2, the protected secret value k? being used as a second operand in the group operation.

Abstract: A watermarking scheme for traceability of leaked or illegally re-distributed over-the-top streaming content includes a two-step scheme in which the content is pre-marked server side by providing part of the content, encrypted under a global key, and a first set of complementary parts of the content including a first mark and encrypted under a set of first keys, and a second set of complementary parts of the content including a second mark and encrypted under a set of second keys. A marked encrypted content is made available to a client device via a particular combination of the parts of the content encrypted under the global key, parts of the content having a first mark, encrypted under the set of first keys, and parts of the content having a second mark, encrypted under the second set of keys. The particular combination is based on an identifier of a client device.

Abstract: A method for initiating a transmission of a program stream for delivery from a local access point to a client device, said program stream being structured as a plurality of regular segments relating to a single event. This method comprises the steps of: (a) processing at least one of the regular segments into a set of particular segments, where the at least one regular segment carries a payload of a first playback duration and the payload of said set represents a second playback duration that is greater than that of the first playback duration, and where the second playback duration is sufficient to comply with a client device requirement for initiating a rendering of the event, and (b) transmitting, during an initial period, from the local access point said set of particular segments.

Abstract: Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack.

Abstract: A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.

Abstract: Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.

Abstract: Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.

Abstract: The disclosure provides a method of making watermarking data embedded in an Elementary Stream ES accessible to a receiver. The ES comprises video and/or audio data and is to be transmitted as a Packetized Elementary Stream PES in a Transport Stream TS such that the receiver can use the watermarking data to watermark the video and/or audio data in the ES without reconstructing the ES from the TS. The watermarking data identifies one or more watermarking locations in the video and/or audio data in the ES to be modified by the receiver in accordance with the watermarking data. The method comprises determining respective one or more watermarking TS locations in the TS corresponding to the one or more watermarking locations. The method further comprises embedding, in the ES, the watermarking data including watermarking location information identifying the one or more watermarking TS locations, or modifying watermarking data embedded in the ES by adding the watermarking location information.

Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Abstract: The present invention is directed to playing an alternative pre-stored content in place of a particular type of content received by the player within a transport stream comprising a plurality of types of content. The invention can be useful in providing targeted advertising, where, when combined with profiling techniques, alternative content of interest to a viewer can be substituted in the transport stream in place of the received content. According to other embodiments of the present invention, computing resources and communication bandwidth use can be saved by playing pre-stored content instead of the received content. Embodiments of the present invention provide for the maintenance of the pre-stored material by storing appropriate content as it is received in the transport stream or by deleting pre-stored content when deemed appropriate to do so. An embodiment of the present invention may be deployed in a personal video player/recorder.

Abstract: A method for detecting at least one glitch in an electrical signal. This method comprises: generating, from said electrical signal, at least one digital oscillating signal which is sensitive to glitches; and—performing the following steps as a repeatable round: (a) assigning a time window to at least one digital oscillating signal; said time window being implemented on the basis of a clock signal substantially insensitive to said at least one glitch to be detected; (b) determining from said time window a sampling value of the digital oscillating signal, said sampling value being characteristic of said digital oscillating signal throughout its time window; (c) detecting any potential glitch in said electrical signal by comparing said sampling value with an expected reference value; and (d) outputting a response typifying a result of the comparison step. Also, a device for implementing said method is described.

Abstract: Secure Programming of Secret data A method is provided. The method comprises providing a device comprising a secure element coupled to a non-volatile memory, the non-volatile memory comprising a first cryptographic key stored therein; the secure element decrypting and authenticating first secret data using the first cryptographic key to form second secret data; and then rendering the true value of the first cryptographic key unreadable.