Abstract: A computer-implemented method of controlling access by a third-party continuous integration/continuous delivery (herein, “CI/CD”) system to a trusted computing environment comprises: receiving, from the CI/CD system, a request to access the trusted computing environment in order to execute a first operation; in response to receiving the request to access the trusted computing environment, executing a security protocol configured to determine whether execution of the first operation is permitted, execution of the security protocol comprising: accessing a permitted operation database storing one or more digital signatures, each digital signature corresponding to a respective operation, execution of which is permitted within the trusted computing environment; determining whether a first digital signature is present in a permitted operation database, the first digital signature having been generated based on a portion of the request corresponding to the first operation; and in response to a determination that the

Abstract: A method of registering or authenticating a user with a relying party is provided, the method including: receiving a request to generate a key pair, the request including key-generation data, the key-generation data including relying party information; deterministically generating, based on at least the key-generation data and a secret key stored in a memory of the authenticator, a key pair comprising a public key and a private key; either: transmitting the public key, or performing further processing using the private key; and deleting the key pair. An authenticator configured to perform the process is also provided.

Abstract: In order to allow an access to the Internet, and therefore to a remote server, for a device having no connection with an Internet gateway, a method is provided to transmit a message from a first device to a remote server, the first device having no connection with the remote server. The method includes detecting a second device by the first device, establishing a communication channel between the first and the second device, transferring the message from the first to the second device, the message comprising an address of the remote server, and transferring, by the second device, the message to the remote server using the remote server address contained in the message.

Abstract: Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Abstract: A method, device, and computer-readable medium for provisioning a networked device with digital security credentials, including receiving a first digital certificate of a secure component associated with the networked device; extracting a public key of from the first digital certificate, the public key and a corresponding private key being stored in the secure component for asymmetric cryptography; receiving a product identifier and a vendor identifier associated with the secure component from a first user device; generating a second digital certificate based on the public key of the secure component, the product identifier, and the vendor identifier; and transmitting the second digital certificate to the networked device associated with the secure component, the networked device being configured to generate a device commissioning request based on the second digital certificate and the private key of the secure component.

Abstract: An embodiment of the present invention relates to physical interfaces, especially those used on consumer electronics devices. A processor, in which an embodiment of the disclosed invention is deployed, includes a physical interface for connecting to and communicating with a peripheral device, the peripheral device being configured to operate according to a standard communications protocol or to a different protocol which is adapted to have a more bandwidth-efficient performance. The processor detects which of the two protocols the attached peripheral device uses and configures the physical interface to operate according to the detected protocol. An embodiment of the invention allows for new, bandwidth-efficient communications protocols to be executed across existing standardized physical interface hardware, thereby allowing for easier acceptance of the new protocols within the consumer electronics industry.

Abstract: Example embodiments provide systems and methods for managing intelligent content queuing from a secondary device for content delivery to a primary device. A content queuing system on the secondary device generates and displays a playlist interface on the secondary device. A selection of a content item to be added to a playlist is received. The content queuing system determines that addition of the content item causes a live content item to overlap with an on-demand content item on the playlist. As a result, the content queuing system creates at least two segments for the on-demand content item. The live content item is positioned between the first and a second segment on the playlist. The first segment is scheduled to end at a start time of the live content item and the second segment is scheduled to begin at an ending time of the live content item.

Abstract: The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include: authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network; responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and provide the configuration information from the token to the given device using the temporally secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.

Abstract: Systems and techniques are described herein for determining latencies between user devices, ordering or grouping the user devices according to those determined latencies, and then streaming audio to the user devices where the audio stream is played using speakers, and at the same time vocalizations of the user as they sing along to the received stream are captures, and combined with vocalizations of other users to create a final combined audio file.

Abstract: A localized electronic betting system includes: a smart contract generation module and a results engine located in a same low-latency environment as the smart contract generation module, wherein: the smart contract generation module is configured to receive a first betting statement from a first user device located within the low-latency environment, to generate a smart contract based on the first betting statement, the smart contract including a criterion to be met and configured to self-execute in response to a determination that the criterion is met, and to transmit the generated smart contract to a local blockchain node located within the low-latency environment; the results engine is configured, based on content received from a results source, to determine information indicative of whether the criterion in the first betting statement is met; and the localized betting system is configured to transmit a signal to the local blockchain node for storage on a local blockchain ledger or a local copy of a blockc

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly lmv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

Abstract: The disclosure provides methods and content consumption devices that enable a scene, for example a 360° scene, that is larger (i.e. has more pixels in at least one dimension) than a display format of the content consumption device to be displayed. Constituent scene views are received individually by the content consumption device, for example as broadcasts, and are combined, for example stitched together, at the content consumption device to output a part of the scene that fits in the display format. The part of the scene (and hence the required constituent streams) to be displayed are determined by a signal, for example a navigational input from a user, enabling the user to navigate in the scene. By, for example, receiving a limited number of scene streams based on the scene streams required to produce the view that fits in the display format based on the signal, bandwidth requirements to view and navigate within the scene.

Abstract: A method of detecting unauthorized use of a vehicle having a tracker device. The method includes transmitting a discovery message received by a wireless device, a backend server receiving a first request from the wireless device as a result of the wireless device receiving the discovery message, the first request being for having the tracker device be paired with the wireless device, and receiving a second request from the backend server instructing the tracker device to pair with the wireless device, the second request containing a unique identifier of the wireless device.

Abstract: A method for successively executing first and subsequent block cryptographic computations. These cryptographic computations include transforming a respective input block (38, 64) composed of a plurality of elements (107k), via a plurality of linear transformations (109, 115, 116, SR) and non-linear transformations (112), into a corresponding output block. The method includes: implementing a functional correspondence between input and output of the non-linear transformations (112) applied on the elements of the first input block (38, 64) during the first block cryptographic computation, and applying dynamical obfuscation (124) by re-encoding the functional correspondence into a modified functional correspondence between the input and the output of the non-linear transformations applied on elements of the next input block during the next block cryptographic computation.

Abstract: A method for concurrently executing a first block cryptographic computation (60) and a second block cryptographic computation (61) using a ciphering circuit. The first block cryptographic computation includes computing a first output block (42) by executing a plurality of first processing rounds (70i, 78) based on a first input block (38, 64), and the second block cryptographic computation includes computing a second output block (43) by executing a plurality of second processing rounds (75j, 79) based on a second input block (39, 65). The method further includes alternatingly executing respective first and second processing rounds in a round-interleaved sequence.

Abstract: A system (1) for asymmetrical cryptography, comprising a device (10) and a network storage (30), wherein the device is communicatively connected to the network storage, wherein the network storage is configured to store a private key, wherein the device is configured to retrieve the private key from the network storage to perform a cryptographic operation using the private key in a secure execution environment (12) of the device, and wherein the secure execution environment is configured to only temporarily store the private key for the cryptographic operation.

Abstract: In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Abstract: Techniques for controlling access to segmented data of a plurality of users that is requested by at least one data consumer device. In response to conditions specified in communications between at least one data aggregator system and the at least one data consumer device, information of a number of users meeting specified search criteria are shared (e.g., for a limited time). Use of the data in violation of the specified conditions may trigger penalties under a smart contract on a distributed ledger or blockchain.

Abstract: A pairing method between a user device (1) and an operator device (2), the user device (1) being intended to receive conditional access data from the operator device (2), the user device having a user device identifier (UID), the operator having an operator device identifier (OID). The method comprises receiving, by the user device, a user device key (KUID) derived from a first cryptographically secure function and receiving, by the operator device, an operator key (KOID) derived from a second cryptographically secure function. The user device comprises a user device bilinear mathematical function (e(KUID, OID)) and the operator device comprises an operator bilinear mathematical function (e(UID, KOID)) which each define a pairing over an elliptic curve.