Abstract: A method for data security implemented as an application on a device includes generating a request for one or more secret shares needed to reconstruct a key. The device stores a first secret share in its memory. The method also includes signing the request with a certificate that identifies the request as valid without identifying the device, and sending the request, signed with the certificate, to at least one other device. The method further includes receiving, from the at least one other device, the one or more secret shares, determining whether the one or more secret shares received from the at least one other device is sufficient to reconstruct the key, and reconstructing the key using the first secret share and the one or more secret shares upon determining that the one or more secret shares are sufficient to reconstruct the key.

Abstract: A method for controlling access to a resource in an electronic device including a secure element with a permanent memory having an OTP area. The method includes the following steps performed first when the secure element or the electronic device boots: checking presence of at least one of a secret data and an initialization value in the permanent memory and, in a negative event, generating an initialization value and storing it into the OTP area, in a positive event, if the permanent memory includes secret data, decrypting, within the secure element, the secret data by using an algorithm using a cryptographic key and, if the permanent memory further includes an initialization value, the initialization value, and checking the integrity of the secret data by using a signature stored in the permanent memory and, on successful completion, providing access to the resource.

Abstract: Implementing a camouflage of current traces generated by a hardware component having one or more set of digital elements defining a plurality of operational datapaths comprises adjusting (761) one or more working condition(s) of the hardware component, measuring (762) a reaction of the hardware component to the working condition(s) by a logic test circuit through processing data operations along a reference datapath having a minimum duration corresponding to at least the longest of the operational datapaths, and in response to detecting an error (763) along the reference datapath, modifying (764) the working condition(s) so that the error generated by the logic test circuit is cancelled. Applications to countermeasures to side-channel attacks.

Abstract: The present disclosure relates to software tampering resistance. In one aspect, a method for generating protected code is provided, comprising identifying a primary function in code to be obscured, the primary function being a function used to verify the integrity of the code run-time. The method then comprises generating a finite state machine from the primary function, wherein a state of the finite state machine at a given instance defines an element of the primary function to be executed. The method then comprises distributing the finite state machine throughout the code to obscure one or more areas of the code.

Abstract: The disclosure related to methods and associated devices and/or systems for authorising at least one operation associated with a device, the device operating in a communication network, such as a user network, that comprises a plurality of devices communicatively coupled to a server computer, such as a control server. The disclosed method comprises generating a data model based on a plurality of patterns of actions for one or more devices among the plurality of devices. The data model is configured to detect and/or store at least one regular pattern of actions for each device among the one or more devices, each action corresponding to an operating state of the device. The disclosed method comprises receiving a request for an operation associated with a first device among the plurality of devices and determining if the received request satisfies a first criterion, the first criterion being based on or associated with the data model.

Abstract: The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

Abstract: A method for data security implemented as an application on a device includes generating a request for one or more secret shares needed to reconstruct a key. The device stores a first secret share in its memory. The method also includes signing the request with a certificate that identifies the request as valid without identifying the device, and sending the request, signed with the certificate, to at least one other device. The method further includes receiving, from the at least one other device, the one or more secret shares, determining whether the one or more secret shares received from the at least one other device is sufficient to reconstruct the key, and reconstructing the key using the first secret share and the one or more secret shares upon determining that the one or more secret shares are sufficient to reconstruct the key.

Abstract: A method of providing a content stream based on capturing an initial delivery of the content stream.

Abstract: The present disclosure relates to surveillance technology. In particular, the present disclosure relates to a surveillance device, a surveillance system and a method of surveillance for surveillance of a person. Further in particular, the present disclosure relates to the surveillance of a person in a physical space to determine a compliant or non-compliant behaviour of said person. Accordingly, there is provided a personal surveillance device (110), comprising a first surveillance sensor element (116a), a second surveillance sensor element (116b) and a processing element (314), wherein the first surveillance sensor element and the second surveillance sensor element are sensor elements each comprising a different sensor type, wherein the personal surveillance device is adapted to be connectable to a host computing device and wherein the personal surveillance device is adapted to execute a computing environment on the host computing device.

Abstract: A method of processing a video fragment into two or more variants of the video fragment, each variant having a different watermark, the method comprising: fragmenting a video content into a sequence of fragments; watermarking a plurality of the fragments to create two or more variants of each of the plurality of fragments, wherein the two or more variants of one fragment are watermarked using different watermarks; adjusting the length of the two or more variants for at least one of the fragments to a same adjusted length, wherein the adjusted length is indicative of a temporal position of the two or more variants of the at least one of the fragments compared to variants of other fragments in the sequence of fragments.

Abstract: A system for actively monitoring and securing a CDI. The system comprises a TEE implementing one or more monitoring policy rule for ruling the active monitoring of the CDI. The system further comprises an IC comprising one or more monitoring device for monitoring the CDI at a corresponding monitoring tapping point delivering a corresponding monitoring information element. The IC is configured for providing to the TEE a monitoring information based on the monitoring information element. The IC is subordinated to the TEE. The one or more monitoring device is configured by the TEE responsive to the implementation of the one or more monitoring policy rule.

Abstract: A method for detecting perturbations in a logic circuit including a plurality of datapaths coordinated by a clock signal and at least one test circuit having a programmable length datapath for varying a test propagation delay. The test circuit further including inputs, an output and an error generator for providing an error in case that the output is different than an expected output for the inputs. The test circuit having a calibration mode including determining a critical propagation delay by varying the programmable length datapath until the error generator outputs an error, adjusting the programmable length datapath to include therein a tolerance delay, and switching into a detection mode configured to detect a perturbation in the logic circuit along the programmable length datapath in case the error generator outputs an error.

Abstract: Systems and techniques are described herein for validating one or more requests. For example, the systems and techniques can include receiving message data from a first device accessible to a user. The message data can be associated with a message to be sent using the first device. The systems and techniques can also include sending, to a second device accessible to the user, a request for confirmation that the user requested a digital signature for the message, the first device and second device being different devices. The systems and techniques can further include receiving a confirmation from the second device, the confirmation confirming that the user requested the digital signature for the message. The systems and techniques can further include generating the digital signature for the message using the message data and a private key and sending the digital signature to the first device.

Abstract: A localized electronic betting system includes: a smart contract generation module and a results engine located in a same low-latency environment as the smart contract generation module, wherein: the smart contract generation module is configured to receive a first betting statement from a first user device located within the low-latency environment, to generate a smart contract based on the first betting statement, the smart contract including a criterion to be met and configured to self-execute in response to a determination that the criterion is met, and to transmit the generated smart contract to a local blockchain node located within the low-latency environment; the results engine is configured, based on content received from a results source, to determine information indicative of whether the criterion in the first betting statement is met; and the localized betting system is configured to transmit a signal to the local blockchain node for storage on a local blockchain ledger or a local copy of a blockc

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly Imv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: A post-processing of video content in order to provide a capability to insert ad content, having a method to produce a modified video content from an original video content. The method comprising: analyzing the original video content to detect at least one marker, said marker comprising a marker surface delimited by a marker identification; loading profile data of a target user; determining, based at least on the profile data a replacement content; adjusting the replacement content into the marker surface; and replacing into the original video content the marker surface by the adjusted replacement content to produce the modified video content.

Abstract: The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

Abstract: A method is disclosed for controlling the operating of a consumption appliance by way of a selector switch controlled by an energy saving device connected to a management center. The consumption appliance is kept in its default power mode, until receiving, by the energy saving device, an authentic secured control message sent by the management center. This message includes a command onto the mode in which the consumption appliance has to be switched. A counter is initialized with an initialization value before to be triggered. The consumption appliance is switched in the mode indicated by the command, either until the counter has reached a threshold value, or until receiving another authentic control message. If the counter has reached the threshold value, then the consumption appliance is switched in its default power mode. If another authentic secured control message has been received, then returning to the step of initializing the counter.

Abstract: A method for managing communications within a network comprising utility meters, each associated and connected to at least one utility management center through at least one intermediate data concentrator. A message is sent by a utility meter to the destination data concentrator. This message includes metering data measurement reported by said utility meter, its utility meter identifier, the destination data concentrator identifier and the management center identifier. Then, on the basis of several metering data measurements, a metering counter differential consumption value is calculated by difference of two metering counter consumption indexes measured by the utility meter within a time period interval. Then, a report containing at least the metering counter differential consumption value is sent from the destination data concentrator towards the utility management center to which said utility meter is associated.

Abstract: Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.