Abstract: A method and apparatus, and system for providing device credentials to a plurality of devices is disclosed.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A system and method for provisioning confidential data such as unique credentials is described. The technique initializes a whitebox cryptographic software module to a particular PKI client to soft-lock whitebox cryptographic operations to the particular PKI client and uniquely encrypting the credentials with a node-locking key (NLK) derivable from a digital certificate.

Abstract: A system for securing a device executing program instructions is disclosed. The system comprises a first device agent module executing on the device, for monitoring the device and execution of the program instructions and generating monitoring information from the monitoring of the device; a device configuration manager, communicatively coupled to the device for accepting the monitoring information and generating management commands according to the monitoring information; and a second device agent, executing on the device, for accepting and applying the management commands.

Abstract: A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

Abstract: A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method is provided to dynamically encode data at runtime with a tagged data element in a program associated with an obfuscation algorithm randomly selected during runtime. Instructions for invoking the obfuscation algorithm are generated when a compiler encounters the tagged variable in the source code. At runtime, unencoded data is encoded by the obfuscation algorithm when the unencoded data is copied to the tagged data element; encoded data is re-encoded by the obfuscation algorithm when the encoded data is copied from a differently tagged data element to the tagged data element, wherein the differently tagged data element is associated with a different obfuscation algorithm; and encoded data is decoded by the obfuscation algorithm when the encoded data is copied from the tagged data element to an untagged data element.

Abstract: A method and apparatus, and system for providing device credentials to a plurality of devices is disclosed.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method and apparatus, and system for providing device credentials to a plurality of devices is disclosed.

Abstract: A system and method for provisioning confidential data such as unique credentials is described. The technique initializes a whitebox cryptographic software module to a particular PKI client to soft-lock whitebox cryptographic operations to the particular PKI client and uniquely encrypting the credentials with a node-locking key (NLK) derivable from a digital certificate.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A method and video decoder system using the method are provided for identifying video frames in an encoded or encrypted video stream without performing decoding or decryption. The method includes: receiving a video data stream comprised of a plurality of transport stream (TS) packets; detecting a first video frame in the video data stream, wherein detection of the first video frame includes registering a last checked position at the start of the video data stream, examining bytes in a next TS packet to identify a predetermined pattern indicating a network abstraction layer (NAL) unit, repeating the examining step until two TS packets have been identified that include an NAL unit, wherein the last checked position is updated after each examining step, and identifying a video frame based on a position of the NAL unit identified in the two TS packets; and repeating the detecting step for a plurality of additional video frames in the video data stream.

Abstract: A method and video decoder system using the method are provided for identifying video frames in an encoded or encrypted video stream without performing decoding or decryption. The method includes: receiving a video data stream comprised of a plurality of transport stream (TS) packets; detecting a first video frame in the video data stream, wherein detection of the first video frame includes registering a last checked position at the start of the video data stream, examining bytes in a next TS packet to identify a predetermined pattern indicating a network abstraction layer (NAL) unit, repeating the examining step until two TS packets have been identified that include an NAL unit, wherein the last checked position is updated after each examining step, and identifying a video frame based on a position of the NAL unit identified in the two TS packets; and repeating the detecting step for a plurality of additional video frames in the video data stream.

Abstract: A method and system provide the ability to enforce application protection in the cloud. A request to register an application is received in a registration tool executing within a cloud computing environment. The registration tool collects application information data and protection policy settings, and registers the application by returning, to a build-time environment, a secure protection authorization (SPA) certificate that authorizes the application to be built. A build registration tool executing in the cloud computing environment receives, from a cloud protection toolchain executing in the build-time environment, signed build-data that includes the SPA and build information for a build of the application. After determining, in the cloud, that the SPA is authenticate, developer credentials are authorized, and the build information is valid, the build registration tool responds to the cloud protection toolchain that the build for the application is authorized.

Abstract: A method and system provide the ability to dynamically verify an executable. Encrypted build data and developer permissions are received from a first developer into a build registration tool within a secure cloud computing environment. The encrypted build data includes a build identification (ID), a dynamic code signing certificate (CER), and developer credentials. The build registration tool authenticates the developer credentials based on developer permissions. A dynamic code signing tool (within the secure cloud computing environment) decrypts the encrypted build data and activates the executable by dynamically signing the executable to obtain a dynamic code signature (SEC). The SEC is delivered for runtime deployment.