Abstract: A method and an apparatus for inserting content into a transmitted video stream without modifying the original content are suggested. The transmission of videos stream is performed by broadcasting or multicasting. The insertion of content works in real-time and does not require computing overhead compared to conventional solutions. Synchronization of the original videos stream and the transmitted video stream is required for properly inserting the content. This synchronization is performed in two steps. A first step involves a coarse synchronization and in a second step a fine synchronization is applied to the result of the coarse synchronization. The coarse synchronization is based on audio-fingerprints while the fine synchronization is based on video fingerprints. The insertion of content is unsusceptible to processing or transformation steps of the original video along the broadcast or multicast chain.

Abstract: A method for fingerprinting at least one network device is disclosed which comprises, in a monitoring device, computing a passive fingerprint from a plurality of parameters of the at least one network device. And in the at least one network device, modifying at least one parameter among the plurality of parameters of the at least one network device by applying to the at least one parameter a diversity function; wherein the diversity function is chosen in such a way that variations of the modified parameter of each network devices are not correlated; and wherein a variation range of the at least one modified parameter is inferior to a first value so that a variation range of the passive fingerprint for each of the at least one network device is limited to a determined range. A network device, modifying at least one parameter among the plurality of parameters of the at least one network device by applying to the at least one parameter a diversity function is further disclosed.

Abstract: A user device encrypts data and privacy attributes associated with the data. A processing device receives the encrypted data and privacy attributes, receives a signed script from a requester and verifies the signature. If successfully verified, the private key is unsealed and used to decrypt the privacy attributes and script attributes, which are compared to determine if the script respects the privacy attributes. If so, the encrypted data are decrypted and the script processes the private data to generate a result that is encrypted using a key of the requester and the encrypted result is then output. The device is preferably configured to inhibit the output of any information while the data is unencrypted. This way, the user can be ensured that the processing of the private data respects the privacy attributes set by the user.

Abstract: A distributed communication and data sharing system that provides anonymity and unlinkability. A group comprising a number of structures, each having a public/private key pair, is stored on a plurality of nodes in a Distributed Hash Table. Advantageous features of the group management system are provided through the use of Cryptographically Generated Addresses (CGA) for the structures, a secure capture method that enables a user to capture an address and be the only one authorized to request certain operations for the address, and an anonymous get/set mechanism in which a user signs messages, encloses the public key in the message and encrypts the message and public key using the public key of the receiver. The distributed communication and data sharing system of the invention can advantageously be used for group management of social networks.

Abstract: The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The following steps are carried out by the client device for burning digital data onto a blank disk: establishing a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received.

Abstract: A method and a fingerprinting device for countering fingerprint forgery in a communication system. The fingerprinting device obtains and stores a reference fingerprint for a client device, generates and transmits decoy traffic that appears to originate from the client device, the decoy traffic having different fingerprinting properties than real traffic from the client device, generates a fingerprint for non-decoy traffic purportedly from the client device, and compares the generated fingerprint with a reference fingerprint. A forged fingerprint is detected if there is a mismatch. The decoy traffic preferably comprises frames to which no response is needed. The invention is particularly suited for 802.11 using fingerprints based on duration fields of received frames and the decoy traffic is then preferably probe request frames and null data frames.

Abstract: A method for fingerprinting wireless devices and a method for using a device fingerprint for identifying wireless devices. A monitoring station listens to a channel. For each received frame, the station measures the inter-arrival time from the end of the previously received frame to the end of the present frame, if possible, the station obtains the identity of the sender of the frame. If the sender is known, then the station stores the inter-arrival time in a histogram for the sender; the histogram becomes the fingerprint for the sender. Identification of a device begins by obtaining a number of inter-arrival times for an unknown sender and then matching these to stored fingerprints using a suitable similarity measure. The invention is particularly suitable for IEEE 802.11 and may for example be used to detect so-called MAC spoofing and as an additional layer of an identification protocol.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: The invention relates to a method of processing content according to a workflow, where a digital content is processed on one of a plurality of processing devices according to process definition associated to the content, the method comprising the steps, iterated at the processing device, of: a) receiving from a server a signed workflow information, a workflow information comprising a status of the content processing, a signature of the process definition and a hash of the content; b) verifying the workflow information; c) when the workflow information is verified, processing the content according to the process definition and according to status of the content processing; d) updating and signing the workflow information; e) sending to the server the signed workflow information; and the steps iterated at the server of: f) receiving from a processing device a signed workflow information; g) publishing the signed workflow information received from the processing device.

Abstract: The present invention concerns a method and a device for encrypting an encoded scalable enhancement frame sent by an emitter to a receiver, the enhancement frame comprising a plurality of complementary streams ordered in term of quality level, each complementary stream corresponding to a combination of more than one scalability type, where a complementary stream of a lower quality level corresponds to a lower quality on each scalability type, comprising at the level of the emitter the steps of generating a key per complementary stream for encrypting said complementary stream in such a way that all scalability types can be either simultaneously or individually used, said keys being generated in such a way that only the keys of the complementary streams of quality levels lower than the quality level of a complementary stream can be obtained from the key of said complementary stream, and sending the key of a complementary stream corresponding to a required quality level to the receiver, the key permitting a rece

Abstract: A multimedia content receiver/decoder that receives data representing the multimedia content as well as disturbance data associated with the content is disclosed. It processes the data representing the content based on the associated disturbance data locally stored in the receiver/decoder then it transmits to the display means the multimedia content for displaying with a disturbance defined by the disturbance data according to a disturbance level depending on local disturbance rights.

Abstract: A method of processing digital content according to a workflow. The digital content is received and information for the workflow is checked to decide if a processing device is authorised to process the content, the workflow imposing that the digital content be processed in a process chain comprising at least two nodes, wherein the processing device is authorised to process the content if it corresponds to the node that according to the process chain is the next node to process the digital content. If the processing device is authorised to process the content, the digital content is processed and the information for the workflow is updated. Also provided is a system.

Abstract: The present invention concerns a method and a device for encrypting an encoded scalable enhancement frame sent by an emitter to a receiver, the enhancement frame comprising a plurality of complementary streams ordered in term of quality level, each complementary stream corresponding to a combination of more than one scalability type, where a complementary stream of a lower quality level corresponds to a lower quality on each scalability type, comprising at the level of the emitter the steps of generating a key per complementary stream for encrypting said complementary stream in such a way that all scalability types can be either simultaneously or individually used, said keys being generated in such a way that only the keys of the complementary streams of quality levels lower than the quality level of a complementary stream can be obtained from the key of said complementary stream, and sending the key of a complementary stream corresponding to a required quality level to the receiver, the key permitting a rece

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The method comprises the following steps carried out by the client device: setting up a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received. The invention also relates to a client device and a method for distributing digital data.

Abstract: To access services on a device, such as a computer, a user has a portable device in two parts: a plug adapted to be inserted in a USB port and a transponder that remains about his person. In a preferred embodiment, an access manager verifies that first the plug and then the transponder are identified. If so, the access manager verifies if plug and transponder have to be paired and if they have the proper access rights for the desired service. Only then is access given. In a further embodiment, more than one transponder is needed to access a certain service. It can thus be appreciated that the invention provides a flexible and secure way to secure access to services.

Abstract: The installation for protected access to a digital content comprises: a candidate user identification means, a lock adapted to lock or unlock an access gate to a restricted area containing at least a processing device for processing a digital content, a bridge server adapted to allow or refuse a candidate content intended to be downloaded by a processing device to be provided to a user, and a gateway server adapted to implement rules for driving the bridge server and the lock to allow or refuse the entrance of a candidate user or a candidate content into the restricted area depending on the users and the digital content already entered in the restricted area.