Abstract: A distributed communication and data sharing system that provides anonymity and unlinkability. A group comprising a number of structures, each having a public/private key pair, is stored on a plurality of nodes in a Distributed Hash Table. Advantageous features of the group management system are provided through the use of Cryptographically Generated Addresses (CGA) for the structures, a secure capture method that enables a user to capture an address and be the only one authorized to request certain operations for the address, and an anonymous get/set mechanism in which a user signs messages, encloses the public key in the message and encrypts the message and public key using the public key of the receiver. The distributed communication and data sharing system of the invention can advantageously be used for group management of social networks.

Abstract: The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The following steps are carried out by the client device for burning digital data onto a blank disk: establishing a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received.

Abstract: A method and a fingerprinting device for countering fingerprint forgery in a communication system. The fingerprinting device obtains and stores a reference fingerprint for a client device, generates and transmits decoy traffic that appears to originate from the client device, the decoy traffic having different fingerprinting properties than real traffic from the client device, generates a fingerprint for non-decoy traffic purportedly from the client device, and compares the generated fingerprint with a reference fingerprint. A forged fingerprint is detected if there is a mismatch. The decoy traffic preferably comprises frames to which no response is needed. The invention is particularly suited for 802.11 using fingerprints based on duration fields of received frames and the decoy traffic is then preferably probe request frames and null data frames.

Abstract: A method for fingerprinting wireless devices and a method for using a device fingerprint for identifying wireless devices. A monitoring station listens to a channel. For each received frame, the station measures the inter-arrival time from the end of the previously received frame to the end of the present frame, if possible, the station obtains the identity of the sender of the frame. If the sender is known, then the station stores the inter-arrival time in a histogram for the sender; the histogram becomes the fingerprint for the sender. Identification of a device begins by obtaining a number of inter-arrival times for an unknown sender and then matching these to stored fingerprints using a suitable similarity measure. The invention is particularly suitable for IEEE 802.11 and may for example be used to detect so-called MAC spoofing and as an additional layer of an identification protocol.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: A method of encrypting compiled computer code instructions to be decrypted instruction by instruction during execution. The computer code instructions are encrypted using a chaining mode so that an encrypted instruction depends on the values of the instruction, the value of the preceding instruction and a pseudo-random number. As it may happen that the instruction can be arrived at from more than one preceding instruction, at least one of the preceding instructions is associated with a random number compensator for use during decryption of the encrypted instruction, so that the decryption of the encrypted instruction yields the same result regardless of which the preceding instruction was. Also provided are an encryption device, a decryption device and method, and a digital support medium storing encrypted compiled computer code instructions.

Abstract: The invention relates to a method of processing content according to a workflow, where a digital content is processed on one of a plurality of processing devices according to process definition associated to the content, the method comprising the steps, iterated at the processing device, of: a) receiving from a server a signed workflow information, a workflow information comprising a status of the content processing, a signature of the process definition and a hash of the content; b) verifying the workflow information; c) when the workflow information is verified, processing the content according to the process definition and according to status of the content processing; d) updating and signing the workflow information; e) sending to the server the signed workflow information; and the steps iterated at the server of: f) receiving from a processing device a signed workflow information; g) publishing the signed workflow information received from the processing device.

Abstract: The present invention concerns a method and a device for encrypting an encoded scalable enhancement frame sent by an emitter to a receiver, the enhancement frame comprising a plurality of complementary streams ordered in term of quality level, each complementary stream corresponding to a combination of more than one scalability type, where a complementary stream of a lower quality level corresponds to a lower quality on each scalability type, comprising at the level of the emitter the steps of generating a key per complementary stream for encrypting said complementary stream in such a way that all scalability types can be either simultaneously or individually used, said keys being generated in such a way that only the keys of the complementary streams of quality levels lower than the quality level of a complementary stream can be obtained from the key of said complementary stream, and sending the key of a complementary stream corresponding to a required quality level to the receiver, the key permitting a rece

Abstract: An encryption chaining mode takes plaintext block N, generates encryption key N by combining, preferably by XOR, encryption key N-1 and plaintext block N-1 and encrypts plaintext block N using an encryption algorithm with encryption key N to output ciphertext block N. Encryption key for the first plaitnext block is generated by XOR-ing a random Initialization vector and a random intialization key K. In a preferred embodiment, initialization key K is subkeys resulting form a key schedule algorithm and encryption key N-1 is only one of the subkeys. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and one subkey resulting form a key schedule algorithm. Also provided is a corresponding decryption method, an encryption device, a decryption device.

Abstract: There are times when a first user may wish to distribute an excerpt of a protected digital content to a second user, for example for criticism. The protected digital content is divided into a plurality of parts, each part being encrypted using a control word specific for the part, wherein each control word can be generated from a master control word for the protected digital content. A device belonging to the first user selects the parts of the excerpt; generates the control words for the selected parts from the master control word; generates a license for the selected parts, the license comprising the control words for the selected parts; and transmits the selected parts and the license to the receiver of the second user. Also provided is the device of the first user.

Abstract: A multimedia content receiver/decoder that receives data representing the multimedia content as well as disturbance data associated with the content is disclosed. It processes the data representing the content based on the associated disturbance data locally stored in the receiver/decoder then it transmits to the display means the multimedia content for displaying with a disturbance defined by the disturbance data according to a disturbance level depending on local disturbance rights.

Abstract: To access services on a device, such as a computer, a user has a portable device in two parts: a plug adapted to be inserted in a USB port and a transponder that remains about his person. In a preferred embodiment, an access manager verifies that first the plug and then the transponder are identified. If so, the access manager verifies if plug and transponder have to be paired and if they have the proper access rights for the desired service. Only then is access given. In a further embodiment, more than one transponder is needed to access a certain service. It can thus be appreciated that the invention provides a flexible and secure way to secure access to services.

Abstract: A method of encrypting compiled computer code instructions to be decrypted instruction by instruction during execution. The computer code instructions are encrypted using a chaining mode so that an encrypted instruction depends on the values of the instruction, the value of the preceding instruction and a pseudo-random number. As it may happen that the instruction can be arrived at from more than one preceding instruction, at least one of the preceding instructions is associated with a random number compensator for use during decryption of the encrypted instruction, so that the decryption of the encrypted instruction yields the same result regardless of which the preceding instruction was. Also provided are an encryption device, a decryption device and method, and a digital support medium storing encrypted compiled computer code instructions.

Abstract: An encryption chaining mode takes plaintext block N, generates encryption key N by combining, preferably by XOR, encryption key N?1 and plaintext block N?1 and encrypts plaintext block N using an encryption algorithm with encryption key N to output ciphertext block N. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and a random initialization key K. In a preferred embodiment, initialization key K is subkeys resulting from a key schedule algorithm and encryption key N?1 is only one of the subkeys. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and one subkey resulting from a key schedule algorithm. Also provided is a corresponding decryption method, an encryption device, a decryption device.

Abstract: A method of processing digital content following a workflow. A processing device receives the digital content and a license for the digital content, the license comprising workflow information about a process chain, which comprises a present node and a following node; decrypts the license; verifies if it may process the content by verifying if it corresponds to the present node. If the processing device may process the digital content, it processes the digital content to obtain processed content and generates a new license comprising updated workflow information, wherein the following node is set as a new present node. Also provided is a processing device.

Abstract: A method of processing digital content according to a workflow. The digital content is received and information for the workflow is checked to decide if a processing device is authorised to process the content, the workflow imposing that the digital content be processed in a process chain comprising at least two nodes, wherein the processing device is authorised to process the content if it corresponds to the node that according to the process chain is the next node to process the digital content. If the processing device is authorised to process the content, the digital content is processed and the information for the workflow is updated. Also provided is a system.

Abstract: The present invention concerns a method and a device for encrypting an encoded scalable enhancement frame sent by an emitter to a receiver, the enhancement frame comprising a plurality of complementary streams ordered in term of quality level, each complementary stream corresponding to a combination of more than one scalability type, where a complementary stream of a lower quality level corresponds to a lower quality on each scalability type, comprising at the level of the emitter the steps of generating a key per complementary stream for encrypting said complementary stream in such a way that all scalability types can be either simultaneously or individually used, said keys being generated in such a way that only the keys of the complementary streams of quality levels lower than the quality level of a complementary stream can be obtained from the key of said complementary stream, and sending the key of a complementary stream corresponding to a required quality level to the receiver, the key permitting a rece

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The method comprises the following steps carried out by the client device: setting up a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received. The invention also relates to a client device and a method for distributing digital data.

Abstract: To access services on a device, such as a computer, a user has a portable device in two parts: a plug adapted to be inserted in a USB port and a transponder that remains about his person. In a preferred embodiment, an access manager verifies that first the plug and then the transponder are identified. If so, the access manager verifies if plug and transponder have to be paired and if they have the proper access rights for the desired service. Only then is access given. In a further embodiment, more than one transponder is needed to access a certain service. It can thus be appreciated that the invention provides a flexible and secure way to secure access to services.