Abstract: The present disclosure relates to systems, methods, and computer-readable media to selectively enhance digital image and video content. For example, systems disclosed herein can encode original video content to compress and decompress the original video content. Systems described herein can further identify area of interest information for use in identifying portions of decompressed video content to analyze and remove one or more compression artifacts found therein. Systems described herein can further enhance the decompressed video content by increasing resolution for display. By identifying areas of interest and selectively enhancing digital video content, the systems described herein can reduce consumption of bandwidth and processing resources while maintaining high visual quality of the digital content.

Abstract: Methods and systems are described herein for a media guidance application that allows users to associate input schemes with physical objects in an augmented reality environment. Specifically, the media guidance application may recognize physical objects in an augmented reality environment and allow users to identify input schemes to associate with the physical objects, wherein the input schemes are ways in which users may control presentation of media content by interacting with the physical objects.

Abstract: Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

Abstract: An apparatus comprising one or more processors to receive a first request from an application to access one or more cryptographic keys from a cloud key vault, transmit the first request to the cloud key vault, receive the cryptographic keys from the cloud key vault, provide access to the one or more cryptographic keys to the application and store the one or more cryptographic keys within a trusted execution environment.

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

Abstract: Disclosed is a data processing device including a main SoC, a performance-enhancing SoC, and an external circuit that is set outside any of the two SoCs. The main SoC includes: a first central processing unit (CPU) dividing to-be-processed data into a first input part and a second input part, and processing the first input part to generate first output data; and a first transceiver circuit forwarding the second input part to the performance-enhancing SoC via the external circuit, and then receiving second output data via the external circuit and forwarding it. The performance-enhancing SoC includes: a second transceiver circuit receiving the second input part via the external circuit, and transmitting the second output data to the main SoC via the external circuit; and a second CPU receiving the second input part from the second transceiver circuit and processing it to provide the second output data for the second transceiver circuit.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: Disclosed are a quantum color image encrypting method based on modification direction and corresponding circuit, respectively providing quantum modular circuits design for a parallel adder, a parallel subtractor, a comparator, a cyclic shift add 1, and a cyclic shift subtract 1; and based on these modular circuits, circuit for implementing quantum color image steganography is provided. From the complexity analysis of implementing quantum circuit for color image steganography, it is seen that for a two-dimensional quantum color image with 22n pixels and the R, G, and B channels of which are respectively represented by q number of quantum bits, the steganography algorithm is an efficient transformation method, and the circuit complexity is O(q2+n), which can hardly be achieved by classical geometric transformation. The disclosure is applicable for many practical image processing applications, e.g.

Abstract: Methods, systems, and devices for wireless communications are described. A multicast architecture may support flexible change between unicast and multicast operations and may support additional traffic types (e.g., Internet Protocol and Ethernet traffic). For example, the multicast architecture may include transmitting data over a shared multicast radio bearer (MRB) and/or specific data radio bearers (DRBs), a multicast user plane function (UPF) for supplying the multicast data to a base station, multicast data from different radio access networks (RANs), protecting the multicast data through creating a group key, ciphering the multicast data sent on the MRB using the group key, and transitioning the multicast data from a source RAN to a target RAN.

Abstract: A method of updating a payment card includes receiving a payment card having an existing payment part. The method includes removing the existing payment part from the payment card and installing a new payment part with the payment card for subsequent use of the payment card.

Abstract: The invention relates to a secure entity, a trusted execution hardware environment (TEE) comprising a secure processing circuit and suitable for implementing a contract-execution architecture, such as a Wallet Node for executing a contract-type program, wherein said program can be loaded into an execution memory in response to a program identifier contained in a message that reaches the entity via a channel for communication with other entities, and a secure device for interaction with the physical environment of the entity, such as a sensor and/or actuator module, which can supply input data for the execution of the contract and/or receive data generated by the execution of the contract, the secure device containing its own secret key for securing exchanges within the framework of the execution of the program.

Abstract: Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

Abstract: An electronic apparatus is provided. The electronic apparatus includes an input/output interface connected to a source apparatus, a display, and a processor configured to, based on detecting that the source apparatus is connected through the input/output interface, receive identification information of the source apparatus from the source apparatus, and based on the received identification information of the source apparatus, control the display to display a user interface (UI) for changing a resolution, and based on receiving a user input for changing a resolution through the displayed UI, identify whether the source apparatus can transmit a content of the resolution corresponding to the user input based on the identification information of the source apparatus, and based on identifying that the source apparatus can transmit a content of the resolution corresponding to the user input, transmit a signal requesting the content of the resolution corresponding to the user input to the source apparatus.

Abstract: A source device for transmitting content to a sink device is provided. The source device may include an interface configured to perform high-bandwidth digital content protection (HDCP) authentication with the sink device, and a controller configured to determine an HDCP version supported by the sink device, convert the content so as to be encrypted in the HDCP version supported by the sink device in response to a determination that another HDCP version applied to the content is not supported by the sink device, encrypt the converted content in the HDCP version supported by the sink device, and control the interface to transmit the content to the sink device.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for distributed DCP over internet. A client-side digital content delivery device receives a digital cinema package (DCP) for a digital movie from a remote digital content delivery system. The DCP includes a unique digital watermark applied by the content delivery system. In response to receiving an input to cause playback of the digital movie, the client-side digital content delivery device compares a unique device identifier for a display device paired to the client-side digital content delivery device to an authorized unique identifier. If the unique device identifier matches the authorized unique identifier, the client-side digital content delivery device uses the DCP to causes presentation of the digital movie by the display device paired to the client-side digital content delivery device.

Abstract: The embodiments herein relate to encryption and decryption of media data transmitted between an Unmanned Aerial Vehicle (UAV) and a ground controlling base, when recording and playing back the media data by combining symmetric and asymmetric cryptography.

Abstract: Systems and method for watermarking portions of code for the purposes of identification are described. A computer-implemented method of watermarking a portion of code with identification data includes: determining, by a computing device, a number of existing whitespace characters in the portion of code; encoding, by the computing device, the identification data using a set of reference whitespace characters; and embedding, by the computing device, the encoded identification data into the portion of code, wherein the embedding the encoded identification data includes, based on the determined number of existing whitespace characters, either replacing existing whitespace characters in the portion of code with the encoded identification data or inserting the encoded identification data characters into the portion of code.

Abstract: Methods are described for a data creator to securely send a data payload to another device in a transient symmetric key technology (TSKT) system, and for the other device to securely receive the payload data. One method includes receiving a first seed and a formula from a command and control server. A second seed is generated, and the first seed and the second seed are combined using the formula to create a data seed. A first key is generated using the first seed, and the second seed is encrypted using the first key to form an encrypted second seed. A second key is generated using the data seed, and the data payload is encrypted using the second key to form an encrypted data payload. The encrypted data payload and the encrypted second seed are combined in a secure container, and subsequently all keys and seeds and the formula are destroyed.

Abstract: Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device.

Abstract: A data processing method based on an unmanned vehicle, the method including acquiring data generated in an unmanned vehicle operating environment of the unmanned vehicle and type information of the unmanned vehicle operating environment; acquiring a data transformation logic corresponding to the type information from a pre-stored adaption repository, which stores data transformation logics corresponding to different type information; and transforming a data structure of the data according to the data transformation logic corresponding to the type information to obtain data in compliance with a preset data structure. By transforming data generated in different unmanned vehicle operating environments into data in compliance with the preset data structure, the cloud server can be assisted in analyzing and consistently processing the data in compliance with the preset data structure after they have been transmitted to the cloud server, thus improving the data processing efficiency.

Abstract: A method may include determining a location of an unmanned aerial vehicle (UAV); generating a set of mission plans based on the location of the UAV, each mission plan including respective mission plan parameters; receiving a selection of a mission plan of the set of mission plans; obtaining mission plan parameters for the selected mission plan; and transmitting the obtained mission plan parameters to the UAV to configure the UAV according to the obtained mission parameters.

Abstract: Various embodiments are provided for securing data compression in a computer environment are presented. Encryption cycles of a data compression stream may be optimized by applying a first type of encryption on a first section and a last section of compressed data and a second type of encryption on a middle section of compressed data, the first type of encryption containing key information relating to the middle section of the compressed data.

Abstract: The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.

Abstract: An improved method or security solution for securing cryptographic keys in a virtual machine RAM. A security solution is proposed to hide cryptographic keys in the cloud, without the necessity of any architectural modifications. The present solution requires the availability of a Trusted Platform Module (TPM) capable of creating and holding a protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption or decryption on behalf of data owners. This allows the present solution to be easily integrated and coupled with other existing cloud architectures. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed.

Abstract: An object of the present invention is to provide a technique that allows automatically generating a processing recipe from an inspection image even when the inspection image varies by being affected by an imaging condition of a processing device. A processing recipe generation device according to the present invention generates a converted image in which components relying on the imaging condition of the inspection image are reduced and generates a processing recipe using a target image generated using a conversion condition same as that of the converted image (see FIG. 2).

Abstract: A method may include transmitting a first public encryption key from to a control device and encrypting a first packet for a remote network device utilizing a first private encryption key correlated with the first public encryption key. The method may also include generating a second public encryption key and a second private encryption key and transmitting the second public encryption key to the control device. The method may additionally include receiving a first message from the remote network device that the remote network device received the second public encryption key from the control device, and after receiving the first message from the remote network device that the remote network device received the second public encryption key, encrypting a second packet utilizing the second private encryption key.

Abstract: This disclosure relates to method and system for providing explanation for output generated by artificial intelligence (AI) model. The method may include receiving encrypted input data and a public encryption key from a client device, wherein the encrypted input data is encrypted using the public encryption key. The method may further include generating an encrypted AI model by encrypting an AI model using the public encryption key. The method may further include generating an encrypted output and an encrypted feature data based on the encrypted input data using the encrypted AI model, and generating an encrypted explanation for the encrypted output based on the encrypted feature data. The method may further include providing the encrypted output and the encrypted explanation to the client device for rendering, wherein the encrypted output and the encrypted explanation are decrypted by the client device using a private encryption key.

Abstract: Described herein are a system and methods for obfuscating sensitive data during a data capture event in order to prevent unauthorized reproduction of that sensitive data. In some embodiments, an event listener detects an event likely to result in a data capture and notifies an obfuscation module. The obfuscation module then identifies sensitive data fields, determines an appropriate obfuscation technique for each data field, and obfuscates the identified data fields for the duration of the event. In some embodiments, any active data input actions may be canceled. In some embodiments, the data values within the obfuscated data fields may be revealed upon completion of the event.

Abstract: This disclosure relates to, among other things, systems and methods for the secure management and distribution of electronic content over broadcast communication channels. Certain embodiments disclosed herein may allow for implementation of a multi-tenant conditional access system whereby a client device may configure itself between multiple broadcast service operators. Robust key generation and management techniques are also described that may use a derived key structure to protect control words used to descramble broadcast content, providing additional measures of security and implementation redundancy.

Abstract: Methods and systems for accelerated input data conversion include partially parsing an input data set to convert the data set from a first format to a second format in an intermediate output having at least one unparsed portion to quickly perform a majority of the conversion. The partial parsing operates on portions of the input data set having a size less than a threshold size and leaves portions of the input data having a size greater than the threshold size unparsed. The intermediate output is parsed to convert at least one unparsed portion from the first format to the second format in a final output to complete the conversion such that a combined parsing time of the partial parse of the input data set and the parse of the intermediate output is accelerated relative to a single-stage parsing.

Abstract: Provided are a system and method of encrypting a folder in a device. The device for controlling access to the folder includes a communication part configured to transmit, to a server, an encryption key generation request with respect to the folder, and receive, from the server, an encryption key associated with the folder that is generated in response to the encryption key generation request, wherein the encryption key generation request includes an identification of the folder and authentication data of a user who accesses the folder is an authorized user; and a controller configured to authenticate the user by using the encryption key.

Abstract: A method includes obtaining, by a first computing device, a digital exchange item. The method further includes sending, to a server, a request to share the digital exchange item with a group of computing devices. The method further includes determining, by the server, whether the digital exchange item can be shared based on one or more of: an issuer agreement and exchange item rules. When the digital exchange item can be shared, the method further includes the server establishing secure custody rights for each computing device, determining haring rights regarding the digital exchange item, and generating replications of the digital exchange item. The method further includes the server uploading the replications and the sharing rights to digital wallets associated with the computing devices of the group.

Abstract: Some embodiments of the present disclosure may relate generally to a dynamic graphical user interface (GUI) architecture that helps provide a user-friendly and flexible capability for software users to create and manage software application rules. These rules may help with processing by a software service or software platform. Other embodiments may be disclosed and/or claimed.

Abstract: Aspects of the disclosure relate to preventing unauthorized screen capture activity. A computing platform may detect, via an infrared sensor associated with a computing device, an infrared signal from a second device attempting an unauthorized image capture of contents being displayed by a display device of the computing device. Subsequently, the computing platform may determine, via the computing platform, the contents being displayed by the display device. Then, the computing platform may retrieve a record of the contents being displayed by the display device. Then, the computing platform may determine a risk level associated with the infrared signal. Subsequently, the computing platform may perform, via the computing platform and based on the risk level, a remediation task to prevent the unauthorized image capture.

Abstract: An electronic device includes: a radio for reception of a broadcasted signal having a message, at least a part of the message has been encrypted with a first key, wherein the first key has been encrypted with a second key to result in an encrypted first key; an authenticator configured for authentication of the message by decrypting the encrypted first key with a third key, and decrypting the at least a part of the message with the first key; and a processing unit coupled to the radio; wherein the second key has a value that is different from a value of the third key; and wherein the message comprises (1) a first payload broadcasted with the encrypted first key, and (2) a second payload broadcasted without the encrypted first key.

Abstract: A computerized exchange network enables verifying vehicle banner production and image alterations, such as altering images to include indicia for example. In an embodiment, verifying successful production of a vehicle banner by a printing device enables remittance of a cooperative advertising reimbursement. In another embodiment, verifying image alterations by a computing device enables remittance of a cooperative advertising reimbursement.

Abstract: A first user saving a file f is detected. The file f is intercepted. A filename and one or more text strings entered as searchable metadata are also intercepted. An identifier id(f) is generated for the file f. The filename, the one or more text strings, and id(f) are stored together on a content address server. A symmetric encryption key KF is generated. File f is divided into n segments. An identifier id(si) is generated for each segment si. Each si is encrypted using KF, producing n encrypted segments esi=ESKF(Si). Each esi is stored with its id(si) on a peer device. For each esi, id(si) is stored on the content address server with id(f). A public key KU2 of a second user is retrieved, KF is encrypted with KU2, producing wrapped key KW2 EAKU2(KF), and KW2 is stored on the content address server with id(f).

Abstract: A federated smart user identification (ID) having embedded tiered/hierarchical entitlements. The federated smart user ID comprises an encrypted key having multiple key strings that create sub-zones/barriers within the key. Each key string includes logical code and is attached/associated with at least one of (i) a computing system, service, application or the like, and (ii) an entitlement zone of the system, service, application or the like. Thus, the individual key strings define which systems, services, applications and the like the user has access to and the entitlements/authorizations within those systems, services, applications that the user has. In addition, key strings can dynamically be added to or deleted from the key to thereby change system/service access authorization and/or system/service-level entitlement.

Abstract: Methods are provided. A method includes receiving, by a real-time visual media generation engine of a streaming server, a visual medium input to be formed into a living artwork. The method further includes generating, by the real-time visual media generation engine, variational versions of the visual medium input as the living artwork. Each of the variational versions has one or more image elements altered based on one or more variables. Each of the variational versions is unique with respect to each other and persists for a period of time while non-variational versions maintain static content.

Abstract: Autonomous embedded data cognition enables data to perform real-time environmental configuration control, self-manage, perform analyses, determine its current situation, and evaluate behavior to respond accordingly. When created, security measures, and access controls are selected. Highly sensitive data can be extracted and substituted with creator label and/or functional representation. Data-to-data reasoning and analysis can be performed. The processing method comprises autonomous monitoring for a state change and analyzing the current user to determine if the instantiation should exist. If affirmed, the cognition engine automatically configures the computational environment in which it resides. If denied, environmental behavior is further analyzed for security problems or an erroneous situation. If detected, the creator is alerted and provided with incident information enabling remote creator control of the data. Cognitive data can decide to self-destruct mitigating risk of undesirable instantiations.

Abstract: A set-top box (STB), digital video recorder (DVR), video player or other host device receives and interacts with a transcode module to provide enhanced transcoding capabilities that may be useful in placeshifting or other applications. The transcode module includes a host interface that couples to and communicates with the host device. The transcode module also includes a processor that receives an encrypted media stream from the host device via the bus interface, decrypts the encrypted media stream, transcodes the encrypted media stream to a different format, re-encrypts the transcoded stream, and provides the re-encrypted media stream to the host device via the host interface. The transcoded media content may be placeshifted to a remote player, stored at the host, or used for any other purpose.

Abstract: One embodiment described herein provides a system and method for isolating data written by different users on a cloud drive. During operation, the system receives a write request from a first user comprising to-be-written data, the to-be-written data being associated with a writer's identifier for the first user. The system then writes the to-be-written data bound with the writer's identifier into physical media associated with the cloud drive, thereby facilitating user data isolation by preventing a second user having a reader's identifier that is different from the writer's identifier of the first user from gaining access to the written data.

Abstract: A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Abstract: A software license and a software installation process are managed. A status of the license can be one of at least a third party reserved status, a requester reserved status, a requester allocated status, and an available status. A first module can be operative to change the status of the license from the third party reserved status to the requester allocated status in response to receiving a mode selection. The mode selection can correspond to one of one or more modes. The modes can comprise a reserve license mode, a remove reserve mode, a request license allocation mode, a return excess license to inventory mode, an ordering mode, and an add license to inventory mode. The first module can be operative in at least one of the modes.

Abstract: An embedded picture can be embedded with secret embedded payloads. A method is disclosed for performing trusted binding between a first participant and a second participant based on RSA cryptosystem using the embedded picture having a first area assigned to the first participant for a first secret embedded payload, and a second area assigned to the second participant for a second secret embedded payload. Multiple payloads may be embedded in the embedded picture by multiple participants. Each payload can only be encrypted and decrypted by its corresponding participant. Multiple participants may form a trusted network, in the network each participant can be recognized and validated digitally. Accordingly, various activities such as transaction of digital credit card, verification of digital identification (ID) card, transaction of digital currency note may be performed using the trusted network.

Abstract: A technique and system protects documents at rest and in motion using declarative policies, access rights, and encryption. Methods, techniques, and systems control access to documents and use of content in documents to support information management policies.

Abstract: Examples of the present disclosure describe systems and methods for implementing an external module comprising new and/or offloaded processing functionality. In aspects, an external module may be configured to be selectively and communicatively coupled to an information appliance device. The external module may be configured with or receive hardware, software, data and/or instructions for processing content and operations received by the information appliance device. When operations are received by the information appliance device, the information appliance device may parse the operations into commands to be performed by the information appliance device and commands to be performed by the external module. The information appliance device may transmit the commands to be performed by the external module to the external module. The external module may then process and/or perform the received commands and render the resulting content to a display device.

Abstract: The disclosed method for assuring authenticity of electronic sensor data may include (i) capturing, using a sensor within a device, electronic sensor data, and (ii) digitally signing, using a cryptoprocessor embedded within the device, the electronic sensor data to create a digital signature that verifies that the signed electronic sensor data has not been modified since the electronic sensor data was captured by the sensor. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for identifying a peripheral device from a digital content having been received by said peripheral device from a master device located at a user end, said master device being further configured to be connected to a server located at a back end, said method comprising the steps of: receiving, by the master device from the peripheral device, at least peripheral identification data; generating, at the master device, a first mark as a function of at least a part of said peripheral identification data; and watermarking said digital content using said first mark before transmitting said digital content to said peripheral device.

Abstract: Methods, systems, and apparatus, including computer program products, for assuring application performance by matching the supply of resources (e.g., application resources, VM resources, or physical resources) with the fluctuating demand placed on the application. For example, the systems and methods disclosed herein can be used to ensure that the application is allocated sufficient resources when it is initially deployed to handle anticipated demand; dynamically alter the resources allocated to the application during operation by matching the resource requirements to the actual measured application demand; and predict future resource requirements based on planning assumptions related to future application demand.