Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: Techniques for secure fast channel change in live content streaming are described. In some embodiments, during content preparation, a packager and/or an encoder encrypts media content items at both the service level (e.g., by encrypting a first portion of the plurality of segments with a service level access key unique to a service) and the channel level (e.g., by encrypting a second portion of the plurality of segments with a channel level access key unique to a channel associated with the service). On the receiving end, a client device (e.g., a media player) requests a service level access key prior to content acquisition. As such, a client can join any channel on a segment protected with the service level key without waiting for a license for that channel first, and the channel license can be acquired in parallel with the content acquisition during channel switching.

Abstract: Techniques for encrypting content in a content distribution network are disclosed. The content distribution network may comprise a number of national and local sites, and a number of hubs at each local sites. A content segment encrypting device may be operative at a local site to encrypt and cache segments of content. The segment encrypting device may provide the segments to streaming devices that encode content for delivery downstream to network or user devices.

Abstract: The present disclosure provides an off-chip memory address scrambling apparatus and method for a system on chip. The apparatus includes a true random number generator, a key memory and an on-chip security controller. The on-chip security controller is connected to the true random number generator, the key memory and an off-chip memory respectively and is configured to read or write data in the off-chip memory and perform address scrambling processing on the data.

Abstract: There is provided a method of performing authentication for a transaction between first and second devices. The method includes: generating a first random number and encrypting it based on a first key of a first private-public key pair; sending the encrypted first random number to the server; receiving a transaction identifier for the transaction, the first random number and a second random number, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting the encrypted transaction identifier, the encrypted first random number and the encrypted second random number based on a second key of the second private-public key pair; and sending the transaction identifier, and the second random number to the second device for authenticating the first device for the transaction. There is also provided a corresponding device and system.

Abstract: A method of acquiring access rights to conditional access content. The method comprises receiving an access right on a first terminal through a first communication channel; storing said access right in said first terminal; sending a request for said conditional access content to a content provider, said request containing at least an identifier of an account to which said first terminal is associated, an identifier of the requested content and a piece of information concerning said access right; verifying, by said content provider, the authenticity of said access right using said piece of information concerning the access right; and when there has been a successful verification, marking said access right as used, and sending said conditional access content to at least one terminal linked to said account. The first terminal using near field communication technology (NFC) during at least one transfer of said access rights.

Abstract: In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: The present application discloses a signal channel switching method, a display terminal and a computer-readable storage medium. The signal channel switching method includes the following operations: establishing a data connection with a first external device connected with a first hot plug pin; obtaining a first voltage detected by a second hot plug pin, and judging whether the first voltage conforms to a preset rule; if the first voltage conforms to the preset rule, obtaining information of a second external device connected with the second hot plug pin; cutting off the data connection with the first external device and establishing a data connection with the second external device according to the information of the second external device.

Abstract: A HARQ feedback indication method includes: configuring to control information a timing relationship between a time domain unit of downlink data and a time domain unit for an uplink HARQ feedback of the downlink data; and sending to a terminal the downlink data and the control information configured with timing information.

Abstract: Techniques for secure fast channel change in live content streaming are described. In some embodiments, during content preparation, a packager and/or an encoder encrypts media content items at both the service level (e.g., by encrypting a first portion of the plurality of segments with a service level access key unique to a service) and the channel level (e.g., by encrypting a second portion of the plurality of segments with a channel level access key unique to a channel associated with the service). On the receiving end, a client device (e.g., a media player) requests a service level access key prior to content acquisition. As such, a client can join any channel on a segment protected with the service level key without waiting for a license for that channel first, and the channel license can be acquired in parallel with the content acquisition during channel switching.

Abstract: An information processing device includes a memory; and a processor coupled to the memory and configured to transmit, to a terminal, a program and a first identifier related to the program, the program being encrypted with a first public key corresponding to a first private key of the terminal, the first identifier being encrypted by using the first public key and a second public key not corresponding to the first private key; and when the terminal receives the first identifier decrypted by the first public key and encrypted by the second public key, register, in a blockchain, transaction information which includes the first identifier decrypted with the second private key corresponding to the second public key.

Abstract: A block-request streaming system provides for improvements in the user experience and bandwidth efficiency of such systems, typically using an ingestion system that generates data in a form to be served by a conventional file server (HTTP, FTP, or the like), wherein the ingestion system intakes content and prepares it as files or data elements to be served by the file server. The system might include controlling the sequence, timing and construction of block requests, time based indexing, variable block sizing, optimal block partitioning, control of random access point placement, including across multiple presentation versions, dynamically updating presentation data, and/or efficiently presenting live content and time shifting.

Abstract: Embodiments described herein enable multi-user storage volume encryption via a secure enclave processor. One embodiment provides for a computing device comprising a first processor to execute a first operating system having one or more user accounts; a second processor to execute a second operating system, the second processor to receive a first encrypted key from the first processor and decrypt a volume encryption key via a key encryption key derived from the first encrypted key, the first encrypted key derived via the secure enclave without user-provided entropy; and a non-volatile memory controller to access encrypted data within non-volatile memory using the volume encryption key.

Abstract: A method for cooperatively collecting video data from driving recorders includes steps of: by a driving recorder serving as a requesting device, broadcasting a video request; by another driving recorder serving as a cooperative device, generating a video file in response to receipt of the video request, encrypting the video file to result in an encrypted file, and transmitting the encrypted file to a video file server; by the video file server, decrypting the encrypted file to result in the video file, storing the video file, and sending a success notification of video data collection to a user device based on contact information contained in pre-stored registration data.

Abstract: In accordance with various embodiments, a method is performed including determining a plurality of network reputation scores for a respective plurality of network subsets of a fabric network environment and determining a reputation policy for traffic traversing the fabric network environment. The method includes routing traffic traversing the fabric network environment according to the reputation policy and the plurality of network reputation scores.

Abstract: Described herein are systems and methods for hardware enforcement of hardware functionality in a client television receiver. An activation message containing an activation code for a specific hardware component within the client television receiver can be transmitted from a television service provider system to a host television receiver having an associated smart card. The smart card can decrypt the activation message, identify the client television receiver as the destination of the activation message, security check the activation message, encrypt the activation message with a local key, and transmit the activation message to a security processor on the client television receiver. The security processor can decrypt the activation message, security check the activation message to ensure it is from the smart card and has not been tampered with, and enable the hardware component within the client television receiver based on the activation code within the activation message.

Abstract: A commercial television-interfacing dongle and system and method for use of the same are disclosed. In one embodiment, a wireless transceiver is located within a housing, which also interconnectively includes a television input, television output, a processor, memory, a control interface, and a universal serial bus (USB) interface. The control interface and the USB interface connect to the commercial television. The commercial television interfacing dongle may establish a pairing with a proximate wireless-enabled interactive programmable device having a display and receive and process virtual remote control functionality input instructions from the proximate wireless-enabled interactive programmable device. Following receipt and processing of the virtual remote control functionality input instructions, the commercial television-interfacing dongle sends a command to the commercial television via a commercial television control protocol.

Abstract: Cryptographic keys are generated for components of a distributed system in a decentralized manner. A root key is generated for a universe of components, including capturing data and components for processing the data. A cryptographic key for a processing component is derived from the root key and one or more attributes or identifiers of the processing component, which may be provided in a specific region or domain. Cryptographic keys for capturing components (e.g., cameras) within the region or domain are derived from the cryptographic keys of the processing component and one or more attributes or identifiers of the respective capturing components. The capturing components encrypt data using their respective cryptographic keys and transfer the encrypted data to the processing component, which re-derives the cryptographic keys for such capturing components and decrypts the encrypted data using the re-derived cryptographic keys.

Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM).

Abstract: The present disclosure provides systems and methods for electronically providing each of a plurality of content distributors with access to a library of content items, facilitating the selection of a combination of the content items, creating a unique set of links for each recipient-distributor combination, and distributing the selected content and unique links via one or more distribution channels to a plurality of recipients. As each link is associated with both a recipient and a distributor, conversion actions stemming from the selection of a link by a recipient are attributed to the proper distributor. Distributors can create content distribution approaches that can be shared with other distributors.

Abstract: A method for unscrambling a multiplicity of television channels, comprises: receiving a first request for a first channel; receiving a first code for the first channel; extracting and demuxing the first channel from a plurality of channels, using the first code; receiving a second request for a second channel; receiving a second code for the second channel; and extracting and demuxing the second channel from the plurality of channels, using the second code, where the extractions of the first channel and the second channel are performed simultaneously. The method further comprises: providing a first video stream corresponding to the first channel, the first video stream being transcoded, transrated, and multiplexed with a first advertisement; and providing a second video stream corresponding to the second channel, the second video stream being transcoded, transrated, and multiplexed with a second advertisement.

Abstract: A system, method and program product for implementing a database security platform for providing secure access to private data in an encrypted storage area. A disclosed system includes a database application configured to receive queries from application users requiring access to encrypted private data; a middle security layer callable from the database application to facilitate predefined access to the encrypted private data; a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middleware layer; a hashing system that generates a hash of the middle security layer and root security layer to ensure integrity of the middle security layer and root security layer; and an auditing detection system that detects malicious auditing of parameters.

Abstract: A content streaming system and methodology for facilitating the management of content streaming. A content delivery service receives streaming content that is encoded according to an encoding profile. The content delivery service decodes the received encoded content and encodes the decoded content according to a plurality of encoding profiles. Additionally, the content delivery service reuses the received encoded content stream from the content provider.

Abstract: An information processing apparatus includes a communication interface configured to connect to a tuner device. The information processing apparatus further includes processing circuitry configured to receive, from the tuner device, data packets corresponding to an Advanced Television Systems Committee (ATSC) 3.0 service included in a digital broadcast signal, determine whether an indication to pause the ATSC 3.0 service is received, and in response to a determination that the indication to pause the ATSC 3.0 service is received, stop reading, from a first memory of the tuner device, subsequent data packets corresponding to the ATSC 3.0 service.

Abstract: A system for providing cross-services application service, device, and network content delivery management is disclosed. In particular, the system may allow devices and application services supported by multiple network services to leverage the strengths of such network services to ensure that content delivery is efficiently accomplished. The system may enable a device or application service to be associated with a management domain. Then, the management domain may subscribe the device or application service with one or more underlying supporting networks of the management domain. The associating and subscribing may be performed for the management domain by an orchestrator or by a management domain authority. The management domain authority may include a predictive, machine-learning element that drives access to content on behalf of the management domain authority through its devices and services to which they are subscribed.

Abstract: Disclosed herein are methods, systems, and processes to provide layered encryption to facilitate end to end communication. A user input is displayed in a user interface of an input device. A public/private key pair is determined based on a random number, a provisioned seed, or a physical unclonable function (PUF) provided by the input device. A previous public/private key pair is stored in a storage device associated with the input device using a recipient public key as an index. The user input is encrypted with the recipient pubic key. The derived public key is sent as a header followed by the encrypted user input to a host computing device.

Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: Techniques and systems are provided for coding video data. For example, a method of coding video data includes determining one or more illumination compensation parameters for a current block and coding the current block as part of an encoded bitstream using the one or more illumination compensation parameters. In some cases, the method can include determining one or more spatially neighboring samples for the current block and deriving the one or more illumination compensation parameters for the current block based on at least one of the one or more spatially neighboring samples. The method can further include signaling, individually, for the current block, an illumination compensation status in the encoded bitstream. The method can further include signaling at least one of the one or more illumination compensation parameters for the current block in the encoded bitstream.

Abstract: Methods, systems, and computer readable media for packet monitoring in a virtual environment are disclosed. According to one method executed at a virtual tap element residing in between a first virtual machine and a second virtual machine in a virtual network environment, the method includes obtaining cryptographic key information from either the first virtual machine or the second virtual machine and detecting an encrypted packet flow being communicated in the virtual network environment between the first virtual machine and the second virtual machine via the virtual tap element. The method further includes decrypting the encrypted packet flow using the cryptographic key information, generating a decrypted packet flow set comprising at least a portion of the decrypted packet flow, and sending the decrypted packet flow set to a packet analyzer.

Abstract: There is provided a receiving apparatus including circuitry that is configured to receive a broadcasting stream including digital data according to an IP (Internet Protocol) having a protocol stack of layers. The circuitry is configured to use a first key acquired based on a first control signal at a first layer to decode a second key included in a second control signal transferred at a second layer, and decrypt an encoded component that corresponds to a particular broadcasting service which is included in a stream obtained through the broadcasting stream, the second layer being a higher layer than the first layer in the protocol stack.

Abstract: A data management method includes decrypting the first encryption key using the second encryption in response to receiving the first encryption key, decrypting the data by using the first encryption key in response to receiving the data encrypted with the first encryption key, and encrypting the data with the third encryption key and transmitting the data externally.

Abstract: Message and data sharing may require additional levels of security beyond mere access authorization procedures. One example method of operation may include identifying message content associated with a message, splitting the message content into a plurality of message content sections, identifying a plurality of potential recipient devices, and transmitting the plurality of message content sections to the plurality of potential recipient devices.

Abstract: Described herein is technology for, among other things, global provisioning of a service. The technology involves a provisioning server obtaining location information for a client. The provisioning server determines an appropriate deployment unit, based on the location information, to which the client will be assigned. The provisioning server transmits assignment information for the appropriate deployment unit to the client. The client then communicatively couples to the assigned deployment unit and begins receiving the service from the deployment unit.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM). A database encryption key management system is part of an HSM. A key manager circuit of the database encryption key management system generates a master key encryption key and stores it in the HSM. The key manager circuit generates an HMAC key and encrypts the HMAC key using the master key encryption key to generate a HMAC key cryptogram. The interface circuit of the database encryption key management system transmits the HMAC key cryptogram to a database server, which independently generates and stores a unique identifier. The HSM deletes the HMAC key from its storage media.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.

Abstract: A method of sending content comprising receiving a membership request from a client at an anonymizer, the membership request being encrypted with a public key of the anonymizer, generating a table from a prefix-free source coding scheme with a full binary tree, a pseudonym range, and a master key, sending the table, the pseudonym range, and the master key, all encrypted with a public key of the client, receiving a content request with an encoded content name, the content request being encoded using the table, a pseudonym from the pseudonym range, and the master key, decoding the content name of the content request using the pseudonym, the table, and the master key, retrieving content corresponding to the content name, and sending the content and the encoded content name. Secure information sharing is also provided for.

Abstract: A memory arrangement having a memory cell array, wherein each column is associated with a bit line and each row is associated with a word line, wherein the columns have first columns of memory cells that store useful data, and columns of memory cells of a second column type that store prescribed verification data, wherein during a read access operation the memory cells of at least the columns of memory cells of the second column type set the associated bit line to a value that corresponds to a logic combination of the values stored by the memory cells of the column of the second column type that belong to rows of memory cells addressed during the read access operation, and a detection circuit that is configured to, during a read access operation, detect whether a bit line associated with a column of memory cells of the second column type is set to a value that corresponds to the logic combination of values stored by memory cells of the column of the second column type of memory cells and whose values belong t

Abstract: The present disclosure provides systems and methods for electronically providing each of a plurality of content distributors with access to a library of content items, facilitating the selection of a combination of the content items, creating a unique set of links for each recipient-distributor combination, and distributing the selected content and unique links via one or more distribution channels to a plurality of recipients. As each link is associated with both a recipient and a distributor, conversion actions stemming from the selection of a link by a recipient are attributed to the proper distributor. Distributors can create content distribution approaches that can be shared with other distributors.

Abstract: Described herein is technology for, among other things, global provisioning of a service. The technology involves a provisioning server obtaining location information for a client. The provisioning server determines an appropriate deployment unit, based on the location information, to which the client will be assigned. The provisioning server transmits assignment information for the appropriate deployment unit to the client. The client then communicatively couples to the assigned deployment unit and begins receiving the service from the deployment unit.

Abstract: Systems and methods for providing services are disclosed. One method can comprise receiving data having a first format and transmitting the data to a first device. The method may also comprise detecting a second device, automatically recognizing a supported second format of the detected second device, converting the data to the second format, and transmitting the converted data to the second device via wireless communication.

Abstract: A CPU of an information processing apparatus (MFP) obtains device information of a secondary storage device installed in the MFP and discriminates, based on the obtained device information, whether the secondary storage device is of a type that supports an erasure command (TRIM command) that provides notification of information indicating data to be erased from the storage device. The CPU controls display of a setting screen for erasure modes by controlling, in accordance with the discrimination result, whether to display erasure modes for executing erasure processing based on an erasure command in a selectable manner.

Abstract: A method to transport forward error correction (FEC) codes in a symbol encoded transmission stream includes encoding a data stream from a data source into data symbols using computing circuits, generating first FEC codes from the data symbols using the computing circuits, encoding the first FEC codes into first FEC symbols using the computing circuits, merging the data symbols and the first FEC symbols into the transmission stream using the computing circuits, and transmitting the merged transmission stream to a sink device using the computing circuits. The encoding of the data stream into the data symbols and the encoding of the first FEC codes into the first FEC symbols may include the same encoding technique.

Abstract: Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device.

Abstract: A web page that includes content form fields may be modified to include an event observer module and an authored content module. Events generated during the authoring of content by a user are recorded by the event observer module and sent to an event server with an InteractionID. The authored content module inserts hidden fields into the form fields that are updated with the InteractionID when content is submitted to the web server. The web server provides the InteractionID in a bind request to the event server. The event server binds the content to the events used to create the content in response to the request.

Abstract: A system, method and program product for implementing a database security model. A database security model is disclosed that includes: a system for maintaining private data in an encrypted storage area; an ENCR system for implementing a plurality of ENCR routines, wherein each of the ENCR routines is callable from a database application to access and process private data and wherein the ENCR system operates in a functional space separate from the database application; and a crypto system having a private key and decryption system, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from an ENCR routine, and wherein the crypto system operates in a functional space separate from the ENCR system.

Abstract: The present invention relates to a multiple encrypting method, for encrypting a file and/or a protocol and generating encryption keys. Comprising the steps of: uploading at least one of a file and a protocol by a file uploading unit; generating random numbers by a random number generation unit; arranging the random numbers to form at least one key and at least one initialization vector respectively by a key generation unit and an initialization vector generation unit; encrypting the file and/or the protocol from the file uploading unit via using AES encryption by an encryption unit, so as to generate an encrypted file and/or an encrypted protocol; saving the key and the initialization vector respectively in a first storage unit and a second storage unit; Repeating the above steps at least one time.

Abstract: An input apparatus capable of receiving an input is provided. The input apparatus includes a communicator configured to communicate with a first user terminal device and a second user terminal device, a processor, in response to a content being selected from the first user terminal device through the input apparatus and a first predetermined event occurring, configured to receive information about identifier information and an encryption key of the first user terminal device from the first user terminal device and, in response to a second predetermined event occurring, configured to transmit the received information about the identifier information and the encryption key of the first user terminal device to the second user terminal device. Accordingly, user convenience will grow due to the reinforcement of security and availability of conveniently transmitting data to an external device without using a separate external device.

Abstract: Secure computation of enterprise data in a cloud is provided, by a third party, such that values and data manipulation processes are encrypted through use cryptographic processes that are secure. A method can comprise performing operations including receiving security data representing an attribute included in a log file, generating encoded attribute data as a function of the attribute, a hash function, or salt data representing an alphanumeric string, and sending the encoded attribute data to a second device.