The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus. The amulet, the manager, and the digital asset are either operably receivable by a computer or are operably received by the computer, in various aspects. Related methods and compositions of matter are also disclosed.

An execution method includes supplying of a machine code, the machine code being formed by a succession of base blocks and each base block being associated with a signature and comprising instructions to be protected. Each instruction to be protected is immediately preceded or followed by an instruction for constructing the value of the signature associated with the base block. Each construction instruction is coded on strictly less than N bits, and each word of the machine code which comprises at least one portion of one of said instructions to be protected also comprises one of the construction instructions so that A is not possible to load an instruction to be protected into an execution file, without at the same time loading a construction instruction which modifies the value of the signature associated with the base block when it is executed.

In some examples, a system includes storage storing a machine learning model, wherein the machine learning model comprises a plurality of layers comprising multiple weights. The system also includes a processing unit coupled to the storage and operable to group the weights in each layer into a plurality of partitions; determine a number of least significant bits to be used for watermarking in each of the plurality of partitions; insert one or more watermark bits into the determined least significant bits for each of the plurality of partitions; and scramble one or more of the weight bits to produce watermarked and scrambled weights. The system also includes an output device to provide the watermarked and scrambled weights to another device.

A virtual server includes at least one processor to create a single composited layered image comprising an operating system layer and an application shortcut that includes a representation of an application while not including the application. The single composited layered image is provided as a virtual session to a client computing device. An application layer is mounted to the single composited layered image in response to a user of the client computing device interacting with the application shortcut, with the application layer including the application.

There is disclosed a method of providing an authentication service, wherein: i) a plurality of authentication virtual appliances is deployed in a distributed network by way of an authentication management platform application; ii) a pool of authentication licences is allocated to the authentication management platform application, each licence comprising computer code permitting an end user to authenticate his/her identity to at least one authentication virtual appliance by way of a predetermined computer-implemented authentication protocol; and iii) the management platform application allocates, revoke and reallocate authentication licences, from the pool of authentication licences, to end users by way of a graphical user interface.

A network computer system provides logic to cause a client compute device to perform operations in connection with the client compute device rendering a publisher's webpage. The operations performed by the client compute device include retrieving rules from a collection of rules, each rule of the collection being associated with at least one of a plurality of third-party digital content identifiers, each third-party digital content identifier uniquely identifying a corresponding third-party digital content; detection of execution of a third-party tag on the client compute device, including identifying a digital content identifier that is utilized in execution of the third-party tag; matching the digital content identifier of the executing third-party tag to one of the retrieved rules; and implementing a security or compliance operation with respect to the third-party tag based at least in part on the matched rule.

A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.

The invention is a method for managing an instance of a class in a secure element embedded in a hosting machine and including a Central Processing Unit, a storage area and a virtual machine. The method comprises a step of receiving by the secure element a load file containing a binary representation of a package of the class and a step of instantiating the instance from the package and storing the instance in the storage area. The load file includes a specific component which is a custom component within the meaning of Java Card™ specifications and which contains executable data. The instance requests the execution of a subset of the executable data by directly invoking the subset of executable data through an Application Programming Interface.

The invention is a method for managing an instance of a class in a secure element embedded in a hosting machine and including a Central Processing Unit, a storage area and a virtual machine. The method comprises a step of receiving by the secure element a load file containing a binary representation of a package of the class and a step of instantiating the instance from the package and storing the instance in the storage area. The load file includes a specific component which is a custom component within the meaning of Java Card™ specifications and which contains executable data. The instance requests the execution of a subset of the executable data by directly invoking the subset of executable data through an Application Programming Interface.

Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.