Disclosed are various implementations for distributing and installing packages in response to user logon events. A logon event associated with a user account is detected for a client device. A query containing a respective user account identifier is sent to a provisioning service to retrieve a set of packages to install on the client device. The set of packages are received from the provisioning service and installed on the client device.

Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

This disclosure describes techniques for implementing a blockchain to manage license compatibility. The techniques include parsing a code segment in a version of source code based on one or more parsing parameters, wherein the code segment is associated with a transaction and distributed under a license. Thereafter, one or more blocks are inserted onto a blockchain distributed ledger recording the transaction. Upon receiving an updated version of the source code comprising a change to at least one code segment associated with a new transaction, additional blocks are inserted onto the ledger recording the new transaction. Based at least on the transaction recorded in the blocks, the license associated with the version of the source code is identified. Additionally, a flag may indicate license incompatibility with the license if the change to at least one code segment associated with the new transaction violates a license restriction of the identified license.

Protection of a first software application to be executed on an execution platform by adding at least one check module to the software application, wherein the check module, when being executed, checks at least a part of the code of the protected software application loaded in the memory and carries out a predefined tamper response in case the check module detects that the checked code was changed or ensures that the protected software application continues to function correctly in case the check module detects that the checked code was not changed; selecting a first code region of the first software application, said first code region provides a first functionality when being executed; amending the selected first code region of the first software application such that an amended first code region is generated to provide the protected software application; wherein the amended first code region, when being executed, still provides the first functionality but carries out an access to at least a part of the code of a protected software application loaded in the memory for providing the first functionality.

Techniques are described for ensuring data integrity and authentication of received messages. One technique includes sending a request from a first module to a second module in which the request includes a first portion that is a shared secret encrypted with a public key, obtaining by the second module a private key from a secure and trusted information store, such as a license information store, including license information or other application specific information for the first module, using the private key to decrypt the first portion and obtain the shared secret, sending a response from the second module to the first module in which the response includes authentication data and at least one data item used with the shared secret to determine the authentication data, and performing by the first module verification processing to verify the authentication data included in the response.

One or more embodiments herein relate to a process to dynamically decrypt code of a software. A system can comprise a memory that stores computer executable components, and a processor that executes the computer executable components stored in the memory, wherein the computer executable components can comprise a decryption component that, in response to an indication being received that encrypted code of a code block is to be used, can temporarily decrypt the encrypted code of the code block into decrypted code for use of the decrypted code in an unencrypted state. In an embodiment, an encryption component can obtain and encrypt code of the code block at compile time of the code block to provide the encrypted code. In an embodiment, an encryption component can write a trigger marker into the encrypted code of the code block when encrypting code of the code block to provide the encrypted code.

A number of novel watermarking applications, and improvements to watermarking methods, are disclosed. Included are techniques for selectively incorporating promotional messages into rendered video content, monitoring whether promotional messages are rendered or skipped, permitting payment for content upon rendering rather than receipt, controlling rendering of video to include or omit adult-themed sections, confirming a person's age by reference to a watermarked identification document, and watermarking digital cinema projections.

Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to develop compilers and microcode for generation of runtime images for secure execution according to an instruction set architecture (ISA) on a computing device. For example, a co-development of a paired compiler and microcode may obscure how such a paired compiler and microcode are to express program instructions into binary runtime image.

An obfuscation macro can expand obfuscation identification information into a data value during or prior to compiling source code, and insert a de-obfuscation call where the data value is referenced in the source code. An obfuscation utility can scan compiled binaries for data values containing obfuscation identification information. The obfuscation utility identifies and obfuscates data values containing obfuscation identification information within the compiled binaries. The de-obfuscation call de-obfuscates obfuscated data values during runtime.

The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.