This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

A service providing method of the present invention includes receiving sound source information on a sound source to be registered to the music platform and issuing a blockchain-based NFT that represents an ownership for the sound source; receiving a request for using a service related to the sound source registered to the music platform from at least one at least one service use terminal connected to the blockchain-based network; and in response to the received request, providing a service related to the sound source based on the blockchain-based NFT issued in advance for the sound source to the at least one service use terminal.

A method of selectively decrypting encrypted data may include selecting a plurality of encrypted data bits between and including a first encrypted data bit and a last encrypted data bit; for each encrypted data bit from the plurality of encrypted data bits: determining a corresponding encrypted block and a block number that contains the encrypted data bit, determining a corresponding counter for the determined block number, determining a bit position of the encrypted data bit within the determined encrypted block, selecting a counter bit at the bit position within the counter, encrypting the counter, and executing an XOR operation between the encrypted data bit and the corresponding encrypted counter bit.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for validating an application's data access request. One of the methods includes receiving, for an application, a request for access to data collected by a device; determining an identifier for the application and a declared use of the data by the application based on contents of a twice-signed data usage token for the application; and controlling the application's access to the data, including: enabling access to the data when (i) both signatures of the twice-signed data usage token have been validated and (ii) the declared use of the data matches an authorized use of the data; and preventing the application from accessing the data when (i) either signature of the twice-signed data usage token has not been validated or (ii) the declared use of the data fails to match the authorized use of the data.

A method for offloading a data segment includes receiving a probe request from a user device to offload the data segment, where the probe request includes a segment identification. The method further includes sending a probe response to the user device, where the probe response includes an approval or decline of an action to be executed by the user device, the action being one of an upload or a request to retry offloading the data segment at a later time. The method further includes sending a challenge to the user device.

A method, system, and computer program product for intercepting communication between a virtual machine and an encrypted replication data stored on a storage medium and redirecting the communication to a remote replication appliance and using a key stored on the remote replication appliance to enable the virtual machine to facilitate communication with the encrypted replication data stored on the storage medium, wherein facilitating communication enables the virtual machine to interact with the encrypted replication data as unencrypted data.

A method of authenticating data received from a user device by a service provider may include receiving user credentials from the user device via a secure communication channel; upon verifying the user credentials, providing to the user device via the secure channel a permission token, where the permission token includes at least a shared secret, where a data within the permission token is not observable to the user device and a shared secret data outside the data of the permission token, the shared secret data observable to the user device; and receiving a request from the user device via a non secure communication channel, where the request may include at least the permission token and a hash digest formed using at least a portion of the shared secret data.

An encryption and recording apparatus storing data, the apparatus including: a first nonvolatile memory; a second nonvolatile memory; and an encryption and decryption control unit, wherein the encryption and decryption control unit: manages an area included in the second nonvolatile memory on a per-block basis, and manages association between a block and a block-unique key using key management information stored in the first nonvolatile memory; receives the data and corresponding information associated with the data; encrypts the data, using one or more block-unique keys associated with one or more blocks included in the second nonvolatile memory and writes the data to the one or more blocks; and stores the corresponding information into the key management information, associating the corresponding information and the one or more block-unique keys.

A method of splitting a data stream into a set of data segments may include receiving the data stream, wherein the data stream may include data packets; selecting a segment time period and a time domain; subdividing the time domain into a set of time blocks, each one of the set of time blocks having a duration of the segment time period; identifying a set of starting data packets corresponding to the set of time blocks; identifying a set of finishing data packets corresponding to the set of starting data packets; identifying a last one of the set of finishing data packets being a last data packet of a last one of the set of time blocks; and identifying the set of data segments based on the corresponding set of starting data packets and the corresponding set of finishing data packets.

An apparatus and method for protecting content in a graphics processor. For example, one embodiment of an apparatus comprises: encode/decode circuitry to decode protected audio and/or video content to generate decoded audio and/or video content; a graphics cache of a graphics processing unit (GPU) to store the decoded audio and/or video content; first protection circuitry to set a protection attribute for each cache line containing the decoded audio and/or video data in the graphics cache; a cache coherency controller to generate a coherent read request to the graphics cache; second protection circuitry to read the protection attribute to determine whether the cache line identified in the read request is protected, wherein if it is protected, the second protection circuitry to refrain from including at least some of the data from the cache line in a response.