УСТРОЙСТВО СЕРВЕРА, СПОСОБ РАСПРЕДЕЛЕНИЯ ЛИЦЕНЗИИ И УСТРОЙСТВО ПРИЕМА СОДЕРЖАНИЯ

Изобретение относится к устройству сервера, которое предоставляет содержание (контент), и к устройству приема содержания, которое получает содержание и лицензию, необходимую для воспроизведения содержания. Техническим результатом является стабилизирование работы сервера лицензии путем исключения концентрации запросов на получение лицензии от большого количества клиентов во время непосредственно после времени начала широковещательной передачи содержания. Сетевой сервер сервера телевидения по протоколу Интернет (IPTV) устанавливает случайным образом время запроса на получение основной лицензии в пределах периода времени от времени начала широковещательной передачи до заданного установленного времени, в соответствии с запросом на получение лицензии для воспроизведения зашифрованного содержания, причем запрос на получение поступает из терминала клиента IPTV и передает в терминал клиента IPTV информацию о времени запроса на получение основной лицензии и временной лицензии, включающей в себя ...

СПОСОБ ДЛЯ ЗАЩИТЫ ЗАПИСАННОГО МУЛЬТИМЕДИЙНОГО СОДЕРЖАНИЯ

Изобретение относится к средствам обработки и передачи мультимедийного контента. Техническим результатом является повышение степени защиты записанного мультимедийного содержания. В способе выполняют с помощью сетевого головного устройства, на канале, вещательную передачу (162) скремблированного мультимедийного содержания и ЕСМ сообщений (сообщений, управляющих предоставлением права), содержащих криптограммы CWуправляющих слов CW, обеспечивающих дескремблирование соответствующего криптопериода скремблированного мультимедийного содержания, принимают с помощью одного из записывающих устройств указанное скремблированное мультимедийное содержание и ЕСМ сообщения и дешифруют (184) криптограмму CW, содержащуюся в ЕСМ сообщении, принятом с ключом Kподписки, защищают скремблированное мультимедийное содержание от считывания, с использованием ключа KH, посредством шифрования (186) дешифрованных управляющих слов посредством ключа KHдля генерирования криптограмм CW. 6 н. и 10 з.п. ф-лы, 3 ил.

СПОСОБ ОБЕСПЕЧЕНИЯ БЕЗОПАСНОСТИ СООБЩЕНИЙ, ПЕРЕДАВАЕМЫХ ПЕРЕДАЮЩИМ ТЕРМИНАЛОМ НА УДАЛЕННЫЙ ПРИЕМНЫЙ ТЕРМИНАЛ

... 1. Способ обеспечения безопасности n сообщений MUi, где n больше или равно 1, a i равно от 1 до n, передаваемых передающим терминалом в удаленный приемный терминал, содержащий этапы, на которых: ! до передачи передающим терминалом: ! a) создают упорядоченную последовательность, содержащую N блоков данных Bj, где j равно от 1 до N, N - целое число, большее или равное n; ! b) для каждого сообщения MUi (i=от 1 до n) вычисляют положение pi в указанной упорядоченной последовательности из N блоков с использованием функции F; ! c) заключают каждое сообщение MUi (i=от 1 до n) в блок Bj, находящийся в положении pi, и ! d) передают упорядоченную последовательность, содержащую сообщения MUi, в указанный приемный терминал; ! а после приема приемным терминалом: ! е) вновь вычисляют положения pi, где i равно от 1 до n, блоков Bj, заключающих в себе сообщения MUi, с использованием указанной функции F; ! f) извлекают блоки Bj, занимающие положения pi, где i равно от 1 до n, из принятой упорядоченной последовательности ...

TRANSAKTIONSZERTIFIZIERUNG

Content encryption

Protection of data on media recording disks

MULTI-LAYER ENCRYPTION SYSTEM FOR THE BROADCAST OF ENCRYPTED INFORMATION

Prioritized content encryption for rapid breach response

A method, for example for use in video on demand (VOD) streaming, comprises generating an encrypted media content item using a plurality of encryption keys by: encrypting a first portion of a media content item to generate a first encrypted portion using a first key of the plurality of keys that is derived from a first seed of a first type, and encrypting a second portion of the media content item to generate a second encrypted portion using a second key of the plural keys, derived from a second seed of a second type; the first portion of the media content item is classified in a first (e.g. prioritised) category and the second portion of the media content item is classified in a second (e.g. non-prioritised) category. Further, determining whether or not the media content item has been (security) breached; and, if so, repairing the encrypted media content item by: re-encrypting the first encrypted portion using a replacement key derived from a replacement seed, of the first type, to generate ...

Method to bind the use of a television receiver toa particular network

METHOD TO BIND THE USE OF A TELEVISION RECEIVER TO A PARTICULAR NETWORK

Method to bind the use of a television receiver toa particular network

Method to bind the use of a television receiver toa particular network

PROCEDURE AND TRANSMISSION OF NEWS SYSTEM FOR DATA BASES

SYSTEM WITH CONDITIONED ACCESS

PROCEDURE FOR SENDING VIDEO FILES IN A DATA NETWORK

SYSTEM AND PROCEDURE OF ENTSCHLÜSSELUNGSUND CODING SERVICES

PROCEDURE FOR SENDING OF PROGRAMS WITH CONDITIONED HOWEVER PROGRESSIVE ENTRANCE AND PROCEDURES FOR PROGRESSIVE ENTRANCE TO SUCH PROGRAMS

PROCEDURE AND DEVICE FOR PRODUCING A CODED UTILIZABLE DATA STREAM AND PROCEDURE AND DEVICE FOR DECODING A CODED UTILIZABLE DATA STREAM

Multicasting multimedia content distribution system

A method and apparatus for a multicasting multimedia content distribution system. A content server creates a schedule of transmission times for data streams and assigns the streams to multicast groups. DVRs receive the schedule from content server that contains content descriptions for each data stream along with the transmission times of each particular content description. The content server transmits the content across the Internet according to the published schedule via a multicast transmission designated for a particular multicast group. Each DVR determines the content for which it has an interest, finds the scheduled time for transmission for the content, schedules a recording time in its recording schedule, and joins the associated multicast group at the scheduled time. The DVR receives the multicast stream for the group and stores the stream on its local storage device for use by the DVR or for viewing by a user.

Method and system for authorizing multimedia multicasting

TERRESTRIAL BROADCAST COPY PROTECTION SYSTEM FOR DIGITAL TELEVISION

Method and apparatus for performing session based conditional access

Conditional access and security for video on-demand systems

SYSTEM FOR TRANSMITTING INFORMATION BETWEEN AN EMITTING CENTRE AND RECEIVING STATIONS

A system for transmitting information between an emitting center and receiving stations, comprising: a subscription administration center generating a plurality of subscriber's keys Ci changing randomly at relatively long intervals of the order of a month; in the emitting center: a generator of an operating key K changing randomly at relatively short intervals of the order of a few minutes; a circuit for forming messages Mi obtained from said subscriber's keys Ci and from the operating key K by means of an algorithm, all the mesmages Mi then being directed towards the emitting center; and automatic encryption means using the operating key K, in each receiving station: a subscription holder on which is recorded a signal corresponding to at least one of the subscriber's keys Ci; a circuit for restoring the operating key receiving the messages Mi and the subscriber's key Ci, this circuit working out an algorithm for restoring the signal corresponding to the operating key K used in the emitting ...

METHOD FOR CONTROLLING ACCESS TO AN ENCRYPTED PROGRAMME

L'invention concerne un procédé de contrôle d'accès à un programme crypté diffusé par un opérateur à une pluralité de groupes d'abonnés, chaque groupe d'abonnés étant muni d'une clé de groupe KG, et chaque abonné étant susceptible de recevoir de l'opérateur une clé d'exploitation KT chiffrée par la clé de groupe KG pour décrypter le programme diffusé. Le procédé selon l'invention comporte en outre les étapes suivantes: avant la diffusion du programme crypté, (a) associer la clé d'exploitation KT chiffrée à une valeur aléatoire R pour générer un code secret ;(b) transmettre le code secret aux abonnés, (b) transmettre la valeur aléatoire R aux abonnés pour calculer la clé d'exploitation KT lorsque le programme crypté est diffusé.

SYSTEM AND METHOD FOR PROVIDING AUTHORIZED ACCESS TO DIGITAL CONTENT

ADVANCED, SELF-BALANCING VIDEO MULTIPLEXER SYSTEM

An advanced video multiplexer system designed and optimized for next generation on~-demand video distribution is described. The system is characterized by a session manager (130) for establishing digital video sessions with client devices (170A-E), a server (10) responsive to the session manager for providing digital video content, and a multiplexer (150) for selecting and combing video segments into one or more multi-channel multiplexes. This system optimizes and identifies a multiprogram transport stream best able to accommodate new sessions based on Quality of Service (QoS) and QAM utilization ratios.

DTCP CONVERTER FOR HLS

TECHNIQUE FOR SECURELY COMMUNICATING PROGRAMMING CONTENT

... ²²²A technique is provided for securely transferring programming content from a ²first device in a first layer, e.g., a trusted domain, to a second device in a ²second layer, e.g., outside the trusted domain. When a user requests that the ²first device transfer protected content to the second device, the first device ²needs to authenticate the second device. After the second device is ²authenticated, the first device may transfer to the second device the ²protected content, together with a rights file associated therewith. The ²rights file specifies the rights of the second device to use the protected ²content, according to its security level indicative of its security. These ²rights may concern, e.g., the number of times that the second device may ²subsequently transfer the protected content to other devices, the time period ²within which the second device may play the protected content, etc. The higher ²the security level of the second device is, the more rights accorded thereto. ²Indeed ...

DLNA/DTCP STREAM CONVERSION FOR SECURE MEDIA PLAYBACK

A process for converting a DTCP-IP transport stream into HLS format, comprising receiving an encrypted DTCP-IP transport stream comprising DTCP frames at a secondary device from a source device, with each of the plurality of DTCP frames comprising encrypted 16-byte portions, forming chunks from the DTCP frames by grouping encrypted 16-byte portions into a chunk, adding HLS padding bytes to the end of each chunk and encrypting the HLS padding bytes to form an encrypted chunk, loading each of the encrypted chunks and a playlist to a media proxy server at the secondary device, loading a DTCP key onto a security proxy server, and providing the playlist, each of the encrypted chunks, and the DTCP key to a native media player on the secondary device, such that the native media player follows the playlist to decrypt the encrypted chunks using the DTCP key and plays back the chunks.

IMPROVEMENTS TO A TELEVISION SIGNAL RECEPTION DEVICE AND SYSTEM

The present invention allows the combination and adaptation of a broadcast data reception system with a Conditional Access System which may be embedded in the receiving device, such as a television, or can be provided as a module which is connected to the receiving device and which allows service provider controlled, typically cloud based, interactivity via the same CAS with different Multi Channel video programming distributors (MVPD) service providers.

METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION

Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control.

SIMULCRYPT KEY SHARING WITH HASHED KEYS

A method of sharing keys among a plurality of conditional access (CA) vendors having differing CA systems used at a distribution headend involves receiving a CA Value contribution from each of the plurality of CA vendors at the headend; hashing the CA Values from each of the plurality of CA vendors together using a hashing function to produce an output control word; and at an encrypter at the headend, using the output control word as a content key, wherein the content key is used as an encryption key to encrypt content provided to a plurality of receivers that decrypt the content using any of the conditional access systems. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

METHOD FOR ACTIVE CONTENT FINGERPRINTING

The present invention concerns a method of providing robust and secure fingerprints comprising, at an enrolment stage, the steps of providing a content x for which a fingerprint is to be provided, assigning an ID number to said content x, providing a secret key k, generating a fingerprint bx based on content x and secret key k, storing the generated fingerprint bx together with the assigned ID in a database, as well as, at an identification stage, the steps of extracting, for a given query content y which might result either from the enrolled content x or an unrelated content x', an estimate fingerprint by based on content y, and secret key k, producing an estimated ID number based on said estimate fingerprint by for identifying the content x using said ID number stored in the database, or else rejecting the query. The method distinguishes from prior art in that, at the stage of generating the fingerprint bx, it comprises the step of modulating the content x in the space of secret carriers ...

PROCEDURE FOR THE CONTROLLING OF SIMULTANEOUS BROADCASTING TRANSMISSIONS OF CODED SIGNALS AND BROADCAST RECEIVERS.

SYSTEM FOR COMPRESSING VIDEODATA

СИСТЕМА И СПОСОБ СЖАТИЯ И ФОРМИРОВАНИЯ ПОТОКА ВИДЕОДАННЫХ

Система предназначена для кодирования ключевых кадров внутри потока данных как ключевых кадров, так и дельта-кадров. Формируется поток данных, который включает все закодированные ключевые и дельта-кадры, а при получении сигнала о запросе передают поток данных, сформированный из первого ключевого кадра, который появился в потоке после получения сигнала о запросе, и следующих дельта-кадров. Ключевые кадры вводят в поток данных, которые передаются, сразу после получения сигнала о запросе к потоку данных.

Hybrid network encrypt/decrypt scheme

The present invention relates to a hybrid method for a service provider (10) to transmit decryption information (e.g., algorithms, parameters, keys) to clients (12) in a secure manner and at low cost for use in decrypting broadcast services. The service provider (10) uses a bidirectional channel (14) (e.g., a GPRS channel) to receive service requests, authenticate clients and transmit currently valid decryption information (and, optionally, future decryption information) necessary to decrypt a broadcast service. The service provider (10) transmits the encrypted service on a unidirectional channel (16) (e.g., a DVB-T channel). The service provider (10) preferably also changes the encryption of the service with time, and, as it does, transmits updated decryption information to its clients on the unidirectional channel (16). The updated decryption information is encrypted using the currently valid decryption information and may also include future decryption information and synchronization ...

Communication system

A content distributing server (40) receives, from an information processing apparatus (30), a first password generated, by use of a predetermined function, from both first data, which indicates a key, and server-specific information that is unique to the server. The content distributing server (40) then transmits, to a terminal (10), both the received first password and process designating information that designates a process. The terminal uses a function to generate a second password from both second data which has been acquired from the information processing apparatus and indicates a key that is identical to the key indicated by the first data, and the server-specific information. The terminal then compares the first password from the server with the second password generated by the terminal and determines, on the basis of a result of the comparison, whether or not to execute the process designated by the process designating information from the server.

Content encryption

An audio/video content delivery system comprises a content source linked by an internet data connection to a content receiver, the content receiver being configured to receive content from the content source via the internet data connection and to receive access-controlled encoded broadcast content from that or another content source by a separate broadcast data path, in which the content source comprises an encryptor for sending encrypted content to the content receiver via the internet data connection according to a content encryption key; the content receiver comprises: a host module having a decryptor for decrypting encrypted content received from the content source via the internet data connection; and a removable conditional access module (CAM), the CAM having an access control unit for decoding the access- controlled encoded broadcast content, the host module and the removable CAM being arranged to provide an encrypted communication link for decoded access-controlled encoded broadcast ...

Client, intelligent television system and corresponding data transmission method

Authentication of data transmitted in a digital transmission system

Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium

PROCEEDED OF GENERATION AND WEATHER SYSTEM PROGRESSIVE PREDICTION OF WEATHER SITUATIONS AROUND A CARRIER HAS.

PROCESS AND MODULE OF RENEWAL OF the CODE Of a CRYPTOGRAPHIC ALGORITHM, PROCESS AND MODULE OF GENERATION Of a SEED, PROCESSOR OF SAFETY AND SUPPORT Of RECORDING FOR THESE PROCESSES

A METHOD OF GENERATING AN INITIALIZATION VECTOR FOR ENCRYPTION OF VIDEO CONTENT

APPARATUS AND METHOD FOR TERMINAL AUTHENTICATION IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM

DOWNLOADABLE CONDITIONAL ACCESS SYSTEM AND METHOD OF SESSION CONTROL FOR SECURED 2-WAY COMMUNICATION BETWEEN AUTHENTICATION SERVER AND HOST DEVICE IN THE DOWNLOADABLE CONDITIONAL ACCESS SYSTEM

BROADCAST PROCESSING APPARATUS AND A METHOD THEREOF, CAPABLE OF FACILITATING A SECURITY OF BROADCASTING CONTENTS

PURPOSE: A broadcast processing apparatus and a method thereof are provided to maintain a security of broadcasting contents without using a cipher key generating module. CONSTITUTION: A decoding unit decodes an encrypted broadcast in a cable card. An encryption unit re-encrypts the decoded broadcasting in the decoding unit. A storage unit stores the re-encrypted broadcast in the encryption unit. A control unit(250) changeably produces a key required for the re-encrypt operation of the encryption unit according to the broadcast band, and the key is assigned to the encryption unit. © KIPO 2009 ...

SECURITY COMMUNICATION METHOD USING ESTABLISHMENT OF A SECURITY CERTIFICATION CHANNEL, AND A SYSTEM THEREOF

PURPOSE: A security communication method and a system thereof are provided to perform safe communication by calculating a security certification channel key through exchange of a certificated key and an authentication certificate between devices. CONSTITUTION: A security communication method comprises the following steps: a step for obtaining a parameter for protecting contents(S1); a step for certificating a device using an authentication certificate(S2); a step for exchanging a key with the device in order to establish a security certification channel with the device through the key certificated by the authentication certificate(S3); and a step for changing a contents license protecting mode of the contents if the contents are copied or are moved from the device. COPYRIGHT KIPO 2010 ...

METHOD FOR SECURING A DVB-S2 TRANSMISSION

KEY GENERATION DEVICE, ENCRYPTION DEVICE, RECEPTION DEVICE, KEY GENERATION METHOD, ENCRYPTION METHOD, KEY PROCESSING METHOD, AND PROGRAM

A key generation device builds a hierarchical Y-branched tree structure in which n reception devices are allocated. A new parameter is supplied to each of sub groups respectively using as a parent node, an intermediate node existing between a leaf and a route of the Y-branched tree structure, so that the sub groups can be flexibly configured. When there is no or few contractors to be excluded, it is possible to reduce the header size to be distributed and the calculation amount of an operation to be executed by the contractor.

METHOD OF PROTECTING A CONTENT

The invention relates to a method of protecting a content to be distributed to a pool of receiving terminals connected to a content distribution network and each having a specific level of security dependent on the technical security means used, method comprising the following steps: at the sending end, - generating a scrambling key for said content, - transforming said scrambling key by a first calculation module 26 arranged at the head of said content distribution network, - scrambling the content by the transformed key, - transmitting the scrambled content and the scrambling key to the terminals, and, - on receipt of said content and the scrambling key by a terminal, - transforming said scrambling key by a second calculation module arranged in said terminal, - descrambling the content with the transformed scrambling key, method characterized moreover by the steps consisting in, at the sending end, - applying to said scrambling key, by means of said first calculation module, a function ...

VIDEO ON DEMAND SIMULCRYPT

Systems and methods in accordance with embodiments of the invention provide the ability for VOD operators to export control words used to technically protect content The content protection system is configured to receive content and to technically protect the content using at least one control word The content protection system is configured to provide the control word to at least one conditional access system and the VOD operator system via a simulcrypt interface, each conditional access system is configured to encrypt the control word and provide an entitlement control message containing the encrypted control word The VOD server is configured to provide the technically protected content to a user device via the shared network in response to a request from the device, and the device is configured to receive the protected content, identify an entitlement message and extract the control word and access the content using the control word.

IDENTIFICATION OF A COMPROMISED CONTENT PLAYER

A system and method for identifying the player that leaked content encryption keys by loading a set of player keys into individual content players and determining the number of encryptions and the number of encryption keys to use in multiple encrypting critical content. The method produces copies of critical data content packets, each copy of which is separately encrypted using any one of a set of encryption keys that are related to one another through a mathematical algorithm. The related set of encryption keys and data describing key relationship and content player identity are transmitted to a previously determined license management agency. The transmitted encrypted content is written to a receiving device or file, or streamed to an individual player for non-synchronous playback. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

METHOD AND SYSTEM OF REALIZING INTERNET PROTOCOL TELEVISION SERVICE

A method of realizing IPTV service is disclosed. It includes the following steps: the terminal obtains at least one of the electronic program guide EPG and the controlling information by the interactive network; the terminal receives the media stream; the terminal plays the media stream corresponding to the program in the EPG by the controlling information. A system of realizing IPTV service is also disclosed. The invention brings forward that exchange IPTV service relative information such EPG etc by interactive channels in the DVB-H network, thus it can make the offer of the IPTV service more smartly and improve the service experience.

METHOD FOR PROTECTION OF KEYS EXCHANGED BETWEEN A SMARTCARD AND A TERMINAL

The present invention relates to a method for the protection of keys sent from a secure token (USIM) to a terminal (ME), said keys being traffic keys (MTK) used to decrypt a portion of content received from a content delivery center (BM-SC), said traffic keys being sent from said content delivery center (BM-SC) to the secure token (USIM) via a terminal (ME) using the MIKEY protocol defined by IETF RFC 3830. The method further comprises the steps of (a) - decrypting in the secure token encrypted traffic keys received from content delivery center thereby producing traffic keys, and decryption by the terminal (ME) of the content received from the content delivery center (BM-SC) by using said traffic keys, characterized in that said method further comprises the step of (b) - encrypting in the secure token, using the MIKEY protocol defined by IETF RFC 4738, said traffic keys, and decryption by the terminal of said IETF RFC 3830-protocol-encrypted traffic keys.

ADAPTIVE AND PROGRESSIVE VIDEO STREAM SCRAMBLING

The invention relates to a method of distributing digital video sequences according to a nominal stream format, said sequences consisting of a series of frames. Each of the aforementioned frames comprises at least one block containing numerous coefficients that correspond to simple digitally-encoded visual elements. The inventive method comprises a modification step, whereby at least one block of the original stream is modified. The invention is characterised in that, during the aforementioned modification step, the original stream is modified in an adaptive manner according to at least one part of the characteristics representative of the structure, contents and parameters of the original video stream, the profile of the recipient and external events. In one particular embodiment, the modification step consists in replacing one part of said coefficients in order to produce (i) a main video stream with the nominal format and (ii) complementary modification information which enables the ...

HIERARCHICAL SCHEME FOR SECURE MULTIMEDIA DISTRIBUTION

Various quality versions of an electronic content are defined, and one or more distortion algorithms (22, 32) that are executable to generate a lower quality version of the electronic content by a distortion of the highest quality version (21, 31) are defined. Each quality version is selectively assigned a content key (CK) whereby an electronic content player (34, 70) will have the appropriate information when decrypting, decoding, and/or distorting the highest quality version (21, 31) of the electronic content.

PROGRAM GUIDE SYSTEM WITH REAL-TIME DATA SOURCES

A program guide system is provided in which an interactive television program guide that is implemented at least partially on user television equipment receives program listings data and real-time data such as sports scores, news data, and the like. The real-time data may be stored in a database maintained by the program guide, so that the program guide may access the stored real-time data at a later time. Updated program listings information may be provided to the program guide as part of the data stream in which the real-time data is provided. Unique keys may be generated for the program listings data and real-time data associated with each live event. The keys may be compared at the program guide to determine which program listings correspond to which items of real-time data. A controllable ticker may be displayed on top of a television program on the user television equipment. The controllable ticker may be sponsored. Different types of real-time data may be assigned different expiration ...

DTCP Converter for HLS

A method for DTCP to HLS conversion is provided that starts with a standard DTCP Protected Content Packet (PCP) structure. The PCP payload data is chunked at defined chunk boundaries. Each chunk is then appended with a pad to be compatible with HLS. An HLS playlist is then provided using the PCP header with identification of the chunks and a keytag. The chunk is encrypted with a DTCP key calculated by the DTCP standard using: (a) copy control bits; (b) a nonce, and (c) an exchange key ID. Relevant PCP header fields are provided in the keytag for the HLS playlist, including the value of the copy control bits, the nonce and the exchange key ID, supporting the transaction that enables calculation of the DTCP content key to enable later decryption of the chunks.

System and Methods for Enhancing the Experience of Spectators Attending a Live Sporting Event, with Gaming Capability

A handheld electronic device for use at a venue hosting a live sporting event, having a receiver for receiving a wireless RF transmission conveying a plurality of video streams derived from video cameras filming the live sporting event, a display and a user interface for selecting a video stream among the plurality of video streams to be displayed on the display. The handheld electronic device is capable to acquire a locked mode of operation and an unlocked mode of operation, in the locked mode of operation the handheld electronic device being precluded from displaying the video streams to a spectator, in the unlocked mode of operation the handheld electronic device being enabled to display the video streams to the spectator, the handheld electronic device capable to acquire the unlocked mode of operation in response to reception of authentication data wirelessly transmitted to the handheld electronic device.

APPARATUS AND METHOD FOR DECODING DIGITAL IMAGE AND AUDIO SIGNALS

An apparatus and method for decoding of encoded signals representing at least image information from a storage medium is claimed. A storage device is configured to receive the storage medium. A decoder is configured receive the compressed encrypted encoded signals from the storage medium, and send the signals to a decryptor. The decryptor is configured to decrypt the compressed encrypted encoded signals, and send the signals to a decompressor. The decompressor is configured to receive the compressed encoded signals from the decryptor and to decompress the compressed encoded signals to enable display of the image.

Video multiplexer system providing low-latency VCR-like effects and program changes

An advanced multiplexer designed and optimized for next generation on-demand video distribution is described. Features and capabilities include low-latency client interactions, quality of service management, session based encryption management, support for multiple video formats, and support for multiple video decoding standards. Indicators are embedded in new video segments to identify start-of-segment transition points, enabling rapid transitions from one video segment to another. Low-latency operation is achieved by rapid switching, and by coordinating flushing of video buffers and buffer restoration.

Multi-level, multi-dimensional content protections

In one aspect of the invention is a method for a multi-level, and multi-dimensional scheme of content protection. Content having one or more attributes is encrypted using separate keys for each level of protection, where each level corresponds to an assurance of protection for each attribute. The content may be distributed to a number of environments having different levels of protection by transmitting a base key commensurate with the environment's subscription level. The base key may then be used generate lower level keys for accessing content at a level of protection less than or equal to that subscribed to.

Method for personalized encryption in an un-trusted environment

A method of encrypting digital content, the method is executed by at least one data processor and comprises selecting one or more segments of said digital content, duplicating said selected segment or segments, creating a plurality of copies of each segment and performing different encryption on said different copies.

Method to secure data exchange between a multimedia processing unit and a security module

A method is proposed for creating a secure and authenticated channel between a multimedia processing device and a security module that can be shared between several entities, the data transmitted to one entity not compromising the other entities. The a protection method, for data exchanged between a multimedia processing device including a personal key and a security module managed by a management centre, includes determination of an identifier pertaining to an entity representing a group of multimedia processing devices, calculation of a security key formed by a one-way operation based on the personal key of the multimedia processing device and the entity identifier, and transmission of this security key to the security module connected to the entity. A security key is then formed between the multimedia processing device and the security module, by means of the reception of the entity by the multimedia processing device. The multimedia processing device then calculates the security key ...

Method of sharing personal media using a digital recorder

A method and apparatus for sharing personal media using a digital recorder transfers multimedia content via email to a digital video recorder.

METHOD OF TRANSMITTING AN ADDITIONAL PIECE OF DATA TO A RECEPTION TERMINAL

The invention relates to a method of transmitting at least one additional piece of data D in a list of access control words CWi to a scrambled content transmitted by a content server of an operator to a user equipment (2) including a reception terminal (4) associated with a security processor (6), each control word CWi of said list being designed to descramble said contents during a determined cryptoperiod, this method includes the following steps: a) prior replacement of at least one of the control words of said list with a magnitude X resulting from the treatment of said additional piece of data D by a function G having a dual function H, and, at the reception of said list by the reception terminal (4), b) retrieve said additional piece of data D by treating said magnitude X with dual function H.

IPTV follow me content system and method

Tools are provided for distributing access-restricted content in an internet protocol television (“IPTV”) environment based on portable entitlement keys. Such tools can include a decoder, an encoder, and a network entitlement handler. The decoder may be configured to receive a key associated with entitlement information, and transmit the entitlement information over a network. The encoder may be configured to receive content from content providers, and to encode the content to create IP-compatible content, with access restrictions based on entitlement. The network entitlement handler may be configured to receive a request for requested content from the decoder; receive the access-restricted content including (including the requested content) from the encoder; and transmit the requested content over the network to the decoder using IP, when the decoder is entitled to receive the requested content.

NETWORK-BASED DIGITAL VIDEO RECORDER PLAYBACK ADAPTER

This disclosure describes systems and methods related to a network-based digital video recorder playback adapter. In some embodiments, a request for digital content may be received from a customer device. A plurality of segments associated with the digital content may be received. A content stream may be generated based at least in part on the plurality of segments associated with the digital content. The content stream may be transmitted.

SYSTEMS AND METHODS FOR SECURELY STREAMING MEDIA CONTENT

Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Method and apparatus for mutual authentication in downloadable conditional access system

Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.

System and methods for enhancing the experience of spectators attending a live sporting event

A handheld electronic device for use at a venue hosting a live sporting event, having a receiver for receiving a wireless RF transmission conveying a plurality of video streams derived from video cameras filming the live sporting event, a display and a user interface for selecting a video stream among the plurality of video streams to be displayed on the display. The handheld electronic device is capable to acquire a locked mode of operation and an unlocked mode of operation, in the locked mode of operation the handheld electronic device being precluded from displaying the video streams to a spectator, in the unlocked mode of operation the handheld electronic device being enabled to display the video streams to the spectator, the handheld electronic device capable to acquire the unlocked mode of operation in response to reception of authentication data wirelessly transmitted to the handheld electronic device.

TERMINAL AUTHENTICATION APPARATUS AND METHOD IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM

A terminal authentication apparatus and method in a Downloadable Conditional Access System (DCAS) is provided. The terminal authentication method may determine whether terminal authentication information, received from a DCAS terminal, is valid by referring to a database, may transmit DCAS image information and pairing information about the terminal authentication information to a user terminal, when the terminal authentication information is valid, and thereby may enable the DCAS terminal to set the user terminal based on the pairing information.

METHODS AND SYSTEMS FOR RE-SECURING A COMPROMISED CHANNEL IN A SATELLITE SIGNAL DISTRIBUTION ENVIRONMENT

A method implemented by a set top box that encrypts communications for a channel stacking switch (CS) using a public key of the CSS, the method comprising: obtaining a message from a head end; extracting electronic counter measure (ECM) data from the message; sending the ECM data to the CSS; receiving, in response to the sending, a new public key of the CSS; encrypting communications for the CSS using the new public key of the CSS. Also, a method for implementation by a CSS, comprising: maintaining a private key and a public key; obtaining ECM data sent by a set top box in communication with the CSS; obtaining an identifier of the CSS; formulating a new public key based on the private key, the identifier and the ECM; rendering the new public key available to the set top box.

Systems and methods for securely providing adaptive bit rate streaming media content on-demand

A system for securely providing adaptive bit rate streaming media content on-demand may include a security server of a program distributor that selects, based on a received authorized request, which of a differently encrypted stored versions of a “special segment” of the requested program to deliver to the receiving device during the transmission of the requested program. The selection may be based on a pseudo-random selection process per request for the program based on an identifier of the request associated with the remote control device. The selection of which of the differently encrypted stored versions of the “special segment” of the ordered program to deliver may be=based on the current session. The secure remote then sends to the receiving device the correct decryption key for the receiving device to decrypt the particular encrypted version selected of the “special segment” to be sent to the receiving device.

Digital Watermark Key Generation

This disclosure relates to message encoding. One claim recites a digital watermark key generation method in which the key providing security for a plural-bit message. The method comprises: providing a plural-bit seed; randomizing the plural-bit seed; using a programmed electronic processor for encoding the randomized plural-bit seed with convolutional encoding, the encoded seed comprising a key; and transforming an independent message with the key, the independent message to be used in a digital watermark encoding process. Of course, other claims and combinations are provided too.

Меthоds аnd аppаrаtus fоr pеrsistеnt соntrоl аnd prоtесtiоn оf соntеnt

А nоvеl mеthоd аnd аppаrаtus fоr prоtесtiоn оf strеаmеd mеdiа соntеnt is disсlоsеd. In оnе аspесt, thе аppаrаtus inсludеs соntrоl mеаns fоr gоvеrnаnсе оf соntеnt strеаms оr соntеnt оbjесts, dесrуptiоn mеаns fоr dесrуpting соntеnt strеаms оr соntеnt оbjесts undеr соntrоl оf thе соntrоl mеаns, аnd fееdbасk mеаns fоr trасking асtuаl usе оf соntеnt strеаms оr соntеnt оbjесts. Тhе соntrоl mеаns mау оpеrаtе in ассоrdаnсе with rulеs rесеivеd аs pаrt оf thе strеаmеd соntеnt, оr thrоugh а sidе-bаnd сhаnnеl. Тhе rulеs mау spесifу аllоwеd usеs оf thе соntеnt, inсluding whеthеr оr nоt thе соntеnt саn bе соpiеd оr trаnsfеrrеd, аnd whеthеr аnd undеr whаt сirсumstаnсеs rесеivеd соntеnt mау bе “сhесkеd оut” оf оnе dеviсе аnd usеd in а sесоnd dеviсе. Тhе rulеs mау аlsо inсludе оr spесifу budgеts, аnd а rеquirеmеnt thаt аudit infоrmаtiоn bе соllесtеd аnd/оr trаnsmittеd tо аn ехtеrnаl sеrvеr. In а diffеrеnt аspесt, thе аppаrаtus mау inсludе а mеdiа plауеr dеsignеd tо саll plugins tо аssist in rеndеring соntеnt ...

Меthоds аnd аppаrаtus fоr pеrsistеnt соntrоl аnd prоtесtiоn оf соntеnt

А nоvеl mеthоd аnd аppаrаtus fоr prоtесtiоn оf strеаmеd mеdiа соntеnt is disсlоsеd. In оnе аspесt, thе аppаrаtus inсludеs соntrоl mеаns fоr gоvеrnаnсе оf соntеnt strеаms оr соntеnt оbjесts, dесrуptiоn mеаns fоr dесrуpting соntеnt strеаms оr соntеnt оbjесts undеr соntrоl оf thе соntrоl mеаns, аnd fееdbасk mеаns fоr trасking асtuаl usе оf соntеnt strеаms оr соntеnt оbjесts. Тhе соntrоl mеаns mау оpеrаtе in ассоrdаnсе with rulеs rесеivеd аs pаrt оf thе strеаmеd соntеnt, оr thrоugh а sidе-bаnd сhаnnеl. Тhе rulеs mау spесifу аllоwеd usеs оf thе соntеnt, inсluding whеthеr оr nоt thе соntеnt саn bе соpiеd оr trаnsfеrrеd, аnd whеthеr аnd undеr whаt сirсumstаnсеs rесеivеd соntеnt mау bе “сhесkеd оut” оf оnе dеviсе аnd usеd in а sесоnd dеviсе. Тhе rulеs mау аlsо inсludе оr spесifу budgеts, аnd а rеquirеmеnt thаt аudit infоrmаtiоn bе соllесtеd аnd/оr trаnsmittеd tо аn ехtеrnаl sеrvеr. In а diffеrеnt аspесt, thе аppаrаtus mау inсludе а mеdiа plауеr dеsignеd tо саll plugins tо аssist in rеndеring соntеnt ...

Меthоds аnd аppаrаtus fоr pеrsistеnt соntrоl аnd prоtесtiоn оf соntеnt

А nоvеl mеthоd аnd аppаrаtus fоr prоtесtiоn оf strеаmеd mеdiа соntеnt is disсlоsеd. In оnе аspесt, thе аppаrаtus inсludеs соntrоl mеаns fоr gоvеrnаnсе оf соntеnt strеаms оr соntеnt оbjесts, dесrуptiоn mеаns fоr dесrуpting соntеnt strеаms оr соntеnt оbjесts undеr соntrоl оf thе соntrоl mеаns, аnd fееdbасk mеаns fоr trасking асtuаl usе оf соntеnt strеаms оr соntеnt оbjесts. Тhе соntrоl mеаns mау оpеrаtе in ассоrdаnсе with rulеs rесеivеd аs pаrt оf thе strеаmеd соntеnt, оr thrоugh а sidе-bаnd сhаnnеl. Тhе rulеs mау spесifу аllоwеd usеs оf thе соntеnt, inсluding whеthеr оr nоt thе соntеnt саn bе соpiеd оr trаnsfеrrеd, аnd whеthеr аnd undеr whаt сirсumstаnсеs rесеivеd соntеnt mау bе “сhесkеd оut” оf оnе dеviсе аnd usеd in а sесоnd dеviсе. Тhе rulеs mау аlsо inсludе оr spесifу budgеts, аnd а rеquirеmеnt thаt аudit infоrmаtiоn bе соllесtеd аnd/оr trаnsmittеd tо аn ехtеrnаl sеrvеr. In а diffеrеnt аspесt, thе аppаrаtus mау inсludе а mеdiа plауеr dеsignеd tо саll plugins tо аssist in rеndеring соntеnt ...

Recent channels pre-calculation in video delivery

In some embodiments, a method receives a message that identifies an asset being viewed on a video service at a timestamp. The message is associated with a profile identifier and a plurality of messages are received for the profile identifier while using the video service. The method determines a channel identifier for a channel in which the asset is offered during the timestamp and determines whether a channel change occurred based on the channel identifier and a prior channel identifier determined from a prior message in the plurality of messages. When the channel change has occurred, the method stores the channel identifier and timestamp for the profile identifier in a data structure, wherein a list of channels is generated by querying the data structure to determine a set of channel identifiers and timestamps for the profile identifier.

BROADCAST/COMMUNICATION LINKING RECEIVER APPARATUS AND RESOURCE MANAGING APPARATUS

An integrated broadcasting communications receiver, comprises: an application activation information extracting unit; an application obtaining unit; an application execution unit; an application controlling unit; a revocation list extracting unit and a verification key extracting unit for extracting a revocation list and a verification key from broadcast data; a revocation list verifying unit for verifying if a provider ID of an application is written in a revocation list; and a resource managing unit for obtaining a resource.

A SYSTEM, PROTECTING METHOD AND SERVER OF REALIZING VIRTUAL CHANNEL SERVICE

A system for implementing the virtual channel service generates an content key associated with each of the video on-demand (VOD) program contents for the each VOD program content multicast on a virtual channel, encrypts the VOD program contents by using the content key and multicasts the encrypted VOD program content on the virtual channel; generates a channel key for the virtual channel that multicasts the VOD program content, encrypts the content key and generates encryption information by using the channel key, and authorizes a user terminal that orders the virtual channel to the channel key, and multicasts the encryption information on the virtual channel. The user terminal that joins the virtual channel decrypts and obtains the content key by using the authorized channel key and then uses the content key to decrypt the encrypted content of the VOD program. Hence, it is necessary to encrypt the VOD program content once and store one corresponding encrypted program, thus saving storage ...

SYSTEMS, METHODS AND APPARATUSES FOR THE SECURE TRANSMISSION OF MEDIA CONTENT

DIGITAL RIGHTS DOMAIN MANAGEMENT FOR SECURE CONTENT DISTRIBUTION IN A LOCAL NETWORK

DATA PROCESSING APPARATUS AND METHOD THEREOF

In an image process apparatus, a key different for each hierarchy is generated on the basis of a specific key with respect to image data having a hierarchical structure, the image data in each hierarchy is enciphered using the generated key for each hierarchy, and the specific key is managed, so that key management can be easily performed while the image data having a hierarchical structure is enciphered using the key different for each hierarchy.

Method for distributing video information to mobile object by digital radio communication

In a method for distributing video information from a central station unit placed on the ground to at least one mobile terminal unit comprising a terminal unit mounted on a mobile object, a request for distribution of the video information is transmitted as request information from the mobile terminal unit to the central station unit by radio communication, and the requested video information is distributed from the central station unit to the mobile terminal unit by digital radio communication. In this method, the video information is hierarchized, and part of the video information in a hierarchical rank according to read right information transmitted together with the request from a mobile terminal is made readable. Further, accounting on the distributed video information in the central station is performed based on accounting information from the mobile terminal. Furthermore, the mobile terminal transmits information indicating the receiving environment of the terminal to the central ...

Method and system for controlling the disclosure time of information

Transmission of data to a client computer

Selective video modification

A method for processing a video stream comprises: receiving a video stream (e.g. from a camera, in a security or surveillance application) comprising a plurality of frames of image data; selecting portions of the image data on the basis of first data (e.g. via a copy of portions to be selected, image masks, pointers to portions such as metadata, timestamps indicating bitstream location, indications of macroblocks to be selected, etc) indicating locations within the image data; modifying the selected portions to generate modified portions of the image data, e.g. to redact, blur, replace, censor or obscure sensitive, private or personal image information or objects; generating second data for use in recovering at least some of the selected portions from the modified portions; and outputting the second data, unselected portions of the image data and the modified portions of the image data. The second data may represent a difference between the selected portion of the image data and a respective ...

REPRODUCTION OF PROTECTED KEYS BY PRODUCTION DATA OF DISTRIBUTED KEYS

KEY DEVELOPMENT PROCEDURE AND DEVICE IN A COMMUNICATION SYSTEM

PROCEDURE FOR THE PROTECTION OF BY AUSSTRAHLER RADIATING CODED CONTENTS

AUTHENTIFIZIERUNG OF DATA WHICH IN A DIGITAL TRANSMISSION SYSTEM TRANSFERRING

Verfahren und Anlage zur Erzeugung von Graphitkörpern

Die gegenständliche Erfindung bezieht sich auf ein Verfahren und eine Einrichtung zur Erzeugung von Graphitkörpern aus hochreinem kohlenstoffhältigen körnigen Material wie Petrolkoks oder kohlenteerpechbasierendem Koks und mindestens einem Bindemittel welches bei erhöhten Temperaturen verkokbar ist unter Verwendung von Puffinginhibitoren, ebenso auf einen Graphitkörper worin der genannte Puffinginhibitor in einer Korngroße von weniger als 2f.lm, vorzugsweise kleiner als 1 m anwesend ist.

SYSTEM AND PROCEDURE FOR ACTIVATING A DECODER DEVICE

Security of a multimedia stream

A method including receiving encrypted multimedia information of a multimedia broadcast multicast service streaming session, wherein the multimedia information is encrypted using an encryption key. An indication allowing to switch the receiving of the encrypted multimedia information to a peer-to-peer streaming session is received and receiving of the encrypted multimedia information from the multimedia broadcast multicast service streaming session to the peer-to-peer streaming session is switched. Encrypted multimedia information of the peer-to-peer streaming session is received.

Method for receiving viewing-restricted channel

A method for receiving a viewing-restricted channel is disclosed. In one embodiment of the present invention, if a user makes a request for receiving a viewing-restricted channel, a command requesting decoding and transmitting broadcast signals of the viewing-restricted channel is generated and transmitted to a broadcast receiver equipped with a CAS module through a network, and broadcast data decoded at the broadcast receiver is received through the network and played after being processed as audio/video signals. If broadcast signals transcoded in a different bit rate at the broadcast receiver is received, the transcoded broadcast data can be decoded in an appropriate way and played.

System and method for transferring digital content

A device is provided for use with a digital content provider and a content purchaser. The content provider can provide digital content and a first digital key, wherein the digital content has quantified digital rights associated therewith. The device includes a receiving portion, a security portion, a content database, an interface portion and a transmitting portion. The receiving portion can receive the digital content and the first digital key. The security portion can access the digital content with the first digital key. The content database can store the digital content. The interface portion can offer to the content purchaser the digital content and can enable the content purchaser to purchase the digital content in accordance with purchased quantified digital rights. The security portion can further encrypt the digital content with a digital key such that the content purchaser may use the purchased digital content.

Methods and Systems for Scalable Distribution of Protected Content

A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.

Digital works having usage rights and method for creating the same

Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party.

Digital works having usage rights and method for creating the same

Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party.

System and method for utilizing content in accordance with usage rights

Apparatus, method, and media for utilizing content. An exemplary method comprises storing a description structure comprising one or more usage rights, storing content associated with the one or more usage rights, receiving a request for the content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one of the one or more usage rights, determining whether the computing device is an authorized device, and utilizing the content in accordance with the at least one of the one or more usage rights based at least in part on a determination that the utilization corresponds to the at least one of the one or more usage rights and a determination that the computing device is an authorized device.

Single-url content delivery

Systems and methods for providing media with a data network using a single Uniform Resource Locator (URL) are disclosed. These systems and methods may be part of a larger media servicing network that can be used to, among other things, process uploaded media content, provide it for streaming, and collect metric information regarding the streaming. The disclosed systems and methods provide for receiving a URL and providing an index file based, at least in part, on a client identity and requested media file associated with the URL. Embodiments further provide for the use of an advertisement server that can specify advertisement(s) to be shown during the playback of the media file. With every index file created, the advertisement server can update and/or change the advertisement(s) to be shown.

SOFTWARE CONDITIONAL ACCESS SYSTEM FOR A MEDIA DELIVERY NETWORK

A method for purchasing a media service from a media delivery service provider includes sending a request to the media delivery service provider requesting the media service and authenticating a media distribution device by comparing a permanent virtual circuit established between the media distribution device and the media delivery service provider with a predetermined permanent virtual circuit defined and programmed by the media delivery service provider. Upon determining the media distribution device is successfully authenticated, the method includes downloading a software key from the media delivery service provider to the media distribution device and automatically deleting the software key after a predetermined amount of time. Upon determining the media distribution device is not successfully authenticated, the method includes downloading displayable data to the media distribution device from the media delivery service provider. 1. A method for purchasing a media service from a media delivery service provider , the method comprising:sending a request, by an application executing on a computer processor of a media distribution device, to the media delivery service provider requesting the media service;authenticating, by the application, the media distribution device by comparing a permanent virtual circuit established between the media distribution device and the media delivery service provider with a predetermined permanent virtual circuit defined and programmed by the media delivery service provider;upon determining the media distribution device is successfully authenticated, downloading a software key from the media delivery service provider to the media distribution device and automatically deleting the software key after a predetermined amount of time; andupon determining the media distribution device is not successfully authenticated, downloading displayable data to the media distribution device from the media delivery service provider.2. The method of ...

Video on demand processing

A device may include a communication interface configured to receive a request from a client device, where the request identifies a first video on demand (VOD). The device may also include logic configured to identify capabilities associated with the client device, the capabilities including at least one of a decoding capability of the client device, a content protection scheme supported by the client device, or a transport protocol via which the client device can communicate, and forward the request for the VOD to a service provider associated with providing the first VOD. The logic may also be configured to receive a media stream from the service provider, the media stream corresponding to the first VOD, process the media stream in accordance with the identified capabilities, and forward the processed media stream to the client device.

System and method for key space division and sub-key derivation for mixed media digital rights management content

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

Distributed Database Management System

A distributed database management system provides a central database resident on a server that contains database objects. Objects, e.g., program guide data, to be replicated are gathered together into distribution packages called “slices,” that are transmitted to client devices. A slice is a subset of the central database which is relevant to clients within a specific domain, such as a geographic region, or under the footprint of a satellite transmitter. The viewer selects television programs and Web content from displayed sections of the program guide data which are recorded to a storage device. The program guide data are used to determine when to start and end recordings. Client devices periodically connect to the server using a phone line and upload information of interest which is combined with information uploaded from other client devices for statistical, operational, or viewing models.

Movie-screening management device and movie-screening management method

A movie-screening management device includes: a mutual-state monitoring unit monitoring mutual states by periodically performing communication with other parties connected through a network to exchange information when being logged; a content/playlist synchronization management unit sharing contents and playlists with the other parties; and a key management unit comprehensively managing keys necessary for reproducing the contents with respect to the other parties.

INTEGRATED BROADCASTING COMMUNICATIONS RECEIVER AND RESOURCE MANAGING DEVICE

An integrated broadcasting communications receiver, comprises: an application activation information extracting unit; an application obtaining unit; an application execution unit; an application controlling unit; an revocation list extracting unit and a verification key extracting unit for extracting an revocation list and a verification key from broadcast data; an revocation list verifying unit for verifying if a provider ID of an application is written in an revocation list; and a resource managing unit for obtaining a resource. 1. An integrated broadcasting communications receiver used for an integrated broadcasting communications system including: a key generating device for generating a verification key that is public information for verifying a signature added to an application of a corresponding individual service provider; a signing key generating device for generating a signing key that is unique to the service provider , and generating an revocation list in which a provider ID of a service provider corresponding to an revoked signing key is described; an application server that adds a signature to an application by a signing key and delivers the application to an integrated broadcasting communications receiver; a resource managing device for managing a resource that the application uses during execution; and a broadcast transmitting apparatus for transmitting broadcast data via a broadcast wave to the integrated broadcasting communications receiver , the integrated broadcasting communications receiver comprising:an application activation information extracting unit for extracting application activation information for obtaining and controlling the application, from an event information table included in a transport stream of the broadcast data transmitted by the broadcast transmitting apparatus;an application obtaining unit for obtaining the application, referring to an address of an application server described in the application activation information, ...

Content Rental System

A content rental system includes one data store for storing rental content. The content rental system also includes a content server for transferring content to one viewing device based upon a received request. The content server is further configured to authorize the transfer of the content from the viewing device to another viewing device. 1. A method , comprising:transmitting, to a computing system from a client device, a request to initiate a rental time period for a content item;receiving, in response to the request a response including an indication of a rental time period, wherein initiating playback of the content item is allowed during the rental time period;receiving, at the client device and during the rental time period, an indication to initiate playback of the content item; andin response to receiving the indication to initiate playback of the content item, initiating a playback time period, wherein playback of the content item is allowed during the playback time period, and the playback time period ends after the rental time period ends.2. The method of claim 1 , further comprising transmitting claim 1 , to the computing system claim 1 , a request for the content item.3. The method of claim 2 , wherein the request for the content item comprises a request to stream the content item.4. The method of claim 1 , further comprising:receiving an indication to purchase the content item; andtransmitting, to the computing system, a request to purchase the content item.5. The method of claim 4 , further comprising:receiving, from the computing system, an indication that the request to purchase the content item succeeded; andcommencing, responsive to receiving the indication that the request to purchase the content item succeeded, a period during which playback at the client device is unrestricted.6. The method of claim 1 , further comprising displaying an indication of when the playback time period ends.7. The method of claim 1 , further comprising displaying a ...

Versatile music distribution

Methods and devices are described whereby a representation of an original PCM signal may be reversibly degraded in a controlled manner and information losslessly embedded to produce a streamable PCM signal, which provides a controlled audio quality when played on standard players and conditional access to a lossless presentation of the original PCM signal. Using such techniques allows control over the level of degradation of the signal and also flexibility in the type information of information embedded. Some methods require a song key, which is employed in one or both of the degrading and embedding steps and for creating a token. These methods may further require a user key, which is used to encrypt the song key before creating the token.

System and Method for Distributed Video Storage Across Enterprises

A system and method for storing image information, such as video clips, across multiple storage devices of different business entities provides redundancy and off-site storage, but possibly without the costs associated with a traditional cloud storage system. In examples, a peer-to-peer arrangement is used. A user/customer accesses the image information via a web portal hosted by their business entity or the operator of the system or accesses the image information from a mobile device. 1. A system for image information storage , comprising:image information storage devices that are located in respective business entities that store image information from other business entities; andone or more storage indexes that indicate where image information is stored between the business entities.2. The system as claimed in claim 1 , wherein the image information storage devices include network video recorders and network cameras.3. The system as claimed in claim 1 , wherein each of the image storage devices include local storage in which image information is stored for the respective business entity and peer storage in which image information is stored from at least one other business entity.4. The system as claimed in claim 3 , wherein the peer storage is encrypted.5. The system as claimed in claim 1 , wherein image information is transmitted between image information storage devices of different business entities using peer-to-peer connections.6. The system as claimed in claim 1 , wherein selectable levels of redundancy are associated with the business entities claim 1 , and image information is stored over higher numbers of other business entities for higher levels of redundancy.7. The system as claimed in claim 1 , further comprising an application server that maintains the one or more storage indexes.8. The method as claimed in claim 7 , wherein the one or more storage indexes are maintained in the image information storage devices.9. A method for image information ...

SECURELY CONNECTING CONTROL DEVICE TO TARGET DEVICE

In an approach, a target computing device receives a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key. The target computing device forwards the pairing request to the authentication server, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials. The target computing device receives the pairing which includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key. The target computing device decrypts the shared secret encrypted under the target device key and forwards the shared secret encrypted under the controller key to the controller device. Using the decrypted shared secret, the target computing device establishes a secure connection to the controller computing device. 1. A method comprising:using a target computing device, receiving a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key that is not available to the controller computing device and the target computing device;using the target computing device, forwarding the pairing request to the authentication server computer, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials;using the target computing device, receiving the pairing response from the authentication server computer, wherein the pairing response includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key, the controller key being unavailable to the target computing device and the target device ...

Internet Protocol Television Via Public Wi-Fi Network

An apparatus, e.g. a wireless media access point, includes a transceiver, a non-transitory storage medium, and a processor operably coupled to the transceiver and the storage medium. The processor is configured by instructions stored on the storage medium to transmit a first multicast channel associated with a first group temporal key (GTK), and to simultaneously transmit a second multicast channel associated with a second GTK.

DOWNLOADABLE SECURITY AND PROTECTION METHODS AND APPARATUS

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication. 167.-. (canceled)68. Computerized apparatus for use in a content delivery network having a plurality of computerized client devices associated therewith , the computerized apparatus comprising:a computerized server apparatus, the computerized server apparatus configured to establish a security boundary around at least a portion of a requesting one of the plurality of computerized client devices, the security boundary allowing for the protection of both content and software images included therein;a digital content protection apparatus in communication with the computerized server apparatus, the digital content protection apparatus configured to generate at least one software image based on an evaluation; anda media provisioning apparatus in communication with the computerized server apparatus and the digital content protection apparatus, the media provisioning apparatus configured to initiate transmission of the at least one ...

CONTENT INSPECTION IN PRIVACY ENHANCED CLOUD CONFERENCING

A media distribution network device connects to an online collaborative session between a first participant network device, a second participant network device, and a security participant network device. The security participant network device is configured to decrypt packets of the online collaborative session to apply security polices to the packets. An encrypted packet is received at the media distribution network device. The encrypted packet is received from the first participant network device containing data to be distributed as part of the online collaborative session. The encrypted packet is distributed to the security participant network device prior to distributing the encrypted packet to the second participant network device. 1. A method comprising:connecting, via a media distribution network device, to an online collaborative session between a first participant network device, a second participant network device, and a security participant network device, wherein the security participant network device is configured to decrypt packets of the online collaborative session to apply security polices to the packets;receiving at the media distribution network device an encrypted packet from the first participant network device containing data to be distributed as part of the online collaborative session; anddistributing the encrypted packet to the security participant network device prior to distributing the encrypted packet to the second participant network device.2. The method of claim 1 , further comprising:receiving an indication from the security participant network device that the encrypted packet should not be distributed to the second participant network device; anddropping the encrypted packet prior to distributing the packet to the second participant network device.3. The method of claim 1 , further comprising receiving at the media distribution network device an indication from the security participant network device that subsequently received ...

PATTERN ADDRESSING FOR SESSION-BASED DASH OPERATIONS

A method of session-based DASH operations can include receiving a media presentation description (MPD) referencing a session-based description (SBD) and indicating a key name during a media access session. The SBD includes a first repeating pattern element that includes a first sequence of timed key values of the key name. The first repeating pattern element indicates that the first sequence of the timed key values of the key name is relocated along a timeline or an orderline. A first key value of the key name corresponding to a timing or a segment number of a current segment of a sequence of segments can be determined based on the first repeating pattern element in the SBD. A request for the current segment can be transmitted to a media content server. The request includes a pair of the key name and the first key value. 1. A method of session-based dynamic adaptive streaming over HTTP (DASH) operations in a media streaming system , comprising:transmitting a media presentation description (MPD) referencing a session-based description (SBD) and indicating a key name during a media access session, the MPD describing a media presentation of media content partitioned into a sequence of segments:transmitting the SBD referenced by the MPD, the SBD including a first repeating pattern element that includes a first sequence of timed key values of the key name, the first repeating pattern element indicating that the first sequence of the timed key values of the key name is repeated along a timeline or an orderline;receiving a request for a segment of the sequence of segments from a DASH client, the request including a pair of the key name and a first key value, wherein the first key value of the key name corresponding to a timing or a segment number of the segment of the sequence of segments is indicated in the first repeating pattern element in the SBD; andtransmitting the requested segment of the sequence of segments to the DASH client in response to the received request ...

TRANSFER OF CONSUMABLE DATA TO VEHICLES

Consumable data objects are transferred from a source server to a vehicle server. The availability of a first data communications link from the source server to a vehicle server is detected and a count of consumable data objects stored on the vehicle server is generated. If the first data communications link is detected, the count is transmitted to the source server over the link. An identifier of the vehicle server is derived from the first data communications link, and this identifier is associated with the count. A consumable data object replenishment count is generated based upon an evaluation of the count in relation to historic use data derived from past counts. 1. A method for transferring consumable data objects from a source server computer system to a vehicle server computer system , the method comprising:detecting availability of a first data communications link from the vehicle server computer system to the source server computer system;generating a count of consumable data objects stored on the vehicle server computer system;if the first data communications link is detected, transmitting the count of the number of consumable data objects stored on the vehicle server computer system to the source server computer system over the first data communications link;deriving, on the source computer system, an identifier of the vehicle server computer system, the identifier being derived from the first data communications link; andassociating, on the source server computer system, the count of the number of consumable data objects stored on the vehicle server computer system with a derived identifier of the vehicle server computer system.2. The method of claim 1 , further comprising:transmitting, from the source server computer system to a content loading device, a predetermined number of consumable data objects corresponding to the generated consumable data object replenishment count, each of the transmitted consumable data objects being associated with the ...

Displaying session audit logs

Methods and apparatus for generation of session audit log displays are disclosed. Audit log data is captured in association with at least one session in a computerized system. A video presentation is generated based on the captured audio log data. A video presentation of at least a part of the at least one session can then be displayed based on the generated data.

TECHNIQUES FOR SECURING LIVE POSITIONING SIGNALS

A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals. 1. A method of operating a navigation system , comprisingreceiving positioning signals over a first network interface from multiple positioning signal sources;receiving an encrypted reference signal over a second network interface that is different from the first network interface;decrypting the encrypted reference signal using a conditional access module to produce a positioning validation signal;deciding, using the positioning validation signal, that the received positioning signals are valid; anddetermining, when the positioning signals are valid, a position of a receiving device that includes the first network interface.2. The method of claim 1 , further comprising navigating the receiving device based on the valid positioning signals.3. The method of claim 1 , wherein the positioning signals include a timing signal claim 1 , the method further including:determining a time of day at the receiving device.4. The method of claim 1 , wherein the determining includes:computing a first checksum from the received positioning signals; andcomparing the first checksum with the positioning validation signal for a match between them.5. The method of claim 1 , wherein the encrypted reference signal is included in an entitlement management message.6. The method of claim 1 , wherein the multiple positioning resources are a subset of resources that provide a full positioning ...

NETWORK PROTOCOL FOR CONTENTS PROTECTION IN DIGITAL CABLE BROADCASTING SERVICE AND CONDITIONAL ACCESS SYSTEM USING THE PROTOCOL

Disclosed are a network protocol for contents protection in a digital cable broadcasting service and a conditional access system using the protocol. A method for renewing conditional access client software (CACS) by a conditional access module in a renewable conditional access system (RCAS) may include: receiving an RCAS announcement message from a headend; transmitting to the headend a key registration request message for requesting an authorization key when the RCAS announcement message is authenticated; receiving a key registration response message including the authorization key from the headend; and generating security factors based on the authorization key and renewing the CACS by using the security factors. 1. A method for renewing conditional access client software (CACS) by a conditional access module (CAM) included in a digital cable broadcast receiver in a renewable conditional access system (RCAS) , the method comprising:receiving an RCAS announcement message for announcing that renewal of the CACS is required from a headend;transmitting to the headend a key registration request message for requesting an authorization key for renewing the CACS when the RCAS announcement message is authenticated;receiving a key registration response message including the authorization key from the headend; andgenerating security factors based on the authorization key and renewing the CACS by using the security factors.2. The method of claim 1 , further comprising after the receiving of the RCAS announcement message claim 1 , receiving from the headend an RCAS renewal message including information of a download timing of the CACS.3. The method of claim 2 , wherein the RCAS announcement message and the RCAS renewal message are authenticated by an RAS public key prestored in the digital cable broadcast receiver.4. The method of claim 1 , wherein the RCAS announcement message may include version information of the CACS and information for the headend.5. The method of claim 1 ...

Content-Modification System with Broadcast Schedule Utilization Feature

In one aspect, a method includes (i) receiving query fingerprint data representing content transmitted by a content-distribution system on a channel; (ii) comparing the received query fingerprint data with multiple reference fingerprint data sets, wherein each of the multiple reference fingerprint data sets corresponds with a different respective content segment; (iii) based on the comparing, detecting a respective match between the received query fingerprint data and reference fingerprint data in each of the multiple reference fingerprint data sets; (iv) accessing broadcast-schedule data associated with the channel; (v) using the accessed broadcast-schedule data to identify which one of the different respective content segments is being transmitted by the content-distribution system on the channel, thereby identifying a corresponding upcoming content modification opportunity on the channel; and (vi) performing an action to facilitate performing a content modification operation related to the identified upcoming content-modification opportunity on the channel. 1. A method comprising:receiving query fingerprint data representing content transmitted by a content-distribution system on a channel;comparing the received query fingerprint data with multiple reference fingerprint data sets, wherein each of the multiple reference fingerprint data sets corresponds with a different respective content segment;based on the comparing, detecting a respective match between the received query fingerprint data and reference fingerprint data in each of the multiple reference fingerprint data sets;accessing broadcast-schedule data associated with the channel;using the accessed broadcast-schedule data to identify which one of the different respective content segments is being transmitted by the content-distribution system on the channel, thereby identifying a corresponding upcoming content modification opportunity on the channel; andperforming an action to facilitate performing a ...

Content-Modification System with Broadcast Schedule Utilization Feature

In one aspect, a method includes (i) accessing broadcast-schedule data associated with a channel; (ii) using the accessed broadcast-schedule data to identify an upcoming content-modification opportunity on the channel; and (iii) responsive to identifying the upcoming content-modification opportunity on the channel, performing an action to facilitate performing a content-modification operation related to the identified upcoming content-modification opportunity on the channel, wherein performing the action comprises causing in-band message data to be inserted into at least a portion of a content segment that is being transmitted by a content-distribution system on the channel. 1. A method comprising:accessing broadcast-schedule data associated with a channel;using the accessed broadcast-schedule data to identify an upcoming content-modification opportunity on the channel; andresponsive to identifying the upcoming content-modification opportunity on the channel, performing an action to facilitate performing a content-modification operation related to the identified upcoming content-modification opportunity on the channel,wherein performing the action comprises causing in-band message data to be inserted into at least a portion of a content segment that is being transmitted by a content-distribution system on the channel.2. The method of claim 1 , wherein using the accessed broadcast-schedule data to identify the upcoming content-modification opportunity on the channel comprises:accessing first broadcast-schedule data associated with the channel;extracting, from among the accessed first broadcast-schedule data associated with the channel, second broadcast-schedule data related to one or more broadcast-related events scheduled within a predefined upcoming time-period; andusing the extracted second broadcast-schedule data to identify the upcoming content-modification opportunity on the channel.3. The method of claim 1 , wherein using the accessed broadcast-schedule data ...

Account-Specific Encryption Key

One embodiment takes the form of a method and apparatus for creating a customer-specific encryption key for encrypting digital information. The encryption key may be based on a customer number and may be associated with several devices such that the devices may encrypt and decrypt the digital information. Because each device may have the same encryption key, the encrypted data may be encrypted by a first device, transferred from the first device to a second device and decrypted and read by the second device. Thus, encrypted digital information may be shared between devices that generate a customer-specific encryption key from a common customer number. In one embodiment, the customer-specific encryption key may be utilized by a set-top box of a television system to encrypt and decrypt a digitally recorded television program. 1. (canceled)2. A method for digitally recording a television program , the method comprising:obtaining, at a first set-top box associated with a customer, a customer identification number that corresponds to the customer;generating, with the first set-top box, a first encryption key based on the customer identification number;encrypting, with the first set-top box, a television program using the first encryption key;storing the encrypted television program in a storage medium;generating, with a second set-top box, a second encryption key based on the customer identification number stored on the second set-top box, wherein the first encryption key and the second encryption key are the same; anddecrypting, with the second set-top box, the television program using the second encryption key, wherein when the television program is decrypted, the decrypted television program is displayable on a display device.3. The method of claim 2 , further comprising:retrieving, with the first set-top box, a first smart card identification number from a first smart card located in the first set-top box;decrypting, with the first set-top box, the customer ...

SYSTEMS AND METHODS FOR INTEGRATED HTML5 SEARCHING AND CONTENT DELIVERY

A system for managing content distributed over an electronic network includes a multichannel video programming distributor server for distributing and managing content, and an authorization server for establishing and managing permissions for subscriber access to the content. Each of the servers are in operable communication with the electronic network. The system further includes at least one subscriber device in operable communication with the electronic network. The subscriber device includes a processor, a device memory, and a display, and also an MVPD application stored within the device memory and configured to run on the processor when executed. The MVPD application is configured to display for viewing, upon invocation of a deep link within the MVPD application, content from the multichannel video programming distributor server. 1. A system for managing content distributed over an electronic network , comprising:a multichannel video programming distributor server for distributing and managing content and an authorization server for establishing and managing permissions for subscriber access to the content, each of the servers in operable communication with the electronic network;at least one subscriber device in operable communication with the electronic network, the subscriber device including a processor, a device memory, and a display; andan MVPD application stored within the device memory and configured to run on the processor when executed,wherein the MVPD application is configured to display for viewing, upon invocation of a deep link within the MVPD application, content from the multichannel video programming distributor server.2. The system of claim 1 , wherein the electronic network is the Internet.3. The system of claim 1 , wherein the multichannel video programming distributor server content is at least one of linear content from a live channel and video on demand.4. The system of claim 1 , further comprising a third party server for managing the ...

SEAMLESS DVRS

Systems, devices, and process described facilitate use of a first user device communicatively coupled to a local area network (LAN) The first user device may include a first hardware processor configured to execute first, non-transient, computer instructions for facilitating a first seamless DVR engine configured to identify a first content. A second user device is also coupled to the LAN. The second user device may include a second hardware processor configured to execute second, non-transient, computer instructions for facilitating a second seamless DVR configured to identify a second content. Each of the seamless DVR engines may be configured to generate a common universal directory identifying the first content and the second content as being available for use by each of the first user device and the second user device. User devices may independently populate the common universal directory. The universal directory may identify a distinct status for the content. 1. A non-transitory machine-readable storage medium , having stored thereon computer instructions comprising:first instantiating, by a first processor in a first electronic device, a first seamless DVR performing first operations; andsecond instantiating, by a second processor in a second electronic device, a second seamless DVR performing second operations; first performing a first identification a first content;', 'first communicating the first identification of the first content to the second seamless DVR;', 'first receiving a second identification of a second content from the second seamless DVR; and', 'first populating a first common universal directory based on the first identification of the first content and the second identification of the second content;, 'wherein the first operations comprise second performing the second identification of the second content;', 'second communicating the second identification of the second content to the first seamless DVR;', 'second receiving the first ...

METHOD TO BIND THE USE OF A TELEVISION RECEIVER TO A PARTICULAR NETWORK

A method to bind the use of a digital audio/video service data receiver to a network on which at least one services provider broadcasts access controlled and free digital audio/video services streams, the method having the steps: receiving by the receiver a periodic signal transmitted by a conditional access system server via the network, said periodic signal being processed by a run time software embedded in the receiver to check legitimacy of the network; displaying services available on the network only if said run time software recognizes the periodic signal as indicating network legitimacy; and checking operability of the run time software and if necessary taking actions to enforce limitation of using the receiver on the network checked as legitimate. The invention further discloses a receiver bound to a specific network configured to perform the method. 1. A method to bind the use of a digital audio/video receiver to a network on which at least one service provider broadcasts access controlled or free digital audio/video services streams , the method comprising the steps of:receiving by the receiver a periodic signal transmitted by a network beacon via the network, said periodic signal being processed by a run time software embedded in the receiver to check legitimacy of the network;displaying services available on the network only if said run time software recognizes that the periodic signal indicates a legitimate network; andchecking operability of the run time software and if necessary enforcing a limitation on using the receiver on the network.2. The method according to claim 1 , wherein the periodic signal transmitted by a network beacon comprises security messages encrypted with a key known by the run time software.3. The method according to claim 1 , wherein the periodic signal transmitted by a network beacon comprises security messages in clear accompanied by an authentication signature cryptographically generated by the network beacon claim 1 , said ...

Security of Surveillance Media

A media device receives a domain key from a service provider. The media device further encrypts media with a media key and encrypts the media key with the domain key to form an encrypted media token: the protected media key is encapsulated in an encrypted media token. The service provider may then receive the encrypted media token and one or more receiving entity identifiers relating to a receiving entity and ascertain whether the receiving entity is entitled to access media from the media device. If the receiving entity is entitled to access media from the media device, the service provider decrypts the cryptographic media token using the domain key to obtain the media key and providing the media key to the receiving entity. As such, an authenticated receiving entity may obtain the media key necessary to decrypt the media. Moreover, there is no requirement for any intermediate entity to have similar access and thus the encryption provided by the media key is in place throughout the transport of the media from media device to receiving entity. 1. A method for securing media content in a network comprising receiving a domain key from a service provider; and', 'encrypting media with a media key and encrypting the media key with the domain key to form an encrypted media token;, 'at a media device receiving the encrypted media token and one or more receiving entity identifiers relating to a receiving entity;', 'ascertaining whether the receiving entity is entitled to access media from the media device; and', 'if the receiving entity is entitled to access media from the media device, decrypting the encrypted media token using the domain key to obtain the media key and providing the media key to the receiving entity., 'the method further comprising, at the service provider2. A method according to claim 1 , further comprising generating the media key at the media device.3. A method according to or claim 1 , wherein the domain key is associated with a domain defining one or ...

Method and system for secure distribution of selected content to be protected

The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing, and/or printing of electronic data files.

System and Method for Controlling Digital Cinema Content Distribution

An exhibition key delivery message (KDM) distribution system operable to receive a distribution KDM (DKDM), a method of creating an exhibition KDM, a system for controlling digital cinema content distribution, an exhibition KDM and a digital cinema player employing the exhibition KDM to play a digital cinema package. In one embodiment, the KDM distribution system includes: (1) a device list database containing device certificates of at least some target digital cinema players located in a region corresponding to the KDM distribution system, (2) booking data database containing schedules regarding a composition pertaining to the DKDM and (3) a KDM generator operable to create an exhibition KDM for the composition using the DKDM, a device certificate from the device list and the booking data.

CONTENT PROTECTION

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use. 1. A device for decrypting encrypted media content , the device comprising a processing environment configured to:receive and store an encrypted content key for decrypting encrypted media content;evaluate an access condition and, if the access condition is met, decrypt the content key and enable a descrambler to use the content key to decrypt the encrypted media content;receive the encrypted media content and decrypt the encrypted media content using the content key;re-evaluate within an interval whether use of the content key should remain enabled; and, if the re-evaluation is negative, prevent the descrambler from using the content key after the interval has passed in response to the re-evaluation.2. The device as claimed in claim 1 , wherein the access condition comprises a condition that a token has been received before expiry of the interval.3. The device as claimed in the device comprising a communication interface for connecting the device to a communications network claim 2 , wherein the token is received from a remote location over the communications network and the re-evaluating comprises authenticating the token.4. The device as claimed in claim 2 , wherein the re-evaluating comprises comparing the received token against an expected token and evaluating the access condition as met only if the received token matches the expected token.5. The device as claimed in claim 1 , wherein the processing environment is configured to re- ...

SECURE ACTIVATION OF CLIENT RECEIVER BY HOST RECEIVER SMART CARD

Described herein are systems and methods for hardware enforcement of hardware functionality in a client television receiver. An activation message containing an activation code for a specific hardware component within the client television receiver can be transmitted from a television service provider system to a host television receiver having an associated smart card. The smart card can decrypt the activation message, identify the client television receiver as the destination of the activation message, security check the activation message, encrypt the activation message with a local key, and transmit the activation message to a security processor on the client television receiver. The security processor can decrypt the activation message, security check the activation message to ensure it is from the smart card and has not been tampered with, and enable the hardware component within the client television receiver based on the activation code within the activation message. 1. A method , comprisingcommunicating, to a service provider, a hardware local key that uniquely identifies a security processor of a client receiver, and a smart card identifier that uniquely identifies a smart card previously paired with the host receiver;receiving, by the host receiver from the service provider, responsive to the communicating, an authentication message including an authentication code, the authentication message encrypted in accordance with a global network key stored by the smart card;decrypting the authentication message by the smart card using the global network key to obtain the authentication code, the authentication code indicating successful authentication of the client receiver by the service provider in accordance with the smart card of the host receiver;receiving an activation message from the service provider, in accordance with the authentication code indicating the successful authentication of the client receiver, the activation message including one or more ...

Federated Digital Rights Management Scheme Including Trusted Systems

Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory. 1a registration server connected to a network;a content server connected to the network and to a trusted system;a first device including a non-volatile memory that is connected to the network; anda second device including a non-volatile memory that is connected to the network;wherein the registration server is configured to provide the first device with a first set of activation information in a first format;wherein the first device is configured to store the first set of activation information in non-volatile memory;wherein the registration server is configured to provide the second device with a second set of activation information in a second format; andwherein the second device is configured to store the second set of activation information in non-volatile memory.. A content distribution network, comprising: This application is a continuation of U.S. patent application Ser. No. 14/928,746 filed Oct. 30, 2015, which is a continuation of U.S. patent application Ser. No. 14/183,360 filed Feb. 18, 2014 and issued Nov. 10, 2015 as U.S. Pat. No. 9,184,920, which is ...

CLOUD-ENABLED NETWORK-BASED DIGITAL VIDEO RECORDER

This disclosure describes systems and methods related to a cloud-enabled network-based digital video recorder. In some embodiments, a request to record an asset may be received from a client device. An asset record associated with the request may be created. A first record event for generation of a manifest file may be created. A second record event for entitlement validation of an asset may be created. A third record event for quality control for the asset may be created based at least in part on the asset record. A manifest file associated with the asset may be generated based at least in part on the asset record. 1. A computer-implemented method , comprising:generating, by a network-based digital video recording (nDVR) system comprising one or more computers, a first time-shift buffer and a second time-shift buffer;receiving, by the nDVR system from a user via a client device, a first group of content segments associated with a first live content in the first time-shift buffer;receiving, by the nDVR system, a first request to record the first live content;transforming, by the nDVR system, the first live content to a first recorded content asset based at least in part on the first group of content segments;receiving, by the nDVR system, a second group of content segments associated with second live content in the second time-shift buffer;receiving, by the nDVR system, while continuing to receive the first group of content segments, a second request to record the second live content; andtransforming, by the nDVR system, the second live content to a second recorded content asset based at let in part on the second group of content segments.2. The computer-implemented method of claim 1 , further comprising:generating, by the nDVR system, a first manifest file associated with the first recorded content asset;generating, by the nDVR system, a second manifest file associated with the second recorded content asset;storing, by the nDVR system, the first manifest file in a ...

AUDIOVISUAL ACCESS CRITERION UPDATING METHOD, UPDATING CODE GENERATING SYSTEM, UPDATING CODE GENERATING DEVICE, AUDIOVISUAL ACCESS CRITERION MANAGING DEVICE, CONTENT RECEIVING SYSTEM, AND CONTENT DISTRIBUTION SYSTEM

The present invention provides an audiovisual access criterion updating method, for updating an audiovisual access criterion in an audiovisual access criterion managing device, the audiovisual access criterion managing device managing the audiovisual access criterion of a content signal, the audiovisual access criterion updating method includes: a step of receiving update information descriptive of update content of the audiovisual access criterion and identification information of the audiovisual access criterion managing device by an updating code generating system; a step of generating an updating code by the updating code generating system according to the update information and the identification information; a step of receiving the updating code by the audiovisual access criterion managing device; and a step of updating the audiovisual access criterion by the audiovisual access criterion managing device according to the updating code. 1. An audiovisual access criterion updating method , for updating an audiovisual access criterion in an audiovisual access criterion managing device , the audiovisual access criterion managing device managing the audiovisual access criterion of a content signal , the audiovisual access criterion updating method comprising:a step of receiving update information descriptive of update content of the audiovisual access criterion and identification information of the audiovisual access criterion managing device from a user by an updating code generating system;a step of generating an updating code by the updating code generating system according to the update information and the identification information;a step of receiving the updating code by the audiovisual access criterion managing device, the updating code being based on a manual input of the user sent with the updating code; anda step of updating the audiovisual access criterion by the audiovisual access criterion managing device according to the updating code.2. The ...

SYSTEM AND METHOD OF CLOUD-BASED MANIFEST PROCESSING

Systems, methods, architectures, mechanisms or apparatus for using provider equipment based resources such as cloud or data center resources to implement various STB functions entirely at the head end, such as changing channels presented via the STB using PE actions only. 1. A system , comprising:at a head end, an authentication and authorization module (AAM), configured to establish respective sessions with each of a plurality of client devices by defining for each client device a respective transmission channel for transmitting video streams thereto, and a respective session playback key configured to enable decryption of encrypted video stream portions received by the client device;at said head end, a stream server configured for transmitting toward each client device via respective transmission channel a respective video stream comprising a sequence of encrypted video stream portions stored in respective storage locations at a head end as indicated by a respective client device manifest stored at said head end;at said head end, a manifest creation and manipulation module configured for adapting client device manifests in response to respective client device selection data indicative of a desired new video stream; andat said head end, an interaction module configured for receiving data indicative of user interactions at a client device.2. The system of claim 1 , wherein said client device selection data indicative of a desired new video stream comprises a channel change request claim 1 , said manifest being adapted to indicate video stream segments associated with a new channel.3. The system of claim 1 , wherein said client device selection data indicative of a desired new video stream comprises a content request claim 1 , said manifest being adapted to indicate video stream segments associated with said requested content.4. The system of claim 1 , wherein said client device selection data indicative of a desired new video stream comprises a user interface (UI) ...

Systems and methods for secure transaction management and electronic rights protection

The present disclosure provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present disclosure help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.”

APPARATUS FOR CONTROLLING COPYING OF BROADCAST CONTENT AND METHOD FOR RECORDING AND PLAYING BACK BROADCAST CONTENT USING THE SAME

Disclosed herein are an apparatus for controlling copying of broadcast content and a method for recording and playing back broadcast content using the apparatus. The broadcast content copying control apparatus includes a communication unit for receiving a request for recording of broadcast content from a DRM client, and receiving content management information (CMI) corresponding to the broadcast content from a DMCD server, a security package configuration unit for configuring a DMCD security package using the CMI, a content management unit for recording the broadcast content based on recording permission information included in the CMI, and an encryption/decryption unit for encrypting the broadcast content, wherein the communication unit transmits recording result information to the DRM client, wherein the recording result information includes at least one of recording status information of the broadcast content, copy control information (CCI) corresponding to the broadcast content, and the CMI. 1. A broadcast content recording method performed by an apparatus for controlling copying of broadcast content , comprising:receiving a request for recording of broadcast content from a Digital Rights Management (DRM) client;requesting content management information (CMI) corresponding to the broadcast content from a Downloadable Multi-Conditional Access (Multi-CA)/DRM (DMCD) server;configuring a DMCD security package using the content management information (CMI) received from the DMCD server;operating an encryption/decryption unit to encrypt the broadcast content;recording the encrypted broadcast content based on recording permission information included in the content management information (CMI); andtransmitting recording result information to the DRM client, wherein the recording result information includes at least one of recording status information of the broadcast content, copy control information (CCI) corresponding to the broadcast content, and the content ...

APPARATUS FOR PERSONAL VOICE ASSISTANT, LOCATION SERVICES, MULTI-MEDIA CAPTURE, TRANSMISSION, SPEECH TO TEXT CONVERSION, PHOTO/VIDEO IMAGE/OBJECT RECOGNITION, CREATION OF SEARCHABLE METATAG(S)/ CONTEXTUAL TAG(S), STORAGE AND SEARCH RETRIEVAL

This invention relates to a network interface device. A first capture device interfaces with a first external information source to capture first external information. A processor processes the captured first external information and stores it in a first media. The processor initiates the storage of the first captured information at an initial time and completes storage of the first captured information at a completion time, thus providing a stored defined set of first captured information. A transmitter transmits the defined set of stored captured information to a remote location on a network. A remote processing system is disposed at the remote node on the network and includes a database and a receiver for receiving the transmitted defined set of first captured information. A data converter is operable to convert the received defined set of first captured information to a second format. The database stores the set of converted captured information. 1. A system for capturing data in a first media and storing in a database at a location on a network , comprising: a first data converter interfacable with a first external information source that generates external information and the first data converter capturing the first external information during generation thereof,', 'the first data converter processing the captured first external information and storing it in a first media format as stored first captured information within the capture device, the first data converter initiating the storage of the first captured information as stored first captured information at an initial time and completing storage of the first captured information as stored first captured information at a completion time, thus providing a stored defined set of first captured information representing the first captured information between the initial time and the completion time, and', 'a transmitter for transmitting as a transmitted defined set of first captured information the defined set ...

Securely connecting control device to target device

In an approach, a target computing device receives a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key. The target computing device forwards the pairing request to the authentication server, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials. The target computing device receives the pairing which includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key. The target computing device decrypts the shared secret encrypted under the target device key and forwards the shared secret encrypted under the controller key to the controller device. Using the decrypted shared secret, the target computing device establishes a secure connection to the controller computing device.

SECURE DRM-AGNOSTIC KEY ROTATION

Systems and methods for managing provisioning of keys prior to a key rotation are provided. A license server generates a license that is associated with a renewal time. The renewal time is a time that is prior to a key rotation time, and triggers a receiver device to send a renewal request prior to the key rotation time. The renewal time may be a randomized time prior to the key rotation time that differs for different receiver devices. The license is transmitted to the receiver device. The license server then receives a renewal request from the receiver device that is triggered at the renewal time. The license server generates a next license that comprises a next key, whereby the next key is a decryption key for decrypting the encrypted signal after the key rotation time. The next license is transmitted to the receiver device prior to the key rotation time. 1. A method comprising:determining a renewal time during which a user device obtains renewal of access to a piece of content, the renewal time being a time prior to a key rotation time that differs from one or more other user devices accessing the piece of content;generating an initial license to the piece of content, the initial license comprising a first key to decrypt the piece of content, the initial license being associated with the renewal time;transmitting, via a network, the initial license to the user device;receiving, from the user device via the network based on the renewal time, a request to renew the access to the piece of content;in response to the request to renew the access to the piece of content, generating, by one or more processors, a next license to the piece of content, the next license comprising a second key to decrypt the piece of content as encrypted after the key rotation time; andtransmitting the next license to the user device prior to the key rotation time.2. The method of claim 1 , wherein the renewal time is a randomized time between a current time and the key rotation time.3. The ...

BROADCAST RECEIVING DEVICE AND INFORMATION PROCESSING SYSTEM

According to an embodiment, a broadcast receiving device includes a tuner, an acquirer, a signature executor, a first interface, a command receiver, and a transmitter. The tuner is configured to receive broadcast waves containing information identifying a broadcast program, a broadcast program, and a viewing certificate certifying that a specific broadcast program has been received. The acquirer is configured to acquire the viewing certificate from the broadcast waves received by the tuner. The signature executor is configured to sign the acquired viewing certificate by using a key. The first interface is connected to an external device via a network. The command receiver is configured to receive a command for acquiring the viewing certificate from the external device. The transmitter is configured to transmit the viewing certificate to which the signature is applied to the external device that has issued the acquisition command. 1. A broadcast receiving device comprising:a tuner configured to receive broadcast waves containing information identifying a broadcast program, a broadcast program, and a viewing certificate certifying that a specific broadcast program has been received;an acquirer configured to acquire the viewing certificate from the broadcast waves received by the tuner;a signature executor configured to sign the acquired viewing certificate by using a key;a first interface connected to an external device via a network;a command receiver configured to receive a command for acquiring the viewing certificate from the external device; anda transmitter configured to transmit the viewing certificate that is signed to the external device that has issued the acquisition command.2. The device according to claim 1 , further comprising:a second interface configured to connect to a management server to manage the key by using a protocol different from that for the external device;a key receiver configured to receive the key from the management server by using the ...

SYSTEMS AND METHODS FOR SECURELY PROVIDING ADAPTIVE BIT RATE STREAMING MEDIA CONTENT ON-DEMAND

A system for securely providing adaptive bit rate streaming media content on-demand may include a security server of a program distributor that selects, based on a received authorized request, which of a differently encrypted stored versions of a “special segment” of the requested program to deliver to the receiving device during the transmission of the requested program. The selection may be based on a pseudo-random selection process per request for the program based on an identifier of the request associated with the remote control device. The selection of which of the differently encrypted stored versions of the “special segment” of the ordered program to deliver may be = based on the current session. The secure remote then sends to the receiving device the correct decryption key for the receiving device to decrypt the particular encrypted version selected of the “special segment” to be sent to the receiving device. 1. A method in a media content transmission system , the method comprising:receiving, by a relay server of the content transmission system, a request for a streaming media content program, the request originating from a secure remote control device communicatively coupled to a remote receiving device;in response to receiving the request, authenticating, by the relay server, the request;selecting, by the relay server, an encrypted segment of the requested streaming media content program, the encrypted segment being one of a plurality of encrypted segments having been stored prior to receiving said request for the streaming media content program, each encrypted segment of the plurality of encrypted segments being a differently encrypted version of a same segment of the requested streaming media content program and having a different corresponding decryption key;requesting, by the relay server, the selected encrypted segment from a content system of a content delivery network at which the selected encrypted segment is stored;receiving, by the relay ...

Securely Authenticating a Recording File from Initial Collection Through Post-Production and Distribution

The technology disclosed relates to data captured in streams from sensors. Streams often are edited, especially video and audio data streams. In particular, the technology disclosed facilitates identification of segments of an originally captured stream that find their way into a finally edited stream and identification of changed segments in the finally edited stream. Summary analysis on self-aligned meta-blocks of stream data is described, along with pushing at least some self-aligned meta-hashes into a blockchain network, applying an alignment and hashing procedure described in a smart contract. 1. A method of securely authenticating a file that comprises data , the method including:determining block-level hashes for the data; applying a function to the block-level hashes to identify meta-block boundaries,', 'defining meta-blocks using consecutive meta-block boundaries, and', 'group hashing the block-level hashes of the meta-blocks to produce the self-aligned meta-hashes;, 'determining self-aligned meta-hashes for the data by'} the determining of the block-level hashes and', 'the determining of the self-aligned meta-hashes; and, 'repeating for edited data produced from the data'}comparing the self-aligned meta-hashes for the data and the edited data to securely authenticate the edited data.2. The method of claim 1 , further including using a Merkle tree to determine a root hash for the self-aligned meta-hashes.3. The method of claim 1 , further including storing only a root hash for the self-aligned meta-hashes on a blockchain network.4. The method of claim 3 , further including:using a root hash determined for the self-aligned meta-hashes and stored on the blockchain network to retrieve at least some self-aligned meta-hashes associated with the root hash from a distributed storage; andusing the associated self-aligned meta-hashes to securely authenticate the edited data as excerpted from the data.5. The method of claim 3 , further including:using a root hash for ...

Secure Network Coding for Multi-Resolution Wireless Transmission

Described herein is a method and system for hierarchical wireless video with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding.

METHOD FOR VOICE ASSISTANT, LOCATION TAGGING, MULTI-MEDIA CAPTURE, TRANSMISSION, SPEECH TO TEXT CONVERSION, PHOTO/VIDEO IMAGE/OBJECT RECOGNITION, CREATION OF SEARCHABLE METATAGS/CONTEXTUAL TAGS, STORAGE AND SEARCH RETRIEVAL

This invention relates to a network interface device. A first capture device interfaces with a first external information source to capture first external information. A processor processes the captured first external information and stores it in a first media. The processor initiates the storage of the first captured information at an initial time and completes storage of the first captured information at a completion time, thus providing a stored defined set of first captured information. A transmitter transmits the defined set of stored captured information to a remote location on a network. A remote processing system is disposed at the remote node on the network and includes a database and a receiver for receiving the transmitted defined set of first captured information. A data converter is operable to convert the received defined set of first captured information to a second format. The database stores the set of converted captured information. 1. A method for capturing image and audio information for storage in a database at a location on a network , comprising the steps of:interfacing a microphone with an external audio information source that generates external audio information and converting with a first data converter the external audio information from the microphone,interfacing a camera with an external image source to capture an image therefrom;the first data converter processing the captured external audio information and storing it in a first digital audio format as stored digital audio within the capture device, the camera for processing the captured image and storing it as a stored digital image;capturing with a data capture device, as captured data, location information and time information associated with at least the capture of the image and storing the captured data as stored captured data;combining with a data combiner for the stored digital audio, stored digital image and stored captured data as a composite data set;encrypting the composite ...

VIDEO DISTRIBUTION AND PLAYBACK

Systems and methods are disclosed for providing a content delivery network with one or more network-connected audiovisual players. A content delivery network provider can provide an access module residing within a network-connected audiovisual player wherein the access module can be configured to control the player. The access module can be configured to function within a gateway environment on the player such that the gateway environment passes commands from the access module to the firmware or secure module on the player operating in a secure environment. As a result, each player with the access module can become a part of the content delivery network as the content delivery network provider can control the network-connected audiovisual players. The content delivery network can implement multi-level access controls to licenses and encryption keys to secure audiovisual content. 1. A content distribution system comprising: using a symmetric key, encrypt an encoded asset to generate an encrypted asset;', 'using a first asymmetric key, encrypt a modified license and the symmetric key to generate a base-encrypted license and symmetric key, the modified license derived from an author license;', 'using a second asymmetric key, encrypt the base-encrypted license and symmetric key to generate a target-encrypted license and symmetric key; and, 'a key system comprising one or more computing devices comprising computer hardware, the key system configured toa distribution server comprising one or more computing devices comprising computer hardware, the distribution system configured to transmit the encrypted asset and the target-encrypted license and symmetric key to a recipient system,wherein the first asymmetric key comprises a public key corresponding to a private key on a playback system, andwherein the second asymmetric key comprises a public key corresponding to a private key on the recipient system.2. The content distribution system of claim 1 , wherein the key module ...

Mediaword Compression for Network Digital Media Recorder Applications

In response to receiving from a subscriber both a request to record content and a unique requester key, a network DVR identifies an asset associated with the request. The network DVR segments the asset in to a series of segments, assigns a mediaword to each segment for compression, encrypts each of the segments using an encryption key, and records the encrypted asset segments in an encrypted dictionary storage as definitions, i.e., dictionary entries. The encrypted key and the mediaword are forwarded to a requester handler flow in the network DVR that generates requester-specific encrypted copies using the requester key received from the subscriber. The mediaword, encrypted encryption key, and the encrypted asset segments are stored in and retrievable for the corresponding requester. 1. A network digital media recorder comprising:an input for receiving requests from a plurality of requesters to record content, wherein each of the requests to record content includes an identity of the requested content and a requester-specific encryption key,a processor for forwarding the identity of the requested content to an ingress and for forwarding the requester-specific encryption key to a requester key handler;the ingress for receiving media content and identifying one or more media contents that is associated with the requests to record content; for each of the associated one or more media contents, encrypting segments of each media content using a variable encryption key generated for each segment;', 'assigning a mediaword to each of the encrypted segments;, 'a compression dictionary creator for ["identifying the encrypted segments that correspond to the requester's request to record content, and", "encrypting, using the requester's requester-specific encryption key, each of the variable encryption keys used to encrypt each of the encrypted segments that corresponds to the respective requester's request to record content, and"], "the requester key handler for, for each of ...

PROGRAM GUIDE SYSTEM WITH REAL-TIME DATA SOURCES

A program guide system in which an interactive television program guide is implemented at least partially on user television equipment receives program listings data and real-time data such as sports scores, news data, etc. The real-time data may be stored in a database maintained by the program guide, so that the program guide may access the stored real-time data at a later time. Updated program listings information may be provided to the program guide as part of the data stream in which the real-time data is provided. Unique keys may be generated for the program listings data and real-time data associated with each live event. The keys may be compared at the program guide to determine which program listings correspond to which items of real-time data. Different types of real-time data may be assigned different expiration times. When data has expired it may be removed from the database. 1190-. (canceled)191. A method for computing and distributing a unique key corresponding to an event , the method comprising:receiving, at a media guide database, a start date, a start time, and a category of event associated with the event;computing, using a key generator, a unique key based on the start date, the start time, and the category of event associated with the event;storing, in the media guide database, the unique key and an identifier for the event;transmitting, via a server, the unique key and the identifier for the event to a user equipment;receiving, at the user equipment, a selection of the identifier for the event; andresponsive to receiving the selection, generating for display, at the user equipment, the event and additional information corresponding to the event based on the unique key.192. The method of claim 191 , wherein the unique key uniquely identifies the event.193. The method of claim 191 , wherein computing the unique key using the key generator comprises concatenating the start date claim 191 , the start time claim 191 , and the category of event into ...

Content Rental System

A content rental system includes one data store for storing rental content. The content rental system also includes a content server for transferring content to one viewing device based upon a received request. The content server is further configured to authorize the transfer of the content from the viewing device to another viewing device. 1. A method , comprising:receiving, at a first computing system, a request from a second computing system to initiate a first period, wherein the first period is for transmission of a item;in response to receiving the request initiating transmission of the content item to a third computing system, wherein playback at the third computing system is allowed during the first period; andreceiving, at the first computing system, an indication during the first period that playback of the content item has been initiated at a fourth computing system, wherein playback at the fourth computing system is allowed during a second period, wherein the first period is greater than the second period.2. The method of claim 1 , wherein initiating transmission of the content item to the third computing system comprises initiating streaming of the content item to the third computing system.3. The method of claim 1 , further comprising receiving claim 1 , at the first computing system claim 1 , payment information from the second computing system.4. The method of claim 1 , further comprising receiving claim 1 , at the first computing system claim 1 , a supplemental request from the second computing system to purchase the content item.5. The method of claim 4 , further comprising commencing claim 4 , responsive to receiving the request from the second computing system to purchase the content item claim 4 , a third period claim 4 , during which playback at the third computing system is unrestricted in perpetuity.6. The method of claim 1 , wherein initiating transmission of the content item to the third computing system comprises checking registration ...

Method of sharing personal media using a digital recorder

A method and apparatus for sharing personal media using a digital recorder allows a plurality of multimedia devices to view content stored on a DVR across a local network. The DVR records video content from broadcast signals and records video content downloaded via the Internet.

METHOD AND SYSTEM FOR SECURE DISTRIBUTION OF SELECTED CONTENT TO BE PROTECTED

The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing, and/or printing of electronic data files. 139-. (canceled)40. A computing system , having at least one memory and at least one processor , for securely utilizing content , the computing system comprising:a component configured to encrypt original content using a production key;a component configured to receive a the computer appliance identifier created from a first identifier indicating at least one hardware feature of the recipient device computer appliance key hash logic used to generate hash values, and a password provided as input to the computer appliance key hash logic; anda component configured to encrypt the production key using the computer appliance identifier received from the recipient device wherein a decrypting mechanism used to decrypt the production key is created using each of at least a part of the first identifier used to create the computer appliance identifier,wherein each of the components comprises computer-executable instructions stored ...

Content Rental System

A content rental system includes one data store for storing rental content. The content rental system also includes a content server for transferring content to one viewing device based upon a received request. The content server is further configured to authorize the transfer of the content from the viewing device to another viewing device.

Devices, systems and methods for distribution of digital content

Devices, systems and methods for distribution of digital content are provided. At least a security manager of a media block is located within a tamper-responsive enclosure, the security manager and/or the media block bonded to a transcoder in a security marriage based on a cryptographic certificate associated with at least the media block. The media block provides, to the transcoder via a data bridge, encrypted output generated from digital content and based on a first cryptographic key. The transcoder generates respective transcoded outputs associated with one or more tokens used for playback of the respective transcoded outputs at respective end-user devices, the respective transcoded outputs generated from the encrypted output decrypted using a second cryptographic key associated with the first cryptographic key. The respective transcoded outputs are output to the respective end-user devices associated with respective tokens.

REAL-TIME DIGIT STRING-BASED INFORMATION DISTRIBUTION SYSTEM USING SMART TERMINAL AND METHOD THEREOF

The information distribution system according to the present disclosure includes a theme digit string registration unit which receives a registration request of a theme digit string by a theme of the content and stores and registers the received theme string in a digit string DB, a content registration unit which receives a registration request of theme digit string and content matched to the theme digit string, matches the received theme digit string and content and stores the same in a content DB, and an information distribution management unit which receives a provision request of the content including the digit string, retrieves the content matched to the theme digit string from the content DB, and transmits the retrieved content to the smart terminal, to manage provision of the information distribution service. 1. An information distribution system which provides smart terminals with an information distribution service of content using a digit string exposed through a medium as access information of the content , the information distribution system comprising:an information distribution server comprising:a theme digit string registration unit which receives registration of a theme digit string that identifies each content theme;a content registration unit which receives registration of the theme digit string and a content digit string that is matched to the theme digit string and identifies content, and content identified by the content digit string; andan information distribution management unit which after the registered digit string is exposed through the medium, receives a search request of the content including the exposed digit string from the smart terminal, searches for content using the received digit string as an access key, and transmits information of the found content to the smart terminal, to manage provision of the information distribution service.2. The information distribution system according to claim 1 , wherein the theme digit string ...

Information processing apparatus, broadcast apparatus, and receiving method

There is provided an information processing apparatus including a broadcast receiving unit and a controller. The broadcast receiving unit is configured to be capable of receiving a broadcast. The controller is configured to acquire a first application information table by communication, the first application information table storing at least first usage permission information indicating a usage permission range of a resource of the broadcast by an application using the resource, to control an operation of the application, and to acquire a second application information table storing at least second usage permission information indicating the usage permission range of the resource by the application by using the broadcast receiving unit during execution of the application, to control the operation of the application.

CONTENT PROTECTION

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use. 1. A method for decrypting encrypted media content , the method comprising:receiving and storing an encrypted content key for decrypting encrypted media content;evaluating an access condition and, if the access condition is met, decrypting the content key and enabling a descrambler to use the content key to decrypt the encrypted media content;receiving the encrypted media content and decrypting the encrypted media content using the content key;re-evaluating within an interval whether use of the content key should remain enabled; and,if the re-evaluation is negative, preventing the descrambler from using the content key after the interval has passed in response to the re-evaluation even though the content key remains valid.2. The method according to claim 1 , wherein the access condition includes a condition that a token has been received before expiry of the interval.3. The method according to claim 2 , wherein the token is received from a remote location over a communications network and the re-evaluating comprises authenticating the token.4. The method according to claim 2 , wherein the re-evaluating comprises comparing the received token against an expected token and evaluating the access condition as met only if the received token matches the expected token.5. The method according to claim 1 , wherein the decrypted content key is encrypted with a session key after decrypting it and stored for access by the descrambler claim 1 , wherein ...

Controlling delivery of captured streams

There is provided a technique for providing streaming services, comprising: a plurality of capture devices, each for generating a captured stream of content; a server, for receiving the plurality of captured streams, and for outputting at least one output stream; and an editing device for outputting a control signal to the server, wherein the server processes captured streams to provide one or more modified output stream in dependence on the control signal.

Video content protection

A method includes receiving, by a client device associated with a particular user, product details for video content including a purchase option identifier (ID) for the video content from a video service provider. The method includes requesting, by the client device based on a single sign on (SSO) protected call, a playback uniform resource locator (URL) for the video content from an orchestration layer associated with the video service provider. The method also includes receiving the playback URL, an entitlement ID associated with the particular user for the video content, and the encrypted content. The method includes obtaining a digital rights management (DRM) license for the encrypted content based on the entitlement ID, and decrypting and playing the video content based on DRM rules associated with the video content.

Systems and methods for securing polymorphic content

Computer-implemented systems, methods, and computer-readable media for selecting a sequence of content parts from polymorphic content of an audiovisual presentation based on at least one profile of a user include receiving content information associated with polymorphic content, receiving profile information of a user, and selecting for rendering, from amongst the alternative content parts, a sequence of content parts from the polymorphic content based on at least a portion of the profile information.

METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION

Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control. 1. A client device for obtaining and playing protected content on the client device , comprising:at least one processor; register the client device by engaging in a device registration process with a digital rights management (DRM) server, the registration process including sending device and user identification information to the DRM server and establishing a device-specific secure communications channel with the DRM server as well as a device-specific rights encryption key, the device-specific rights encryption key being shared with the DRM server and generated using the device information;', 'obtain a license for use of the protected content by sending a media rights request to the DRM server via the device-specific secure communications channel and receiving a media rights object via the device-specific secure communications channel in response to the media rights request, the media rights request being encrypted with the device-specific rights encryption key, the media rights object being encrypted with the device-specific rights encryption key and including media location information and a media decryption key, the media location information identifying a location in a content distribution network from which the protected content is to be downloaded for playback, and the media decryption key being usable by ...

System and method for delegated authentication and authorization

The present invention provides a method for providing services to a presentation device. The method comprises detecting a service delivery module in a communication system using a communication device and performing an authentication and authorization session between the service delivery module and the communication device, wherein user authentication and authorization is created. The method further comprises connecting to a service information module in said communication system to access services; providing a service request from said communication device to said service information module and initiating a service delivery session with said service information module using said user authentication and authorization information and said service request. Moreover, the method comprises delivering at least one service to said presentation device based on said service request. The present invention further provides a communication system for providing at least one service to a presentation device.

SYSTEM AND METHOD FOR CREATING, PROCESSING, AND DISTRIBUTING IMAGES THAT SERVE AS PORTALS ENABLING COMMUNICATION WITH PERSONS WHO HAVE INTERACTED WITH THE IMAGES

A system and method for processing, storage, distribution, and interaction with electronic images created or captured by mobile devices having network communications capabilities, such as smartphones, allows a user whose image-displaying device includes enhanced viewer software to use an image displayed on the image-displaying device as a portal for communication with others who have interacted with the image, including authors and facilitators of the image. Watermarking and security measures are provided to enable source and content verification of a displayed image so that user morphing of imagery can be tracked to maintain stability of image-based interaction and so that malicious imagery tamper can be prevented. 1. Imaging software for a programmable electronic imaging device arranged to create an image , said imaging device including a memory for storing said imaging software , said imaging software made up of a set of instructions executed by a processor for creating the image , steganographically marking the image with source and content verification data to create one of said source-and-content verifiable images , and securely transmitting the source-and-content-verifiable image to said cloud service ,wherein said imaging software includes instructions for, when a user of the imaging device has not previously registered with the cloud service, carrying out the steps of obtaining a unique device identifier of the imaging device; collecting said identification information and preferences of the user; generating a private/public key pair; and transmitting the unique device identifier, the identification information and preferences of the user, and a public key of the private/public key pair to the cloud service,wherein the instructions for steganographically marking the image created by the imaging software include instructions for generating a unique random identifier (URI) and steganographically marking the created image with the URI, andwherein the imaging ...

METHOD OF TRANSMITTING MESSAGES BETWEEN DISTRIBUTED AUTHORIZATION SERVER AND CONDITIONAL ACCESS MODULE AUTHENTICATION SUB-SYSTEM IN RENEWABLE CONDITIONAL ACCESS SYSTEM, AND RENEWABLE CONDITIONAL ACCESS SYSTEM HEADEND

A Renewable Conditional Access System (RCAS) headend of an RCAS and a method of transmitting messages between a Distributed Authorization Center (DAC) and a Conditional Access Module (CAM) Authentication module Sub-System (CASS) included in the RCAS headend. The method of transmitting messages between a DAC and a CASS includes: transmitting, by a CASS, a subscription message for a subscription request to a DAC when receiving a subscription request from a Set-Top Box (STB); processing, by the DAC, the subscription of the STB based on the subscription message received from the CASS; and transmitting, by the DAC, a response message including security parameters to the CASS. 1. A method of transmitting messages between a Distributed Authorization Center (DAC) and a Conditional Access Module (CAM) Authentication module Sub-System (CASS) in a Renewable Conditional Access System (RCAS) headend of an RCAS , the method comprising:transmitting, by a CASS, a subscription message for a subscription request to a DAC when receiving a subscription request from a Set-Top Box (STB);processing, by the DAC, subscription of the STB based on the subscription message received from the CASS; andtransmitting, by the DAC, a response message including security parameters to the CASS.2. The method of claim 1 , wherein the subscription message comprises an ID corresponding to the CASS and a key pairing ID.3. The method of claim 2 , wherein the key pairing ID is generated by concatenating an ID of a CAM of the STB and an ID of a descrambler of the STB.4. The method of claim 3 , wherein processing the subscription of the STB comprises:validating a pairing between the CAM and the descrambler based on the key pairing ID; andperforming authentication of the STB based on a result of the validation of the pairing.5. The method of claim 4 , wherein validating the pairing comprises performing validation based on whether the ID of the CAM and the ID of the descrambler are present in a database of the ...

CONTENT PLAYER DEVICE AND CONTENT PLAYING METHOD

According to one embodiment, a content player device connects a license server with a removable memory device in a mutually authenticated manner, writes a preliminarily provided base data to a protected area of the removable memory device and a sub data to a data write area of the removable memory device using a command which allows a write only in an authentication mode, performs mutual authentication with the removable memory device, selects a cryptographic key from the group of cryptographic keys of the base data written to the protected area on the basis of the sub data written to the data write area if the authentication is confirmed, and decrypts encrypted content distributed by a content server on the basis of the cryptographic key. 1. A content player device comprising:a memory;one or more hardware processors coupled to the memory;a first transceiver coupled to the one or more hardware processors and configured to be connected to an external network; anda second transceiver coupled to the first transceiver and configured to be connected to a removable memory device, the removable memory device being configured to be connected to a license server on the external network in a mutually authenticated manner via the first and second transceiver if the removable memory device is connected to the second transceiver, the license server being configured to distribute base data used for generating a cryptographic key and sub data which generate the cryptographic key on the basis of the base data, and the removable memory device being configured to receive the base data and the sub data from the license server if the removable memory device is connected to the second transceiver, wherein the one or more hardware processors are configured to:write the preliminarily provided base data to a protected area of the removable memory device and to write the sub data to a data write area of the removable memory device in response to a command which allows a write only in an ...

Secure digital data collection

Systems and methods for generating certified images and incident reports are disclosed. An image capture device can be used to capture an image and integrate metadata from camera sensors as well as other ancillary device sensors into the image. The image and its metadata can then be certified upon a check that the image and its metadata are authentic and unaltered. The image and its metadata can then be included in or as a part of an incident or other report describing an incident or event such as an accident or a crime. The image and/or incident report may be maintained at a cloud-based server for viewing, authorized editing, and subsequent distribution.

METHODS AND APPARATUS FOR PERSISTENT CONTROL AND PROTECTION OF CONTENT

A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content. A “trust plugin” is disclosed, along with a method of using the trust plugin so that a media player designed for use with unprotected content may render protected content without the necessity of requiring any changes to the media player. In one aspect, the streamed content may be in a number of different formats, including MPEG-4, MP3, and the RMFF format. 120.-. (canceled)21. A method of rendering a digital bit stream performed by a computer system comprising one or more processors and one or more non-transitory computer-readable mediums storing instructions that , when executed by the one or more processors , cause the computer system to perform the method , the method comprising:receiving the digital bit stream;determining, based on first header information included in the digital bit stream, that a digital bit stream comprises a protected digital bit stream;reading, from the first header information, information identifying the bit stream and a first time stamp associated ...

IPTV Follow Me Content System and Method

Tools are provided for distributing access-restricted content in an internet protocol television (“IPTV”) environment based on portable entitlement keys. Such tools can include a decoder, an encoder, and a network entitlement handler. The decoder may be configured to receive a key associated with entitlement information, and transmit the entitlement information over a network. The encoder may be configured to receive content from content providers, and to encode the content to create IP-compatible content, with access restrictions based on entitlement. The network entitlement handler may be configured to receive a request for requested content from the decoder; receive the access-restricted content (including the requested content) from the encoder; and transmit the requested content over the network to the decoder using IP, when the decoder is entitled to receive the requested content. 1. An apparatus , comprising:a chassis;a key storage configured to store a key that is associated with a set of access rights for an account associated with a user, the key storage being disposed within the chassis;a key provider configured to provide the key to a decoder, the key provider being disposed within the chassis, wherein, based on a determination that the key is associated with the access rights for the account associated with the user, the decoder provides access to access-restricted content.2. The apparatus of claim 1 , wherein the apparatus comprises one of a USB thumb drive claim 1 , a USB thumb driver including a fingerprint reader claim 1 , a magnetic-stripe card claim 1 , an apparatus including a wireless electromagnetic signal interface claim 1 , an apparatus including a wireless electromagnetic signal interface and a fingerprint reader claim 1 , a cellular phone claim 1 , a personal digital assistant claim 1 , a pager claim 1 , a key fob including one of a radio-frequency identification system claim 1 , or smart card technology claim 1 , or a smart card.3. The ...

PATTERN ADDRESSING FOR SESSION-BASED DASH OPERATIONS

A method of session-based DASH operations can include receiving a media presentation description (MPD) referencing a session-based description (SBD) and indicating a key name during a media access session. The SBD includes a first repeating pattern element that includes a first sequence of timed key values of the key name. The first repeating pattern element indicates that the first sequence of the timed key values of the key name is repeated along a timeline or an orderline. A first key value of the key name corresponding to a timing or a segment number of a current segment of a sequence of segments can be determined based on the first repeating pattern element in the SBD. A request for the current segment can be transmitted to a media content server. The request includes a pair of the key name and the first key value. 1. A method of session-based dynamic adaptive streaming over HTTP (DASH) operations at a DASH client , comprising:receiving a media presentation description (MPD) referencing a session-based description (SBD) and indicating a key name during a media access session, the MPD describing a media presentation of media content partitioned into a sequence of segments;receiving the SBD referenced by the MPD, the SBD including a first repeating pattern element that includes a first sequence of timed key values of the key name, the first repeating pattern element indicating that the first sequence of the timed key values of the key name is repeated along a timeline or an orderline;determining a first key value of the key name corresponding to a timing or a segment number of a current segment of the sequence of segments based on the first repeating pattern element in the SBD; andtransmitting a request for the current segment to a media content server, the request including a pair of the key name and the first key value.2. The method of claim 1 , wherein the first repeating pattern element includes a repetition attribute indicating how many times the first ...

SYSTEM AND METHOD FOR DELEGATED AUTHENTICATION AND AUTHORIZATION

The present invention provides a method for providing services to a presentation device. The method comprises detecting a service delivery module in a communication system using a communication device and performing an authentication and authorization session between the service delivery module and the communication device, wherein user authentication and authorization is created. The method further comprises connecting to a service information module in said communication system to access services; providing a service request from said communication device to said service information module and initiating a service delivery session with said service information module using said user authentication and authorization information and said service request. Moreover, the method comprises delivering at least one service to said presentation device based on said service request. The present invention further provides a communication system for providing at least one service to a presentation device. 1a communication device; anda service delivery module configured to initiate an authentication and authorization session with the communication device and to initiate a service session with a service information module server, the service information module server comprising the at least one service and being configured to deliver the service to at least one presentation device configured to consume or render the service, the communication device comprises a service control client that is authenticated and authorized of one or multiple services from the service information module server and configured to detect the service delivery module using the service control client;', 'the service control client is configured to connect to the service information module server in the communication system to access services;', 'the service information module server is configured to generate a unique service or session and user key and provide the unique service or session and user key to ...

Synchronisation of streamed content

There is described a system for providing streaming services, comprising: a plurality of capture devices each for generating a stream of an event, each stream being associated with a timing reference; and a server for analysing the plurality of captured streams in order to align the received plurality of received captured streams according.

Strong authentication of client set-top boxes

Described herein are systems and methods for securing transmission of content from a smart card in a host television receiver to a client television receiver. The smart card can receive the encrypted content stream from the television service provider, decrypt the content stream with the global network key, identify the client television receiver as the destination of the content stream, generate a unique key specific to the content stream, encrypt the unique key with a local key known to the client television receiver, encrypt the content stream with the unique key, and transmit the encrypted content stream along with the encrypted unique key to the client television receiver. The client television receiver can then receive the encrypted content stream and the encrypted unique key, decrypt the unique key, decrypt the content stream with the unique key, and transmit the content stream to a display device of the client television receiver.

SECURELY PAIRED DELIVERY OF ACTIVATION CODES FROM SMART CARD TO REMOTE CLIENT SET-TOP BOX

Described herein are systems and methods for hardware enforcement of hardware functionality in a client television receiver. An activation message containing an activation code for a specific hardware component within the client television receiver can be transmitted from a television service provider system to a host television receiver having an associated smart card. The smart card can decrypt the activation message, identify the client television receiver as the destination of the activation message, security check the activation message, encrypt the activation message with a local key, and transmit the activation message to a security processor on the client television receiver. The security processor can decrypt the activation message, security check the activation message to ensure it is from the smart card and has not been tampered with, and enable the hardware component within the client television receiver based on the activation code within the activation message. 1. A method , comprisingreceiving, at a smart card in a host television receiver, an activation message containing an activation code for enabling a hardware component of a client television receiver;decrypting, by the smart card, the activation message;identifying, by the smart card, the client television receiver as a destination for the activation message;encrypting, by the smart card, the activation message with a local key unique to the client television receiver;transmitting, by the smart card, the activation message encrypted with the local key to a security processor of the client television receiver;receiving, by the security processor, the activation message encrypted with the local key;decrypting, by the security processor, the activation message with the local key; andenabling, by the security processor, the hardware component based on the activation code.2. The method of claim 1 , further comprising:receiving, at the smart card, a second activation message;decrypting, by the smart ...

IMAGE PROCESSING APPARATUS AND CONTROL METHOD THEREOF

An image processing apparatus includes a storage, a receiver configured to receive a transport stream from a source device, and a processor. According to an aspect, the processor is configured to decrypt encrypted content data obtained from the transport stream received by the receiver, generate index information based on the decrypted content data where the index information generated includes at least one reference corresponding to the encrypted content data to be referenced to display an image of the content data, and store the encrypted content data in association with the index information in the storage. 1. An image processing apparatus comprising:a storage;a receiver configured to receive a transport stream from a source device; and decrypt encrypted content data obtained from the transport stream received by the receiver,', 'generate index information based on the decrypted content data, the index information being generated to include at least one reference corresponding to the encrypted content data to be referenced to display an image of the content data, and', 'store the encrypted content data in association with the index information in the storage., 'a processor configured to2. The image processing apparatus according to claim 1 , wherein the at least one reference included in the index information indicates a location of the encrypted content data corresponding to a scene requested to be displayed by a searching operation related to the content data.3. The image processing apparatus according to claim 2 , whereinthe at least one reference included in the index information includes identification information of an index frame of the scene, the index frame having a preset attribute among a plurality of image frames, andthe processor retrieves location information of the location of the scene in the encrypted content data corresponding to the index frame, and processes data corresponding to the retrieved location information to be displayable.4. The ...

METHOD AND SYSTEM OF CONTENT DISTRIBUTION IN THE DATA TRANSFER NETWORK WITH BUILT-IN MECHANISM OF CONDITIONAL ACCESS

The invention relates to the field of information technologies and communication and solves the task of video content delivery to the users in the data transfer network. The claimed method for the media content distribution in the data transfer network comprises: dividing the source file of the content into segments; creating a set of possible presentations for each of the segments; receiving a request from the user device for the content provision; creating, in response to the said request of the user device content, the downloading pointer is created, which comprises information on the content segments which are subject to provision to the said user device; transferring the said downloading pointer to the user device; on the user device side receiving the said downloading pointer; implementing a search is for at least one source comprising at least one segment of the content according to the received downloading pointer and communication session is initiated with the said at least one source; receiving at least one content segment in case of successful communication session; implementing received segment key match check. 1. Method for distribution of media content in the data transfer network , wherein: dividing the source file of the content into segments, wherein a serial number is assigned to each segment;', 'creating a set of possible presentations for each of the segments by way of creation of at least one copy of each segment, and integrating of a digital identifier into each of the copies;', 'receiving a request from the user device for the content provision;', 'creating, in response to the said request of the user device content, the downloading pointer, which comprises information on the content segments which are subject to provision to the said user device, wherein for each segment serial number one of this segment presentation alterations is chosen, wherein the downloading pointer comprises information on each content segment in the form of the segment ...

SYSTEM AND METHOD FOR INTERNET PROTOCOL TELEVISION PRODUCT PLACEMENT DATA

A system and method are disclosed for sending advertising data to an end user device. The system includes but is not limited to a processor in data communication with a computer readable medium; and a computer program embedded in the computer readable medium, the computer program including but not limited to instructions to send first password data to a first group of end user devices that have exchanged a first advertising key data in a first advertising category; and instructions to send first advertising data encoded using the first password to the first group of end user devices. 120-. (canceled)21. A machine-readable storage medium , comprising executable instructions that , when executed by a processor , facilitate performance of operations , comprising:determining an advertising key category;inserting, into a video data stream, advertising data key data based on the advertising key category;forming a first group of end user devices that have selected video data including the advertising data key data and that have exchanged a first advertising key data in a first advertising category; andsending first password data to the first group of end user devices, wherein the sending of the first password data enables the first group of end user devices to decode first advertising data inserted into the video data, wherein the first advertising data is encoded using the first password data.22. The machine-readable storage medium of claim 21 , wherein the operations further comprise forming a second group of end user devices that have exchanged second advertising key data in a second advertising category with one of the first group of end user devices.23. The machine-readable storage medium of claim 22 , wherein the operations further comprise sending second advertising data relating to the second advertising key data encoded using a second password to end user devices that are in both the first group and the second group of end user devices.24. The machine-readable ...

Method, system, and device for verifying authorized issuance of a rights expression

A method, system, and device for verifying authorized issuance of a statement or expression, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.

DISTRIBUTED DATABASE MANAGEMENT SYSTEM

A distributed database management system provides a central database resident on a server that contains database objects. Objects, e.g., program guide data, to be replicated are gathered together into distribution packages called “slices,” that are transmitted to client devices. A slice is a subset of the central database which is relevant to clients within a specific domain, such as a geographic region, or under the footprint of a satellite transmitter. The viewer selects television programs and Web content from displayed sections of the program guide data which are recorded to a storage device. The program guide data are used to determine when to start and end recordings. Client devices periodically connect to the server using a phone line and upload information of interest which is combined with information uploaded from other client devices for statistical, operational, or viewing models. 122-. (canceled)23. A method for terminating a service after a delay time from receiving an authorization to initialize the service , comprising:receiving a first authorization object from the server at the user equipment, wherein the first authorization object specifies a delay time and a service for transmission of a television viewing object; and retrieving the transmission of the television viewing object from the service;', 'initializing, at the user equipment, decoding of the transmission of the television viewing object;', 'determining a first time at which the decoding of the transmission of the television viewing object was initialized at the user equipment;', 'determining a second time based on the delay time and the first time; determining whether a second authorization object was received from the server at or before the second time; and', 'in response to determining that the second authorization object was not received from the server at or before the second time, terminating, at the user equipment, the decoding of the transmission of the television viewing object ...

METHOD FOR PROTECTING ENCRYPTED CONTROL WORD, HARDWARE SECURITY MODULE, MAIN CHIP AND TERMINAL

Provided is a method for protecting an encrypted control word. The method includes: receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, where the hardware security module entitlement management message includes a key for decrypting the encrypted control word; decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word; reencrypting the control word based on a re-encryption key stored in the hardware security module to obtain a reencrypted control word; and transmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word. 1. A method for protecting an encrypted control word , comprising:receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, wherein the hardware security module entitlement management message comprises a key for decrypting the encrypted control word;decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in a hardware security module, the encrypted control word to obtain a control word;reencrypting, based on a re-encryption key stored in the hardware security module, the control word to obtain a reencrypted control word; andtransmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word, wherein the main chip entitlement management message comprises a key for decrypting the reencrypted control word.2. The method of claim 1 , wherein before the hardware ...

AUTHENTICATION OF DIGITAL BROADCAST DATA

A broadcast receiving system is disclosed that verifies a current digital certificate extracted from a digital broadcast signal using a previous digital certificate previously stored as trusted. The current and previous digital certificates are associated with digital signatures with which data received with the broadcast signal has been signed. Also disclosed is a system for signing application data to be broadcast together with a digital certificate in a digital broadcast signal. A current digital certificate attesting the validity of a digital signature attached to broadcast data is in turn signed with a digital signature using one or more previous private keys associated with respective previous certificates identifying the issuer of the current digital certificate. These disclosures are in particular applicable to HbbTV. 1. A system comprising a receive for receiving a digital signal and a processor configured to:verify a current digital certificate extracted from the digital signal using a previous digital certificate previously stored as trusted,wherein the current and previous digital certificate are associated with digital signatures with which data transmitted with the signal has been signed and the current digital certificate has been signed with a private key associated with the previous digital certificate.2. A system claim 1 , wherein the processor is configured to:extract the current digital certificate from the digital signal, wherein the current digital certificate has been digitally signed with one or more private keys associated with respective previous digital certificates issued by the issuer of the current certificate;make a first determination of whether the extracted digital certificate has previously been stored as trusted;in response to the first determination being negative, make a second determination of whether a previous digital certificate issued by the issuer has been stored as trusted;in response to the second determination being ...

Method And Apparatus For On Demand Video and Other Content Rental

A video on demand system in the context of the Internet, for video rentals. A user accesses an on-line store to rent a video program or movie. The rental is for a limited time (such as 30 days) and within that thirty days, the video program or movie can only be viewed for a 24 hour time window. The time limits are enforced by the on-line store which maintains a database of each rental transaction and allows supply of the needed keys for decrypting the (encrypted) video or movie only if within the time limits. 116-. (canceled)17. A machine readable medium storing a program which when executed by at least one processing unit plays encrypted content on a client device , the program comprising sets of instructions for:in response to sending a request for a content, receiving the requested content in encrypted form from a server, the content received from the server over a first period of time;when input to play the encrypted content is not received during the first period of time, receiving a rental key for the encrypted content, the rental key valid for a second period of time; and transmitting a request for a decryption key to the server; and', 'receiving the decryption key so long as the request is within one of the first period of time and the second period of time., 'upon receiving input to play the encrypted content during one of the first period of time and the second period of time18. The machine readable medium of claim 17 , wherein the content comprises video content.19. The machine readable medium of claim 17 , wherein the decryption key is not received from the server if the input to play the encrypted content is received after the second period of time has expired.20. The machine readable medium of claim 17 , wherein the decryption key is valid for a third period of time that is shorter than the second period of time.21. The machine readable medium of claim 20 , wherein when the second period of time expires while the third period of time has not yet ...

INFORMATION PROCESSING APPARATUS, BROADCAST APPARATUS, AND RECEIVING METHOD

There is provided an information processing apparatus including a broadcast receiving unit and a controller. The broadcast receiving unit is configured to be capable of receiving a broadcast. The controller is configured to acquire a first application information table by communication, the first application information table storing at least first usage permission information indicating a usage permission range of a resource of the broadcast by an application using the resource, to control an operation of the application, and to acquire a second application information table storing at least second usage permission information indicating the usage permission range of the resource by the application by using the broadcast receiving unit during execution of the application, to control the operation of the application. 1. An information processing system , comprising:circuitry configured toreceive a broadcast;acquire a first application information table via a communication network, the first application information table storing at least first usage permission information indicating a first usage permission range of a broadcast resource by an application when using the broadcast resource; andacquire a second application information table via a broadcast network, different from the communication network, to control the operation of the application, the second application information table storing at least second usage permission information indicating a second usage permission range of the broadcast resource by the application during execution of the application.2. The information processing system according to claim 1 , wherein the circuitry is configured to acquire the application based on information of the first application information table and to activate the acquired application.3. The information processing system according to claim 2 , wherein claim 2 , when a difference is detected as a result of comparing the first usage permission information to the second ...

Secure Network Coding for Multi-Description Wireless Transmission

Described herein is a method and system for wireless data transmission with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution and/or multi-description video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding. 1. A method for encoding multi-layered data for transmission in a network including a source node , a plurality of relay nodes and one or more receiver nodes , the method comprising:performing a one-time key distribution between the source node and each of the one or more receiver nodes;dividing the multi-layered data into one or more groups;{'sub': 1', '2', '1', '2', '2', 'q, 'sup': 'th', 'for each group, generating at the source node an n×nencoding matrix A, wherein n≥n, wherein nis the number of layers in the group, wherein matrix A is used for encoding at the source only, wherein the matrix A comprises at least one unit vector corresponding to an llayer in the group, and wherein some or all non-zero entries of the matrix A are chosen at random from all non-zero elements of the field F\{0};'}{'sup': (1)', '(w)', '(i), 'sub': 2', '2', '2, 'dividing the group into a plurality of vectors b. . . b, wherein each vector bhas ninformation symbols, wherein each information symbol belongs to a corresponding one of the nlayers in the group, wherein w is a function of [(size of group)/n], and wherein i is an integer, 1≤i≤w;'}{'sup': th', '(i)', '(i), 'sub': 'l', 'encrypting at least the linformation symbol bof each vector bfor each use of the matrix A;'}applying the matrix A successively to the information symbols to be sent to provide encoded symbols, wherein the encoded symbols are placed in one or more payloads of one or more packets;encrypting each line of the matrix A with a corresponding line key to generate a matrix of locked coefficients ...

Computing System and Process for Digital Video Data Management and Scheduling

A film festival may play hundreds of films. Managing the variances in technical requirements for the film data to accommodate different screens and projectors, transferring the film data, and the coordinating digital communication from potentially hundreds of filmmakers may be technically challenging. A server system is provided to manage the transfer of the digital film data, the scheduling and assignment of film data with specific projector devices, and to validate the film data. The server system also provides graphical user interfaces (GUIs) to the film festival organizer to manage a print ticket process and the scheduling process, and GUIs to a filmmaker to facilitate transferring of the film data. 1. A server system for managing digital film data transfer comprising:one or more processors;one or more communication devices;memory that stores a film ID, multiple video data formats, each of the one or more data formats associated with one or more data transfer options; generate a graphical user interface (GUI) that is accessible via the one or more communication devices, the GUI displaying the one or more data formats;', 'receive an input selection via the GUI selecting at least one of the data formats and, in response, determine the one or more data transfer options associated with the selected data format and displaying the same;', 'receive another input selection identifying a selected data transfer option from amongst the one or more data transfer options that are displayed in the GUI;', 'store, in the memory, the selected data transfer option and the selected data format in association with the film ID; and', 'display controls corresponding to the selected data transfer option in the GUI to initiate transfer of the digital film data., 'the server system configured to at least2. The server system of wherein the memory further stores data format requirements for one or more projectors machines configured to display film data; and the server system is further ...

CONTENT RIGHTS HEADERS

The technology described herein is directed towards content rights data that are associated with content (a data item) to make that content selectively available or unavailable in responses by a data service to client requests. A client includes client content rights data in association with each request, (e.g., via a token), and the data service uses that client content rights data as query parameters (constraint criteria) in making a request for a data item. Client content rights data also may be used for accessing cached data. Availability constraints may include client location, brand, channel, device class and time (commence and cease). 1. A system comprising ,a processor; and caching a data item at a cache location in a cache data structure, in which the cache location is based on an identifier of the data item and first content rights data associated with the data item;', 'receiving a request for the data item, in which the request comprises request data comprising the identifier of the data item and second content rights data;', 'determining a hash key based on the data item identifier and at least part of the second client content rights data;', 'accessing the cache data structure based on the second hash key to attempt to locate the data item; and', 'in response to the accessing, determining that the data item is found at the cache location via the second hash key, and returning the data item from the cache location in response to the request., 'a memory communicatively coupled to the processor, the memory having stored therein computer-executable instructions, which when executed perform operations, the operations comprising2. The system of claim 1 , wherein the accessing further comprises evaluating time information associated with the content rights data with respect to a time of the request.3. The system of claim 1 , wherein the request data comprises an authorization token.4. The system of claim 1 , wherein the request comprises a message claim 1 , ...

MULTI-PLATFORM DIGITAL RIGHTS MANAGEMENT FOR PLACESHIFTING OF MULTIMEDIA CONTENT

Devices, methods, and program products are provided, which support multiple Digital Rights Management (DRM) schemes or platforms during the placeshifting of media content. A given placeshifting session may be initiated between a placeshifting device and a user-controlled client media receiver executing a browser player. In one embodiment, the DRM placeshifting method includes storing, in a memory associated with the placeshifting device, DRM-protected content; receiving a request from the client media receiver over a communications network to stream the DRM-protected content to the device; and obtaining a placeshifting key and initialization instructions for the DRM-protected content. The DRM-protected content is streamed to the client media receiver in an encrypted format accessible with a placeshifting decryption key. In conjunction with streaming the DRM-protected content, initialization instructions is transmitted to the client media receiver containing information utilized by the browser player to obtain the DRM license from a first license server. 1. A method for implementing Digital Rights Management (DRM) , the method comprising:storing, in a memory associated with at least one DRM license server of a plurality of DRM license servers, a placeshifting decryption key wherein the placeshifting decryption key is used to generate one or more licenses for at least one type of supported DRM platform;identifying with DRM initialization instructions, an appropriate location at which a browser player can obtain at least one DRM license related to the placeshifting decryption key;selecting at least one DRM license server to obtain the at least one DRM license based on the identified location;determining, whether a DRM license server supports a chosen type of DRM platform to transmit DRM-protected content; andstreaming the DRM-protected content over a communication network in an encrypted format made accessible with the placeshifting decryption key on the chosen type of ...

TECHNIQUES FOR SECURING LIVE POSITIONING SIGNALS

A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals. 1. (canceled)2. A method for validating positioning signals , the method comprisingreceiving one or more positioning signals, the one or more positioning signals being a subset of positioning signals broadcast by a global positioning network;receiving at least one reference signal over a second network that is different from the global positioning network, the reference signal including at least a signature representing the positioning signals broadcast by the global positioning network;producing a validation signal based on at least the reference signal; anddetermining, based on the validation signal, that the one or more positioning signals received over the global positioning network are valid.3. The method of claim 2 , further comprising:determining, based on the one or more positioning signals being valid, a position of a device.4. The method of claim 2 , further comprising:providing navigation signals to a movable object based on the one or more positioning signals received over the global positioning network being valid.5. The method of claim 2 , wherein the one or more positioning signals include a timing signal claim 2 , and wherein the method further comprises:determining a time of day based on the timing signal.6. The method of claim 2 , further comprising:computing a checksum from the one or more positioning signals received over the global positioning ...

PROCESSING CONTENT STREAMING

There is disclosed a system for providing streaming services, the system comprising: a plurality of users each for generating a stream of an event on a connection of a public network; and a server configured to: receive a plurality of the generated streams on connections of the public network; determine content for at least one output stream in dependence on one or more of: the content received on the input streams, the content requested by a viewer, and the user profiles of the contributors; and output the at least one output stream on a connection of a public network, at least one user for receiving the at least one output stream on a connection of the public network. 1. A system for providing streaming services , the system comprising:a plurality of users, each for generating a media stream on a connection of a public network; receive a plurality of the generated media streams on connections of the public network;', 'determine content for at least one output stream in dependence on content received on the generated media streams, wherein the server is further configured such that each generated media stream is allocated to an event in accordance with its metadata, wherein:', 'if it is identified that a generated media stream is associated with an existing event, the generated media stream is allocated to the existing event, and the metadata for the existing event is updated,', 'if it is identified that the generated media stream is not associated with an existing event, then metadata for a new event is created and the generated media stream is associated with the new event; and, 'a server configured toat least one user for receiving the at least one output stream on a connection of the public network.228.-. (canceled)29. The system of wherein the server comprises:an application programmable interface (API) providing an interface to metadata services and configured to receive the generated media streams and generate the at least one output stream; anda media ...

APPARATUS AND METHOD FOR MANAGING MOBILE DEVICE SERVERS

A method that incorporates teachings of the present disclosure may include, for example, receiving at a media resource center a first pairing key from a first mobile device server and enabling the first mobile device to access at least one media device based on the first pairing key, where the at least one media device is operably coupled with the media resource center, where the first mobile devices provides media services by executing a web server application that utilizes the at least one media device, and where the first mobile device communicates with a second mobile device server to provide the media services. Other embodiments are disclosed. 1. A method , comprising:providing, by a processing system including a processor, access to a media resource center according to a first pairing key;identifying, by the processing system, a first service grade of a subscriber according to the first pairing key;receiving, by the processing system, a first request from a mobile device associated with the subscriber for first media content from the media resource center;determining, by the processing system, that the first media content is available to the subscriber based on the first service grade; andproviding, by the processing system, the first media content to the mobile device.2. The method of claim 1 , comprising determining claim 1 , by the processing system claim 1 , to apply a first charge to a subscriber account according to the first service grade.3. The method of claim 2 , comprise determining claim 2 , by the processing system claim 2 , a share of revenue from the first charge to the subscriber account according to a first commercial arrangement for the providing of the first media content.4. The method of claim 1 , comprising:providing, by the processing system, access to the media resource center according to a second pairing key;identifying, by the processing system, a second service grade of the subscriber according to the second pairing key; andreceiving, ...

TECHNIQUE FOR SECURELY COMMUNICATING AND STORING PROGRAMMING MATERIAL IN A TRUSTED DOMAIN

A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device in the second device is associated with the same user, and also provided with the second encrypted content key version. 149.-. (canceled)50. A computerized method for providing access to encrypted content at a computerized user device of a content delivery network , the computerized method comprising:receiving, from the computerized user device, a first encrypted cryptographic element and data representative of an identifier, the identifier being associated with the computerized user device;identifying a user associated with the computerized user device based on the data representative of the identifier associated with the computerized user device;decrypting the first encrypted cryptographic element based at least on a cryptographic element associated with the identified user;encrypting the decrypted first cryptographic element based at least on a first cryptographic element associated with the computerized user device to produce a new encrypted cryptographic element ...

ENCRYPTED AUDIO STREAMING

The disclosed technology relates to broadcasting encrypted data to multiple receiver devices, where some receiver devices have long-term access to the encrypted data and some receiver devices have a temporary access to the encrypted data. Receivers having long-term access are part of a “member group” because these member group devices have a master key and the master key enables the member group devices to derive the necessary information to decrypt the encrypted broadcast. In contrast, devices with temporary access possess only a guest key and not master key, without a master key the devices need to receive the guest key from another device to decrypt the broadcast. Access to the encrypted stream can also be based on broadcasting multiple or single diversifiers, where a diversifier can include group identification information to assist in restricting access to the encrypted stream. 1. A method to broadcast encrypted data , the method comprising:providing a master key to a member device,providing a guest key to a guest device, wherein the single diversifier enables the member device to derive the guest key from the master key and the single diversifier and to derive a session key from the guest key and the single diversifier;', 'wherein the single diversifier enables the guest device to derive the session key from the guest key and the single diversifier;, 'broadcasting, from a broadcaster device, a single diversifier,'} 'wherein the encrypted data is encrypted based on the session key; and', 'broadcasting, from the broadcaster device, encrypted data,'}revoking access to the encrypted data stream for the guest device while maintaining access for the member device by broadcasting a new single diversifier.2. The method of claim 1 , wherein the broadcaster device performs the providing the master key to the member device with a secure communication.3. The method of claim 1 , wherein the broadcaster device performs the providing of the master key claim 1 , and the ...

STREAMING VIDEO SERVER WITH VIRTUAL FILE SYSTEM AND METHODS FOR USE THEREWITH

A streaming video server generates a virtual file system that includes virtual addresses of a plurality of encrypted segments of a plurality of video programs at each of a plurality of bitrates, without storing the plurality of encrypted segments in persistent storage. A request is received from a client device to access a selected one of the plurality of video programs via a request to access the virtual file system. The plurality of encrypted segments of the selected one of the plurality of video programs are generated at a selected bitrate, in response to the request. 1. A streaming server comprising: a network interface, coupled to bidirectionally communicate with at least one client device;', 'a video encoder;', 'a video encrypter; and', generating a virtual playlist that indicates a plurality of segments of a video program and a corresponding network address for each of the plurality of segments, wherein the virtual playlist is generated prior to generating the plurality of segments;', 'sending the virtual playlist to the at least one client device via the network interface;', 'receiving a request for a selected one of the plurality of segments from the at least one client device via the network interface in accordance with the corresponding network address;', 'responding to the request for the selected one of the plurality of segments by retrieving the video program and further by segmenting and encoding at least a portion of the selected one of the plurality of video programs via the video encoder to generate an encoded segment corresponding to the selected one of the plurality of segments and encrypting the encoded segment to generate the selected one of the plurality of segments;', 'sending the selected one of the plurality of segments to the at least one client device via the network interface., 'a command handler, coupled to the network interface, the video encoder, and the video encrypter, that operates by], 'an apparatus that operates via at least one ...