Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: This Application sets forth techniques for dynamically generating media content clips based on key events that occur. In particular, the techniques enable key events to be identified among a stream of events that take place in the real world (e.g., at awards events, at social events, at sporting events, etc.) and enable media content clips to be dynamically generated for the key events. In turn, the key events and their respective media content clips can be presented to users for viewing.

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract: A method for distributing content. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.). The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece.

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

Abstract: Some embodiments provide a method for determining whether a subscription for using digital content on a user device has elapsed. The method compares a first collision free image of a first set of entities in the user device with a second collision free image for a second set of entities in the user device at a second instance in time. Based on the comparison, the method determines whether the subscription has elapsed.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

Abstract: One or more user accounts can be linked together to form a group of linked user accounts to access content items assigned to the other user accounts in the group of linked user accounts. Prior to completing a purchase for a content item, a requesting user can be alerted that a member of the group of linked user accounts has access to the content item. Content items assigned to a member of a group of linked user accounts can be downloaded by one or more other members of the group of linked user accounts along with a Digital Rights Management (DRM) key that enables use of the content item. The DRM key can represent the group relationship between the downloading user account and the content owner's user account to which the content item is assigned.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: A user device can verify a user's identity to a server while protecting user privacy by not sharing any personal data with any other device. To ensure user privacy and to allow multiple independent enrollments, the user device performs an enrollment process in which the user device locally collects and uses biometric data together with a random salt to generate a set of public/private key pairs from which biometric information cannot be extracted. The public keys and the salt, but not the biometric data, are sent to a server to store. To verify user identity, a user device can repeat the collection of biometric data from the user and the generation of public/private key pairs using the salt obtained from the server. If the device can prove to the server its possession of at least a minimum number of correct private keys, the user's identity can be verified.

Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: A device implementing a system for using a verified claim of identity may include at least one processor configured to receive a response vector corresponding to a verified claim of a user of a device, the verified claim comprising plural data fields to identify the user and being a digital certificate signed by a server, the verified claim being associated with the device, the response vector comprising, for each field of the plural data fields, a confidence score indicating a likelihood that the field is accurate. The at least one processor may be further configured to receive, from the device, a request for a service, determine, in response to receiving the request, that service is to be provided to the device based on the response vector and the verified claim, and provide the service to the device based on the determining.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a first request to revoke a verified claim, the verified claim comprising information to identify a user of a device, wherein the verified claim includes a hardware reference key of the device, and wherein the hardware reference key is a public key of a public-private key pair, a corresponding private key of which is securely stored on the device. The at least one processor may be further configured to in response to receiving the request, send, to the device, a second request to revoke the verified claim on the device, and add the verified claim to a revocation list.

Abstract: A device implementing the subject system may include a processor configured to send, to a service provider, a request for a service provided by the service provider. The processor may be further configured to receive, in response to sending the request for the service, a request for a verified claim, the verified claim comprising first information to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with the device. The processor may be further configured to send, in response to receiving the request for the verified claim, the verified claim to the service provider, and receive a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to send, to a service provider, a request for a service provided by the service provider. The at least one processor may be further configured to receive, from the service provider and in response to the sending, a request for a verified claim, the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with to the device. The at least one processor may be further configured to, in response to the receiving, determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on a device, and send the confidence assessment and the verified claim to the service provider.