Abstract: Various implementations include distributing DRM processing between a DRM key protection system and multiple receiving devices. To that end, a method includes receiving a first encrypted content key associated with a first receiving device, and receiving a second encrypted content key associated with a second receiving device. The method includes processing the first encrypted content key to generate a first decrypted content key, and processing the second encrypted content key to generate a second decrypted content key. The method includes generating a first protected content key based on the first decrypted content key, and generating a second protected content key based on the second decrypted content key. The method includes providing the first protected content key to the first receiving device, and providing the second protected content key to the second receiving device.

Abstract: Techniques for enhancing security for thin client devices in hybrid edge cloud systems are described. In accordance with various embodiments, the hybrid system includes a cloud computing platform (e.g., the cloud) and an edge device (e.g., the edge). The cloud extracts key(s) for authentication and session establishment. The cloud also utilizes the key(s) to establish a session between the edge and a client device. The cloud additionally authorizes a content request from the client device for a media content item over the session and extracts a content key upon successful authorization. The edge caches the key(s), obtains the content key at the time of receiving the content request from the client device and transmits the content key and the key(s) with the media content item to the client device.

Abstract: Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.

Abstract: Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.

Abstract: In one embodiment, a device discovery system includes a data storage medium to store a clustered data structure including device signatures grouped according to clusters. Each device signature includes device information. Each cluster from a sub-set of the clusters has a different device name. The system also includes an input/output sub-system to receive, from a remote device, a first device signature describing information about a first device, and a processor to perform a decision process based on the clustered data structure with the first device signature as input yielding an output including a first device name or an indication that a name associated with the first device signature is unknown. The processor is operative to prepare a response message including data about the output. The input/output sub-system is operative to send the response message to the remote device.

Abstract: In one example, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

Abstract: Techniques for use in determining redress measures for a television (TV) service outage based on impact analysis are described. A TV service outage may be associated with a TV system apparatus including a TV user interface (UI). In one illustrative example, one or more subscribers impacted by the TV service outage are determined. An impact score is determined for each one of the subscribers. A redress measure for each one of the subscribers is then determined in accordance with their corresponding impact scores. An impacted subscriber and/or an impact score may be determined based at least in part on subscriber TV usage data or subscriber TV UI usage data.

Abstract: Techniques for use in determining redress measures for a television (TV) service outage based on impact analysis are described. A TV service outage may be associated with a TV system apparatus including a TV user interface (UI). In one illustrative example, one or more subscribers impacted by the TV service outage are determined. An impact score is determined for each one of the subscribers. A redress measure for each one of the subscribers is then determined in accordance with their corresponding impact scores. An impacted subscriber and/or an impact score may be determined based at least in part on subscriber TV usage data or subscriber TV UI usage data.

Abstract: In one embodiment, a method for assessing security posture for entities in a computing network is implemented on a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

Abstract: Techniques for use in determining redress measures for a television (TV) service outage based on impact analysis are described. A TV service outage may be associated with a TV system apparatus including a TV user interface (UI). In one illustrative example, one or more subscribers impacted by the TV service outage are determined. An impact score is determined for each one of the subscribers. A redress measure for each one of the subscribers is then determined in accordance with their corresponding impact scores. An impacted subscriber and/or an impact score may be determined based at least in part on subscriber TV usage data or subscriber TV UI usage data.

Abstract: Techniques for use in determining redress measures for a television (TV) service outage based on impact analysis are described. A TV service outage may be associated with a TV system apparatus including a TV user interface (UI). In one illustrative example, one or more subscribers impacted by the TV service outage are determined. An impact score is determined for each one of the subscribers. A redress measure for each one of the subscribers is then determined in accordance with their corresponding impact scores. An impacted subscriber and/or an impact score may be determined based at least in part on subscriber TV usage data or subscriber TV UI usage data.

Abstract: In one embodiment, a method for assessing security posture for entities in a computing, network is implemented On a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

Abstract: In one embodiment, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

Abstract: In one embodiment, a system includes a hardware processor and a memory to store data used by the hardware processor, wherein the hardware processor is operative to calculate, for each one device of a plurality of devices, a device-specific packet inspection plan based on (a) a security vulnerability score for the one device; and (b) a damage score for the one device, wherein for each one device of the plurality of devices, the device-specific packet inspection plan includes at least one of the following (a) a percentage of a plurality of packets, destined for the one device, to be inspected for compliance with at least one intrusion detection/protection system rule and (b) instructions on which intrusion detection/protection system rules to use to inspect a multiplicity of the plurality of packets destined for the one device. Related apparatus and methods are also described.

Abstract: In one embodiment, a device discovery system includes a data storage medium to store a clustered data structure including device signatures grouped according to clusters. Each device signature includes device information. Each cluster from a sub-set of the clusters has a different device name. The system also includes an input/output sub-system to receive, from a remote device, a first device signature describing information about a first device, and a processor to perform a decision process based on the clustered data structure with the first device signature as input yielding an output including a first device name or an indication that a name associated with the first device signature is unknown. The processor is operative to prepare a response message including data about the output. The input/output sub-system is operative to send the response message to the remote device.

Abstract: A method for producing an auxiliary video stream arranged for reverse trick mode playback from a video stream including a plurality of uni-directional predicted frames, the method including producing the auxiliary video stream by performing the following steps copying each uni-directional predicted frame included in the video stream into a memory, thereby producing a plurality of copied frames in the memory, replacing each one of the plurality of copied frames with one corresponding supplemental frame, thereby producing a plurality of corresponding supplemental frames, and producing a copy of the video stream arranged in reverse processing order, the producing a copy including replacing each frame which corresponds to one of the plurality of copied frames with the one corresponding supplemental frame from among the plurality of corresponding supplemental frames. Related methods and systems are also described.

Abstract: A method for providing access to operation information relating to a digital signal, including providing a digital signal encoded, in accordance with a layered encoding scheme, in a plurality of layers, and extracting operation information from a first layer of encoding within the digital signal, and placing the extracted information in a data section in a second layer of encoding within the digital signal. Related methods and apparatus are also described.

Abstract: A method for producing an auxiliary video stream arranged for reverse trick mode playback from a video stream including a plurality of uni-directional predicted frames, the method including producing the auxiliary video stream by performing the following steps copying each uni-directional predicted frame included in the video stream into a memory, thereby producing a plurality of copied frames in the memory, replacing each one of the plurality of copied frames with one corresponding supplemental frame, thereby producing a plurality of corresponding supplemental frames, and producing a copy of the video stream arranged in reverse processing order, the producing a copy including replacing each frame which corresponds to one of the plurality of copied frames with the one corresponding supplemental frame from among the plurality of corresponding supplemental frames. Related methods and systems are also described.

Abstract: A method for producing an auxiliary video stream arranged for reverse trick mode playback from a video stream including a plurality of uni-directional predicted frames, the method including producing the auxiliary video stream by performing the following steps copying each uni-directional predicted frame included in the video stream into a memory, thereby producing a plurality of copied frames in the memory, replacing each one of the plurality of copied frames with one corresponding supplemental frame, thereby producing a plurality of corresponding supplemental frames, and producing a copy of the video stream arranged in reverse processing order, the producing a copy including replacing each frame which corresponds to one of the plurality of copied frames with the one corresponding supplemental frame from among the plurality of corresponding supplemental frames. Related methods and systems are also described.

Abstract: This invention discloses a method for displaying advertisements transmitted to a user unit, the method includes receiving, at the user unit, at least one advertisement tagged with a delay tag indicating whether display of the at least one advertisement can be delayed and only if the delay tag allows delaying display of the at least one advertisement, storing the at least one advertisement at the user unit, retrieving the at least one advertisement and displaying the at least one advertisement. A billing system for reporting a commercial broadcast to a multiplicity of users is also disclosed.