Abstract: A system, apparatus, and method are directed towards managing entitlement/right revocation and delivery to be performed within a non-addressable media network. Such networks may include for example a client device behind a network address translation (NAT) device, employs non-addressable satellite components, or so forth. A server notifies clients that entitlements, revocations, or the like are available by sending a request for communications with the client. The client initiates a connection to receive the entitlements, or the like, and then disconnects from the server. If the client fails to initiate a connection, the server may continue to send a request for a connection, or even change encryption keys to the content to prevent access by the client. In one embodiment, failure to receive an acknowledgement response from the server of a connection with the client, or from the client, may result in invocation of a revocation failure action.

Abstract: A method, apparatus, and system are directed towards employing transferable entitlements using EMMs for enabling a purchase of content using a mobile device, and redeeming for access the content using a different network device. An existing billing infrastructure may be used during a purchase transaction to identify the purchasing device. Upon billing authorization, a transferable EMM (XEMM) may be sent to the purchasing device. The purchasing device may then provide the XEMM to another network device. The other network device may send the XEMM to a redeeming service when requesting access to the content. Upon authorization, an EMM with an access key to the content may be sent to the other network device.

Abstract: An apparatus, system, and method is directed to transcoding broadcast content, such as in a DVB, ATSC, and MPEG based network, to secure content suitable for an Internet Protocol (IP) based network. In one embodiment, a single multifunctional convergence appliance is employed to enable such transcoding actions as encryption, encoding, and/or encapsulation. For example, in one embodiment, an MPEG transport stream associated with the broadcast content may be transcoded to an IP-based transport stream. In addition, the transport stream may be decrypted, transrated to another rate, and re-encrypted using a different control word for re-encrypting, but a same service key to encrypt the different control word. The system is also enabled to transcode content formatted for the IP-based network to a content format suitable for the broadcast network.

Abstract: A method, apparatus, and system are directed towards employing transferable entitlements using EMMs for enabling a purchase of content using a mobile device, and redeeming for access the content using a different network device. An existing billing infrastructure may be used during a purchase transaction to identify the purchasing device. Upon billing authorization, a transferable EMM (XEMM) may be sent to the purchasing device. The purchasing device may then provide the XEMM to another network device. The other network device may send the XEMM to a redeeming service when requesting access to the content. Upon authorization, an EMM with an access key to the content may be sent to the other network device.

Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.

Abstract: Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination.

Abstract: A method, apparatus, and system are directed towards employing transferable entitlements using EMMs for enabling a purchase of content using a mobile device, and redeeming for access the content using a different network device. An existing billing infrastructure may be used during a purchase transaction to identify the purchasing device. Upon billing authorization, a transferable EMM (XEMM) may be sent to the purchasing device. The purchasing device may then provide the XEMM to another network device. The other network device may send the XEMM to a redeeming service when requesting access to the content. Upon authorization, an EMM with an access key to the content may be sent to the other network device.

Abstract: A method, apparatus, and system are directed towards generating a public/private key pair prior to registration. The generation of the public/private key pair is performed by the entity to which the key pair is to be associated. The entity may then complete n application. The entity may then employ the generated public/private key pair to digitally sign the application. In one embodiment, the public key is provided with the application to a registration authority. Upon request, the public key and at least some of the application information may be provided to requester for use in identification, authentication, integrity, and/or non-repudiation of the registered entity. In another embodiment, the registration authority or other entity may verify the identity of the registering entity using the application. In one embodiment, the registration authority may select to digitally sign the application to indicate that the information has been verified.

Abstract: Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination.

Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.

Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.

Abstract: An apparatus, system, and method is directed to transcoding broadcast content, such as in a DVB, ATSC, and MPEG based network, to secure content suitable for an Internet Protocol (IP) based network. In one embodiment, a single multifunctional convergence appliance is employed to enable such transcoding actions as encryption, encoding, and/or encapsulation. For example, in one embodiment, an MPEG transport stream associated with the broadcast content may be transcoded to an IP-based transport stream. In addition, the transport stream may be decrypted, transrated to another rate, and re-encrypted using a different control word for re-encrypting, but a same service key to encrypt the different control word. The system is also enabled to transcode content formatted for the IP-based network to a content format suitable for the broadcast network.

Abstract: An apparatus, system, and method is directed to transcoding broadcast content, such as in a DVB, ATSC, and MPEG based network, to secure content suitable for an Internet Protocol (IP) based network. In one embodiment, a single multifunctional convergence appliance is employed to enable such transcoding actions as encryption, encoding, and/or encapsulation. For example, in one embodiment, an MPEG transport stream associated with the broadcast content may be transcoded to an IP-based transport stream. In addition, the transport stream may be decrypted, transrated to another rate, and re-encrypted using a different control word for re-encrypting, but a same service key to encrypt the different control word. The system is also enabled to transcode content formatted for the IP-based network to a content format suitable for the broadcast network.

Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.

Abstract: A system, apparatus, and method are directed to providing and securely viewing secure content. In one embodiment, a secure player provides secure screening/previewing of secure content, such as a motion picture, by a member of an awards organization. A content key is employed to selectively encrypt at least a portion of a content stream. The content key is encrypted with a screener key. The encrypted content key is embedded into the secure content. The screener key is encrypted using public/private key pair that is bound to the secure player. The secure content may be distributed on a medium, such as a DVD, high definition DVD, and the like. The secure player is configured to receive the medium, screener key, and a screener identity. The screener identity and screener key are employed by the secure player to decrypt and enable secure viewing of the content.

Abstract: A method, apparatus, and system are directed towards employing a chain of permission keys obtained during playing of advertisements within content to enable continued playing of the content. A sequence of encoded permission keys are generated with each encoded permission key, except a last permission key, incorporating a scrambling key useable to decode a next encoded permission key within the sequence of encoded permission keys that enables playing of a next portion of the content. If playing of any advertisement within the content is avoided, then access to an associated scrambling key useable to decode a next permission key is prevented, which in turn inhibits playing of a next portion of the content. In another embodiment, a heartbeat analysis may also be performed to monitor if skipping of an advertisement is being attempted, and if so, playing of the content is prevented.

Abstract: Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination.

Abstract: A system, apparatus, and method are directed towards managing entitlement/right revocation and delivery to be performed within a non-addressable media network. Such networks may include for example a client device behind a network address translation (NAT) device, employs non-addressable satellite components, or so forth. A server notifies clients that entitlements, revocations, or the like are available by sending a request for communications with the client. The client initiates a connection to receive the entitlements, or the like, and then disconnects from the server. If the client fails to initiate a connection, the server may continue to send a request for a connection, or even change encryption keys to the content to prevent access by the client. In one embodiment, failure to receive an acknowledgement response from the server of a connection with the client, or from the client, may result in invocation of a revocation failure action.

Abstract: A method, apparatus, and system are directed towards providing advertisement insertions at a point of consumption into digital content, such as broadcast television content. A content provider may initially mark the content for advertisement insertion, and create a metadata file indicating constraints, targets, expirations, or the like. A downstream user employs a plug-in component and provides an initial user profile, in part, to access the content with advertisements. As the content is played, and an advertising marker is encountered, fast forwarding or other skipping features are disabled, and an advertisement stream is spliced into the content stream. The advertisement stream is determined based on the user profile and/or other metadata. Moreover, the advertisement stream may be obtained over a network such that advertisements may be refreshed even years after the content has been acquired by the user. In one embodiment, the advertisement consumption may be tracked and reported.

Abstract: A method, apparatus, and system are directed towards generating a public/private key pair prior to registration. The generation of the public/private key pair is performed by the entity to which the key pair is to be associated. The entity may then complete n application. The entity may then employ the generated public/private key pair to digitally sign the application. In one embodiment, the public key is provided with the application to a registration authority. Upon request, the public key and at least some of the application information may be provided to requester for use in identification, authentication, integrity, and/or non-repudiation of the registered entity. In another embodiment, the registration authority or other entity may verify the identity of the registering entity using the application. In one embodiment, the registration authority may select to digitally sign the application to indicate that the information has been verified.