Abstract: An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

Abstract: Client control may be provided. First, content may be encrypted using an actual key. Then an identifier corresponding to a client device may be received and a transformation may be performed on the actual key and the identifier to produce a transmitted key. The transmitted key and the encrypted content may then be sent to the client device where it may be received. The client device may then receive the identifier corresponding to the client device and perform a reverse transformation on the transmitted key using the identifier to produce the actual key. The content may then be decrypted with the actual key.

Abstract: An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

Abstract: An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

Abstract: Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.

Abstract: Client control may be provided. First, content may be encrypted using an actual key. Then an identifier corresponding to a client device may be received and a transformation may be performed on the actual key and the identifier to produce a transmitted key. The transmitted key and the encrypted content may then be sent to the client device where it may be received. The client device may then receive the identifier corresponding to the client device and perform a reverse transformation on the transmitted key using the identifier to produce the actual key. The content may then be decrypted with the actual key.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: Methods of providing a transport streams are disclosed. In one embodiment, among others, a method comprises receiving an input transport stream having a plurality of packet identifier (PID) streams included therein, the plurality of PID streams comprising first, second, third, and fourth PID streams, decrypting the first PID stream, statistically multiplexing the second PID stream, encrypting the third PID stream, and transmitting the fourth PID stream, wherein the receiving, decrypting, statistically multiplexing, encrypting, and transmitting are implemented at a transport stream apparatus.

Abstract: Systems and method for partial encryption are disclosed. One example method comprises: creating a program association table to include a first program number which identifies a program encrypted in accordance with a first encryption scheme, and a second program number which identifies the same program encrypted in accordance with a second encryption scheme; and creating a program map table for the same program to include first audio and video identifiers associated with the first encryption scheme and second audio and video identifiers associated with the second encryption scheme.

Abstract: Systems and methods of secure content key distribution using multiple distinct methods are disclosed herein. Example embodiments include receiving multiple distinct control words from multiple conditional access systems and encrypting packets or a group of packets using the multiple distinct control words.

Abstract: Encrypting content included in a program or service is disclosed, wherein the encrypted content is transmitted from a transmitter to a receiver in a subscriber network. Generally, in one embodiment, the encrypted program or service is packetized, and the packets are transmitted to the receiver. When a packet having ciphertext of the encrypted program or service is received at the receiver, the ciphertext of the packet is preferably converted to a different form of ciphertext.

Abstract: Consistent with embodiments of the present invention, systems and methods are disclosed for deriving a secure key.

Abstract: Techniques are provided to obfuscate seed values to produce a decryption key for a simplified content protection scheme. A first repeatable sequence is performed that encrypts a value stored in a first memory location using a value stored in the second memory location to produce an encrypted value and the value stored in the first memory location is overwritten with the encrypted value and then applying a constraining function to the value stored in the second memory location to produce a result and the value stored in the second memory location is overwritten with the result, wherein the result contains a less entropy compared an entropy level of the value in the second memory location prior to applying the constraining function. This sequence is repeated, but the values used in the first and second memory locations are used in opposite fashion. Techniques are also provided to perform the reverse operation and de-obfuscate a decryption key.

Abstract: Included are systems and methods for providing access. At least one embodiment of a system includes a host configured to receive at least one tool for providing conditional access and a secure processor configured to receive conditional access logic. Some embodiments of the conditional access logic are configured to send at least one configuration message for configuring the at least one tool at the host component for operation with the received access logic.

Abstract: Systems and methods are disclosed for enabling encryptor devices to provide real-time messages having offset cryptoperiods according to an offset algorithm within common crypto-sync pulse boundaries. A master clock aligns the encryptor devices to a common crypto-sync pulse. Subsequently, a cryptoperiod offset aligner assigns a different offset value according to an algorithm to each encrypted service. The corresponding encryptor device then begins the cryptoperiod, during which real-time messages are transmitted, at the assigned offset value from the common crypto-sync pulse.

Abstract: Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.

Abstract: Consistent with embodiments of the present invention, systems and methods are disclosed for deriving a secure key.

Abstract: In a subscriber television system having a headend, a server, and plurality of client-receivers, the server, which is remote from the headend, is adapted to receive a validation-message from one or more client-receivers. The validation-message includes content and an authentication-token. The server validates that the sender of the validation-message is a valid client-receiver of the subscriber television system using an authentication-token and a validator that is known to both the server and to at least one of the client-receivers.