Abstract: Provided are techniques to enable a device that provides a service to authorize a second device for receiving the service and the delivery of the service to the second device and other devices within a trusted network. A signed Management Key Block (MKB) is generated and transmitted over a network. Devices authorized to access a particular service parse the MKB and transmit a request. A server associated with the service determines whether or not the device is authorized to access the service based upon data included in the request. The first device may issue a challenge to the second device for authentication purposes. If service is approved, service is initiated, either from the first device or another authorized device. Devices may be organized into classes such that devices of a specific class are authorized to access the service.

Abstract: Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.

Abstract: A message comprising an indication of a management key block and an indication of an authorization table is received at a first network device from a second network device. The indication of the management key block, the indication of the authorization table, and a response message generated based on validating the indication of the management key block and the indication of the authorization table are stored. A second message comprising a second indication of the management key block and a second indication of the authorization table is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response associated with the first message on determining that the second indication management key block and the second indication of the authorization table match corresponding stored indications of the management key block and the authorization table.

Abstract: Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.

Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.

Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.

Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.

Abstract: In one aspect of the invention is a method for discouraging unauthorized redistribution of protected content. Content is bound to a customer I.D. associated with a customer requesting the content, such that the customer I.D. is needed to access the content.

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.

Abstract: A protected content distribution system utilizes media-based copy protection to support online distribution of protected content in a secure and legitimate fashion. Using a media-based copy protection scheme based on broadcast encryption, the protected content distribution system realizes online distribution of protected content such as, for example audio files, movies, etc, authorizing consumption of unlicensed content by transfer of a unique encrypted key to the protected media. This transaction is fast, involving the transfer of an encrypted binding key rather than the protected content. Content is enabled through a unique encrypted key on protected media accessed through a device separate from the media driver.

Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally.

Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.

Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.