Abstract: A method, apparatus, and system are directed towards employing a chain of permission keys obtained during playing of advertisements within content to enable continued playing of the content. A sequence of encoded permission keys are generated with each encoded permission key, except a last permission key, incorporating a scrambling key useable to decode a next encoded permission key within the sequence of encoded permission keys that enables playing of a next portion of the content. If playing of any advertisement within the content is avoided, then access to an associated scrambling key useable to decode a next permission key is prevented, which in turn inhibits playing of a next portion of the content. In another embodiment, a heartbeat analysis may also be performed to monitor if skipping of an advertisement is being attempted, and if so, playing of the content is prevented.

Abstract: A system, apparatus, and method are directed to providing digital copy protection of media using a subscriber/publisher architecture. In one embodiment, a publisher employs various dynamic and/or static tamper detection, including, filter graph change detectors, ICE detectors, screen scraping detectors, debugger detectors, pattern recognizers, or the like. When a tampering event is detected by one or more of the publishers, the tamper event may be published for access by a subscriber. Published tamper events may be pushed to or pulled by the subscribers. When one or more subscribers receive the tamper event, the subscriber(s) may perform one or more tamper response actions according to various business rules, and/or other core rules.

Abstract: A method and system are directed to differentiating between normal characteristics and abnormal characteristics within a software process, such that tampering of the software process may be identified programmatically. The identification of behavior that may be defined as normal may vary. Such behavior may include a sequence of selected system level calls that may access resources considered relevant, and the like. Data on the selected behavior is gathered, and when a sufficient amount of abnormal behavior has been detected, a signal may be provided such that an action may be performed. Samples of the gathered data are assigned a unique value. Statistical information is determined from the collected behavior, including trend data. Such trend data is compared to trends identified as normal for the software process, and a determination is made whether the sampled behavior is non-normal.

Abstract: A method, apparatus, and system are directed towards employing a chain of permission keys obtained during playing of advertisements within content to enable continued playing of the content. A sequence of encoded permission keys are generated with each encoded permission key, except a last permission key, incorporating a scrambling key useable to decode a next encoded permission key within the sequence of encoded permission keys that enables playing of a next portion of the content. If playing of any advertisement within the content is avoided, then access to an associated scrambling key useable to decode a next permission key is prevented, which in turn inhibits playing of a next portion of the content. In another embodiment, a heartbeat analysis may also be performed to monitor if skipping of an advertisement is being attempted, and if so, playing of the content is prevented.

Abstract: A method and system are directed to differentiating between normal characteristics and abnormal characteristics within a software process, such that tampering of the software process may be identified programmatically. The identification of behavior that may be defined as normal may vary. Such behavior may include a sequence of selected system level calls that may access resources considered relevant, and the like. Data on the selected behavior is gathered, and when a sufficient amount of abnormal behavior has been detected, a signal may be provided such that an action may be performed. Samples of the gathered data are assigned a unique value. Statistical information is determined from the collected behavior, including trend data. Such trend data is compared to trends identified as normal for the software process, and a determination is made whether the sampled behavior is non-normal.