Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: The disclosed technology provides for establishment of a secure tunnel with implicit device identification. The implicit device identification can be provided during establishment of a secure tunnel with a server by performing a mutual authentication with the server using a device-specific private key of the device. The device-specific private key may be provisioned during manufacturing of the device and stored by a secure hardware component of the device. Establishing the secure tunnel using implicit device identification can be helpful for operations in which a server is configured to only establish secure communications with one or more particular types of device, and can be performed without the use additional device identification communications.

Abstract: Aspects of the subject technology relate to a tamper-resistant indicator of recording by a camera. Electronic devices are disclosed that include a camera, an indicator light for the camera, and a light sensor. The light sensor is disposed proximate to the indicator light so that blocking or masking the indicator light also prevents light from reaching the light sensor. In this way, the light sensor can be used to detect tampering with, masking, blocking, destroying, or otherwise preventing the indicator light from indicating when the camera is recording.

Abstract: The disclosed technology provides for secure storage and usage of data at an electronic device. A device may include a hardened data manager that securely stores data associated with users of the device and/or another device. An application that does not have access to the securely stored data can still use the securely stored data by requesting that another system process at the device perform operations on the securely stored data and/or one or more updates to the securely stored data. For example, an application can request rendering of an avatar of a user. A rendering engine, separate from the application, can obtain securely stored base data from the hardened data manager, obtain updates to the securely stored base data, and render the avatar using the updates to the securely stored base data, without exposing the securely stored base data to the application.

Abstract: The disclosed technology provides for secure data caching by an edge network for an electronic device. The secure data caching can be provided by including a personal edge network and a remote edge network in the edge network. The remote edge network may include storage nodes that are accessible by multiple users. The personal edge network may include devices that are associated with the electronic device and a user of the electronic device, and that have been enrolled as storage nodes of the personal edge network.

Abstract: Aspects of the subject technology relate to a tamper-resistant indicator of recording by a camera. Electronic devices are disclosed that include a camera, an indicator light for the camera, and a light sensor. The light sensor is disposed proximate to the indicator light so that blocking or masking the indicator light also prevents light from reaching the light sensor. In this way, the light sensor can be used to detect tampering with, masking, blocking, destroying, or otherwise preventing the indicator light from indicating when the camera is recording.

Abstract: A device for providing operating system managed group communication sessions may include a memory and at least one processor. The at least one processor may be configured to receive, by an operating system level process executing on a device and from an application process executing on a device, a request to initiate a group session between a user associated with the device and another user. The at least one processor may be further configured to identify, by the operating system level process, another device associated with the other user. The at least one processor may be further configured to initiate, by the operating system level process, the group session with the user via the other device. The at least one processor may be further configured to manage, by the operating system level process, the group session.

Abstract: The disclosed technology provides for establishment of a secure tunnel with implicit device identification. The implicit device identification can be provided during establishment of a secure tunnel with a server by performing a mutual authentication with the server using a device-specific private key of the device. The device-specific private key may be provisioned during manufacturing of the device and stored by a secure hardware component of the device. Establishing the secure tunnel using implicit device identification can be helpful for operations in which a server is configured to only establish secure communications with one or more particular types of device, and can be performed without the use additional device identification communications.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: A software version control system manages versioned applications in a client-server computing system environment. Thereby this is a management system for computer application (software) distribution where a number of client devices coupled to a server may be executing different versions of a particular computing application. The system manages updates to the applications and enforces rules or policies to use the most recent version whenever possible.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.

Abstract: In the context of a computer client-server architecture, typically used in the Internet for communicating between a server and applications running on user computers (clients), a method is provided for enhancing security in the context of digital rights management (DRM) where the server is an untrusted server that may not be secure, but the client is secure. This method operates to authenticate the server to the client and vice versa to defeat hacking attacks intended to obtain confidential information. Values passed between the server and the client include encrypted random numbers, authentication values and other verification data generated using cryptographic techniques including double encryption.

Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

Abstract: A software version control system manages versioned applications in a client-server computing system environment. Thereby this is a management system for computer application (software) distribution where a number of client devices coupled to a server may be executing different versions of a particular computing application. The system manages updates to the applications and enforces rules or policies to use the most recent version whenever possible.