Abstract: A method for serving a media stream to a client device includes transmitting a media stream encoded at a first bitrate to a client device and receiving one or more control messages from the client device. Each control message indicates a player state of a media player of the client device at a time corresponding to the control message and a buffer state of a buffer of the client device at the time. The method includes determining a server state of a server, indicating a network bandwidth available to the server. The method includes determining a second bitrate for the media stream based on the player state, the buffer state, and the network bandwidth available to the server. The method further includes instructing a transcoder to encode the media content at the second bitrate to obtain an adjusted media stream and transmitting the adjusted media stream to the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for embedding keys in hardware. One of the methods includes providing, to a device provider, one or more encrypted keys, each of the encrypted keys to be included in a corresponding device provided by the device provider. A user system that includes a device that includes one of the encrypted keys receives information specifying the encrypted key. The information received from the user system is validated. A decryption key is selected based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system. The decryption key is provided to the user system that includes the device.

Abstract: A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key.

Abstract: A method for serving a media stream to a client device includes transmitting a media stream encoded at a first bitrate to a client device and receiving one or more control messages from the client device. Each control message indicates a player state of a media player of the client device at a time corresponding to the control message and a buffer state of a buffer of the client device at the time. The method includes determining a server state of a server, indicating a network bandwidth available to the server. The method includes determining a second bitrate for the media stream based on the player state, the buffer state, and the network bandwidth available to the server. The method further includes instructing a transcoder to encode the media content at the second bitrate to obtain an adjusted media stream and transmitting the adjusted media stream to the client device.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message.

Abstract: A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key.

Abstract: A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key.

Abstract: A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal.

Abstract: This invention describes an Identity Management system, in which the User uses the same set of credentials to log into multiple Web Service Providers (WSPs). However, unlike in traditional systems, none of the WSPs have to rely on assertions issued by the Identity Provider (IdP). The Identity Provider itself remains agnostic of User's credentials and User's personal information (the Identity). A 3-way cryptographic protocol is employed between the User, the WSP and the IdP that allows credentials re-use without exposing the IdP to any sensitive information. At the same time, the IdP provides full set of Identity Management services to the User and to the WSP, without knowing the identities it is dealing with. In addition, the IdP is deprived of ability to manipulate the identity data in any way, thus ensuring the WSP is in full control over the relationship with its customer (the User).

Abstract: An Identity Management system in which a User may use a single set of credentials to log into multiple Web Service Providers differs from traditional systems in that none of the WSPs have to rely on assertions issued by an Identity Provider. The Identity Provider remains unaware of the User's credentials and the User's personal information. A three-way cryptographic protocol is employed between the User, the Web Service Provider and the Identity Provider that allows re-use of credentials without exposing the Identity Provider to any sensitive information. At the same time, the Identity Provider provides full set of Identity Management services to the User and to the Web Service Provider, without knowing the identities it is dealing with. In addition, the Identity Provider is deprived of an ability to manipulate the identity data in any way, thus ensuring the Web Service Provider is in full control over the relationship with its customer (the User).

Abstract: An Identity Management system in which a User may use a single set of credentials to log into multiple Web Service Providers differs from traditional systems in that none of the WSPs have to rely on assertions issued by an Identity Provider. The Identity Provider remains unaware of the User's credentials and the User's personal information. A three-way cryptographic protocol is employed between the User, the Web Service Provider and the Identity Provider that allows re-use of credentials without exposing the Identity Provider to any sensitive information. At the same time, the Identity Provider provides full set of Identity Management services to the User and to the Web Service Provider, without knowing the identities it is dealing with. In addition, the Identity Provider is deprived of an ability to manipulate the identity data in any way, thus ensuring the Web Service Provider is in full control over the relationship with its customer (the User).