Abstract: The present invention relates to a method for creating and managing a local area network including at least one device for reproducing an encrypted data flow and a device for transmitting and re-encrypting all or part of said encrypted data, which devices include security modules. The method includes the steps of connecting a so-called master security module in one of the devices connected to the local area network, causing the master security module to generate a network key, securely transmitting the network key to one or more so-called user security modules, decrypting the data encrypted by the transmission and re-encryption device, re-encrypting the data with said device by means of a local key, transmitting the re-encrypted data to the reproduction device, and holding the reproduction device to perform decryption using the user security module associated therewith and provided with means for locating the local key.

Abstract: A descrambler adapted as an integrated circuit (IC) according to one embodiment. The descrambler comprises a control word ladder logic to produce, among other data, a control word to descramble incoming scrambled content. The descrambler further comprises copy protection key ladder logic to recover a copy protection key for encrypting descrambled content before subsequent transmission to a digital device.

Abstract: A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.

Abstract: The present invention relates to a technique for authenticating data stored on media in order to prevent piracy. According to the present invention, a lookup table contains broken or modified modulation rules comprising one or more authentication keys or components thereof, that are derived by the table's intentional breaking of standard 8-14 and 8-16 modulation rules. The authentication keys are formed and remain hidden without being transferred in the audio/video. Additionally, the lookup table is employed using conventional hardware and/or software in CD or DVD players. Each output value according to the present invention is a function of the physical characteristics of a disc that does not travel with the audio or video or graphics data. Authentication systems of the present invention optionally encompass singular, multiple or multi-level authentication systems, each of which successively must be deciphered before the audio/video is finally available.

Abstract: A method for managing access to a scrambled event, selected from an electronic program guide, of a service provider (including broadcast television networks, cable television networks, digital satellite systems, and internet service providers). Access to the event is only achieved if the descrambling key is obtained from a digitally signed message associated with the event in the electronic program guide. Authentication of the electronic program guide provider involves decrypting the digital signature using a public key of the guide provider.

Abstract: A content reproduction system that allow the user to rent or purchase any desired contents for reproduction without depending on a predetermined type of information of the user. The content reproduction system includes: a recording medium storing a license ticket including an encrypted master key; and a reproduction apparatus that receives from the user a request for a selected content and the information of the selected content, acquires distribution content information corresponding to the selected content, stores it in association with the license ticket into the recording medium. When reproducing the content, the reproduction apparatus generates a content using an encrypted content decryption key and an encrypted content that are contained in the distribution content information, and using a master decryption key information corresponding to the distribution content information, and reproduces the generated content.

Abstract: A method that accesses a data processing system formed from data processing units that are networked, and enables a system technician to access protected data according to the two-person principle is provided.

Abstract: A server apparatus includes a CPU, a RAM, a cipher processing unit for carrying out encryption and decryption, a communication processing unit for carrying out communication with an information processing terminal, and a data storage unit for storing information that does not require confidentiality. The server apparatus also includes a distribution information storage unit for storing information such as a program to be distributed, and a specific information distribution history holding unit for holding a specific information distribution history for managing a record of a program specific information of a program previously distributed to the information processing terminal.

Abstract: A system that distributes content access data which provides rights management data indicating a right of a user to reproduce and/or copy the distributed content. The system includes an applications device including a trusted player for receiving, reproducing and/or copying the content, and a smart card access device for accessing a smart card, such as a Subscriber Identity Module (SIM), which is uniquely associated with the user. A trusted server communicates the content access data to the smart card via a communications network by encrypting the content access data using an encryption key pre-stored on the smart card and known to the trusted server. A facility is thus provided for cost effectively distributing content and managing rights in the content using security facilities inherent in the smart card.

Abstract: A system and method for retrieval and transfer of encrypted content from a first set-top box utilizing a second set-top box. When content is recorded to the storage device of the first set-top box, the content is encrypted with a content instance key. This content instance key is encrypted with the public key of the first set-top box and a duplicate of the content instance key is encrypted by the public key of the second set-top box. The encrypted content on the storage device may be retrieved by decrypting the duplicate content instance key with the private key that corresponds with the public key of the second set-top box that encrypted the duplicate of the content instance key.

Abstract: A system and method for encrypting and recording content to removable storage media for use by multiple set-tops. When content is recorded to the storage media, the content is encrypted with a content instance key. This content instance key is encrypted with the public key of one set-top box and a duplicate of the content instance key is encrypted with the public key of another set-top box. Either set-top box may decrypt the content instance key with the private key that corresponds with its public key so that the encrypted content from the removable storage media may be made available in the clear.

Abstract: The on-chip multi-core type tamper resistant processor has a feature that, on the microprocessor package which has a plurality of instruction execution cores on an identical package and an ciphering processing function that can use a plurality of ciphering keys in correspondence to programs under a multi-task program execution environment, a key table for storing ciphering keys and the ciphering processing function are concentrated on a single location on the package, such that it is possible to provide a tamper resistant microprocessor in the multi-processor configuration that can realize the improved processing performance by hardware of a given size compared with the case of providing the key table and the ciphering processing function distributedly.

Abstract: A motion picture distribution system, the system including a central computer, an exhibitor computer, a communication channel, and a back channel. The central computer is located at a central site and configured to distribute a digital version of the motion picture. The exhibitor computer is located at an exhibitor location that is remote from the central site. The exhibitor computer is configured both to receive the digital version of the motion picture from the central computer, and to display the motion picture. The communication channel is configured to facilitate the electronic transfer of the digital version of the motion picture from the central computer to the exhibitor computer. The back channel is coupled between the central computer and the exhibitor computer, and configured to allow for the transfer of information between the exhibitor computer and the central computer.

Abstract: Content delivered to client device over an Internet Protocol Multimedia Subsystem (IMS)-based network is protected through a digital rights management (DRM) scheme that leverages IMS service and access infrastructure, such as the IMS core. After authentication and selection of content to be played for the user, the network identifies a key management system having keys for decrypting the selected content. A bootstrapping service function participates in an application-level authentication of the client device to establish a secure communication channel between the key management system and the client device. The key management system responds to a content key request received from the client device by providing a content key via the secure communication channel. The network can then stream content to the client device, which decrypts it using the content key.

Abstract: Systems and methods are disclosed for providing encrypted downstream signals to a plurality of receiver devices 130, 135, 140, where the devices 130, 135, 140 may have different decryption devices. A receiver network (i.e., a networked multimedia system) includes a splitter/isolation module (SIM) 125, a primary set-top terminal (STT) 130, and at least one remote device 135, 140. The remote devices 135, 140 communicate with the primary STT 130 via the SIM 125 over coaxial cable. Accordingly, the remote devices 135, 140 are capable of requesting and receiving stored programs via the networked multimedia overlay system. Depending upon the decryption device included in the requesting remote STT 135, 140, the primary STT 130 sends a stored program encrypted according to that decryption device.

Abstract: System for reading a document provided with machine-readable holder details and establishing whether a person presented the document has a predetermined right, which document at least contains a chip containing biometric data on a holder as well as data with a predetermined relationship to the holder details, and wherein the system comprises: a reader for reading the chip and the machine-readable holder details; a memory containing details with regard to the right of the holder; a biometric feature scanner; a processing unit connected to reader, memory and scanner and equipped to: establish the authenticity of chip and data using public key encryption technology; receive the biometric data on the holder from the chip; receive the biometric data on the person presenting the document from the scanner and to compare these with the data on the holder to determine whether the person presenting the document is the holder; receive the holder details via the reader, check the relationship between the holder details a

Abstract: A protection key for hardware includes a first storage area configured to store a key data used for permission to use software installed in a information processor, a second storage area configured to store a data table including a plurality of random numbers, a receiver configured to receive a cryptography key from the information processor, a coder/decoder configured to encrypt the key data based on the cryptography key by picking one random number from the data table, and a transmitter configured to transmit the encrypted key data to the information processor.

Abstract: A control signal is provided to a video data acquisition system that generates video data. In response to receiving the control signal, the video data acquisition system modifies at least a portion of the video data to produce an output signal. Authenticity of the output signal from the video data acquisition system is verified by checking that the video data includes modifications according to the control signal. If the video data does not include such modifications, it is known that the video data acquisition system needs to be checked for tampering or system failures.

Abstract: According to the invention, a method for protecting digital television from unauthorized digital receivers within a population of digital receivers is disclosed. Each digital receiver in the population has a unique identifier. In one step, provisioning information is received from a subset of the population of digital receivers indicating that the subset is potentially within range to receive digital television from a broadcaster. First decryption information is distributed to the subset of the population of digital receivers. The first decryption information allows for potentially decrypting a plurality of programs coextensively in time. The unauthorized digital receivers are cryptographically excluded from using the first decryption information. A first program is encrypted using a first method that is cryptographically related to second decryption information. The first program is sent. The second decryption information is distributed and cryptographically secured with the first decryption information.

Abstract: To transmit digital data representing a content from a source to a receiver through a digital communication channel, the data being scrambled by at least one control word, the method includes the following steps. The source generates an encryption key which it stores temporarily. It encrypts the control word with the encryption key and transmits to the receiver the scrambled digital data and the encrypted control word, the latter being transmitted through an encrypted communication channel. The receiver then performs an operation of authentication of the source. When the source is authenticated by the receiver, it transmits the encryption key to it. The receiver then decrypts the control word and descrambles the data so as to present them to a user. The encryption key is then erased from the memories of the source and the receiver when the content has been entirely transmitted.

Abstract: A video signal distribution system contains a video stream source (10) that produces a data stream with an encrypted video signal, control word information for decrypting the video signal and fee information indicative of fees for viewing respective parts of the video signal. A plurality of video reproduction apparatuses (12) are coupled to a medium (14) to receive the data stream. Each of the video reproduction apparatuses (12) comprises a control word derivation unit (125) for supplying control words derived from the control word information to a video signal decryption device (121). A credit management unit with a credit memory (128) is provided, which enables or disables supply the control words, when the credit memory (128) indicates the availability of more than a threshold amount of credit, and reduces the amount of credit in the credit memory (128) according to the fee information for the part of the video signal for the decoding of which the control words are supplied.

Abstract: An interface adapter device consistent with certain embodiments has a first electrical connector adapted to connect to a conditional access service card to receive encrypted television signals therefrom. A second electrical connector is adapted to connect to a television receiver device in order to provide the encrypted television signals to the television receiver device. An interface circuit receives the encrypted television signals from the first electrical connector and adapts the signals for transmission to a television receiver device over the second electrical connector. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: A method for authenticating a requesting entity in a communications environment. In an exemplary embodiment, the method includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity.

Abstract: A tamper resistant microprocessor has a task state table for assigning a task identifier to a task that can take a plurality of states, and storing a state of the task in correspondence to the task identifier; a task register for storing the task identifier of a currently executed task; an interface for reading a program stored in a form encrypted by using a program key at an external memory, in units of cache lines, when a request for the task is made; an encryption processing unit for generating decryption keys that are different for different cache lines, according to the program key, and decrypt a content read by the interface; a cache memory formed by a plurality of cache lines each having a tag, for storing the task identifier corresponding to a decryption key used in decrypting each cache line in the tag of each cache line; and an access check unit for comparing the task identifier stored in the tag of each cache line with a value of the task register, and discarding a content of each cache line when t

Abstract: An information recording medium, such as an optical disk or the like, is provided for recording at least copyrighted content information and cipher key information. A part of the content information is scrambled and recorded in the information recording medium, and the scrambled and recorded part of the content information is obtained through scrambling using scramble key information, which is obtained by converting the cipher key information by the use of a non-scrambled part of the content information. The information recording medium has a recording area divided into a plurality of sectors. A plurality of data which the content information is divided into is recorded in the sectors. The non-scrambled part of the content information includes copy control information and a part of the content information that changes sector by sector.

Abstract: An electronic signal transmission device comprises a first communication section to be connected to a first electronic device of a signal transmitting side; a second communication section to be connected to a second electronic device of a signal receiving side; an authentication section for executing an authentication process with the first electronic device and supplying key information for decryption; a decryption section for executing a decryption process of an encrypted signal supplied from the first electronic device based on the key information from the authentication process; and a supply section for directly supplying the encrypted signal from the first electronic device and the key information to the second communication section in order to avoid signal delay by the authentication.

Abstract: An exchange system for intangible goods comprises a first user system, a second user system, a registry system, a clearinghouse system and a hash module coupled for communication with each other. The first and second user systems includes a content module for acting as a repository for intangible goods, a pricing module for setting the price of intangible goods, a transaction generator module for creating transactions between seller and buyer, and a transaction log module for recording any transaction in which the user system participates. These systems are used to consummate transactions with other users for exchanging intangible goods. As part of each transaction, the user and the transaction must be entered or registered in the registry system. The registry system comprises an account module and a transaction log module for maintaining the anonymity of the sellers and buyers.

Abstract: A method of transmitting contents, which are to be received at a reception side where a portion of the contents is previewed while the contents are not accessible for playing other than for a preview purpose, includes the steps of encrypting the contents by a first encryption key, generating information indicative of an elapsed time of the contents that indicates a relationship between positions on a time axis of the contents representing an amount of time that passes as the contents are played and a time count that accrues as a preview time when the contents are previewed, encrypting the first encryption key and the information indicative of an elapsed time of the contents by a second encryption key, thereby generating first encrypted information, encrypting the second encryption key and content-usage control information by a third encryption key, thereby generating second encrypted information, the content-usage control information indicating usage of the contents on the reception side, and transmitting the

Abstract: A system and method for enabling broadcast programs to be copied once only by consumer recorders includes writing a unique media identification on each blank disk to which content is to copied in a read-only area of the disk before it is initially recorded. Also, a one-way key management media key block is written to the disk. A content key is derived by combining a media key, derived from the media key block, with the media identification. Additionally, to facilitate copying the content one time only, an exchange key is established between the recorder and a sender such as a satellite receiver or a disk player that is associated with the recorder, and the exchange key is modified with one or more special numbers representing control commands including copy once and copy no more. The modified exchange key is then encrypted using the content key to render an encrypted modified exchange key, and the encrypted modified exchange key is then hashed with a nonce to render a bus content key.

Abstract: The present invention discloses a system and methods for biometric security using keystroke scan biometrics in a smartcard-reader system. The biometric security system also includes a keystroke scan sensor that detects biometric samples and a device for verifying biometric samples. In one embodiment, the biometric security system includes a smartcard configured with a keystroke scan sensor. In another embodiment, the system includes a reader configured with a keystroke scan sensor. In yet another embodiment, the present invention discloses methods for proffering and processing keystroke scan samples to facilitate authorization of transactions.

Abstract: There is provided a method and apparatus for providing a content service. A method of providing a content service includes generating a plurality of pieces of decryption information according to a continuous period of using a broadcasting service with respect to predetermined contents, encrypting the contents, and decrypting the encrypted contents using the decryption information.

Abstract: A method for transferring at least one data record from an external data source into a processor unit, e.g., and a suitably designed processor unit are described. In such a method for transcribing at least one data record from the external data source to a processor unit, the at least one data record is transmitted from the external data source together with additional information to a buffer memory of the process unit. A check of the admissibility of using the at least one data record is performed on the basis of the additional information. A blocking signal is generated when the check reveals that use of the at least one data record is not allowed. The at least one data record is then deleted from the buffer memory. An enable signal is generated when the use of the at least one data record is allowed. The additional information includes an identifier assigned individually to the processor unit, with the validity check being performed in the processor unit.

Abstract: The invention, an electronic book selection and delivery system, is a new way to distribute books and other textual information to bookstores, libraries and consumers. The primary components of the system are a subsystem for placing text in a video signal format and a subsystem for receiving and selecting text that is placed in the video signal format. The system configuration for consumer use contains additional components and optional features that enhance the system, namely: (1) an operation center, (2) a video distribution system, (3) a home subsystem, including reception, selection, viewing, transacting and transmission capabilities, and (4) a billing and collection system. The operation center and/or video distribution points perform the functions of manipulation of text data, security and coding of text, cataloging of books, messaging center, and uplink functions.

Abstract: A wide-area emergency information management system includes a broadcasting entity (10) and delivers content to authorized receiver clients (20), such as PC's, laptops, wireless devices, etc. The specific content (26), which can include voice, text, video or any other information content related to a planned response to a given crisis or emergency such as enemy attack or natural disaster, is prepared in advance (28), tailored to the class of recipient receiver client and/or user (44), securely downloaded (32,36) and stored locally in a secure cache (21). In response to a small control file from a centralized emergency management authority, the receiver client system accesses the cache (21), decrypts the content (26), and delivers it to the end user.

Abstract: The aim of the present invention is to propose a method to prevent the abusive use of conditional access data, in particular by means of clones of security modules whose security has been compromised.

Abstract: The described embodiments relate generally to data processing systems and methods for encryption and decryption of a subscription-based data service, such as a satellite or cable television service. These aspects are generally based on use of an encryption key by the service provider to encode the data prior to transmission and on a decryption key that is based on the encryption key and on a unique identifier of a particular target receiving device.

Abstract: A hard disk A has is constructed to include: a disk 10 in which copy protection information is written in advance in a surface shape such as slits or corrugations in a pre-recording region 13 over a substrate 11 other than a data storage region 12; a pickup unit 20 for reading the copy protection information on the disk 10; and a copy protect unit 42 made operative, when it copies the encrypted data over the data storage region 12 of the disk 10 in response to the demand of the external device B: to perform an authentication with reference to the copy protection information read by the pickup unit 20; and to output the information on the secret key, as contained in the copy protection information, to the external device B which has been recognized to be correct by that authentication.

Abstract: Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.

Abstract: A digital data file encryption apparatus and method, where a digital data server identifies the user and supplies an encrypted digital data file to the user in accordance with the identified result. A personal computer decrypts the encrypted digital data file supplied from the digital data server and reproduces the decrypted digital data file or re-encrypts it using an encryption key. The encryption key is generated on the basis of an identification number of a data storage medium or digital data playing device. A digital data playing device stores the re-encrypted digital data file downloaded from the personal computer in the data storage medium and decrypts the stored digital data file using the encryption key to reproduce it. A first internal key is added to the identification number to convert the identification number into the encryption key, which is then encrypted according to an encryption algorithm based on a second internal key.

Abstract: Decrypting information corresponding to a selected track, file pointer information, and index information are read out from a track information table having the decrypting information corresponding to each track, the file pointer information showing one of a plurality of files with headers, and the index information showing a position in the file. The header of the file with the header is read out on the basis of the file pointer information and position information in the file corresponding to the index information is detected from the header. A part of data of the file is read out on the basis of the position information and the read-out data is decrypted on the basis of the decrypting information.

Abstract: A data scramble method includes: preparing a seed value in a storage device provided outside of a CPU integrated within a semiconductor device; performing a key generation process to generate a scramble key from the seed value; and performing a scramble process on target data by using the key data. The key generation process and the scramble process are performed within the CPU or a scramble circuit connected with the CPU through a bus.

Abstract: An apparatus to enable operation of a computer by authorized users when in a secure mode of operation is provided. One exemplary apparatus includes a hub configured to be in communication with the computer. The hub includes a card reader, a card microprocessor and an encryption engine. The apparatus also includes a card configured for insertion into the card reader. The card includes a card microprocessor. In addition, the apparatus includes a user authentication device configured to validate the user as an authorized user of the card. If the user is validated as the authorized user, then the card microprocessor passes a key to the hub microprocessor in response to the validation of the user as the authorized user of the card. The encryption engine of the hub is then activated to operate in a secure mode of operation.

Abstract: A method of providing scrambled data includes providing a stream of data units based on a sequence of clear data units by at least subjecting at least part of at least some of the clear data units to a cryptographic operation employing a first encryption key which forms a key pair with a corresponding first decryption key, such that a first section of the stream of data units includes data units including cryptograms obtained using a first value of the first encryption key, and such that a second section includes data units including cryptograms obtained using a second value of the first encryption key, and by associating data units with scrambling state identifying data for indicating a state of scrambling applicable to the associated data unit.

Abstract: A method is disclosed for enforcing the sequential playback of a multimedia file. In one aspect of the method, a sending server stores a multimedia file which is then partitioned into a plurality of sequential data blocks. The server generates a plurality of enabling tokens each corresponding to one of the plurality of sequential data blocks. The server then encodes each respective one of the pluralities of sequential data blocks with a corresponding one of the plurality of enabling tokens, producing a plurality of encoded sequential data blocks. The server then transfers the encoded sequential data blocks to a receiving client. The server also transfers the plurality of enabling tokens to the receiving client. In this manner, the server retains control over the client receiver's playback of the multimedia file.

Abstract: A personalized smart card stores therein public and private cryptography keys stored which are used to securely request and receive subscriber content data from a service provider, utilizing a remote control device.

Abstract: A contents database 114 memorizes the discriminating information for discriminating contents and the temporal information as to the time of content duplication associated with the discriminating information. A recording program 113 acquires the discriminating information of contents to be duplicated and duplicates the contents in association with the acquired discriminating information and with the temporal information memorized in the contents database 114. This substantially prohibits duplication in large quantities without significantly impairing the interests of a user.

Abstract: End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message may also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.

Abstract: A disk-shaped recording medium includes a transparent substrate, and an optical recording layer formed on the transparent substrate. A light source emits light. An optical head is operative for applying the light to the optical recording layer from the light source via the transparent substrate, for focusing the light on the optical recording layer, and for reproducing information from the optical recording layer. A position detecting device is operative for detecting at least one of a pit depth and a physical position of information which has a first given relation with a specified address and which is recorded on the recording medium, and for generating first positional information representing at least one of the pit depth and the physical position. A previously-recorded secret code is reproduced from the recording medium. The secret code represents second positional information. The secret code is decoded into the second positional information.

Abstract: A disk-shaped recording medium includes a transparent substrate, and an optical recording layer formed on the transparent substrate. A light source emits light. An optical head is operative for applying the light to the optical recording layer from the light source via the transparent substrate, for focusing the light on the optical recording layer, and for reproducing information from the optical recording layer. A position detecting device is operative for detecting at least one of a pit depth and a physical position of information which has a first given relation with a specified address and which is recorded on the recording medium, and for generating first positional information representing at least one of the pit depth and the physical position. A previously-recorded secret code is reproduced from the recording medium. The secret code represents second positional information. The secret code is decoded into the second positional information.

Abstract: A copy prevention method and apparatus for a digital video system is disclosed including the steps of: (a) adding a header area of a header start code and key field to a reproduced bit stream: (b) decrypting and transmitting the bit stream to which the header area is added: (c) detecting a key field of the decrypted and transmitted bit stream and detecting copy prevention information; and (d) encrypting the bit stream according to information detected from stop (c) and recording it an tape. A copy protection method including receiving encrypted digital data to be recorded, key information which is required to decrypt the encrypted digital data, and first copy control information which indicates a copy permission status of the encrypted digital data; and recording the encrypted digital data, the key information, and second copy control information on a digital recording medium, based on at least a status of the first copy control information.