Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Abstract: Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Abstract: Methods and systems for distributed ledger-based digital content distribution chain tracing may comprise receiving an indication of a content asset and an indication of a first user associated with the content asset. A first distributed ledger record may be stored and/or created on a distributed ledger comprising the indication of the content asset and the indication of the first user. A second distributed ledger record may be stored on and/or created on the distributed ledger comprising an indication of a second user associated with the content asset. A version of the content asset may be generated comprising one or more frames having a digital marker. The digital marker may comprise an indication of the first user. At least one of the first distributed ledger record or the second distributed ledger record may be determined based on the digital marker as part of tracking or tracing the content asset.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

Abstract: Methods for system component pairing and authentication are described. A first system component may pair with a second system component in response to receiving a unique identifier from the second system component. The first system component may store the received unique identifier and, thereafter, may authenticate that it is, in fact, communicating with the second system component. The first component may communicate a challenge message directed to the second system component and if the contents of the reply message and the time taken to receive the reply message do not correspond to expected values, the first component may determine that it may not be communicating with the intended second component and may cease communications with the second component.

Abstract: Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

Abstract: Aspects of the disclosure relate to a protocol for communication of information. The protocol can be a non-standard universal serial bus (USB) protocol and can guarantee bandwidth and latency for information communication between a USB host and a single USB device. In one aspect, the non-standard USB protocol can employ a repeating message sequence that is fixed, or static, and preconfigured, the sequence comprising alternating transmission of messages between a first device (e.g., a host device) and a second device (e.g., a peripheral device).

Abstract: Systems and methods for authenticating data and timeliness are disclosed. A method for authentication can comprise processing a data block to determine a first secret element, generating a second secret element based upon the first secret element, generating a non-secret element based upon the second secret element, and comparing the non-secret element to a nonce associated with the first secret element to determine authentication.

Abstract: Disclosed are systems and methods for controlling an amount and rate of security related information (e.g., content encryption or rights management information) being transmitted in a content stream to a user device. In one aspect, the disclosure provides a method and related apparatuses for reducing bandwidth usage required when sending transitional security related information during a transition point of different content in a content stream.

Abstract: Systems and methods for dynamic data masking are disclosed. The disclosed methods and systems can be used to dynamically mask data in cryptographic operations, such as advanced encryption standard (AES) operations, data encryption standard (DES) operations or triple DES operations. Specifically, data in cryptographic operations can be covered with unlimited and continuously changing masks. As an example, the Substitution table, key schedule, and state register in AES, or key schedule and selection functions in a DES or triple DES can be covered with unlimited and constantly changing masks. In an aspect, dynamic masking operations can be combined with orbital RAM algorithm and no-operation clocks to make power signature analysis in cryptographic attacks even more difficult.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.