Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in a network transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system that includes a virtual smart card to effect the inventive process.

Abstract: A method, apparatus, and system are directed towards employing transferable entitlements using EMMs for enabling a purchase of content using a mobile device, and redeeming for access the content using a different network device. An existing billing infrastructure may be used during a purchase transaction to identify the purchasing device. Upon billing authorization, a transferable EMM (XEMM) may be sent to the purchasing device. The purchasing device may then provide the XEMM to another network device. The other network device may send the XEMM to a redeeming service when requesting access to the content. Upon authorization, an EMM with an access key to the content may be sent to the other network device.

Abstract: The invention is directed to marking audio/video (A/V) signals for use in tracing content to a source. An ID controller captures an A/V synchronization fingerprint from a master A/V signal, stores the fingerprint in a data store, and provides signals to an ID encoder to have encoded an identifier into a copy of the master A/V signal. The identifier is encoded to be persistent through actions such as capture, compression, and/or transcoding. In one embodiment, the identifier is encoded as a bit sequence, where each bit is encoded using an encoding technique that is hereinafter called a Mississippi encoding technique. The encoded identifier within the copied A/V signal may later be determined by extracting the fingerprint and comparing it to the stored fingerprint to determine the identifier. The identifier may then be used to trace a source of the copied A/V signal.

Abstract: A system, apparatus, and method are directed towards preventing entitlement/rights filter attacks in a conditional access to secure content over a network. An EMM that is configured to revoke access to selected content may be sent to a user, when a content provider, or the like, determines that access to the selected content is to be revoked for that user. A server may monitor for an acknowledgment of the revocation. If, after a predetermined time, a valid acknowledgement is not received by the server, the server may send another revocation EMM and again monitor for an acknowledgement response. If, after a predetermined number of retry attempts, a valid acknowledgement is not received, the server may send an alert message, investigate for possible network or device failures, change of encryption keys such as the CW, change a service key, or the like, for future content delivery to the user.

Abstract: A system, apparatus, and method are directed to evolving detectors in an Artificial Immune System for use in detecting unauthorized computing activities. In one embodiment, a population of detectors is generated with a matching value and expectation value of zero. The detectors are then compared to logged fragments of system calls within a computing device to modify the matching value. When the matching value for a given detector is equal to or greater than an expectation value, the detector's expectation value may be set to the matching value. The detectors may then evolve and/or generate other detectors using mutation, and/or recombination, or the like. Detectors continue to generate and/or to evolve until a detector's matching value reaches a determined value, in which case, the detector may be evaluated to determine if an unauthorized activity is detected. If an unauthorized activity is detected, a detection response may be performed.

Abstract: A system, apparatus, and method are directed towards allowing ingestion of encrypted content into such as a VOD server, or PVR, or the like by selectively encrypting portions of a content stream based on various selection rules. In one embodiment, the selection rules include leaving selected portions of the content stream unencrypted, including packets that include a PES header; or video packets that include various trick play data such as picture start, GOP start, sequence start, sequence end data; PIDs associated with a PAT, PMT, or the like; while other portions of the content stream may be encrypted, including video and/or audio PIDs, or other video and/or audio portions. In still another embodiment, Entitlement Control Messages (ECMs) may be inserted that employ an encryption/decryption key rotation scheme, such as odd and/or even scrambling control bit structures, which may also be rotated based on a variety of conditions.

Abstract: An apparatus, system, and method is directed to transcoding broadcast content, such as in a DVB, ATSC, and MPEG based network, to secure content suitable for an Internet Protocol (IP) based network. In one embodiment, a single multifunctional convergence appliance is employed to enable such transcoding actions as encryption, encoding, and/or encapsulation. For example, in one embodiment, an MPEG transport stream associated with the broadcast content may be transcoded to an IP-based transport stream. In addition, the transport stream may be decrypted, transrated to another rate, and re-encrypted using a different control word for re-encrypting, but a same service key to encrypt the different control word. The system is also enabled to transcode content formatted for the IP-based network to a content format suitable for the broadcast network.

Abstract: An apparatus, system, and method are directed towards parsing and selectively encrypting different portions of data in real-time, decrypting the encrypted data in real-time, and passing the data to a media player on a client computer or other network capable device. Data in a network packet may be parsed into payload and non-payload portions. The payload portion of the packet data may then be examined to determine whether a predefined type of the data is recognized. For example, in one embodiment, the predefined data type may be media content. If the payload portion is recognized as a predefined data type, then it may be selectively encrypted. The selectively encrypted payload portion and non-payload portion of the packet may then be combined, such that the non-payload portion may be employed by firewalls, proxies, and/or NATs to route the packet towards the client computer or other network capable device.

Abstract: Described is a system and method for providing protection of media by the detection of unauthorized client behaviors and the communication of the unauthorized client behaviors to augment the invention's detection abilities. A variety of detectors are sent to a client process and the responses are evaluated to detect the presence of an unauthorized software behavior on the client. Unauthorized behaviors include alteration of a client process as well as simultaneously running processes that might enable unauthorized copying of protected media. Communication of unauthorized software behaviors includes sharing of memory detectors among servers on a network, and the sending of memory detectors to other clients to detect previously unseen unauthorized behaviors on the other clients.

Abstract: A method, system, and apparatus are directed towards detecting unauthorized modification of software, such as virtual smart card software. An analysis is performed on the software to generate a unique pattern that is based on the integrity of the software. The pattern is generated using various portions of the software code. In one embodiment, matrix manipulations that involve a sequence of randomly selected matrix operations are performed on extracted portions of the software code. Sample sizes of the software code, sizes of the matrices, and other initialization parameters may be selected based on a desired security level. The resulting pattern may then be compared to a known normal pattern for the software to detect unauthorized modification. In one embodiment, however, the resulting pattern may be algorithmically combined with another value. The resulting combination may be used to decrypt content, if the software has not been modified.

Abstract: Method and devices are directed to invention is directed towards analyzing packets on-the-fly for pirated content. Packets are intercepted and analyzed to determine if the packets include media content. If media content is detected, a comparator determines a fingerprint associated with the media content. The comparator then compares the determined fingerprint to other fingerprints within a data store. If a match is found, forensic information may be collected. Piracy detection responses may also be performed, including: blocking transmission of the media content, providing a piracy alert message, degrading a quality of the media content, or including within the media content a watermark and/or fingerprint. In one embodiment, the packet analysis and the comparator may reside within a same or different device within a path between a source device and a destination device to enable piracy detection to be performed in real-time.

Abstract: An apparatus and method for selectively encrypting portions of data sent over a network between a server and a client. The apparatus includes parsing means for separating a first portion of the data from a second portion of the data, encrypting means for encrypting only of the first portion of the data, and combining means for combining the encrypted first portion of the data with the second portion of the data, wherein the second portion of the data is not encrypted. The apparatus further includes decrypting means installed at the client for decrypting the encrypted portion of the data. The apparatus is platform independent in terms of media format and data protocol. The encryption unit encrypts data transparently to the client based on the media format. The apparatus of the invention is implemented as one of an application and a plug-in object.

Abstract: Described is a system and method for providing protection of media by the detection of unauthorized client behaviors and the communication of the unauthorized client behaviors to augment the invention's detection abilities. A variety of detectors are sent to a client process and the responses are evaluated to detect the presence of an unauthorized software behavior on the client. Unauthorized behaviors include alteration of a client process as well as simultaneously running processes that might enable unauthorized copying of protected media. Communication of unauthorized software behaviors includes sharing of memory detectors among servers on a network, and the sending of memory detectors to other clients to detect previously unseen unauthorized behaviors on the other clients.

Abstract: A system, apparatus, and method are directed towards generating chains of encrypted decryption keys for content in a highly distributed environment. In one embodiment, the key chain may be provided within an Entitlement Control Message (ECM). An access key that enables decryption of a current link within the chain of decryption keys may be provided to a downstream recipient using an out-of-band mechanism. Alternatively, the access key may be provided through an in-band mechanism, such as through the use of Entitlement Management Message (EMM), or the like. In one embodiment, the access key within the EMM may be further encrypted by another encryption key that may be unique to the downstream recipient.

Abstract: A system, apparatus, and method are directed towards managing motion picture film print marking and tracking using a reel changeover marking (RCM) to encode a unique identifier. In one embodiment, an Encoded RCM (ERCM) is located within a print during a print duplication process. The ERCM is arranged to persist through a variety of transformations, including camming, compression, and so forth. In one embodiment, an identification extraction component is configured to analyze a digital copy print to extract the unique identifier from within an ERCM. A print tracking component may then search a data store to determine a corresponding source print to the digital copy print based on the extracted unique identifier. A source of piracy may be determined, at least in part, by identifying possible security weaknesses in a distribution chain that may be associated with unauthorized duplication of the film print, and so forth.

Abstract: A system, apparatus, and method are directed to providing and securely viewing secure content. In one embodiment, a secure player provides secure screening/previewing of secure content, such as a motion picture, by a member of an awards organization. A content key is employed to selectively encrypt at least a portion of a content stream. The content key is encrypted with a screener key. The encrypted content key is embedded into the secure content. The screener key is encrypted using public/private key pair that is bound to the secure player. The secure content may be distributed on a medium, such as a DVD, high definition DVD, or over a network, or the like. The secure player is configured to receive the medium, screener key, and a screener identity. The screener identity and screener key are employed by the secure player to decrypt and enable secure viewing of the content.

Abstract: A system, apparatus, and method are directed to providing and securely viewing secure content. In one embodiment, a secure player provides secure screening/previewing of secure content, such as a motion picture, by a member of an awards organization. A content key is employed to selectively encrypt at least a portion of a content stream. The content key is encrypted with a screener key. The encrypted content key is embedded into the secure content. The screener key is encrypted using public/private key pair that is bound to the secure player. The secure content may be distributed on a medium, such as a DVD, high definition DVD, and the like. The secure player is configured to receive the medium, screener key, and a screener identity. The screener identity and screener key are employed by the secure player to decrypt and enable secure viewing of the content.

Abstract: A method for identifying a media file transmitted over a network includes creating a plurality of known media file identifiers, each for a respective one of a plurality of known media files, using an identifier generating algorithm, storing the known media file identifiers in a database, creating a media file identifier for an unknown media file with the identifier generating algorithm and comparing the media file identifier for the unknown media file with known media file identifiers in order to produce an identification of the unknown media file.

Abstract: A system and method is arranged to provide compression and decompression of digital content in a secure manner. The system is configured to authenticate a source of the digital content, and to further determine a consumer's entitlements and rights for access to the digital content. Based upon the determined entitlements and rights for access, the system is directed to decrypt, and decompress the digital content. In one embodiment, a component of the system is enabled to establish a trust relationship with at least one other component of the system, to minimize an opportunity for piracy of the digital content. In another embodiment, a secure clock is directed to provide protection against hackers that may employ an in-circuit emulator, or the like.

Abstract: There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.