Abstract: A method for de-identification of visual media data, including: merging a sequence of images from a set of visual media data into an averaged image; bounding portions of the averaged image that are determined to be relatively fixed, wherein each bounded portion is identified by a corresponding position in the averaged image; generating a template comprising the bounded portions and the corresponding position for each bounded portion in the averaged image; and de-identifying the sequence of images by obfuscating content in the bounded portions.

Abstract: Embodiments of the invention relate to encoding multi-channel media content. In one embodiment, a set of multi-channel media content is received. The set of multi-channel media content includes a plurality of content frames. Each content frame includes a first channel content frame and second channel content frame. Each of the first channel content frames is grouped into a first group of content frames. Each of the second channel content frames is grouped into a second group of content frames. Each content frame in the first group of content frames is encoded. At least a first content frame in the first group of content frames includes at least one variation, where the variation is a different version of the first content frame. Each content frame in the second group of content frames is also encoded, where the second group of content frames is absent any content frames including a variation.

Abstract: Embodiments of the present invention relate to space-efficient key allocations in broadcast encryption systems. In one embodiment, a method of and computer program product for broadcast encryption is provided. In this embodiment, a key bundle is read. The key bundle includes a first cryptographic key, an associated first key identifier, and an associated first cryptographic function identifier. Encrypted content is received. A plurality of encrypted keys is received. Each encrypted key has an associated identifier. A first encrypted key is selected from the plurality of encrypted keys such that the key identifier of the first encrypted is equivalent to the first key identifier. A first cryptographic function is determined corresponding to the first cryptographic function identifier. The first cryptographic function is applied to the first encrypted key using the first cryptographic key to obtain a first intermediate cryptographic key.

Abstract: Embodiments of the present invention relate to time delayed release of previously distributed digital content. In one embodiment, a method of and computer program product for low-bandwidth time-embargoed content disclosure are provided. A first cryptographic key is received. Encrypted content is received, encoded in a computer readable medium. A correction value is received. A predetermined function is applied to the first cryptographic key and the correction value to determine a second cryptographic key. The second cryptographic key is applied to the encrypted content to obtain decrypted content.

Abstract: Embodiments of the present invention relate to searching for secret data through an untrusted searcher without exposing the secret data. In one embodiment, a method of and computer program product for searching for secret data through an untrusted searcher is provided. A secret value is read from a storage medium. The secret value is divided into a plurality of portions. Each of the plurality of portions is ranked. A subset of the secret value is determined from the ranking of the plurality of portions. A search string is constructed from the subset. The search string is transmitted to a searcher via a network. Search results are received from the searcher via the network. The search results are compared to the secret value to determine whether the searcher found the secret value.

Abstract: Embodiments of the invention relate to managing access to media files and content therein. In one embodiment, a first identifier representing a first media content component in a first set of media content components is identified. The first set of media content components is included within a first media file that has been received from a first source. The identifier is compared with at least a second identifier representing at least a second media content component in a second set of media content components. The second set of media content components is associated with at least a second media file received from a second source. The first source is different than the second source. Responsive to the first digital signature substantially matching the second identifier, the first media content component is replaced with the second media content component.

Abstract: Embodiments of the invention relate to encoding multi-channel media content. In one embodiment, a set of multi-channel media content is received. The set of multi-channel media content includes a plurality of content frames. Each content frame includes a first channel content frame and second channel content frame. Each of the first channel content frames is grouped into a first group of content frames. Each of the second channel content frames is grouped into a second group of content frames. Each content frame in the first group of content frames is encoded. At least a first content frame in the first group of content frames includes at least one variation, where the variation is a different version of the first content frame. Each content frame in the second group of content frames is also encoded, where the second group of content frames is absent any content frames including a variation.

Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.

Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.

Abstract: A visual media de-identification system is described. The system includes an image merger and a de-identifying engine. The image merger is configured to merge a sequence of images from a set of visual media data into an averaged image. The de-identifying engine is configured to: bound portions of the averaged image that are determined to be relatively fixed, wherein each bounded portion is identified by a corresponding position in the averaged image; generate a template comprising the bounded portions and the corresponding position for each bounded portion in the averaged image; and de-identify the sequence of images by obfuscating content in the bounded portions.

Abstract: A method for de-identification of visual media data, including: merging a sequence of images from a set of visual media data into an averaged image; bounding portions of the averaged image that are determined to be relatively fixed, wherein each bounded portion is identified by a corresponding position in the averaged image; generating a template comprising the bounded portions and the corresponding position for each bounded portion in the averaged image; and de-identifying the sequence of images by obfuscating content in the bounded portions.

Abstract: Embodiments of this disclosure relate to binary tree structures, and more specifically to assigning resources to a binary tree structure, such as for content protection. In embodiments, a total number of resources in a first category of resources is identified. The resources may be devices that play encryption protected content such as a CD, a DVD, an HD DVD, a BD, and a Secure Digital card, for example. In embodiments, a minimum number of dummy resources are assigned to a corresponding number of leaf nodes of the binary tree structure before resources in the first category of resources are assigned to leaf nodes in the binary tree structure. Generally, the minimum number of dummy resources is greater than or equal to 1+floor(2^floor(log2(N)?1)), wherein N is greater than or equal to the total number of resources in the first category of resources.

Abstract: According to one embodiment of the present invention, a system, method, and computer program product is provided for rebinding title keys in clusters of devices with distinct security levels in broadcast encryption systems. The method includes receiving a new management key and unbinding an encrypted title key with a previously used management key, the title key having a security class and residing in a title key block for a device having a security class, the device being in a cluster of devices including devices having a plurality of security classes. If the device security class is lower that the title key security class, the unbound title key is partially rebound with the new management key. the partially rebound title key is then saved in the title key block for the device.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: Embodiments of this disclosure relate to binary tree structures, and more specifically to assigning resources to a binary tree structure, such as for content protection. In embodiments, a total number of resources in a first category of resources is identified. The resources may be devices that play encryption protected content such as a CD, a DVD, an HD DVD, a BD, and a Secure Digital card, for example. In embodiments, a minimum number of dummy resources are assigned to a corresponding number of leaf nodes of the binary tree structure before resources in the first category of resources are assigned to leaf nodes in the binary tree structure. Generally, the minimum number of dummy resources is greater than or equal to 1+floor(2?floor(log2(N)?1)), wherein N is greater than or equal to the total number of resources in the first category of resources.

Abstract: According to one embodiment of the present invention, a system, method, and computer program product is provided for rebinding title keys in clusters of devices with distinct security levels in broadcast encryption systems. The method includes receiving a new management key and unbinding an encrypted title key with a previously used management key, the title key having a security class and residing in a title key block for a device having a security class, the device being in a cluster of devices including devices having a plurality of security classes. If the device security class is lower that the title key security class, the unbound title key is partially rebound with the new management key. the partially rebound title key is then saved in the title key block for the device.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: Information presented to a user via an information access system is ranked according to a prediction of the likely degree of relevance to the user's interests. A profile of interests is stored for each user having access to the system. Items of information to be presented to a user are ranked according to their likely degree of relevance to that user and displayed in order of ranking. The prediction of relevance is carried out by combining data pertaining to the content of each item of information with other data regarding correlations of interests between users. A value indicative of the content of a document can be added to another value which defines user correlation, to produce a ranking score for a document. Alternatively, multiple regression analysis or evolutionary programming can be carried out with respect to various factors pertaining to document content and user correlation, to generate a prediction of relevance.