Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.

Abstract: A method of encrypting a block of data, is described, the method including providing a combining unit operative to combine a key with a block of data, the block of data expressed as a block of bits, providing a mix and condense unit operative to mix bits included in the block of bits among themselves, receiving an input including the block of data expressed as the block of bits, combining, at the combining unit, the block of bits with a key, and mixing, at the mixing and condensing unit, the combined block of bits, wherein the mix and condense unit includes a plurality of layers, each layer among the plurality of layers including a plurality of mini-functions. Related apparatus and methods are described.

Abstract: A method is described for securing a read write storage (RWS) device, the method comprising, providing the RWS device, the RWS device comprising a controller comprising a processor and a bit bucket and employing, in response to a decision making process, a sanction in the RWS device. Related apparatus and methods are also described.

Abstract: A key distribution system for controlling access to content by rendering devices, comprising an epoch module to provide epochs, each epoch including service key periods, a service key module to provide a batch of service keys, a group module to provide group keys for each epoch such that each rendering device is assigned a group key grouping together the devices having the same group key, thereby defining groups, in different epochs the devices are grouped differently, an encryption module to encrypt, for each epoch, each service key in the batch of service keys, individually with each group key yielding a plurality of group-key-encrypted service keys from each service key, and a delivery module to distribute to the devices, for each one of the epochs, the group-key-encrypted service keys for the batch of service keys and the group keys of the one epoch. Related apparatus and methods are also described.

Abstract: A rights validator system for controlling access to content, the system including a query processor to receive a rights query and to provide a result to the rights query based on an estimated time, and a time-based query response module operationally connected to the query processor, the time-based query response module being operative to determine the estimated time as a function of a most recently updated time, and a plurality of indications of elapsed time since the most recently updated time, the indications of elapsed time being from a plurality of different sources of time indication. Related apparatus and methods are also included.

Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.

Abstract: A system including a pseudo-random number generator having a register to store an extended state having a reduced state and a dynamic constant, an initialization module to initialize a part of the extended state based on a Key and/or an Initial Value, a state update module to update the reduced state, an output word module to generate output words, the state update module and the output word module being adapted to operate through cyclical rounds, each round including updating the reduced state and then generating one of the output words, and an update dynamic constant module to update the dynamic constant, wherein in a majority of the rounds, updating of the reduced state and/or generation of the output word is based on the dynamic constant, and the dynamic constant is only updated in a minority of the rounds. Related apparatus and method are also described.

Abstract: A key production system to determine a cryptographic key for a selected cryptoperiod being later than or equal to a cryptoperiod-A, and earlier than or equal to a different cryptoperiod-B, the system including a first receiver to receive a first key-component, associated with cryptoperiod-A, forming part of a first hash-chain progressing via a first one-way function, progressive key-components corresponding to later cryptoperiods, a second receiver to receive a second key-component, associated with cryptoperiod-B, forming part of a second hash-chain progressing via a second one-way function, progressive key-components corresponding to earlier cryptoperiods, first and second key-component determination modules to determine key-components in the first hash-chain and the second hash-chain, respectively, for the selected cryptoperiod, and a key determination module to determine the cryptographic key based on the key-components in the first and second hash chain for the selected cryptoperiod.

Abstract: A key distribution system for controlling access to content by rendering devices, comprising an epoch module to provide epochs, each epoch including service key periods, a service key module to provide a batch of service keys, a group module to provide group keys for each epoch such that each rendering device is assigned a group key grouping together the devices having the same group key, thereby defining groups, in different epochs the devices are grouped differently, an encryption module to encrypt, for each epoch, each service key in the batch of service keys, individually with each group key yielding a plurality of group-key-encrypted service keys from each service key, and a delivery module to distribute to the devices, for each one of the epochs, the group-key-encrypted service keys for the batch of service keys and the group keys of the one epoch. Related apparatus and methods are also described.

Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.

Abstract: A rights validator system for controlling access to content, the system including a query processor to receive a rights query and to provide a result to the rights query based on an estimated time, and a time-based query response module operationally connected to the query processor, the time-based query response module being operative to determine the estimated time as a function of a most recently updated time, and a plurality of indications of elapsed time since the most recently updated time, the indications of elapsed time being from a plurality of different sources of time indication. Related apparatus and methods are also included.

Abstract: A key production system to determine a cryptographic key for a selected cryptoperiod being later than or equal to a cryptoperiod-A, and earlier than or equal to a different cryptoperiod-B, the system including a first receiver to receive a first key-component, associated with cryptoperiod-A, forming part of a first hash-chain progressing via a first one-way function, progressive key-components corresponding to later cryptoperiods, a second receiver to receive a second key-component, associated with cryptoperiod-B, forming part of a second hash-chain progressing via a second one-way function, progressive key-components corresponding to earlier cryptoperiods, first and second key-component determination modules to determine key-components in the first hash-chain and the second hash-chain, respectively, for the selected cryptoperiod, and a key determination module to determine the cryptographic key based on the key-components in the first and second hash chain for the selected cryptoperiod.

Abstract: A block cipher system for encrypting a plurality of blocks from plaintext to ciphertext, each of the blocks being associated with a constant root key, the system including an encryption key module to determine an input key for each of blocks based on a function having a plurality of inputs including the root key and an initialization vector, for a first one of the blocks, and the plaintext of at least one of the blocks which was previously encrypted and the root key, for the blocks other than the first block, and an encryption module to encrypt each of the blocks based on the input key determined for each of the blocks, respectively. Related apparatus and methods also included.

Abstract: A method is described for securing a read write storage (RWS) device, the method comprising, providing the RWS device, the RWS device comprising a controller comprising a processor and a bit bucket and employing, in response to a decision making process, a sanction in the RWS device. Related apparatus and methods are also described.

Abstract: A method of encrypting a block of data, is described, the method including providing a combining unit operative to combine a key with a block of data, the block of data expressed as a block of bits, providing a mix and condense unit operative to mix bits included in the block of bits among themselves, receiving an input including the block of data expressed as the block of bits, combining, at the combining unit, the block of bits with a key, and mixing, at the mixing and condensing unit, the combined block of bits, wherein the mix and condense unit includes a plurality of layers, each layer among the plurality of layers including a plurality of mini-functions. Related apparatus and methods are described.

Abstract: A system including a pseudo-random number generator having a register to store an extended state having a reduced state and a dynamic constant, an initialization module to initialize a part of the extended state based on a Key and/or an Initial Value, a state update module to update the reduced state, an output word module to generate output words, the state update module and the output word module being adapted to operate through cyclical rounds, each round including updating the reduced state and then generating one of the output words, and an update dynamic constant module to update the dynamic constant, wherein in a majority of the rounds, updating of the reduced state and/or generation of the output word is based on the dynamic constant, and the dynamic constant is only updated in a minority of the rounds. Related apparatus and method are also described.

Abstract: A method for granting a grace period entitlement, the method comprising receiving a grace period entitlement message, establishing whether a grace period flag indicates that a grace period may be granted, granting a grace period to an expired entitlement based, at least in part, on the grace period entitlement message, only if the grace period flag is “off”, and setting the grace period flag to indicate that the grace period has been granted. Related methods and apparatus are also described.

Abstract: A key production system to determine a cryptographic key for a selected cryptoperiod being later than or equal to a cryptoperiod-A, and earlier than or equal to a different cryptoperiod-B, the system including a first receiver to receive a first key-component, associated with cryptoperiod-A, forming part of a first hash-chain progressing via a first one-way function, progressive key-components corresponding to later cryptoperiods, a second receiver to receive a second key-component, associated with cryptoperiod-B, forming part of a second hash-chain progressing via a second one-way function, progressive key-components corresponding to earlier cryptoperiods, first and second key-component determination modules to determine key-components in the first hash-chain and the second hash-chain, respectively, for the selected cryptoperiod, and a key determination module to determine the cryptographic key based on the key-components in the first and second hash chain for the selected cryptoperiod.

Abstract: A multimedia content distribution method including a) storing an item of a multimedia content, b) firstly transcoding the content for playback on a first multimedia device, c) generating a content ID of the firstly transcoded content, d) storing the content ID of the firstly transcoded content in association with the stored content, e) accessing the stored content using the content ID of the firstly transcoded content, and f) secondly transcoding the stored content for playback on a second multimedia device.