Abstract: Two data streams derived from a transmitted data stream are remultiplexed with a coarser granularity for storage in data blocks which assure that corresponding portions of each of the two data streams are made available in the same data block. The data streams are buffered in queues from which sub-blocks are transferred as buffer sections having sizes corresponding to relative bit rates therein in the order the sub-blocks are filled, preferably using bytes to interrupt processing. Thus, the sub-blocks will be grouped into data blocks in accordance with the correspondence of the data streams such as the time correspondence of audio and video data. As applied to digital video data transmissions, a system time clock (STC) value is stored in a sub-block header and/or a data block header and, using a look-up table or other arrangement for estimating a storage location, a data block can be retrieved from storage in accordance with a target STC value.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: The preferred embodiment of the present invention provides an improved receiver that can receive and process many different data types in addition to decoding MPEG-2 transport streams. The preferred embodiment minimizes hardware complexity by using the same loaders for both MPEG-2 and alternative stream data. The preferred embodiment utilizes a bypassable synchronizer and a bypassable packet parser to allow alternative data streams to be sent to system memory for decoding by a the host processor. When receiving MPEG-2 transport streams, the bypassable synchronizer and bypassable packet parser are used to synchronize and filter the MPEG-2 transport stream. The parsed MPEG-2 streams are then loaded into a packet buffer and passed to the video and audio decoders. When non-MPEG-2 stream data is provided, the bypassable synchronizer and bypassable packet parser instead forward the data to the packet buffer without performing synchronization or filtering.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: A processing facility is provided for simultaneously receiving multiple streams of digital audio data and based thereon concurrently outputting both an unmixed digital audio signal and a mixed digital audio signal. The processing facility can be implemented, for example, within an audio decoder of a set top box. The facility includes receiving a first stream of digital audio data and a second stream of digital audio data, and outputting the first stream of digital audio data as an unmixed digital audio signal. Simultaneous therewith, the first stream of digital audio data and the second stream of digital audio data are digitally mixed and outputted as a mixed digital audio signal. If necessary, the second stream of digital audio data is redigitized based on a sample frequency of the first stream of digital audio data, and either or both the first stream and second stream of digital audio data are decoded prior to mixing.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: A method and structure for dynamically blocking access of a request signal R to a shared bus such that R originates from a non real-time master and requests access to an address range of an address space. The shared bus manages requests for access to the address space. The non real-time master and a real-time master compete for access to the address space by presenting address access requests to the shared bus. The dynamic blocking of access by R to the shared bus is accomplished by use of a request limiter, which is a device that is coupled to a real-time clock and uses an algorithm to determine when to enable and disable access of R to the shared bus. The algorithm uses a windowing scheme that permits access of R to the shared bus every Nth clock cycle, wherein the value of the integer N may be supplied to the request limiter by the real-time master.

Abstract: Data corrupted or lost in transmission over a lossy digital transmission link is replaced and/or omitted from data presented in connection with storage to and read out from a mass storage device. Different procedures are used to conceal artifacts corresponding to errored data based upon valid data preceding and following the error in a data stream and a size of the error.

Abstract: A technique for transferring data between a first device and a second device using a shared line buffer connected to a system bus which couples the first device and the second device. The technique includes (i) transferring data between the line buffer and dedicated memory associated with the first device, wherein the first device includes a data controller coupled to the system bus through a bus interface. The transferring (i) includes using the data transfer controller to effectuate a multiword data transfer between the dedicated memory and the line buffer. The technique further includes multiword data (ii) transferring between the line buffer and the second device across the system bus. When the transferring (i) precedes the transferring (ii), data is read from the dedicated memory from output to the second device, and when the transferring (ii) precedes the transferring (i), data is written to dedicated memory from the second device.

Abstract: A data authentication technique is provided for a data access control function of an integrated system. The technique includes passing a data request from a functional master of the integrated system through the data access control function, and responsive to the data request, selectively authenticating requested data. The selective authentication, which can occur transparent to the functional master initiating the data request, includes employing integrity value generation on the requested data when originally stored and when retrieved, in combination with encryption and decryption thereof to ensure the authenticity of the requested data. As an enhancement, cascading integrity values may be employed to facilitate data authentication.

Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.

Abstract: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

Abstract: A technique is provided for facilitating secure operation of an integrated system. The technique includes passing a request for data through a data access controller incorporated within the integrated system, and selectively qualifying the request in accordance with a security state of the controller. The security state of the controller is one state of multiple possible security states, including a null state and a secured state. In the secured state, the controller replaces a standard boot code address associated with a request for boot code with a substitute boot code address. The substitute boot code address addresses an encrypted version of boot code, which is then decrypted by the controller employing a master key set held at the controller. When transitioning to the null state, the master key set is erased.

Abstract: An access control function for an integrated system is provided which determines data access based on the master id of a requesting master within the system and the address of the data. The access control function can be inserted, for example, into the data transfer path between bus control logic and one or more slaves. In addition to determining whether to grant access to the data, the access control function can further qualify the access by selectively implementing encryption and decryption of data, again dependent on the data authorization level for the particular functional master initiating the request for data.

Abstract: In a transport stream demultiplexor device receiving an input transport stream comprising a plurality of data packets and including a filter device for removing one or more predetermined packets to form a partial transport stream, a real-time data remultiplexing system and method comprising: a device for detecting presence of a gap in the partial transport stream where predetermined packets have been removed and generating a signal indicating the gap location; a device for directly retrieving packet data having new content from a memory storage device, and storing the retrieved packet data into a staging buffer device for queued storage prior to insertion into the partial transport stream; and, a multiplexor device responsive to the flag for pulling a queued data packet from the staging buffer device and inserting the pulled packet into the gap as the partial transport stream is being transported on a real-time basis.

Abstract: A transport demultiplexor system and queue remultiplexing methodology includes: a packet buffer for receiving data packets belonging to an input transport stream, each packet having a corresponding identifier identifying a program to which the packet belongs; a data unloader device for pulling successive packets from the packet buffer for storage in a memory storage device, and writing the pulled packets into contiguous address locations in the memory; and, a remultiplexor mechanism for generating an address offset associated with a next data packet pulled from the packet buffer to be stored in memory and writing it to a new memory location that is offset from a memory location assigned to a previously pulled packet, the offset defining a memory gap in the memory storage device capable of being filled new data content.

Abstract: Method, system and computer products are provided for re-mapping and interleaving transport packets of multiple transport streams for processing by a single transport demultiplexor. The re-mapping and interleaving technique ensures unique identification of transport packets associated with multiple transport streams to be multiplexed onto a transport channel for demultiplexing by a single transport demultiplexor. At least one PID re-map table is employed having re-map values indexed by n possible PID values of transport packets associated with at one transport stream of the multiple transport streams. The n possible PID values is less than or equal to the number of PID values which can be handled by the single transport demultiplexor, and is less than all possible PID values of transport packets within the multiple transport streams.

Abstract: A method of decoding a bitstream having an embedded clock, where the clock reference data is recovered from the bit stream. The clock reference data is combined, typically subtracted, from the system time clock to generate a result. This result is input to a pulse width modulator to form a pulse train, which is used to generate an input to a timing device.