Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: In one embodiment, a computing device includes: a media player operative to at least play a content item on the computing device, a blockchain-based wallet application operative to transfer a transaction amount to a publisher wallet ID via an associated blockchain-based transaction service, a secure digital rights management (DRM) client application operative to verify the transfer of the transaction amount to said publisher wallet ID according to a public transaction ledger associated with the associated blockchain-based transaction service and upon successful verification of the transfer of the transaction amount to the publisher wallet ID at least unlock a locked version of the content item, and a processor operative to execute the media player, the blockchain-based wallet application, and the DRM client application.

Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: In one example, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

Abstract: In one embodiment, a method includes receiving an access request for a video service from a client device, authorizing the client device to access the video service when the client device is initiating connection to the video service via a home Internet access point in a home associated with an authorized account for the video service, determining a time restriction for access to at least part of the video service when the client device is initiating connection to the video service via a non-home Internet access point located outside the home, a duration of the time restriction being dependent upon a usage behavior of the client device, and authorizing the client device to access the at least part of the video service subject to the time restriction when the client device is initiating connection to the video service via the non-home Internet access point.

Abstract: In one embodiment, an instruction is received at a blockchain server from a first digital rights management (DRM) client, the instruction including an instruction to transfer a DRM license to an encrypted content item to a second DRM client. A block to be recorded in a blockchain, is created, the block including a content item ID of said encrypted content item, one of a device ID of a device including the second DRM client or a user ID of a user of the second DRM client, DRM license information for said DRM license, and a DRM decryption key for decrypting said encrypted content item. The block is recorded in the blockchain. A confirmation message is sent to the second DRM client confirming that the block was written to the blockchain. Related systems, methods, and apparatuses are also described.

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

Abstract: In one embodiment, a method for assessing security posture for entities in a computing network is implemented on a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

Abstract: In one embodiment, a computing device includes: a media player operative to at least play a content item on the computing device, a blockchain-based wallet application operative to transfer a transaction amount to a publisher wallet ID via an associated blockchain-based transaction service, a secure digital rights management (DRM) client application operative to verify the transfer of the transaction amount to said publisher wallet ID according to a public transaction ledger associated with the associated blockchain-based transaction service and upon successful verification of the transfer of the transaction amount to the publisher wallet ID at least unlock a locked version of the content item, and a processor operative to execute the media player, the blockchain-based wallet application, and the DRM client application.

Abstract: A Headend system including a packer to pack media content into a plurality of packets including a first packet and a second packet, a packet scheduler to schedule when the packets will be broadcast/multicast to a plurality of end-user devices, and calculate a plurality of timing values including a first timing value which provides an indication of how long the second packet will arrive at the end-user devices after the arrival of the first packet at the end-user devices, and an encryption engine to: encrypt the media content of the packets and the timing values, wherein the media content of the first packet and the first timing value are encrypted by different encryption algorithms, or the same encryption algorithm with different cryptographic keys.

Abstract: In one embodiment, an instruction is received at a blockchain server from a first digital rights management (DRM) client, the instruction including an instruction to transfer a DRM license to an encrypted content item to a second DRM client. A block to be recorded in a blockchain, is created, the block including a content item ID of said encrypted content item, one of a device ID of a device including the second DRM client or a user ID of a user of the second DRM client, DRM license information for said DRM license, and a DRM decryption key for decrypting said encrypted content item. The block is recorded in the blockchain. A confirmation message is sent to the second DRM client confirming that the block was written to the blockchain. Related systems, methods, and apparatuses are also described.

Abstract: In one embodiment, a method includes receiving an access request for a video service from a client device, authorizing the client device to access the video service when the client device is initiating connection to the video service via a home Internet access point in a home associated with an authorized account for the video service, determining a time restriction for access to at least part of the video service when the client device is initiating connection to the video service via a non-home Internet access point located outside the home, a duration of the time restriction being dependent upon a usage behavior of the client device, and authorizing the client device to access the at least part of the video service subject to the time restriction when the client device is initiating connection to the video service via the non-home Internet access point.

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

Abstract: In one embodiment, a method for assessing security posture for entities in a computing, network is implemented On a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

Abstract: In one embodiment, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

Abstract: In one embodiment, a system includes a hardware processor and a memory to store data used by the hardware processor, wherein the hardware processor is operative to calculate, for each one device of a plurality of devices, a device-specific packet inspection plan based on (a) a security vulnerability score for the one device; and (b) a damage score for the one device, wherein for each one device of the plurality of devices, the device-specific packet inspection plan includes at least one of the following (a) a percentage of a plurality of packets, destined for the one device, to be inspected for compliance with at least one intrusion detection/protection system rule and (b) instructions on which intrusion detection/protection system rules to use to inspect a multiplicity of the plurality of packets destined for the one device. Related apparatus and methods are also described.

Abstract: A method and system for media consumption are described.

Abstract: A method for distributing encrypted information includes; encrypting an item of information with a content key, distributing the item of encrypted information over a wide-area communication network to client devices, generating a plurality of key-shares from the content key, where the generating includes requiring a predetermined number of no less than two of the key-shares to reconstruct the content key, distributing respective key-shares to the client devices, where the distributing includes distributing less than the predetermined number of key-shares to the client devices, receiving a report over the wide-area communication network from a first client device indicating that while a second client device was disconnected from the wide-area communication network, the second client device requested and received at least one of the key-shares from the first client device, and determining that the second client device accessed the item of information and recording a delivery of the item of information.

Abstract: A Headend system including a packer to pack media content into a plurality of packets including a first packet and a second packet, a packet scheduler to schedule when the packets will be broadcast/multicast to a plurality of end-user devices, and calculate a plurality of timing values including a first timing value which provides an indication of how long the second packet will arrive at the end-user devices after the arrival of the first packet at the end-user devices, and an encryption engine to: encrypt the media content of the packets and the timing values, wherein the media content of the first packet and the first timing value are encrypted by different encryption algorithms, or the same encryption algorithm with different cryptographic keys.

Abstract: A method of distributing audio video content is described. The method includes: receiving configuration data for a plurality of devices; for each device in the plurality of devices, computing a set of bit rates based, at least in part, on the configuration data; encoding audio video content at each bit rate in each set of bit rates to produce a plurality of encoded audio video content streams; splitting each encoded audio video content stream in the plurality of encoded audio video content streams into chunks to produce a plurality of chunked encoded audio video content streams; for each device in the plurality of devices, creating a separate index file, each separate index file including references to at least one of the plurality of chunked encoded audio video content streams; publishing a locator for each separate index file in a catalogue; and transmitting the plurality of chunked encoded audio video content streams and each separate index file to a network.