Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.

Abstract: A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.

Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.

Abstract: A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.

Abstract: A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.

Abstract: A method and system of supporting operation of customer equipment in systems having at least a portion of their signals being transported according to standards which are not supported by the customer equipment.

Abstract: A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.

Abstract: A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.

Abstract: A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.

Abstract: A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.