Abstract: A device removal system securely removes an item of content or a device from a content-protected home network. An authorization table maintains a list of devices in the content-protected home network in addition to removed devices. The authorization table also maintains a list of deleted content. Through management of various cryptographic keys and techniques, devices and content will not play on a content-protected home network after they have been removed. A secret network ID reduces the possibility of unauthorized playing of content on the content-protected home network. A web server may join the content-protected home network as a device, providing backup for the secret network ID. Otherwise, the device manufacturer will provide the secret network ID in case of a device failure. Storing a verification value in each device ensures integrity of critical cryptographic values. This verification value is compared to network values to ensure network values have not been corrupted.

Abstract: A system, method, and computer program product for preventing a malicious user from analyzing and modifying software content. The one-way functions used in prior art systems using dynamically evolving audit logs or self-modifying applications are replaced with a one-way function based on group theory. With this modification, untampered key evolution will occur inside a defined mathematical group such that all valid key values form a subgroup. However, if the program is altered, the key will evolve incorrectly and will no longer be a member of the subgroup. Once the key value is outside of the subgroup, it is not possible to return it to the subgroup. The present invention provides a limited total number of valid keys. The key evolution points are not restricted to locations along the deterministic path, so the key can be used in various novel ways to regulate the program's behavior, including in non-deterministic execution paths.

Abstract: A traitor tracing system generates a hypothesized model of the circumvention device that models a hypothesized set of device keys compromised by the circumvention device. The system iteratively invokes a subset tracing system to identify a compromised device key until substantially all the compromised device keys in the set of compromised device keys are identified so as to disable the circumvention device. A subset tracing system generates a circumvention device model that models behavior of a circumvention device using prior knowledge and The system iteratively selects and applies to the circumvention device a test based on the hypothesized model and the circumvention device model and receives a response from the circumvention device indicating a success of the test in playing protected content on the circumvention device.

Abstract: A system and method is provided for identifying the source of an unauthorized copy of content. The method includes embedding a unique user fingerprint code to into each of a plurality of authorized copies of content and identifying an unknown fingerprint code in an unauthorized copy of the content. Each member of the unknown fingerprint code is compared to each corresponding member in each of the user fingerprint codes. A score is assigned to each of the user fingerprint codes based on the comparison and users associated with scores exceeding a threshold are identified as a source of the unauthorized copy.

Abstract: A recorder system contains a media key block (MKB) and selectively writes protected content into a recording medium according to the following content protection logic, to combat theft of the protected content: If the medium does not have a MKB, then the recorder writes its stored MKB into the medium and writes protected content into the medium. If the medium has a MKB that is older than the stored MKB in the recorder, then the recorder writes its stored MKB into the medium before re-encrypting and writing protected content into the medium. If the medium has a MKB that is newer than the stored MKB, then the MKB in the medium is used for content protection. The recorder may store the newer MKB in non-volatile memory, effectively updating its previous stored MKB, so the recorder will have the most recently observed MKB for content protection use.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A cryptographic authentication system comprises an authentication media key block that comprises media key precursors. The system generates transformed keys by applying a function to a media ID of a media and each of the media key precursors, and generates entries in a binding table by applying an encrypting function to a media key of an encrypted content and each of the transformed keys. To play encrypted content, a media player processes the authentication media key block using a device key to extract a media key precursor, extracts a media key from the binding table using the extracted media key precursor and the media ID, and verifies that the extracted media key matches the media key of the encrypted content, allowing the media device to decrypt and play the encrypted content.

Abstract: A unified broadcast encryption system divides a media key tree into S subtrees, divides digital content into segments, and converts some of the segments into variations; the number of segments and variations is q. The system subdivides each of the subtrees into q/|S| subdivided subtrees, assigns a key media variant to each of the subdivided subtrees, and generates a unified media key block (MKBu). The system decrypts digital content by obtaining required key media variants from the MKBu, using the key media variant to find an entry in a variant key table, decrypt a title key, and locate a variant number from the variant key table. The system uses the variant number to identify which of the variations may be decrypted by the title key and uses the title key to decrypt segments and variations.

Abstract: A playback device includes a port configured to receive content from an external memory device, a device memory residing in the device, and a controller programmed to execute instructions that cause the controller to read a read data pattern from the defined region in the external memory device and determine if the read data pattern correlates to an expected data pattern to a predetermined level, wherein the expected data pattern is derived at least in part from a defect map of the defined region. A memory device includes an array of memory cells configured to store at least one bit of data, the array of memory cells being organized into regions, at least one first region of the array of memory cells having stored therein a defect map of the array of memory cells, and at least one second region of the array of memory cells being designated as a defined region having a known defect pattern.

Abstract: A cryptographic authentication system comprises an authentication media key block that comprises media key precursors. The system generates transformed keys by applying a function to a media ID of a media and each of the media key precursors, and generates entries in a binding table by applying an encrypting function to a media key of an encrypted content and each of the transformed keys. To play encrypted content, a media player processes the authentication media key block using a device key to extract a media key precursor, extracts a media key from the binding table using the extracted media key precursor and the media ID, and verifies that the extracted media key matches the media key of the encrypted content, allowing the media device to decrypt and play the encrypted content.

Abstract: A method of renewing encryption applied to a content file in a playback device comprising determining a specified variant of at least one microcode function to be used in playing back the content file, determining if variants are stored in internal memory on the playback device to determine if the specified variant is included in the stored variants, retrieving the specified variant from a variant storage in a memory located in a media device in communication with the playback device, if the specified variant is not included in the stored variants, and using the specified variant to access the content file.

Abstract: A system and method for enabling broadcast programs to be copied once only by consumer recorders includes writing a unique media identification on each blank disk to which content is to copied in a read-only area of the disk before it is initially recorded. Also, a one-way key management media key block is written to the disk. A content key is derived by combining a media key, derived from the media key block, with the media identification. Additionally, to facilitate copying the content one time only, an exchange key is established between the recorder and a sender such as a satellite receiver or a disk player that is associated with the recorder, and the exchange key is modified with one or more special numbers representing control commands including copy once and copy no more. The modified exchange key is then encrypted using the content key to render an encrypted modified exchange key, and the encrypted modified exchange key is then hashed with a nonce to render a bus content key.

Abstract: According to one embodiment of the present invention, a method for protecting content in a broadcast-encryption-based system, where the devices in the system receive a recording key table. Each device generates a set of recording keys from the recording key table using a media key variant calculated from the broadcast encryption system's media key block. The digital content is encrypted in a title key picked by the recorder. The selected title key is also encrypted in each one of the recorder's generated recording keys. To play back the content, a player uses one of its generated recording keys to decrypt the title key and the decrypt the content. The recording key table is designed so that any two devices are guaranteed to have at least one key in common during normal operation, although during a forensic situation, this rule can be abandoned.

Abstract: A traitor tracing enabling system assigns sequence keys to a media player to enable better tracability with fewer actual variations in the content. The system comprises a technique for increasing a number of sequence keys, allowing a finer granularity in a traitor tracing process with little increase in sequence key storage or in bandwidth required to transmit sequence keys to a media player. The present system comprises a variation table which maps the sequence keys to the individual variations in the file, such that multiple sequence keys can be mapped to a single variation.

Abstract: Software intrusion is proactively detected using a dynamically evolving audit log wherein log entries are generated in the audit log and key values are evolved based upon a one-way function depending on both the previous log entry and the previous key. The audit log with the generated log entries and the final key value is transmitted to a clearinghouse that detects software intrusion by analyzing these values. In an effort to reduce the size of the log to be transmitted, the log entries are assigned identical values, thereby only needing to transmit one log entry and the last key value to the clearinghouse.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: According to one embodiment of the present invention, a method for broadcast encryption with security classes in a media key block is provided. In one embodiment the method includes receiving encrypted media of a first and a second class, where the media includes a common media key block, in a device of a first class and in a device of a second class. A first media key is calculated from the common media key block in the device of a first class. A first media key precursor is calculated from the common media key block in the device of a second class. The first media precursor may be used to decrypt media of a first class. The first media precursor may also be used to calculate a second media key in the device of a second class to decrypt content of a first class.

Abstract: A traitor tracing system generates a hypothesized model of the circumvention device that models a hypothesized set of device keys compromised by the circumvention device. The system iteratively invokes a subset tracing system to identify a compromised device key until substantially all the compromised device keys in the set of compromised device keys are identified so as to disable the circumvention device. A subset tracing system generates a circumvention device model that models behavior of a circumvention device using prior knowledge and The system iteratively selects and applies to the circumvention device a test based on the hypothesized model and the circumvention device model and receives a response from the circumvention device indicating a success of the test in playing protected content on the circumvention device.

Abstract: One embodiment of the present invention includes a method for traitor tracing that includes performing an inner code traitor tracing on a recovered pirated digital file, the recovered digital file incorporating an inner code for assigning segments of the digital file and an outer code for assigning inner codes to individual digital files. The method also includes extracting partial information regarding the outer code from the inner code tracing. An outer code tracing procedure may then be performed using the partial information.

Abstract: One embodiment of the present invention includes a method for traitor tracing that selects a probability distribution for the assignment of file-segment variations in a digital file. This probability distribution is selected to improve traceability for a particular size of a coalition of attackers. At least one symbol for each file-segment variation is then distributed based on the selected probability distribution.