Abstract: An encryption key matrix has rows grouped into segments, with a set of one segment per column establishing a slot. Slots are assigned to device manufacturers, with the keys of the slots then being assigned to decryption devices made by the respective manufacturer. In generating the slots, the number “q” of segments in a column is first defined such that a predetermined maximum number of devices can be revoked devices (in that all the keys held by the device are revoked) while ensuring that a good device remains a functional device with a probability of at least (1−Q), wherein Q is a predefined device confidence. Once the number “q” of segments has been defined, the slots themselves are defined in a provably non-discriminatory fashion using an error-correcting code such as a Reed-Solomon code.

Abstract: Sets of encryption keys useful by devices for decrypting encrypted content are defined using an error-correcting code such as a Reed-Solomon code to define vectors of length “n” over an alphabet of (0, . . . , N−1), wherein “n” is the number of columns in a key matrix and “N” is the number of rows in the matrix. Each vector represents a set of keys that can be assigned to a device. With this invention, overlap between sets of keys can be minimized to minimize the possibility that the key set of an innocent device might be inadvertently revoked when the key set of a compromised device is revoked. Also, only the generating matrix of the error-correcting code and the index of one set of keys need be stored in memory, since all previously defined key sets can be regenerated if need be from just the generating matrix and index.

Abstract: A method for enforcing compliance in both the copy protect domain and service subscription domain for streamed multicast data. Each content is encrypted with a title key that itself is encrypted with a channel unique key which is a hash of a session key and a channel key. A compliant player is given the channel key upon registration for a subscription service (representing subscription protection) and is also given device keys upon activation (representing copy protection) for decrypting the session key. Consequently, the channel unique key can be obtained (and, hence, the content decrypted) only by a player that is compliant with both copy protection rules and subscription rules. The channel key can be refreshed periodically as subscriptions change or expire.

Abstract: A method (and system) for storing information in a recoverable manner on an untrusted system, includes sending, by a client, a request to a recovery server for recovery of a failed database, determining whether the request is legitimate, based on the determining, sending a local key to the client, decrypting by the client the failed database with the local key, to recover the failed database, and re-encrypting the recovered database with a new key.

Abstract: A method and system for client/server communications in which stored user information controls revealed and delivered information. A client system is Communicatively coupled to a server through an intermediate system, which acts as a persona module. User information about a user on the client system is stored on the client system. Information about advertising information is stored on the server. The intermediate system receives information about user information from the client system and information about advertising information from the server. The intermediate system acts as a user's agent to filter out irrelevant advertisement material. The intermediate system can also function to customize the advertisements received by the client system from the server, but not returning information about the user's interest or preferences to the server. A user's privacy may be further protected if the information returned to a server is at least partially untruthful.

Abstract: A digital broadcast system provides secure transmission of digital programs to in-home digital devices even when some of the devices are unauthorized. A matrix of device keys S.sub.j,i is provided, wherein "i" is a key index variable indicating a position in a key dimension of the matrix and "j" is a sets index variable indicating a position in a sets dimension of the matrix. Each in-home device is assigned plural device keys from the matrix, with one and only one device key for each key index variable "i" being assigned to a device. To generate a session key for a broadcast program, session numbers x.sub.i are encrypted with all device keys S.sub.j,i to generate a session key block which is decrypted by the in-home devices and used to generate a session key for decrypting the program.

Abstract: An information processing system including an encryption processing logic module and a decryption processing logic module for enabling the encryption of digital information to be decrypted with a decryption key K. The encryption processing module includes logic for encrypting the digital information, distributing the digital information and authorizing a user to decrypt the information. The decryption processing module includes logic for the user to communicate a user number n.sub.i to receive an authorization number a.sub.i from the authorization logic in the encryption processing module and extrication logic for extricating the decryption key. The user number n.sub.i uniquely identifies, and is valuable to, the user, so valuable in fact that the user would be unwilling to publically dislcose it. The extrication logic operates on a digital signet pair (a.sub.i, n.sub.i) consisting of the authorization number and user number, to extract K.

Abstract: An information processing system including an encryption processing logic module and a decryption processing logic module for enabling the encryption of digital information to be decrypted with a decryption key K. The encryption processing module includes logic for encrypting the digital information, distributing the digital information and authorizing a user to decrypt the information. The decryption processing module includes logic for the user to communicate a user number n.sub.i to receive an authorization number a.sub.i (a.sub.i being calculated as equal to ((K.sym.n.sub.i) raised to the power of (1/n.sub.i ' mod .phi. from the authorization logic in the encryption processing module and extrication logic for extricating the decryption key. The user number n.sub.i uniquely identifies, and is valuable to, the user, so valuable in fact that the user would be unwilling to publically disclose it. The extrication logic operates on a digital signet pair (a.sub.i, n.sub.

Abstract: A linear feedback shift register (LFSR) of interest is modelled in software by replicating the LFSR in at least two identically configured model LFSRs. One model LFSR contains only the higher order initial bits of the LFSR of interest, with zeroes in the lower order bit positions, and the other model LFSR has only the lower order bits, with zeroes in the higher order bit positions. The model LFSRs are represented by respective tables of model LFSR output values that would be produced after a predetermined number of register shifts. The tables are accessed based on the initial value of the LFSR of interest, and the results of one table are combined with the results of the other table using an exclusive OR operator to thereby determine the output of the LFSR of interest.

Abstract: A method and system for communications between a client system and a server communicatively coupled to the client system. User information about a user is stored on the client system. The user information comprises a plurality of attributes. Each attribute comprises information relating to the user and a willingness level indicator, indicating a level of willingness of the user to reveal the information of that attribute. A user information request is received from the server. The user information request comprises a plurality of attribute requests. Each attribute request comprises an indication of whether the attribute is required in order for the server to transmit information stored on the server to the client system. At the client system, the received attribute requests are compared with the stored attributes to determine whether each requested attribute is present on the client system.

Abstract: A color compensation system maps and translates between colors and colorants with improved speed and accuracy. The invention also contemplates colorant-to-color and colorant-to-colorant translations. In one embodiment, an improved color-to-colorant map is first created by creating a multi-dimensional lattice, then dividing this lattice into sub-lattices of selected sizes. A "nominal" sub-lattice is then constructed for a given colorant. Next, that colorant is expressed as a function of color-dependent component parts, and this relationship is used to construct initial lookup tables to convert the input colors to average colorants. Then, final lookup tables are generated, one for each sub-lattice, to convert average colorants to actual colorants. The above steps are repeated for each colorant. This process effectively creates a high-speed color-to-colorant map. After the improved map is created, it is implemented in a processor, which uses the map during translation.