Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a secure data service, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp, and (d) providing the requested secure data according to the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises: (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a service, the request comprising the signed first token binding information and timestamp, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp; and (d) providing the requested secure data according to the determination.

Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID) , first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a secure data service, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp, and (d) providing the requested secure data according to the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises: (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a service, the request comprising the signed first token binding information and timestamp, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp; and (d) providing the requested secure data according to the determination.

Abstract: A method and apparatus for providing secured content distribution using a media hub is disclosed. In one embodiment, conditional access encrypted content is received at the media hub. The conditional access encrypted content is decrypted. The content is re-encrypted in accordance with a unique tier associated with the media hub and one or more devices in response to a request from at least one device associated with the unique tier. The re-encrypted content is provided to the at least one device in response to the request from the at least one device associated with the unique tier. A method and apparatus for providing secured content distribution is disclosed. In one embodiment, unit addresses (UAs) of all components within a home media architecture are obtained. A unique key is generated for the home media architecture using public information from the UA of each component. A message including the unique key is distributed to each component of the home media architecture.

Abstract: A transaction protocol for communicating between an encryption renewal system communicably coupled to one or more video on demand systems via a communication network. The encryption renewal system permits pre-encrypted content to be accessed by clients of the video on demand systems. The protocol comprises, receiving, by the encryption renewal system, a request transaction document having a first format from the video on demand system; parsing the request transaction document to retrieve data from the request transaction document; generating a request object code in a second format for processing by encryption renewal system, the request object code based on the data in the request transaction document; responsive to processing of the request object code, generating a response object code having the second format; converting the response object code to a response transaction document having the first format; and forwarding the response transaction document to the video on demand system.

Abstract: The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.

Abstract: The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.

Abstract: A method and apparatus for providing secured content distribution using a media hub is disclosed. In one embodiment, conditional access encrypted content is received at the media hub. The conditional access encrypted content is decrypted. The content is re-encrypted in accordance with a unique tier associated with the media hub and one or more devices in response to a request from at least one device associated with the unique tier. The re-encrypted content is provided to the at least one device in response to the request from the at least one device associated with the unique tier. A method and apparatus for providing secured content distribution is disclosed. In one embodiment, unit addresses (UAs) of all components within a home media architecture are obtained. A unique key is generated for the home media architecture using public information from the UA of each component. A message including the unique key is distributed to each component of the home media architecture.

Abstract: A method for authorizing a computer program having a number of features for use with a product includes: receiving license data generated using a first key, the license data specifying a unique identifier associated with the product and specifying at least one feature authorized for use with the product; using a second key associated with the first key, obtaining the unique identifier from the license data; retrieving a product identifier from the product; determining whether the unique identifier corresponds to the product identifier; and based on the determination, authorizing use of the at least one feature with the product.

Abstract: The invention relates to controlling functional units within a conditional access system. In one embodiment, a method for controlling access to a functional unit within a set top box is described. In one step, first information comprising a plurality of functional unit identifiers and one or more tier requirements respectively related to each functional unit identifier is received. Second information comprising tier rights is also received. The functional unit identifiers are correlated to their respective tier requirements. The functional unit is interacted with. It is determined if the respective tier requirements are satisfied by the tier rights. Further interaction with the functional unit is authorized.

Abstract: A transaction protocol for communicating between an encryption renewal system communicably coupled to one or more video on demand systems via a communication network. The encryption renewal system permits pre-encrypted content to be accessed by clients of the video on demand systems. The protocol comprises, receiving, by the encryption renewal system, a request transaction document having a first format from the video on demand system; parsing the request transaction document to retrieve data from the request transaction document; generating a request object code in a second format for processing by encryption renewal system, the request object code based on the data in the request transaction document; responsive to processing of the request object code, generating a response object code having the second format; converting the response object code to a response transaction document having the first format; and forwarding the response transaction document to the video on demand system.