Abstract: Systems, methods, and data structures for transparently embedding non-complaint data in a data stream are described. One method includes embedding random encryption/decryption information into an MEPG multimedia, video, or audio stream transparently to an MPEG decoder in an ISO/MPEG 13818-1 compliant system to control access. The invention works for variable length data streams and involves a PES header. Spare bytes, stuffing bytes, or additional bytes as defined in the MPEG specification for PES headers are used to store key information by a computer capable of modifying the original data stream. There is no need for a parallel data stream for the key information because the key information is transparently inserted directly into the data stream. Additional information is embedded into the data stream that can be used for encryption/decryption without having to modify other components in a playback system.

Abstract: Determining when to update software of a client device in a client/server architecture is accomplished by receiving client activity data from the client device, and updating software executed by the client device when the client activity data indicates activity less than a predetermined threshold for a selected period of time.

Abstract: A log of access to protected content is kept that has forced periodic updates, even if no access has occurred. Systems and methods make it difficult to determine when the access log will be modified next. A server securely sends a variable time period (VTP) and a time duration to the next connection (TDNC) to a client. These two values determine how often the client must update the access log and how long the client must wait before establishing communication with the server. Thus, the server is able to detect and deter rollback attacks.

Abstract: Deterring a rollback attack against a first database by determining if the first database is corrupted, the first database being associated with a first authentication code, determining if a second database is corrupted when the first database is corrupted, the second database being associated with a second authentication code, the second database having contents substantially the same as the first database, and when the second database is not corrupted, recalculating the second authentication code using a portion of the first authentication code, copying the second database over the first database, and proceeding with authorized operations for processing content by an application program.

Abstract: In one apparatus, a number of obfuscated programming instructions are equipped to self-verify whether execution of the obfuscated programming instructions is being observed. In another apparatus, a number of obfuscated programming instruction are equipped to determine whether the apparatus is being operated in a mode that supports single step execution of the obfuscated programming instructions. In yet another apparatus, a number of obfuscated programming instruction are equipped to verify whether an amount of elapsed execution time has exceeded a threshold. In yet another apparatus, a first and a second group of obfuscated programming instruction are provided to implement a first and a second tamper resistant technique respectively, with the first and the second group of programming instructions sharing a storage location for a first and a second key value corresponding to the first and the second tamper resistant technique.

Abstract: In one apparatus, a number of obfuscated programming instructions is provided to perform integrity verification on a number of other plain text programming instructions. In another apparatus, a number of obfuscated programming instructions is provided to self-verify an invocation of the obfuscated programming instructions is not originated from an intruder.

Abstract: In one apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a descrambler that descrambles scrambled content to generate descrambled content. In another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an authenticator that provides appropriate authentication challenges to a scrambled content provider, and generates appropriate authentication responses to authentication challenges from the scrambled content provider. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an integrity verifier that performs integrity verification on a decoder. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a secrets holder that holds a number of secrets associated with playing scrambled contents.

Abstract: Basic transfer units (BTUs) of compressed video data of video images are selectively encrypted in accordance with an encryption policy to degrade the video images to at least a virtually useless state, if the selectively encrypted compressed video images were to be rendered without decryption. As a result, degradation that approximates the level provided by the total encryption approach is achieved, but requiring only a fraction of the processor cycle cost required by the total encryption approach, to decrypt and render the video images.