Abstract: Detailed herein is a technology which, among other things, allows for storage and playback of interactive user elements in a television stream. In one approach to this technology, a content data stream, including a television program and a user experience element, is received. This content data stream is transformed, and the transformed data stream is examined, to identify which packets are associated with the user experience element. Those packets are then passed to a handler appropriate for the user experience element.

Abstract: Systems and methods for storing streaming data are provided. A system is disclosed that includes a computer program which, when executed on a computing device, is configured to store a data stream in memory of the computing device in a virtual file format. The virtual file format may include a timeline of events. The events in the timeline may include a plurality of spanning events. Each spanning event may contain respective state information representing a state of the data stream across an interval in the timeline, and may be linked to at least one other spanning event.

Abstract: Systems and/or methods (“tools”) are described that enable encrypted media files to be sent without revocation lists while permitting the encrypted media files to be passed to trusted entities. The tools may also ensure continuation of protection when media files are passed between different protection systems.

Abstract: Systems and methods for storing streaming data are provided. A system is disclosed that includes a computer program which, when executed on a computing device, is configured to store a data stream in memory of the computing device in a virtual file format. The virtual file format may include a timeline of events. The events in the timeline may include a plurality of spanning events. Each spanning event may contain respective state information representing a state of the data stream across an interval in the timeline, and may be linked to at least one other spanning event.

Abstract: Described herein is technology for, among other things, maintaining access to DRM protected content. The technology may be implemented via a playback device or a computer system connected to a MTD. It involves monitoring requests for media content and then verifying access and renewing the license if necessary. The license renewal request may be made to a MTD or an internet connected system.

Abstract: Content communication and purchases using a computer-based media component are described. A tuner component can individually interact with client components, where each communication of content may be varied or configured independent of interactions with other client components. Additionally, content can be purchased using the computer-based media component, where the purchase and/or presentation of the content may utilize the computer-based media component and/or coupled client components.

Abstract: Detailed herein is a technology which, among other things, allows for storage and playback of interactive user elements in a television stream. In one approach to this technology, a content data stream, including a television program and a user experience element, is received. This content data stream is transformed, and the transformed data stream is examined, to identify which packets are associated with the user experience element. Those packets are then passed to a handler appropriate for the user experience element.

Abstract: A method and platform for maintaining the security of output data in an isolated execution environment. A system memory has an isolated output area readable only by secure output controllers having an isolated execution mode. The output controllers may make a request for access to the isolated output area, upon proper authentication if the request access is granted. The output device may either DMA the content of the isolated output area to an output end point, such as a display, or load it into local storage, the security of which is guaranteed by the controller.

Abstract: A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.

Abstract: In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.

Abstract: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.

Abstract: Systems and/or methods (“tools”) are described that enable encrypted media files to be sent without revocation lists while permitting the encrypted media files to be passed to trusted entities. The tools may also ensure continuation of protection when media files are passed between different protection systems.

Abstract: The present invention is a method and apparatus to generates an isolated bus cycle for a transaction in a processor. A configuration storage contains configuration parameters to configure a processor in one of a normal execution mode and an isolated execution mode. An access generator circuit generates an isolated access signal using at least one of the isolated area parameters and access information in the transaction. The isolated access signal is asserted when the processor is configured in the isolated execution mode. A bus cycle decoder generates an isolated bus cycle corresponding to a destination in the transaction using the asserted isolated access signal and the access information.

Abstract: A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.

Abstract: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.

Abstract: A file is sent to a remote signing authority via a network. The signing authority checks the file and provides a signature indicating file integrity of the file. The signature returned from the signing authority via the network is verified.

Abstract: In one embodiment, a method comprises configuring an access transaction generated by a processor by a configuration storage containing configuration parameters. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. In a further embodiment, a method comprises checking the access transaction by an access checking circuit using at least one of the configuration parameters and the access information.

Abstract: A chipset is initialized in a secure environment for an isolated execution mode by an initialization storage. The secure environment has a plurality of executive entities and is associated with an isolated memory area accessible by at least one processor. The at least one processor has a plurality of threads and operates in one of a normal execution mode and the isolated execution mode. The executive entities include a processor executive (PE) handler. PE handler data corresponding to the PE handler are stored in a PE handler storage. The PE handler data include a PE handler image to be loaded into the isolated memory area after the chipset is initialized. The loaded PE handler image corresponds to the PE handler.

Abstract: The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the OSNK to protect usage of a subset of the software environment.

Abstract: Briefly, one embodiment of a platform for generating and utilizing a protected audit log is described. The platform comprises a system memory and a memory to contain an audit log. The audit log includes a plurality of single-write, multiple read entries. At least one of the entries of the audit log includes stored data integrity information loaded into the system memory during its power cycle.