Abstract: A gateway having at least one communications interface and processing circuitry establishes communications with at least one service provider device and at least one serviced client device. The gateway then determines that a serviced client device is to establish an Internet browsing session. Based upon characteristics of the serviced client device, the gateway determines where to instantiate a web browser to service the Internet browsing session. Based upon the determination, in a first operation, instantiates the web browser to service the Internet browsing session at the gateway or client device. In a second operation, the gateway instantiates the web browser to service the Internet browsing session at a service provider server. In other operations, the gateway may determine to instantiate a browser for a first client device at a cloud server and to instantiate a browser for a second client device either locally or at the second client device.

Abstract: A set top box or like device utilizing virtualization techniques to isolate secure device resources from an untrusted software framework incorporated in the device. In one implementation, a first virtual machine container is provided for secure execution of a traditional set top box application, while a second virtual machine container is utilized to host a software framework or untrusted portions of a software framework. A secure access client/server interface is provided to support interactions between the first and second virtual machine containers. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment and isolated in a Linux resource container. Virtual container constructs in various embodiments may employ varying levels of hardware sandboxing, including use of dedicated processing resources in multi-processor environments.

Abstract: A media processing device, such as a set top box, having selectable hardware and software components for forming media pathways compliant with security definitions provided by downloaded or preinstalled software applications. Such applications may include, for example, a downloadable conditional access security or DRM element/definition. A corresponding certification process can entail certifying a portion of an overall secure pathway, with one or more applications providing the final portion of the certification. Alternatively, predefined conditional access mechanisms are provided, with an application establishing which mechanism is to be used. In various embodiments, a set top box or resident software application may exchange capabilities with other devices in a media consumption network to compare against the requirements of the software application.

Abstract: A set top box or like device incorporating an untrusted software framework as a client of a secure operating system kernel. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment having a secure kernel. The software framework can be executed using a variety of process isolation techniques depending on performance and isolation requirements. A secure access client/server interface may also be provided to support interactions between the untrusted software framework (and applications utilizing the untrusted software framework) and secure or trusted portions of the device. The secure access interface can be configured to perform operations such as handle validation, heap pointer validation, non-pointer parameter validation, heap isolation, and resource release relating to terminated processes.

Abstract: An Ad Hoc social networking environment enables information and device access management between social networking groups and social networking members with or without access restrictions and anonymity. Contact and access information can be exchanged and updated on the fly without requiring users to notify other contacts or contacting devices and can support underlying contact information changes, enable extemporaneous termination or modification of contact access, enable temporary access, and the like. Ad Hoc social networking can utilize unique identifiers, proxy elements, or the like to support various levels of membership anonymity and Ad Hoc social networking. Proxy elements enable SNET tear down or dissolution by retracting the proxy service from a member. Storing social group contact information in shared databases can enable sharing and updating of contact information without the need to inform affected contacts. Some social networks can include various specialized devices and related services.

Abstract: A social networking environment enables interaction between social networking (SNET) groups. Some interactions between SNET groups can include docking various SNET groups based upon interactions between a member and some part of a social network. Various hierarchies of social networking infrastructure can enable hierarchical interactions between social devices, SNET groups, and other elements associated with various social networking infrastructures. Capabilities provided by various elements in various SNET infrastructures can be docked to create combined SNET groups, and capabilities provided by an SNET group can be accessed via interaction with a representative view of the capabilities. Various interactions can be managed based upon inputs, trigger events, authorizations, and the like provided by various processing systems, devices, members, or the like. Various interactions can enable members associated with an SNET infrastructure to access capabilities provided by an SNET group via a docked SNET group.

Abstract: A social network (SNET) is divided into one or more circles having different trust levels. Communications between the different SNET circles is bridged by an SNET device capable of communicating with devices associated with the different SNET circles, even if those devices cannot communicate directly with each other. When a communication is sent between SNET circles, the SNET device verifies the trust level associated with the communication, and bridges the communication based, at least in part, on that trust level. The SNET device can be located in a demilitarized zone associated with both the first SNET circle and the second SNET circle. Where different SNET circles use different security secrets for communications between members, the SNET device can store different keys for each of those circles in separate, restricted portions of memory.

Abstract: An Ad Hoc social networking environment enables information and device access management between social networking groups and social networking members with or without access restrictions and anonymity. Contact and access information can be exchanged and updated on the fly without requiring users to notify other contacts or contacting devices and can support underlying contact information changes, enable extemporaneous termination or modification of contact access, enable temporary access, and the like. Ad Hoc social networking can utilize unique identifiers, proxy elements, or the like to support various levels of membership anonymity and Ad Hoc social networking. Proxy elements enable SNET tear down or dissolution by retracting the proxy service from a member. Storing social group contact information in shared databases can enable sharing and updating of contact information without the need to inform affected contacts. Some social networks can include various specialized devices and related services.

Abstract: A gateway having at least one communications interface and processing circuitry establishes communications with at least one service provider device and at least one serviced client device. The gateway then determines that a serviced client device is to establish an Internet browsing session. Based upon characteristics of the serviced client device, the gateway determines where to instantiate a web browser to service the Internet browsing session. Based upon the determination, in a first operation, instantiates the web browser to service the Internet browsing session at the gateway or client device. In a second operation, the gateway instantiates the web browser to service the Internet browsing session at a service provider server. In other operations, the gateway may determine to instantiate a browser for a first client device at a cloud server and to instantiate a browser for a second client device either locally or at the second client device.

Abstract: A social network (SNET) is divided into one or more circles employing separate security secrets, e.g. keys, for communication between members. A device can be a member of more than one circle, and store different keys for each of those circles in separate, restricted portions of memory. When a member leaves a circle, new keys can be generated and distributed to the remaining members. Before and after joining a circle, a level of trust associated with the device or human member can be determined based on third party trust verification and a trust history. A requirement for multiple current circle members to vouch for the prospective member can be imposed as a condition of membership. Each circle can be assigned different trust and access levels, and authorization to receive information can be checked before transmitting information between circles.

Abstract: A social networking environment enables interaction between social networking (SNET) groups. Some interactions between SNET groups can include docking various SNET groups based upon interactions between a member and some part of a social network. Various hierarchies of social networking infrastructure can enable hierarchical interactions between social devices, SNET groups, and other elements associated with various social networking infrastructures. Capabilities provided by various elements in various SNET infrastructures can be docked to create combined SNET groups, and capabilities provided by an SNET group can be accessed via interaction with a representative view of the capabilities. Various interactions can be managed based upon inputs, trigger events, authorizations, and the like provided by various processing systems, devices, members, or the like. Various interactions can enable members associated with an SNET infrastructure to access capabilities provided by an SNET group via a docked SNET group.

Abstract: Members of a social network (SNET) circle can share content with other members of SNET circle, members of the same SNET that are not members of the same circle, or send content to people or devices outside of SNET. Trust chain can be used alone or in conjunction with other security measures to assign or select an appropriate level of content protection and SNET access. A trust rating or level associated with a trusted human member can be conferred to a social network device, allowing that device to be included in the trust chain. Trust can also be conferred from a trusted social network device to a child device of the social network device. A trust processing module can work in cooperation with one or more trust authorities to establish initial and updated overall trust levels of a human or device associated with the SNET.

Abstract: A gateway includes at least one communications interface and processing circuitry and establishes communications with at least one service provider device and with a serviced client device. The gateway receives serviced client device display structure instructions, first streamed content from a service provider device, and second streamed content from a cloud server, the second streamed content based upon an Internet session hosted by the cloud server. Based upon the serviced client device display structure instructions, the gateway combines the first streamed content with the second streamed content to form merged streamed content and transmits the merged streamed content to the serviced client device. In another operation the gateway forwards the first streamed content to a first client device and the second streamed content to a second client device based upon the serviced client device display structure instructions.

Abstract: A gateway having at least one communications interface and processing circuitry establishes communications with at least one service provider device and at least one serviced client device. The gateway then determines that a serviced client device is to establish an Internet browsing session. Based upon characteristics of the serviced client device, the gateway determines where to instantiate a web browser to service the Internet browsing session. Based upon the determination, in a first operation, instantiates the web browser to service the Internet browsing session at the gateway or client device. In a second operation, the gateway instantiates the web browser to service the Internet browsing session at a service provider server. In other operations, the gateway may determine to instantiate a browser for a first client device at a cloud server and to instantiate a browser for a second client device either locally or at the second client device.

Abstract: Members of a social network (SNET) circle can share content with other members of SNET circle, members of the same SNET that are not members of the same circle, or send content to people or devices outside of SNET. Different levels of content security can be applied to the shared content, depending on who requests the content, the destination of the content, user preferences, content type, SNET, SNET circle, or other security parameters. Content can be tagged to limit the number of times it can be accessed, the length of time access is allowed, and to otherwise control redistribution. Content can also be protected by limiting host network access to the content, implementing SNET circle firewalls and virtual private networks, or transcoding content before allowing transmission to non-SNET circle or SNET members. Docking of devices into an SNET security circle can be restricted to properly secured devices.

Abstract: A set top box or like device incorporating an untrusted software framework as a client of a secure operating system kernel. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment having a secure kernel. The software framework can be executed using a variety of process isolation techniques depending on performance and isolation requirements. A secure access client/server interface may also be provided to support interactions between the untrusted software framework (and applications utilizing the untrusted software framework) and secure or trusted portions of the device. The secure access interface can be configured to perform operations such as handle validation, heap pointer validation, non-pointer parameter validation, heap isolation, and resource release relating to terminated processes.

Abstract: A media processing device, such as a set top box, having selectable hardware and software components for forming media pathways compliant with security definitions provided by downloaded or preinstalled software applications. Such applications may include, for example, a downloadable conditional access security or DRM element/definition. A corresponding certification process can entail certifying a portion of an overall secure pathway, with one or more applications providing the final portion of the certification. Alternatively, predefined conditional access mechanisms are provided, with an application establishing which mechanism is to be used. In various embodiments, a set top box or resident software application may exchange capabilities with other devices in a media consumption network to compare against the requirements of the software application.

Abstract: A set top box or like device utilizing virtualization techniques to isolate secure device resources from an untrusted software framework incorporated in the device. In one implementation, a first virtual machine container is provided for secure execution of a traditional set top box application, while a second virtual machine container is utilized to host a software framework or untrusted portions of a software framework. A secure access client/server interface is provided to support interactions between the first and second virtual machine containers. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment and isolated in a Linux resource container. Virtual container constructs in various embodiments may employ varying levels of hardware sandboxing, including use of dedicated processing resources in multi-processor environments.

Abstract: A social networking system enables interaction between various devices, infrastructures, and the like based upon monitoring, analysis, processing, and the like of information received from devices. Some or all of an infrastructure can monitor information output from one or more socially controllable devices. Upon receiving a trigger or determining a trigger event processing of received data, some or all of the infrastructure, supporting processing systems, and the like can take one or more various responsive actions, including contacting a user associated with the social devices, contacting a third party that is not a member of the social network group, contacting a service that is a member of the group, and controlling or enabling others to control aspects of devices docked with the user's group. A user can manage various levels of authorized interaction between associated devices and a docked social group.

Abstract: A social networking system enables sharing of content between various members, devices, infrastructures, and the like based upon membership in a social network (SNET group). Content can be protected by limiting access to the content to members of an SNET group, members associated with various devices docked to the SNET group, and the like. Joint access of content by various members of an SNET group can be managed to ensure synchronized access of content and interactions between SNET accessing group members. Instances of a content item can be distributed to multiple destination devices associated with an SNET group, where various instances are transcoded to accommodate varying capabilities and characteristics of various communication pathways and the destination devices and ensure synchronized access of the content item by the multiple destination devices. Interactions between members of an SNET group can be managed to leverage links to other SNET groups.