Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Abstract: Techniques for zero-trust cloud deployment are described herein. In accordance with various embodiments, a device including a processor and a non-transitory memory derives a key from deployment metadata of a virtual machine, where the deployment metadata change with each deployment of the virtual machine. The device then encrypts secrets using the key to bind the key to the virtual machine. The device further deploys the virtual machine in a cloud using the deployment metadata, including loading the encrypted secrets to the deployed virtual machine in the cloud.

Abstract: Techniques for dynamic targeted content processing performed at a server including processor(s) and a non-transitory memory are described herein. In some embodiments, the server obtains user content similarity scores between media content items and users and obtains content similarity scores between a targeted content item and the media content items by projecting the targeted content item and the media content items onto a content vector space. The server also identifies a list of media content items on the content vector space based on the content similarity scores, e.g., a respective media content item in the list has a respective content similarity score satisfying a first criterion. The server additionally locates, for the list of media content items, a set of users among the users based on the user content similarity score, e.g., a respective user in the set has a respective user content similarity score satisfying one or more second criteria.

Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Abstract: Techniques for enhancing security for thin client devices in hybrid edge cloud systems are described. In accordance with various embodiments, the hybrid system includes a cloud computing platform (e.g., the cloud) and an edge device (e.g., the edge). The cloud extracts key(s) for authentication and session establishment. The cloud also utilizes the key(s) to establish a session between the edge and a client device. The cloud additionally authorizes a content request from the client device for a media content item over the session and extracts a content key upon successful authorization. The edge caches the key(s), obtains the content key at the time of receiving the content request from the client device and transmits the content key and the key(s) with the media content item to the client device.

Abstract: Techniques for reducing piracy of media content are described. In some embodiments, a collusion resistant method is performed at a device, where the device receives a first request for a base copy of a media content item. In response, the device determines a first transformation based on a statistical performance criterion and a viewing performance criterion. The device further generates a first copy of the media content item by replicating and applying a first transformation to the base copy, where the first copy of the media content item satisfies the viewing performance criterion, and the first copy of the media content item is statistically different from the base copy or other copies in accordance with the statistical performance criterion. The device then causes transmission of the first copy of the media content item in combination with a first watermark for the base copy of the media content item.

Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Abstract: Techniques for reducing piracy of media content are described. In some embodiments, a collusion resistant method is performed at a device, where the device receives a first request for a base copy of a media content item. In response, the device determines a first transformation based on a statistical performance criterion and a viewing performance criterion. The device further generates a first copy of the media content item by replicating and applying a first transformation to the base copy, where the first copy of the media content item satisfies the viewing performance criterion, and the first copy of the media content item is statistically different from the base copy or other copies in accordance with the statistical performance criterion. The device then causes transmission of the first copy of the media content item in combination with a first watermark for the base copy of the media content item.

Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Abstract: Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.