Abstract: A process for converting a DTCP-IP transport stream into HLS format, comprising receiving an encrypted DTCP-IP transport stream comprising DTCP frames at a secondary device from a source device, with each of the plurality of DTCP frames comprising encrypted 16-byte portions, forming chunks from the DTCP frames by grouping encrypted 16-byte portions into a chunk, adding HLS padding bytes to the end of each chunk and encrypting the HLS padding bytes to form an encrypted chunk, loading each of the encrypted chunks and a playlist to a media proxy server at the secondary device, loading a DTCP key onto a security proxy server, and providing the playlist, each of the encrypted chunks, and the DTCP key to a native media player on the secondary device, such that the native media player follows the playlist to decrypt the encrypted chunks using the DTCP key and plays back the chunks.

Abstract: There is a performing of digital rights management (DRM), operable in an offline mode with respect to a communications network. The performing includes identifying a stored rights object associated with a stored asset. The stored rights object includes reporting duration information associated with the stored asset. The performing also includes determining, utilizing a processor, whether a transmission of an early status message is a successful communication based on an early status message determination. If a failure in communicating the early status message is determined, utilizing the stored asset. The performing may also include transmitting an early status message and/or later status message after identifying the stored rights object. There is also a performing of digital rights management (DRM) associated with a DRM system and operable in an offline mode with respect to a communications network. There are also client devices, communicating systems, computer readable mediums and protocols.

Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.

Abstract: A client device implements a media player and a proxy application. The media player controls playback of media content on the client device. The proxy application is implemented to request a playlist from a media server, where the playlist corresponds to the media content. The proxy application receives the playlist from the media server, and the playlist includes encryption key reference parameters to obtain an encryption key. The proxy application modifies the playlist to include local encryption key access parameters for the media player, and the modified playlist is communicated to the media player. The proxy application can then receive a request for the encryption key from the media player that utilizes the local encryption key access parameters included in the modified playlist, and the proxy application securely communicates the encryption key to the media player.

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol provided between a Conditional Access System (CAS) and Middleware running on a Set-Top-Box. The handshake is a Challenge-Response protocol that includes several steps. The CAS or the Middleware can either act as a Claimant or Verifier in Challenge-Response process. First, a Claimant sends a request to a Verifier requesting access to a function F through the API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under a patent License Agreement, known as Hook IP, and issues a Response to the Verifier. The Verifier can then verify the Response to allow the Claimant access to the API.

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that is provided to validate whether the parties involved are licensed to use the system which includes rights to Intellectual Property (IP) and corresponding obligations. The handshake is a Challenge-Response protocol that includes several steps. First, a Claimant sends a request to a Verifier requesting access to a function through an API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant. The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under the license, known as Hook IP, and issues a Response to the Verifier. The Verifier compares the possibly-correct Candidate Response from the Claimant to the known-correct Target Response and if a match occurs the Verifier allows the Claimant access to the API.

Abstract: Methods and devices for protecting and manipulating sensitive information in a secure mobile environment are disclosed. Methods and devices for processing secure transactions and secure media processing up to rendering in human readable form using abstract partitioning between non-secure and secure environments are disclosed.

Abstract: Methods and devices for clock roll-back detection in non-secure mobile platforms are disclosed. A first time is received from a secure time source. The first time is recorded as a last known good time (“LKGT”) in secure storage on the mobile device. The LKGT is advanced and stored whenever a triggering event occurs. The mobile device receives a second time from the secure time source and records the second time as a subsequent stored LKGT in secure storage.

Abstract: A method for enforcing a software upgrade for software operable on a device includes receiving, at the device, a message including software-version information for the software from a domain controller. The software-version information indicates a list of approved versions of the software. The method includes determining, by the device, the software-version information from the message, and determining a current version of the software included on the device by performing a comparison of versions in the list of approved versions to the current version of the software on the device. If the current version of the software is not included in the list of approved versions, the method includes causing the device to not have or use a set of up-to-date security credentials for a set of content servers, for accessing any pieces of media on the set of content servers until the device has an approved version of the software.

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers.

Abstract: In a method for encrypting content, the content is received in a device and at least a portion of the content is stored to thereby associate the content with one of a first copy control state and a second copy control state. The method includes creating at least one of a first content pre-key using a local storage key unique to the device as a key to encrypt the content ID of the content and a second content pre-key using the first content pre-key as a key to encrypt the first copy control state, creating a content encryption key using one of the first content pre-key as a key to encrypt the first copy control state and the second content pre-key as a key to encrypt the second copy control state, and encrypting the content using the content encryption key.

Abstract: In embodiments of an object model for domain-based content mobility, a client object model architecture (146) is configured for scalable and adaptive implementation to interface a mobile client device (128) with a media server (126) for wireless, secure download of media content (136) to the mobile client device. The client object model architecture can be implemented for domain-based control of a software application that invokes a media player (142) on the mobile client device, and interfaces with the media server that communicates the media content to the mobile client device. The client object model architecture also controls domain discovery of the media server, domain-based registration of the mobile client device with the media server, channel change requests, and solicited and unsolicited channel changes.

Abstract: A method and apparatus are for transferring a client device certificate and an associated encrypted client private key to a client device from a secure device. The secure device receives over a secure connection, a secure device certificate, a secure device private key and a plurality of client device certificates. Each client certificate is associated with a bootstrap public key but is not assigned to any particular client device. A plurality of encrypted client private keys is also received. Each of the encrypted client private keys comprises a client private key associated with one of the client device certificates encrypted with the bootstrap public key. The plurality of client device certificates is stored. The encrypted client private keys are stored in double encrypted protected form. A client device certificate and an associated encrypted client private key are transferred to a client device that has successfully registered with the secure device.

Abstract: In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device.

Abstract: A client, method and system for registering a DRM client is disclosed. The method (100) includes the steps of: initiating (110) a registration request via a DRM client with an encrypted registration message including an asymmetric key cryptographic identity, a customer identifier and an application specific information (AINFO) field including a digital signature and a device certificate chain; validating (120) information in the application specific information (AINFO) field by a DRM registration server; and receiving (130) a registration response, the registration response being encrypted and including access information, to obtain content. Advantageously, this method provides an enhanced and reliable means of authentication.

Abstract: In the present disclosure, a DRM (in this case IPRM) system may be used to deliver media content keys to a player device in a live streaming environment and take advantage of all DRM related functionalities that come with it, such as proximity control, copy protection enforcement and rights verification. A playlist may be used to deliver a key identifier for encrypted live streaming content.

Abstract: A session rights object and authorization data are used for defining a consumer's access right to a media content stream. The access rights are determined at a caching server remotely located from the consumer rather than locally at the end user site. In a first aspect, in a computing network having a content provider, a key distribution center, a caching server and a client, a method for controlling client access to a real-time data stream from the caching server, is disclosed.

Abstract: In an embodiment, a content array represents media content available from a media server. The content array, sent by a media server in response to a request, lists content program objects that represent media content to be available from the media server. The media server receives a message for altering a transcoding priority of the selected content program object that represents media content not previously transcoded by the media server, and sends a return code for indicating whether the transcoding priority was successfully altered in response to the message. In a further embodiment, a media server system includes a transcoding queue with references to a plurality of content program objects that include an object method for altering a transcoding priority, and includes a transcoder configured to transcode media content associated with the content program objects according to the transcoding priority of each content program object of the transcoding queue.

Abstract: In embodiments of tuner control for streaming live television, a client device can be implemented to utilize the HTTP protocol and REST APIs to communicate with the media streamer to query a list of television channels and initiate tuning to a channel of streaming video content to be decrypted, transcoded, encrypted, and streamed to the client device.

Abstract: A client device implements a media player and a proxy application. The media player controls playback of media content on the client device. The proxy application is implemented to request a playlist from a media server, where the playlist corresponds to the media content. The proxy application receives the playlist from the media server, and the playlist includes encryption key reference parameters to obtain an encryption key. The proxy application modifies the playlist to include local encryption key access parameters for the media player, and the modified playlist is communicated to the media player. The proxy application can then receive a request for the encryption key from the media player that utilizes the local encryption key access parameters included in the modified playlist, and the proxy application securely communicates the encryption key to the media player.