Abstract: In a client-server system employing protocols such as RTP (real-time protocol), RTCP (real-time control protocol) and RTSP (real-time streaming protocol) for communicating real-time data stream, a method for using the same security parameters to secure by encryption and/or authentication, communication of the real-time data stream.

Abstract: A system for determining whether a client is authorized to access content in a communication network. The system includes a computer software product containing programming instructions for defining generic rules for accessing the content, and for identifying client selections related to the content. The computer software product further includes programming instructions for providing client entitlement data. The client entitlement data is compared to the generic rules and the client selections to determine whether the client is authorized to access the content. The computer software product further includes programming instructions for comparing the client entitlement data with the generic rules and the client selections to determine whether the client is authorized to access the content.

Abstract: A method and system (100) for providing third party authentication when requesting content and/or services from an application server (106). The method is applicable to key management protocols that utilize the concept of tickets. The method and system include a client (102) being coupled with a third party application server (107), wherein the client submits a request for content from the third party application server and the third party application server returns requested information and corresponding authentication. The client further couples with a first application server (106), wherein the client submits a key request (KEY_REQ) including the third party server information and corresponding authentication to the first application server. The first application server authenticates the third party server information and verifies client authorization based on third party information.

Abstract: A method and system for transmitting content from a content provider to a caching server and then from the caching server to a viewer. The method comprises encrypting the content with a pre-encryptor application before the content is transmitted to the caching server. The pre-encryptor application uses a pre-encryption subkey provided by a key storage service to perform the pre-encryption. The key storage service is a stand-alone component of the system and generates, stores, and distributes the pre-encryption subkeys.

Abstract: A digital rights management architecture for securely delivering content to authorized consumers. The architecture includes a content provider and a consumer system for requesting content from the content provider. The content provider generates a session rights object having purchase options selected by the consumer. A KDC thereafter provides authorization data to the consumer system. Also, a caching server is provided for comparing the purchase options with the authorization data. The caching server forwards the requested content to the consumer system if the purchase options match the authorization data. Note that the caching server employs real time streaming for securely forwarding the encrypted content, and the requested content is encrypted for forwarding to the consumer system. Further, the caching server and the consumer system exchange encrypted control messages (and authenticated) for supporting transfer of the requested content.

Abstract: A session rights object and authorization data are used for defining a consumer's access right to a media content stream. The access rights are determined at a caching server remotely located from the consumer rather than locally at the end user site. In a first aspect, in a computing network having a content provider, a key distribution center, a caching server and a client, a method for controlling client access to a real-time data stream from the caching server, is disclosed.

Abstract: A method for securely streaming real-time content from a caching server to an authorized client. The method includes the steps of encrypting an RTSP (real-time streaming protocol) message having a header and a payload, the RTSP message being encrypted in its entirety; and providing a first clear header for the encrypted RTSP message. Further, the method includes the steps of encrypting an RTCP (real-time control protocol) message having a header and a payload, the RTCP message being encrypted in its entirety; and providing a second clear header for the encrypted RTCP message. Thereafter, the encrypted RTSP message and the first clear header are transmitted, and the encrypted RTCP message and the second clear header are transmitted in order to securely stream the real-time content from the caching server to the authorized client.

Abstract: A provisioning system that secures delivery of a client's public key to a KDC (Key Distribution Center). The provisioning system comprises a client, uniquely identifiable by one or more parameters including a user ID (identification); a provisioning server for registering the client; a key distribution center for generating a provisioning key associated with the user ID, the provisioning key being forwarded to the provisioning server; the provisioning server generating configuration parameters for initializing the client, the provisioning key being included in the configuration parameters; and upon initialization, the client provides its public key, authenticated with the provisioning key for forwarding to the key distribution center.

Abstract: A system and method for interfacing protocol applications with a daemon to perform secure key management between the a computer system and a second computer system. The method includes providing a first protocol application running on the first computer, and specifying an application role value from the first protocol application to the daemon, the application role for identifying the first protocol application. Further, the method includes specifying an object containing application data specific to the first protocol application, and employing the object and the application role value for performing key management in order to secure communication of real-time data between the first computer system and the second computer systems.

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encyrption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encryption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encryption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encryption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract: A method for receiving information content from an information distribution system, wherein the information content is divided into a plurality of content portions, the method comprising: subscribing to a multicast group representing at least one content portion; and determining, at the end of a content portion, whether to subscribe to another multicast group.