Abstract: A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined.

Abstract: A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined.

Abstract: A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined.

Abstract: This invention applies to software components that interconnect, as in a frameworks, such that only components “certified” by some designated authority can participate, partly or wholly, in the intended operation of the application. The main emphasis is to limit the set of such software components to those that have been deemed to operate in some specific manner and/or in the scope of some specified set of constraints. The initial application for this invention is to prevent piracy of copyrighted data in multimedia frameworks such as Microsoft DirectShow, but the general invention has much wider applicability. Most authentication systems perform their actions prior to using the software component in question. This invention differs significantly in that it performs validation at runtime, rather than before the component is run. Thus, the validation is always at the most vulnerable point in a component's lifetime so far as counterfeiting is concerned.

Abstract: A given software process is composed on one or more threads of execution. Each thread possesses its own stack, a region of memory set aside by the operating system for that thread to store data. Popular programming languages rely heavily on stack-based data (frequently referred to as “local” or “automatic” data). It is a characteristic of deterministic machines like computers that, given the same problem to process with the same data, the same results, both intermediate and final, will result. This even extends to the sequence the software running on the computer will take to process the problem or data. This in turn means that for each thread making up the program, the data layout in the thread's stack will be relatively consistent each time the program gets to a similar point in the processing of the problem and/or data. This represents a potential “point of repeatability” that a hacker can take advantage of.

Abstract: Some embodiments provide methods and systems for use in processing encrypted media content through a media processing stack, wherein the media processing stack comprises one or more ordered and successively arranged processing components. These embodiments receive the media content at each successive processing component and pass the media content to a successive processing component; optionally process the media content at each processing component; receive one or more decryption keys associated with the media content at one of the processing components; relay the decryption keys to one or more successive processing components to a decrypting one of the processing components that is capable of decrypting the media content, and decrypt the media content at the decrypting one of the processing components before passing the media content to the successive processing component.

Abstract: A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined.

Abstract: A word wise search is performed on an MPEG-2 stream. For every word, the invention finds word-aligned patterns of 0×00 0×00 or 0×00 0×01. The algorithm applied by the invention examines the input stream buffer for the first word aligned 0 in which further testing determines is the first byte of a valid start code, and sets the sub-buffer defined by the start of the search to the location of this discovered start-code as the zero-word reach. A second search is performed in the same part of the input stream buffer, this time looking for word aligned 1's (i.e. byte pattern 0×00 0×01). For each word aligned 1 that is a start code, an entry is made into a start code list. When all of these have been found, the offset of the start code ending the current zero-word reach is added to the list of start-code offsets. This process is repeated from the 0 word reach until the end of the buffer is encountered.

Abstract: A method and apparatus for optimal handling of high bandwidth streaming data in a computer system minimizes computational activities to achieve maximal performance. This performance improvement is accomplished by minimizing the amount of memory copying and also by minimizing the number of allocation and deallocations of objects which occur. Memory copying is a CPU/bandwidth intense operation when there is high speed streaming data on the input. The allocation and deallocation of objects is a system resource intense activity and requires a very significant amount of CPU processing per invocation in a computing device. Using a combination of techniques, the invention provides a technique that reduces both the number of memory copies as well as the number of objects which get allocated and deallocated during the course of operating on the streaming media data.