Abstract: A protected content distribution system utilizes media-based copy protection to support online distribution of protected content in a secure and legitimate fashion. Using a media-based copy protection scheme based on broadcast encryption, the protected content distribution system realizes online distribution of protected content such as, for example audio files, movies, etc, authorizing consumption of unlicensed content by transfer of a unique encrypted key to the protected media. This transaction is fast, involving the transfer of an encrypted binding key rather than the protected content. Content is enabled through a unique encrypted key on protected media accessed through a device separate from the media driver.

Abstract: A rights management module controls access to a data set by processing requests for flexibly defined types of access to the data set and determines if the requested access may be granted. The requester's right for the requested type of access is verified by a verification module that may be part of the rights management core or verified through expansion rights verification modules. Extension verification modules may be contained within the data set itself or obtained from a separate store. Extension verification modules are authenticated by the rights management core.

Abstract: A method, system and computer readable medium for the blocking of recording digital content at an end user multimedia end-user-system during the rendering of encrypted digital multimedia files. Before the process of rendering of encrypted digital multimedia can be started all rendered media stream during playback are opened to ensure that this multimedia content is not recorded. This blocks the usage of the multimedia interfaces including devices and/or ports that can be used to store un-encrypted content that has been decrypted for the purposes of playing or rendering. The method also includes an exception, which allows recording with permission from the present invention.

Abstract: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally.

Abstract: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally.

Abstract: A method (and system) for storing information in a recoverable manner on an untrusted system, includes sending, by a client, a request to a recovery server for recovery of a failed database, determining whether the request is legitimate, based on the determining, sending a local key to the client, decrypting by the client the failed database with the local key, to recover the failed database, and re-encrypting the recovered database with a new key.

Abstract: A system for providing persistent access control of protected content is disclosed. The method on a client system includes sending a first request for authentication of the client to a server system. Subsequently, the client is authenticated by the server. Next, a user on the client attempts to access a file comprising a trailer and content encrypted with an encrypting key. Then, a second request for access to the content is sent to the server by the client, wherein an identifier from the trailer is included in the second request. The identifier identifies the content or an access control policy of the content. The server determines that the second request is in accordance with an access control policy associated with the content, and grants access to the content. Lastly, the client accesses the content in accordance with the access control policy.

Abstract: A system, method and computer readable medium for providing secure IP-based streaming in a format independent manner is disclosed. The method on a content mastering system begins with an encoded media file consisting of content data and associated metadata. First, the metadata is read from the encoded media file. Next, the encoded media file including the content data and the associated metadata is encrypted. Then, in a streaming server system, the encoded/encrypted media file is divided into more than one data packet, streamed in accordance with one or more parameters in the metadata. Each data packet includes a portion of the encoded/encrypted media file and an offset value corresponding to a location within the encoded/encrypted media file. The data packets are then streamed to a client information processing system (i.e., the client) over a network.

Abstract: A rights management module controls access to a data set by processing requests for flexibly defined types of access to the data set and determines if the requested access may be granted. The requester's right for the requested type of access is verified by a verification module that may be part of the rights management core or verified through expansion rights verification modules. Extension verification modules may be contained within the data set itself or obtained from a separate store. Extension verification modules are authenticated by the rights management core.

Abstract: A method, system and computer readable medium for the blocking of recording digital content at an end user multimedia end-user-system during the rendering of encrypted digital multimedia files. Before the process of rendering of encrypted digital multimedia can be started all rendered media stream during playback are opened to ensure that this multimedia content is not recorded. This blocks the usage of the devices and/or ports that can be used to store un-encrypted content that has been decrypted for the purposes of playing or rendering. The method also includes an exception, which allows recording with permission from the present invention.

Abstract: A method (and system) for storing information in a recoverable manner on an untrusted system, includes sending, by a client, a request to a recovery server for recovery of a failed database, determining whether the request is legitimate, based on the determining, sending a local key to the client, decrypting by the client the failed database with the local key, to recover the failed database, and re-encrypting the recovered database with a new key.