Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.

Abstract: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

Abstract: A method of invoking power processor element (PPE) serviced C library functions on a synergistic processing element (SPE) running in isolated mode. When the SPE initiates a PPE-serviced function, an SPE stub routine allocates a parameter buffer in an open area of a local store (LS) memory within the SPE. The LS memory includes an open area accessible to the PPE, and an isolated area inaccessible to the PPE. The SPE stub routine copies function parameters corresponding to the PPE-serviced function to a buffer within the open area of the LS memory, and writes a message word, which contains an identification variable of the PPE-serviced function and a location variable of the function parameters, to the open area. When execution is temporarily suspended on the SPE, the PPE reads the message word from the open area of the LS memory and executes the PPE-serviced function.

Abstract: A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.

Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).

Abstract: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.