Abstract: A method processes an input image securely. An input image I is acquired in a client. A set of m random images, H1, . . . , Hm, and a coefficient vector, a=[a1, . . . , am], are generated such that the input image I is I=?i=1m?iHj. The set of the random images is transferred to a server including a weak classifier. In the server, a set of m convolved random images H? are determined, such that {H1?=?1(H1*y}i,1m, where * is a convolution operator and ?1 is a first random pixel permutation. The set of convolved images is transferred to the client. In the client, a set of m permuted images I? is determined, such that I?=?2(?i=1m?iH1?), where ?2 is a second random pixel permutation. The set of permuted image is transferred to the server.

Abstract: This invention relates to a method for processing control messages from a set of control messages intended to access an encrypted content received in the form of a stream by a multimedia unit. These messages include at least a discrimination parameter having a different value for two consecutive messages in the stream and access data to encrypted content. The method comprises steps for receiving a current control message, for reading the discrimination parameter from the current control message, for retrieving in a memory, the discrimination parameter from the message processed previously to the current message, for comparing the discrimination parameter of the current message with the previously processed message discrimination parameter, and for blocking said current control message by the filter if the comparison step indicates that the discrimination parameter of the current message is identical to the discrimination parameter of the previously processed message.

Abstract: Key distribution within a digital cinema presentation facility (140) occurs according to a retrieval process (200, 300) that provides for automatic retrieval at a scheduled time. The process further includes redundant mechanisms to transfer the necessary keys, in different ways to enable theater personnel to obtain the required key in a variety of different ways.

Abstract: A digital data signal, such as a digital video signal, is intentionally pre-distorted before being sent over a network. In one embodiment, this pre-distortion may be performed in accordance with a pre-distortion pattern or algorithm which is shared with only intended receivers. The pre-distortion pattern may be used to vary the pre-distortion on a periodic basis, as frequently as on a symbol-by-symbol basis. The pre-distortion function may include distorting the phase and/or the amplitude of the digital signal's modulation.

Abstract: An encoding data processor generates a video material item marked copy by representing a payload data word as a code word embedded into a copy of the video material item. A preprocessor forms plural initial values having the same predetermined length, by representing one or more parts of the payload data word in one or more of the initial values, each including a field index, and setting remaining parts of the initial value to a predetermined value. An encryption processor receives each initial value and generates an encrypted data stream therefrom using a payload encryption key to provide plural encrypted data streams. The parts of the encrypted data streams are combined with frames of the material item. Plural initial values include the same part of the payload data, and a field index value for the initial value including the same payload data is changed with respect to other initial values.

Abstract: A motion picture distribution system, the system including a central computer, an exhibitor computer, a communication channel, and a back channel. The central computer is located at a central site and configured to distribute a digital version of the motion picture. The exhibitor computer is located at an exhibitor location that is remote from the central site. The exhibitor computer is configured both to receive the digital version of the motion picture from the central computer, and to display the motion picture. The communication channel is configured to facilitate the electronic transfer of the digital version of the motion picture from the central computer to the exhibitor computer. The back channel is coupled between the central computer and the exhibitor computer, and configured to allow for the transfer of information between the exhibitor computer and the central computer.

Abstract: A digital watermark embedding device and method uses block correlation to perform motion detection on temporally sequential digital video signals after performing preprocessing such as division into blocks. The device and method evaluate a plurality of motion information which are calculated for blocks by using a technique such as determination by majority or weighting. Based on the detected motion information, by moving a digital watermark pattern to follow a picture, the digital watermark information can be superimposed on an input digital video signal so as to match human visual characteristics by using a technique such as emphasizing a portion on which the human eye is easily turned.

Abstract: A mating key gateway is adapted to retrieve a mating key, which is used to encrypt a program key that is used to scramble digital content prior to transmission to a digital device. According to one embodiment of the invention, the mating key gateway comprises a processor, a communication interface and a non-volatile storage unit. The non-volatile storage unit is configured to store a mating key lookup table to identify a targeted server to retrieve the mating key therefrom based on the information received from a headend.

Abstract: A process for secured distribution of fixed numerical images according to a nominal format resulting from numerical encoding in wavelets, represented by a original stream including a packet relating to organization of a binary sequence that contains at least a block that regroups numerically encoded simple elements according to a mode specified inside the stream and utilized by decoders that are capable of reconstructing or decoding it to be able to correctly display the image including modifying at least one of the simple elements according to at least a substitution operation including extracting the simple element, followed by its replacement by lure data, modifying a principal stream to conform to a nominal format including modified blocks and packets, and by a path that is separate from the principal stream of complementary numerical information and allowing reconstruction of the original stream from calculations, on destination equipment, as a function of the principal stream and the complementary infor

Abstract: A method and system for timecode generation including: receiving an encryption key and an implemented encryption method, for each one of a plurality of frames, receiving a timecode and an associated presentation time stamp (PTS) associated with the one frame, for each one of the plurality of frames, encrypting the timecode associated with the one frame using the encryption key and the implemented encryption method, thereby producing a plurality of encrypted timecodes, and at a time associated with the associated PTS associated with the one frame, outputting a packetized elementary stream (PES) including the plurality of encrypted timecodes. Related systems and methods are also described.

Abstract: A moving image distribution system, wherein the user can view content moving images at no charge, and the provider of the content moving images can prevent a drain of the moving image contents and can protect the copy right thereof, as a copy right holder, without fail. The moving images are divided, along a time axis, into two master and slave nonreproducible moving image files. The slave moving image file (small file) is encrypted based on CM file data in which a predetermined CM element has been incorporated. In response to a reproduction request of a user terminal that possesses the master moving image file (main file) in advance, the slave moving image file is distributed with the CM moving images to the user terminal via a network line such as the Internet.

Abstract: A data delivery device divides data representing a single entity into a plurality of data items, encrypts the data items, and delivers the encrypted data items to a data receiving device. The encryption device in the data delivery device includes a first encryptor that encrypts a first set of the data items, leaving a second set of the data items unencrypted. A storage unit stores the encrypted first set of data items and the unencrypted second set of data items, pending delivery to the data receiving device. A second encryptor encrypts the second set of data items in real time when they are taken from the storage unit and delivered to the data receiving device. By combining pre-encryption and real-time encryption, the encryption device attains a high level of security with only a moderate real-time processing load.

Abstract: A content playback apparatus prevents related content recorded on separate media that make up a virtual package from being played separately, thereby restricting playback of the content to only when the virtual package is assembled as intended by the creator, and protecting copyright of the content. A key obtaining unit obtains a second key, with use of key management information recorded on a recording medium on which related content relating to the encrypted content is also recorded. An information obtaining unit obtains the encrypted content and key generation information that relates to generation of the first key, from a source other than the recording medium. A key generation unit generates the first key with use of the second key and the obtained key generation information. A decryption unit decrypts the encrypted content with use of the first key.

Abstract: Methods and apparatuses for minimizing co-channel interference in communications systems are disclosed. A method in accordance with the present invention comprises scrambling a first header of the first signal using a first scrambling code, scrambling a second header of the second signal using a second scrambling code, and transmitting the first signal and the second signal with the scrambled first header and the scrambled second header over different channels of the communication system.

Abstract: A method of controlling descrambling of a plurality of program transport streams received by a receiver system comprises receiving a sequence of messages in a conditional access sub-system (9,10) comprised in said receiver system, each message being associated with one of a number of scrambled program transport streams and representing a request for returning information enabling the associated scrambled transport stream to be descrambled by at least one descrambler module (12) in the receiver system, determining whether messages received within a certain interval are associated with a number of different scrambled program transport streams, and denying at least one of the requests represented by the messages received in the certain interval, if the number of different scrambled program transport streams with which the messages are associated exceeds a pre-determined number.

Abstract: A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided though a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content.

Abstract: Embodiments of the present invention provide for the copy protection of distributed material after conditional access is applied, regardless of where the material is distributed. The solutions described provide the advantage of being sufficiently simple in implementation to qualify as “curb high” solutions. “Curb high” solutions provide a range of security from minimal security to a high level of security while requiring relatively fewer system resources to implement than prior approaches.

Abstract: A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number.

Abstract: A system for processing multimedia channels is described comprising: transmitting decryption keys for decrypting the multimedia channels, the keys encrypted in both a first encryption format and a second encryption format; the keys encrypted in the first encryption format being decryptable by a first type of multimedia receiver; and the keys encrypted in the second encryption format being decryptable by a second type of multimedia receiver.

Abstract: A conditional access device is provided. The conditional access device typically includes conditional access decryption, interface, timing and control logic. The conditional access decryption logic decrypts an incoming signal for use in a consumer electronics device in accordance with previously received entitlement management messages. The interface logic receives a control signal including an entitlement management message window from a headend control system through a receiver in the consumer electronics device. The timing logic asserts an awake signal responsive to the entitlement management message window becoming active. The control logic sends a request to the consumer electronic device to activate a receiver coupled to the headend control system in expectation of receiving an entitlement management message via the control signal in response to assertion of the awake signal. The control logic also communicates the entitlement management message to the conditional access decryption logic.

Abstract: The ability to securely transmit information between two locations is of paramount importance in today's communication systems. Before the invention of digital transmission methods, analog transmission was commonplace. However, today's communication systems rely almost exclusively on transmitting information digitally. Digital transmission has become commonplace because it provides optimal accuracy and security. However, digital transmission also has drawbacks, for example, increased bandwidth requirements and the loss of information when converting information between the analog and digital domains. The present invention relates to a method and apparatus for encrypting analog data while minimizing data loss and conserving bandwidth.

Abstract: Systems and methods are disclosed for providing encrypted downstream signals to a plurality of receiver devices 130, 135, 140, where the devices 130, 135, 140 may have different decryption devices. A receiver network (i.e., a networked multimedia system) includes a splitter/isolation module (SIM) 125, a primary set-top terminal (STT) 130, and at least one remote device 135, 140. The remote devices 135, 140 communicate with the primary STT 130 via the SIM 125 over coaxial cable. Accordingly, the remote devices 135, 140 are capable of requesting and receiving stored programs via the networked multimedia overlay system. Depending upon the decryption device included in the requesting remote STT 135, 140, the primary STT 130 sends a stored program encrypted according to that decryption device.

Abstract: A system for packaging digital media and distributing digital media to exhibitors is described, which system enables distribution by utilizing media content booking, media content packaging, encryption, and delivery components.

Abstract: A method, apparatus, and article of manufacture provide the ability to activate functionality in a set-top box. A feature authorization message is received in a set-top box. The feature authorization message comprises one or more rules to be evaluated (wherein each of the rules comprises one or more tests for a status of one or more conditional access module attributes), one or more event requirements for rule evaluation, and one or more features that are dependent by the rule evaluation result (wherein each of the one or more features represents a set of one or more abilities of hardware and/or software of the set-top box). When one or more of the event requirements have been met, the one or more rules are evaluated to obtain a result. The ability to use the one or more features are then set based on the result.

Abstract: Disclosed are a method of protecting content and a method of processing information. The method of protecting content can include service related information including revocation application information of content from the outside by employing a content management and protection system, and apply or not apply a content revocation process on the content according to the revocation application information. Accordingly, whether to apply a content revocation process can be controlled according to revocation application information.

Abstract: Techniques pertaining to a security system are disclosed. According to one aspect of the techniques, secured communication of video data between a monitoring system including a monitoring camera and a monitoring terminal is established by encrypting the video data. The monitoring camera is configured to encrypt digital image data before the image data is transmitted to the monitoring terminal. Instead of using commonly used encryption schemes, encryption rules are generated in accordance with an encryption key corresponding to a predetermined encryption algorithm. On the side of the monitoring terminal, decryption rules are generated in accordance with a received description key corresponding to a predetermined decryption algorithm. Depending on implementation, the image data may be encrypted/decrypted line by line, block by block or frame by frame.

Abstract: A content distribution method for video copyright authentication and security comprising the steps of invisibly watermarking digital video data input from a video data source to create watermarked data; encrypting the watermarked digital video data using an encryption key to create encrypted video data; sending the encrypted watermarked digital data and a decryption key to a distribution network; decrypting the encrypted watermarked digital data to generate video data and adding visible watermarking data to the video data to generate visibly encrypted watermarked data compressing the visibly encrypted watermarked data to create compressed data; sending said compressed data and to an end user receiver; decompressing the compressed data at the receiver to generate decompressed data; and displaying the decompressed data to an end user.

Abstract: A base station for use in a code division multiple access communication system comprises circuitry configured to process a user equipment identification (UE ID) by ½ rate convolutionally encoding the UE ID to produce a code. The code is used by the base station for scrambling a high speed shared control channel (HS-SCCH). The base station is configured to transmit a wireless signal. The wireless signal provides the user equipment with payload data carried on a high speed physical downlink shared channel (HS-PDSCH). The HS-PDSCH is associated with the HS-SCCH.

Abstract: A system and method of controlling access to a media program via a receiver communicably coupleable to a conditional access module is described. The apparatus comprises a first processor, a second processor, and an interface module, communicatively coupled to the first processor and the second processor, the interface module for processing all communications with the conditional access module and externally manifesting a single virtual processor to the receiver.

Abstract: In accordance with the teachings described herein, systems and methods are provided for inserting 2-bit codes into the least significant bit positions of timing reference signal code words, to prevent long runs of zeros from entering the scrambling polynomial. By preventing the long runs of ones and zeros in the scrambled data stream, the receive-end DC-restoration circuits can be simplified, reducing complexity and increasing system performance. A serial digital interface prevents long runs of ones and zeros by replacing the values of the two least significant bits of the data stream prior to the scrambler. The two least significant bits are changed from 11b or 00b to 01b or 10b.

Abstract: A method of encrypting a transmission unit of a generalized scalable bit-stream includes, encrypting a plurality of logic units of the transmission unit using a unique encryption key for each logic unit, where the unique encryption keys for the transmission unit form a set of encryption keys. The method further includes providing a user with a subset of decryption information that corresponds to a subset of the encryption keys. The subset of the decryption information allows decryption of a subset of the logic units in the transmission unit up to a predetermined decryption level of the transmission unit.

Abstract: A method for producing scrambled content (FIG. 6A), the method including providing content (600) to be scrambled, identifying a first portion of the content (620), identifying a second portion of the content (630), computing a disguising function of at least part of the first portion (620) of the content and producing a result, and scrambling the second portion (630) of the content, the scrambling being based in part, on the result. Related apparatus and methods are also described.

Abstract: Copy protection techniques that utilize a watermark and a permission key are disclosed. The copy protection techniques can provide single-copy copy protection in addition to different levels of copy protection. The permission key and the watermark can also permit the invention to yield variable levels of copy protection. In one embodiment, content including a watermark is transmitted to a recipient. The recipient is allowed to read the content but not record the content unless the recipient possesses a permission key.

Abstract: A broadcast signal is received that includes a data identifier that identifies data associated with the broadcast signal. The broadcast signal also includes the data associated with the broadcast signal encoded in the broadcast signal. The data associated with the broadcast signal includes an indicator to ignore the data identifier contained in the broadcast signal. The system decodes the data encoded in the broadcast signal while ignoring the data identifier contained in the broadcast signal. The indicator to ignore the data identifier contained in the broadcast signal may include an associated time period during which the data identifier should be ignored. The data identifier is broadcast in scan line twenty-one of a broadcast image. The data associated with the broadcast signal is encoded in vertical blanking interval lines of a broadcast image.

Abstract: A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number.

Abstract: Disclosed are methods and systems for providing transcodability to media in a network, comprising separating an amount of media data into a segment, and combining the segment and a transcoder readable payload header into a data packet payload, wherein the segment comprises data coded in a frame.

Abstract: Ternary (3-value) and higher, multi-value digital scramblers/descramblers in digital communications. The method and apparatus of the present invention includes the creation of ternary (3-value) and higher value truth tables that establish ternary and higher value scrambling functions which are its own descrambling functions. The invention directly codes by scrambling ternary and higher-value digital signals and directly decodes by descrambling with the same function. A disclosed application of the invention is the creation of composite ternary and higher-value scrambling devices and methods consisting of single scrambling devices or functions combined with ternary or higher value shift registers. Another disclosed application is the creation of ternary and higher-value spread spectrum digital signals. Another disclosed application is a composite ternary or higher value scrambling system, comprising an odd number of scrambling functions and the ability to be its own descrambler.

Abstract: As transmitted digital content is vulnerable commodity, its protection from piracy is receiving significant attention. It is possible today to extract the digital content from the temporary storage during processing and also form interfaces during transfer between blocks in a receiver system. When content is processed and frames are temporarily stored in external memory, when frames are transmitted to the display through a LVDS, or other screen/panel interface, they are transmitted non-secured. When captured at these points of vulnerability, the full resolution image is available for reproduction. According to the present invention additional security protection is enabled at these points of vulnerability. The disclosed practice of randomized scrambling of bits or groups of bits at the points of vulnerability in a digital transmit-receive system prevent pirating of useable content.

Abstract: The invention concerns a method of inserting a suppementary information item in a set of data reprenting physical quantities, the data having been processed by the steps of, a) partitioning (E2) the set into subsets, b) entropic coding (E4) of each of the subsets, c) selecting (E8), for each of the subsets, a compression rate and distortion pair according to a global compression rate or a global distortion, d) writing, for each of the subsets, an index (Tij) representing the selected compression rate and distortion pair, in a file containing the coded subsets, characterised in that it also includes a step (E11) of modifying the selected compression rate and distortion pairs, according to the supplementary information (wm).

Abstract: A method for providing a video signal, and a descramble card and a video apparatus using the same are disclosed. The video apparatus includes a first interface which receives a scrambled video signal, and outputs the scrambled video signal, a second interface which transmits the scrambled video signal to a storage medium connected with the video apparatus, and a controller which controls the first interface to transmit the scrambled video signal to the second interface. Accordingly, a personal video recorder (PVR) function is provided to a premium broadcast content.

Abstract: An IC card (processing terminal) divides a process into process blocks, and holds a time period required for processing each process block. A receiver (receiving terminal) notifies the IC card of a time period which can be spent for processing non-real-time process data when causing the IC card to perform the processing. The IC card processes the process blocks which can be processed within the notified time period. After the processing, the IC card once sends a response back to the receiver, and then transitions into a state in which it can receive a new request. Accordingly, it becomes possible for the IC card to process real-time process data such as an ECM. In the case where the receiver continues the suspended processing, it notifies the IC card of the continuation of the processing so that it causes the IC card to continue the processing of non-real-time process data.

Abstract: A method of fragile watermarking is characterized by the step of generating at least a first ill-conditioned operator, said ill-conditioned operator being related to values extracted from an image or portion thereof A.

Abstract: This disclosure describes methods and systems for encoding a digital watermark into and/or detecting a digital watermark from a host (or media) signal such as audio, video or imagery. One implementation involves a method of detecting a digital watermark. The method includes: receiving a host signal carrying a digital watermark; computing attributes of the host signal; using the attributes of the host signal to compute a key; and using the key to detect the digital watermark in a transform domain dependent on the key. Other methods, systems and apparatus are provided as well.

Abstract: A semiconductor integrated circuit for the processing of conditional access television signals comprises an input interface for receiving encrypted television signals and an output interface for output of decrypted television signals. Control signals broadcast with the television signals include control words and common keys. Entitlement messages are received in encrypted form, encrypted according to a secret key unique to each semiconductor integrated circuit. The input interface is connected to a decryption circuit whereby the only manner of providing the common keys to the circuit are in encrypted form encrypted according to the secret key. Due to the monolithic nature of the circuit, no secrets are exposed and the system is secure. Alternatively, the entitlement messages are encrypted for decryption with the common keys and a unique ID stored in the circuit is compared with an ID in a received entitlement message. Only if the received and stored IDs match can the rights be stored and used.

Abstract: A watermarking system comprises an encoding data processor operable to generate at least one marked version of an original item of material by introducing one of a predetermined set of code words into a copy of the original material item. The encoding data processor is arranged to form other code words of the set by cyclically shifting a first code word. The system includes a detecting data processor operable to identify the code word in the marked material item. The detecting data processor is operable to recover the code word from the marked material item and to form a Fourier transform of the recovered code word and a Fourier transform of the first code word of the set. The data detecting processor forms correlation samples by forming an inverse transform of a combination of the recovered and the first code word. Each of the correlation value samples provides the correlation value for one of the set of code words.

Abstract: Techniques and tools are described which provide control access mechanisms for contents made available by a service provider to a user. The user, after a registration process, uses a mobile application on a mobile device to generate a one-time content key. The content key is input into a set-top box which validates the key and provides access to the protected content. The mobile application allows for password protection for the user, as well as a recharging ability when its one-time content keys are exhausted.

Abstract: A high level of security for access to recorded information is provided by a method which includes provisioning of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.

Abstract: A device and method of encrypting a sequence. The method (300) encrypts data (Di) over a sequence of encryption periods (Ti) by generating (315) a sequence of forward encryption keys (GKfi) each associated with a respective encryption period (Ti). Each forward encryption key is generated recursively by applying a forward one way function (FFi?1) to the forward encryption key (GKFi?1) associated with the preceding encryption period (Ti?1). Next the method (300) generates (320) a sequence of reverse encryption keys (GKRi), each associated with a respective encryption period (Ti), each reverse encryption key being generated recursively by applying a reverse one way function (FRi?1) to the reverse encryption key (GKRi+1) associated with the subsequent encryption period (Ti+1). Encrypting (325) the data (Di) for each encryption period (Ti) with a respective forward encryption key (GKFi) and a respective reverse encryption key (GKFi) is then performed.

Abstract: A data dependent scrambler for a communications channel that receives a user data sequence including N symbols each with M bits includes a seed finder that selects a scrambling seed and a first scrambler that receives said user data sequence and said scrambling seed from said seed finder. The first scrambler generates a scrambled user data sequence. A first encoder identifies a string of X consecutive zeros in adjacent symbols of the scrambled used data sequence and replaces one of the adjacent symbols with an all-one symbol. The first encoder replaces the other of the adjacent symbols with first bits representing a position of the string of X consecutive zeros and second bits representing bits of the adjacent symbols that are not in the string of X consecutive zeros.

Abstract: A data dependent scrambler for a communications channel that receives a user data sequence including X bits that are organized as N M-bit symbols includes a seed finder that generates a scrambling seed that is dependent upon the symbols in the user data sequence. A first scrambler receives the user data sequence from the data buffer and the scrambling seed from the seed finder and generates the scrambled user data sequence. An H-code finder generates at least one of an H-code token that is dependent upon the symbols in the user data sequence and an offset of the H-code token from the scrambling seed. An H-code encoder receives the scrambled user data sequence and at least one of the H-code token and the offset. The H-code encoder increases a Hamming weight of the scrambled user data sequence using the at least one of the H-code token and the offset.