Abstract: An automated system for automatic update of a Common Vulnerability Scoring System (CVSS) score, the system including vulnerability information analyzing functionality to analyze preexisting vulnerability information, the preexisting vulnerability information relating to at least one of at least one vulnerability and at least one attack vector thereof, the at least one vulnerability having a preexisting CVSS score, the preexisting CVSS score being based at least partially on the preexisting vulnerability information, vulnerability information extraction functionality, responsive to the analyzing preexisting vulnerability information, to extract new vulnerability information, the new vulnerability information relating to the at least one of the at least one vulnerability and the at least one attack vector thereof, and CVSS score updating functionality to employ the new vulnerability information to update the preexisting CVSS score.

Abstract: Systems and methods include broadcasting an entitlement management message (EMM) in a communication system using a scheduled delivery window. The systems and methods including receiving a EMM broadcast window from a distribution system, listening for the EMM during the EMM broadcast window, and receiving the EMM from the distribution system during the EMM broadcast window.

Abstract: The present invention is suitable for use in a multi-encrypted system that dynamically allocates stream identifiers in a second stream depending upon the identifiers in a first stream. The first stream is monitored and counters are incremented with the presence of an identifier. The count for each of the counters is then received. Using the count, a control processor then assigns or revises identifiers in the second stream.

Abstract: A storage system in which a storage control apparatus writes data in each of divided areas defined by division of one or more storage areas in one or more storage devices, after encryption of the data with an encryption key unique to each divided area. When the storage control apparatus receives, from a management apparatus, designation of one or more of the divided areas allocated as one or more physical storage areas for a virtual storage area to be invalidated and an instruction to invalidate data stored in the one or more of the divided areas, the storage control apparatus invalidates one or more encryption keys associated with the designated one or more of the divided areas. In addition, the storage control apparatus may further overwrite at least part of the designated one or more of the divided areas with initialization data for data erasion.

Abstract: Control of access to at least one digital content is managed as a function of at least one access criterion. The digital content is transmitted to at least one terminal in the form a data stream. The access criterion is stored in the terminal as a function of an identifier. The terminal receives the data stream in association with a control message indicating the identifier. It then retrieves the stored access criterion as a function of the identifier received in the control message. Finally, it verifies whether the stored access criterion is satisfied in order, where appropriate, to authorize access to the content.

Abstract: Provided are a method and apparatus for effectively fixing scrambled content. The method includes checking fixing information for a program map table (PMT) packet of packets constituting the content, the fixing information being used to fix a transformed part of the content; extracting location information of a next PMT packet containing fixing data for fixing the transformed part of the content from the fixing information of the PMT packet; and fixing the transformed part of the content by using the fixing data in the next PMT packet indicated by the extracted location information. Accordingly, it is possible to easily detect a location of the content, which stores the fixing information, thereby expediting fixing of the transformed content.

Abstract: Embodiments of the invention provide an improved method and an improved receiver for obtaining a control word. Two or more subkeys are obtained in a receiver. Each subkey was encrypted under control of a key received in an entitlement message or transformed under control of a seed received in an entitlement message. After decryption or transformation, the subkeys are combined to obtain the control word. Typically at least one of the entitlement messages is a positive entitlement message and at least one of the entitlement messages is a negative entitlement message. Embodiments of the invention can be used in a conditional access system such as a Pay-TV system.

Abstract: A method for identifying of at least an identifier of a conditional access card used in a control word redistribution system by passing information over a side channel, said method comprising a modification step of the response time, of the card, to a control word request, according to a predefined function which depends on the identifier of the said cards.

Abstract: Various embodiments of the present invention relate to systems, methods, and computer-readable medium providing licensing rights for media content that follows a subscriber so that the subscriber may experience the media content on various content distribution platforms. In particular embodiments, the systems, methods, and computer-readable medium transfer licensing rights for a user for particular media content that is associated with a first device on a first distribution platform so that the rights are associated with a second device on a second distribution platform. As a result, in various embodiments, the user is able to experience the particular media content with the use of the second device on the second distribution platform.

Abstract: There is provided a system and method for a universal file packager for use with an interoperable key chest. There is provided a method for distributing media contents to distributors, comprising obtaining a first key, a second key and a content, encrypting the second key using the first key to generate an encrypted second key, encrypting the content using the second key to generate an encrypted content, generating a key information file including the encrypted second key, generating a universal file including the encrypted content and a first network address for a central key repository (CKR), providing the key information file for storage in the CKR, and providing the universal file to the distributors. The universal file can then be provided to users for digital e-commerce and transferred across different distributors with the CKR negotiating key access for granting new interoperable DRM licenses.

Abstract: Systems and methods for providing multimedia content from one process or component to another process or component over an unsecured connection are provided. One embodiment includes obtaining the cryptographic information, extracting the at least partially encrypted video data from the container file to create an elementary bitstream, enciphering the cryptographic information, inserting the cryptographic information in the elementary bitstream, providing the elementary bitstream to a video decoder, extracting the cryptographic information from the elementary bitstream at the video decoder, deciphering the cryptographic information, decrypting the elementary bitstream with the cryptographic information and decoding the elementary bitstream for rendering on a display device using the video decoder.

Abstract: A secure cloud storage and synchronization system and method is described that provides, among other things: (1) local password recovery, including a mechanism by which the user of the system can recover their password without having stored it on a remote server; (2) secure, private versioning of files, including a mechanism to privately store a version history of files on one or more remote servers in such a way that it is technically infeasible for anyone other than the legitimate owner to access any component of the file history; (3) secure, private de-duplication of files stored on one or more remote servers that reduces storage requirements by allowing for the storage of a single file when there are duplicates, even across users; and (4) secure, private sharing of files between users of the system that allows one user to share a file on the “cloud” with another user without deciphering or transporting the file.

Abstract: A method and apparatus for providing conditional access to media programs is described. An exemplary method comprising the steps of transmitting media information encrypted according to a control word (CW) to a receiver station, transmitting entitlement management information (EMI) to the receiver station, the EMI comprising a service bitmap, and transmitting entitlement control information (ECI) to the receiver station, the entitlement control information including the control word (CW) encrypted according to a key (K) and an index to an element of the service bitmap, wherein the control word (CW) is decrypted by the receiver stations according to a value of the indexed element of the service bitmap.

Abstract: The present invention provides a method, system, and computer program product for transferring authorization rights to access a file. A method in accordance with an embodiment of the present invention includes: designating a location to store the file; creating a file-transfer-reference for the file based on the location; creating an authorization protocol for the file; selecting at least one recipient of the file-transfer-reference; and forwarding the file-transfer-reference to the at least one recipient according to the authorization protocol. The method may optionally include defining a validity period for which for access to the file.

Abstract: Systems and methods that receive a video stream comprising a sequence of compressed pictures, the compressed pictures comprising a plurality of levels of picture importance including a first picture level and a second picture level, track the compressed pictures to ascertain which of the compressed pictures correspond to the first level, and responsive to ascertaining which of the compressed pictures correspond to the first level, tracking the compressed pictures to ascertain which of the compressed pictures correspond to the second level.

Abstract: A configuration in which use management for each piece of content, which is divided in units, can be performed strictly and efficiently is provided. CPS units such that content stored on an information recording medium is divided into units are set, a unit key is assigned to each CPS unit, and data forming each unit is encrypted and recorded. For reproduction, a unit key is generated, and data processing using the unit key is performed. As information for generating the unit key, copy/play control information (CCI) that is set so as to correspond to the CPS unit and a content hash that is a hash value based on data forming the CPS unit are used. With this configuration, tampering of CCI and data forming the CPS unit can be prevented, and authorized content use can be realized.

Abstract: A digital content display method adaptable to an electronic apparatus is provided. The electronic apparatus includes a display interface and a display driving apparatus. The digital content display method includes following steps. An encrypted digital content is received by the display driving apparatus. The encrypted digital content is decrypted by the display driving apparatus according to an algorithm. The display interface of the electronic apparatus is driven by the display driving apparatus according to the decrypted digital content so that the display interface displays the digital content. Additionally, an electronic apparatus and a display driving apparatus thereof are also provided.

Abstract: In a downloadable conditional access system (DCAS), preferably all DCAS-specific code is implemented in a configurable secure (CS) processor that is in communication with the host processor. Preferably, no DCAS-specific code is executed in the host processor. The host processor delivers commands to the CS processor, which the CS processor performs to configure itself in accordance with the particular DCAS encryption scheme used by the DCAS. Once configured, the CS processor executes a DCAS software module that has been downloaded to the CS processor, which looks for the corresponding EMMs and ECMs, processes them to obtain the CW, and then uses the CW to decrypt the content stream.

Abstract: Methods for generating data for describing scalable media are disclosed. Data is associated with the scalable media that identifies portions of the scalable media to combine in order to produce media that is scaled to possess a desired scalable attribute without decoding. Portions of the scalable media are encrypted. Data is associated with the portions of the scalable media that identifies protection attributes of the encryption scheme used to encrypt the portions of the scalable media.

Abstract: The invention relates to a method of transmitting at least one additional piece of data D in a list of access control words CWi to a scrambled content transmitted by a content server of an operator to a user equipment (2) including a reception terminal (4) associated with a security processor (6), each control word CWi of said list being designed to descramble said contents during a determined cryptoperiod, this method includes the following steps: a) prior replacement of at least one of the control words of said list with a magnitude X resulting from the treatment of said additional piece of data D by a function G having a dual function H, and, at the reception of said list by the 15 reception terminal (4), b) retrieve said additional piece of data D by treating said magnitude X with dual function H.

Abstract: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.

Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.

Abstract: An efficient security related procedure is disclosed. A plurality of service data units (SDUs) having the same priority is multiplexed to one unit signal. The unit signal is ciphered using a mask generated by a first parameter combination. The receiver simultaneously deciphers the multiplexed service data units (SDUs), such that a Layer-2 (L2) processing time is efficiently reduced and the problems encountered by signals vulnerable to security can be efficiently solved.

Abstract: Embodiments of the invention are generally directed detection of encryption utilizing error detection for received data. An embodiment of a method includes selecting a first port for foreground processing of a stream of data received at the first port, the stream of data including content data, and sampling a set of data received at a second port, the second port being not selected for foreground processing, the set of data including a data packet and error correction data. The method further includes performing background processing of the set of data, wherein the background processing includes decrypting data of the data packet and utilizing the error correction data to determine whether the data packet contains an error, and determining whether data received at the second port is encrypted based at least in part on the determination whether the data packet contains an error.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: An video receiving apparatus which reduces waiting time till image is displayed on a monitor include: a plurality of authentication executing units which perform respectively an authentication process to the external devices connected to each of the plurality of input terminals; a terminal selecting unit which selects one of the plurality of input terminals as a video input terminal based on an operation input from outside; an video receiving unit which receives the video information through one of the authentication executing units corresponding to the selected input terminal from the external devices connected through the selected input terminal; and a display control unit which outputs the received video information to a monitor.

Abstract: Embodiments of the invention may relate to the distribution of digital audiovisual sequences. The distribution of such sequences may involve generating and transmitting modified sequences and complementary information. The complementary information may allow reconstruction of the original sequences from the modified sequences.

Abstract: A method for processing Entitlement Control Message (ECM) packets is disclosed in the present invention. The method includes: a terminal receiving a broadcast code stream multiplexing frame and obtaining ECM packets from the received broadcast code stream multiplexing frame; and analyzing the ECM packet if the indicator of the ECM packet is judged to be inconsistent with the indicator of the locally stored ECM packet. An apparatus for processing ECM packets is also disclosed in the present invention, and the apparatus includes: a receiving module, an obtaining module, a judging module and an analyzing module. With the present invention, the efficiency of the terminal processing ECM packets is improved, and the limited resources of the terminal can be saved.

Abstract: A method and apparatus for securely and remotely enabling the playing of a media program encrypted by a content encryption key over the Internet is disclosed. A license encryption key and a content decryption key are separately and securely transmitted to the receiver. The license encryption key is stored in the CAM and later used to decrypt the content encryption key so that the media program may be recovered.

Abstract: There is provided a system and method for a universal file packager for use with an interoperable key chest. There is provided a method for distributing media contents to distributors, comprising obtaining a first key, a second key and a content, encrypting the second key using the first key to generate an encrypted second key, encrypting the content using the second key to generate an encrypted content, generating a key information file including the encrypted second key, generating a universal file including the encrypted content and a first network address for a central key repository (CKR), providing the key information file for storage in the CKR, and providing the universal file to the distributors. The universal file can then be provided to users for digital e-commerce and transferred across different distributors with the CKR negotiating key access for granting new interoperable DRM licenses.

Abstract: Provided is a broadcast receiving device including a determining unit configured to make a determination on a channel selected by a selecting unit as to whether the corresponding encryption key is available or unavailable, and a control unit configured to, when the determining unit determines that the encryption key is unavailable, allow the selecting unit to sequentially select channels displayed in a channel window, allow the determining unit to make the determination, and allow an output unit to generate and output the channel window so that the channel with the encryption key determined as unavailable is identified.

Abstract: A method for preventing a recipient of an electronically transmitted message from taking at least one action in relation to the message is disclosed. The message has at least two parts with one of the parts having a higher level of security than the other part. The method includes the step of extracting information from the message. The information indicates that the higher level security part is not permitted to have the action taken on it while the other part is so permitted. The method also includes the step of preventing the higher level security part from having the action taken on it in reaction to said recipient making an offending request.

Abstract: A method and apparatus are disclosed for distributing content items to a handheld device using a personal computer. A user can browse and select content using a personal computer or other computer that may be more readily available or more convenient to use than the handheld device. The personal computer can communicate with a web server which receives the user's request for content to be distributed to the handheld device. The web server can retrieve configuration information pertaining to the handheld device and communicate with a content server to determine whether the user's request for content distribution is valid based on information identifying the handheld device and at least some of the configuration information pertaining to the handheld device. The content server can transmit the requested content item to the handheld device if the user's request is valid and if the handheld device is able to receive the content item.

Abstract: This method of receiving a multimedia signal scrambled by means of a control word uses a first cryptographic entity that can be connected to any one of P second cryptographic entities to form part of a device for receiving the scrambled multimedia signal. Only second cryptographic entities of a group of N second cryptographic entities selected from a wider set of P second cryptographic entities use a session key obtained by diversifying a root key identical to the root key used to obtain the session key of the first cryptographic entity.

Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

Abstract: Provided is a digital broadcasting conditional access system and method, including a digital broadcasting transmitter and a digital broadcasting receiver. The transmitter scrambles a broadcasting signal using a control key, generates broadcasting viewing restriction information and broadcasting viewing entitlement information, and transmits the scrambled broadcasting signal after incorporating the broadcasting viewing restriction information and broadcasting viewing entitlement information into the scrambled broadcasting signal. The receiver extracts the broadcasting viewing restriction information and the broadcasting viewing entitlement information included in the scrambled broadcasting signal to generate the control key, descrambles the broadcasting signal using the control key, and reproduces the descrambled broadcasting signal. Thus, the system and method can be provided for a digital broadcasting receiver including a smart card.

Abstract: Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.

Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.

Abstract: Methods and apparatus to reduce channel switching time. A method for channel switching includes bundling entitlement control messages (ECMs) to generate bundled ECMs that comprise decryption keys associated with a first content channel and one or more additional content channels, respectively, and transmitting the bundled ECMs with the first content channel. An apparatus for channel switching includes key acquisition logic configured to receive bundled ECMs that comprise decryption keys associated with a first content channel and one or more additional content channels, respectively, processing logic configured to receive a request to render a second content channel that is part of the one or more additional content channels, and decryption logic configured to utilize a selected decryption key obtained from the bundled ECMs to decrypt the second content channel.

Abstract: A processor is configured to receive a digital video stream, calculate a hash of an I-Frame within the digital video stream, and submit the hash to a server. The processor is further configured to receive location information in response to submitting the hash to the server.

Abstract: Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device.

Abstract: Methods are provided for processing a packet received by a mesh-enabled access point (MAP). When a first MAP receives a packet it can determine whether the packet is destined for a mesh portal based on the destination address. If so, the first MAP can retrieve an encryption key corresponding to the mesh portal, use the encryption key to encrypt the packet and set a mesh forwarding flag in the packet to indicate that the packet is destined for a mesh portal, and is encrypted with an encryption key corresponding to the mesh portal, and then forward the packet to the next hop MAP towards the a mesh portal. The mesh forwarding flag indicates that the packet is destined for a mesh portal, is encrypted with an encryption key corresponding to the mesh portal, and is to be forwarded to the next hop MAP without performing decryption/re-encryption processing on the packet. When a MAP receives a packet, the first MAP it determines whether a mesh forwarding flag is set in the packet.

Abstract: A method and system are implemented for verifying connection status information associated with a specific display attachment location. Specifically, one embodiment of the present invention sets forth a method, which includes the steps of receiving a first signature representative of a first set of connection states tracked by a graphics subsystem associated with the display attachment location, authenticating whether the integrity of a content path including the display attachment location is maintained based on the first signature, and deciding whether to continue sending the content to the display attachment location so that requirements associated with protecting the content are satisfied.

Abstract: Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system.

Abstract: The invention relates to a method for decrypting encrypted broadband data by one or more authorized users comprising the following steps: provision of the encrypted broadband data (10) for a plurality of users; provision of encrypted or non-encrypted key data (30), which is of a comparatively narrower band than the broadband data (10) and which is personalized for one or more authorized users, exclusively in a decryption unit (40), said narrow-band key data (30) being held in the decryption unit (40) in a form that is not accessible to the authorized user; at least partial decryption of the encrypted broadband data (10) in the decryption unit (40) in order to output a broadband data stream (70) that is at least partially decrypted; or generation of broadband key information (30?) from the narrow-band key information (30) in the decryption unit (40) for the subsequent decryption of the encrypted broadband data (10).

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A method for transmitting data, a receiving method, related devices, and an aircraft equipped with the devices. The method includes determining an authentication word of the data; processing the data to obtain processed data; and transmitting the processed data on a transmission channel.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realization of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed version of the state, wherein rows and columns are transposed for the columns and rows, respectively.