Abstract: A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server that has computer instructions to execute a web server application at the mobile device server. The web server application can be operable to detect a media resource center while roaming in a communication zone of the media resource center and to transmit a pairing key to the media resource center responsive to acquiring communication access to the communication zone. The web server application can be further operable to receive from the media resource center an indication that a roaming charge will be applied to a subscriber account associated with the mobile device responsive to the media resource center identifying from the pairing key that the mobile device server is a guest device. Other embodiments are disclosed.

Abstract: A time clock 10, capable of outputting a datum to an USB memory 100 connected thereto, includes a controller authenticating whether or not the USB memory 100 is valid an external apparatus as an output destination to which the datum is output, and determining whether or not the datum is output on the basis of the authentication result. Further, the controller 25 authenticates an external apparatus on the basis of an authentication datum stored in the USB memory 100. The controller 25 performs the authentication on the basis of an identification datum of the time clock and an identification datum included in the authentication datum stored in the external apparatus.

Abstract: A method for processing Entitlement Control Message (ECM) packets is disclosed in the present invention. The method includes: a terminal receiving a broadcast code stream multiplexing frame and obtaining ECM packets from the received broadcast code stream multiplexing frame; and analyzing the ECM packet if the indicator of the ECM packet is judged to be inconsistent with the indicator of the locally stored ECM packet. An apparatus for processing ECM packets is also disclosed in the present invention, and the apparatus includes: a receiving module, an obtaining module, a judging module and an analyzing module. With the present invention, the efficiency of the terminal processing ECM packets is improved, and the limited resources of the terminal can be saved.

Abstract: Systems and methods for site-dependent embedded media playback manipulation whereby a media owner can enable limited embedding on non-owned or non-monetized websites to direct traffic to a more valuable location. The content owner can specify sets of internet locations with associated sets of rules governing content playback criteria as well as restrictions based upon user categorizations. A playback restriction system consists of a media delivery system and a playback rules system. The media delivery system controls the delivery of the media file with embedded restrictions. The playback rules system controls the nature of the restrictions and the rules of when they are applied. Users will be directed to the location of a more valuable website where the media can be viewed with a less restrictive set of rules.

Abstract: A method and apparatus are disclosed for distributing content items to a handheld device using a personal computer. A user can browse and select content using a personal computer or other computer that may be more readily available or more convenient to use than the handheld device. The personal computer can communicate with a web server which receives the user's request for content to be distributed to the handheld device. The web server can retrieve configuration information pertaining to the handheld device and communicate with a content server to determine whether the user's request for content distribution is valid based on information identifying the handheld device and at least some of the configuration information pertaining to the handheld device. The content server can transmit the requested content item to the handheld device if the user's request is valid and if the handheld device is able to receive the content item.

Abstract: An apparatus and method for preventing falsification of a client screen is provided, in which a web server dynamically generates URIs and provides them to clients, thus preventing the falsification of client screens due to a web injection attack or a memory hacking attack. The apparatus includes a random web generation unit for converting an identical web page into random URIs that are randomly generated, at a request of a plurality of clients, generating different random web sources, and providing the different random web sources to the respective clients. A web falsification determination unit compares display web source eigenvalues respectively generated by the clients with respect to any one of the random web sources with a generative web source eigenvalue for the one of the random web sources, thus determining whether screens corresponding to the random web sources displayed on the respective clients have been falsified.

Abstract: When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.

Abstract: A number of encryption system types utilized by subscriber terminal devices currently requesting tuning to a particular switched digital video (SDV) content selection is determined in response to each change in a number of the subscriber terminals requesting tuning to the particular SDV content selection. SDV content associated with the particular SDV content selection is encrypted as either encrypted SDV content or multiply partially encrypted SDV content based upon the determined number of encryption system types beginning from a current play location indicated for the SDV content selection within an electronic program guide (EPG). Either the encrypted SDV content or the multiply partially encrypted SDV content is distributed as part of an outgoing SDV content stream to the subscriber terminals currently requesting tuning to the particular SDV content selection.

Abstract: The present invention provides a method and a device for receiving a mobile digital multimedia service and terminal equipment for a mobile digital multimedia service, and the method for receiving the mobile digital multimedia service includes: a receiving device receiving multimedia broadcast data, and if the receiving device judges that a state of the multimedia broadcast data is a scrambling state, descrambling the multimedia broadcast data, and sending descrambled multimedia broadcast data to computer equipment, and the computer equipment receiving the descrambled multimedia broadcast data. The technical scheme of the present invention does not need to send key information needed in descrambling to the computer equipment, so that the security of the key information can be increased; and the receiving device re-encapsulates the multiplex subframe and retains the subframe header part in the multiplex subframe, so as to make the descrambled data code steam entirely retain the original information.

Abstract: A method and apparatus for securing media asset distribution for a marketing process is described. In one embodiment, the method includes generating a dynamic security component for each media asset allocation to at least one receiver, wherein the dynamic security component verifies the at least one receiver upon login, coupling the dynamic security component to at least one file having a media asset and communicating a locator reference associated with the at least one file to the at least one receiver, wherein the locator reference is created using the dynamic security component.

Abstract: A method and apparatus for controlling access restrictions for media resource playback may include defining a user-specific content control profile authorizing one or more classes of content to be delivered to a client device, generating a media resource request identifying a first media resource associated with a first class of content and one or more attributes of the content control profile, determining whether the first class of content has been authorized for delivery to the client device based at least in part upon the one or more attributes of the content control profile, and delivering the first media resource to the client device if the first class of content has been authorized for delivery to the client device.

Abstract: A broadcast receiving apparatus comprises a broadcast receiving unit (1, 4˜13) for receiving a digital broadcast; a communication unit (1˜3) for performing two-way communication through a network; an operation unit 15 for performing an acquisition operation of a key for decrypting an encrypted broadcast program received by the broadcast receiving unit; and an address generating unit 16 for generating an address of an acquisition location of the key which is accessible with the communication unit, by using program arrangement information corresponding to the broadcast program based on the acquisition operation of a key by the operation unit.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.

Abstract: Methods of providing a transport streams are disclosed. In one embodiment, among others, a method comprises receiving an input transport stream having a plurality of packet identifier (PID) streams included therein, the plurality of PID streams comprising first, second, third, and fourth PID streams, decrypting the first PID stream, statistically multiplexing the second PID stream, encrypting the third PID stream, and transmitting the fourth PID stream, wherein the receiving, decrypting, statistically multiplexing, encrypting, and transmitting are implemented at a transport stream apparatus.

Abstract: A method and structure for authentication in a system having devices capable of communicating via multiple signal paths. Authentication is carried out between first and second devices. A first device communicates with a second device over a first data signaling path of an interface between the first and second devices in a first portion of an authentication process. A second device communicates with the first device over a second data signaling path of the interface between the first and second devices in a second portion of the authentication process.

Abstract: Provided is a method and system for controlling access to a mail transfer agent (MTA), included in a mail server infrastructure (MSI), by a client, which is either a mail user agent (MUA) or an MTA not included in the MSI, and features determining whether to grant access to a client based upon the accesses made to this and other MTAs at the present time or in the past. To that end, the method includes receiving a request for access to the one of the plurality of mail transfer agents by the client. Access between the client and other MTAs is determined to obtain an existing access profile. A conditional access profile is developed from the existing access profile and from the request. The conditional access profile is compared against a permissible access profile to determine whether to grant the request. If it is determined that the conditional access profile does not violate the rules and criteria, the access is granted. Otherwise, access is denied.

Abstract: A security system is applied to venue-cast content transmissions over a broadcast/multicast network infrastructure. The broadcast network infrastructure may be Evolution-Data Only Broadcast Multicast Services (BCMCS) that facilitates distribution of a subscription-based content delivery service. A venue-cast service can be part of the subscription-based content delivery service and has an associated service key. Upon subscribing to the content delivery service, the subscriber access terminal is given the service key. Such service key may be associated with a particular subscriber package and/or venue location. The same service key is provided to the broadcast network infrastructure that broadcasts venue-cast content. A broadcast access key is generated by the broadcast network infrastructure and used to encrypt venue-specific content to be broadcasted. Consequently, only access terminals that have received the service key (e.g.

Abstract: A method of displaying an image includes generating a contract in the display engine, transferring the contract to the memory controller before the end of a sweep, generating a contract amendment in response to changes in the display engine, transferring the contract amendment to the memory controller, making a decision whether the contract amendment can be processed, fetching data from the memory controller according to the contract incorporating the contract amendment if the decision is that the contract amendment can be processed, sending the fetched data to the display engine in an isochronous stream; and processing the fetched data using the display engine.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server that has computer instructions to execute a web server application at the mobile device server. The web server application can be operable to detect a media resource center while roaming in a communication zone of the media resource center and to transmit a pairing key to the media resource center responsive to acquiring communication access to the communication zone. The web server application can be further operable to receive from the media resource center an indication that a roaming charge will be applied to a subscriber account associated with the mobile device responsive to the media resource center identifying from the pairing key that the mobile device server is a guest device. Other embodiments are disclosed.

Abstract: Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor's request. The SPM module creates a request package containing the requestor's information as well as the node's identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.

Abstract: A method, system and program product for authenticating a user seeking to perform an electronic service request is provided. The method includes verifying user identity data received from a user requesting an electronic service, detecting whether or not any variances are found based on the set of user profile data associated with the user seeking to perform the electronic service requested, identifying the risk level for the electronic service based on whether or not any variances are found and any characteristics thereof, if any variances are found, applying one or more business policies or rules for handling any variances that are found. The method further includes issuing to the user, using a customer relationship management system, a challenge corresponding to the risk level identified for the electronic service requested, and authorizing the user to perform the electronic service requested only if a correct response is received to the challenge issued.

Abstract: A method for pairing a first element and a second element, wherein the first element and the second element form a first decoding system among a plurality of receiving decoding systems in a broadcasting network. Each receiving decoding system is adapted to descramble scrambled audiovisual information received over the broadcasting network. A first key unique in the broadcasting network is selected. A second key is determined according to the first key, such that a combination of the first key and the second key enables to decrypt broadcasted encrypted control data that is received to be decrypted by each receiving decoding system, the encrypted control data being identical for each receiving decoding system. The first key and the second key are assigned respectively to the first element and the second element.

Abstract: A device for locating a DES key value that corresponds to a packet identification (PID) contained at a variable possible location which comprises part only of a 32-bit packet header. A table stored in memory contains for each DES key: (i) a packet header having 32 bits with a PID of either 12, 9 or 8 bits contained at a defined location and with zero values elsewhere, and (ii) a mask value also having 32 bits with ones contained at the said defined location of the PID and zeros elsewhere. The table is divided into regions for respective packet format types. An incoming packet header at an input is combined with a first one of the mask values from the table to provide a combined value that consists of the value held in the input packet header at the defined location and zeros elsewhere. This combined value is compared with the corresponding packet header stored in the table. When they are not equal, the combining and comparison is repeated for the next row of the table.

Abstract: Provided are an apparatus and method for searching a start position of a broadcast program. According to an embodiment of the present invention, a received broadcast program is recorded in a recording medium while being output as video and audio. If a new broadcast program is started, position information regarding a start part of the new broadcast program is stored in a memory. Thus, a current broadcast program is reproduced from a start part by searching a start position of the current broadcast program recorded in the recording medium with reference to stored position information. A determination on whether the new broadcast program is started is done on the basis of Electronic Program Guide (EPG) information or a change in audio and video signals. Accordingly, it is possible to quickly search and reproduce a start part of a broadcast program which is currently recorded.

Abstract: Segmented media content rights management is described. A media device can receive segments of protected media content from media content streams that each include a different version of the protected media content. A media content file can be generated to include the segments of the protected media content that are sequenced to render the protected media content for viewing. A file header object can be instantiated in a file header of the media content file, where the file header object includes DRM-associated features, such as one or more DRM licenses, properties, and/or attributes that correspond to the media content file to provision all of the segments of the protected media content together.

Abstract: A product mark including a public key certificate issued with respect to an information-recording-medium manufacturing entity or information-recording-medium manufacturing equipment, and an encrypted volume ID calculated by computation based on a product-mark-associated value such as a hash value generated on the basis of the product mark, and a volume ID as an identifier set with respect to a given set of discs to be manufactured, are generated. The product mark and the encrypted volume ID are set as information for generating a key used for decryption of encrypted content, and recorded onto a disc by a reflective-film-removal recording method. Due to this configuration, the product mark and the encrypted volume ID as key generating information cannot be read from a pirated disc produced by physically copying a pit pattern on the basis of a legitimate commercial disc, thereby making it possible to prevent unauthorized reproduction or use of content.

Abstract: An image commercial transactions system and method, an image transfersystem and method, an image distribution system and method, and a display device and method are disclosed. A reception dealer accepts the transfer of an image recorded on a recording medium in a predetermined format with a handling condition intrinsic to the image, and transfers the image with the handling condition, and an advertisement, in digital data format, and a charge accounting dealer effects an electronic charge accounting transaction for the transfer of data of the image with the handling condition and the advertisement. Accordingly, a forwarding request user is helpful in making public the advertisement by having the data of the advertisement along with the data of the image forwarded, instead of the reception dealer, whereby a transfer fee for the data of image can be made lower. Consequently, it is possible to enhance the usability for the transfer significantly.

Abstract: An information processing system is supplied capable of holding a security; and transferring an output authority which is had by a transfer source portability terminal to a transfer destination portability terminal.

Abstract: A data recording apparatus and a data reproducing apparatus which ensure security of a portable recording medium, such as an optical disk. The apparatus has a security mode and a normal mode as operation modes. In the security mode, a system controller of the apparatus records a security identification signal in an area other than a user data area of the optical disk. At the time of copying of the optical disk, the security identification signal disappears, and a limitation is imposed on reproduction, thereby preventing copying operation. In the security mode, the system controller records the security identification signal in the area other than the user data area of the optical disk, as well as recording user data by means of converting an address through use of a password. At the time of reproduction of data, absence or presence of the security identification signal is ascertained. When the security identification signal is present, the address is inversely converted, thereby reproducing data.

Abstract: A communication system and method for operating the same includes a group of user devices and a content delivery network in communication with the group of user devices. The content delivery network selects a plurality user devices from the group of user devices, divides the content into a crucial portion and a non-crucial portions, and encrypts the crucial portions differently for each of the user devices in the group using conditional access encryption. The content delivery network communicates the non-crucial portions to the plurality of user devices, communicates the encrypted crucial portion to the plurality of user devices separately from the non-crucial. The plurality of user devices assembles the crucial portion and the non-crucial portions to form the content.

Abstract: A communication system 100 includes a group of user devices 110, a satellite 106 and a content delivery network 120 in communication with the group of user devices 110. The content delivery network 120 selects a plurality of user devices 110 from the group of user devices 110, divides content into a crucial portion and non-crucial portions, communicates the non-crucial portions to the plurality of user devices using a peer-to-peer network until all non-critical portions are received. After communicating the non-crucial portions, the content delivery network 120 communicates the crucial portion to the plurality of user devices 110 through the satellite. The plurality of user devices assembles the crucial portion and the non-crucial portions to form the content. In addition, security information may be first transmitted through the satellite to the user devices so that a peer-to-peer network may be established. Thereafter, the non-crucial portion are exchanged through the peer-to-peer network.

Abstract: Embodiments of the invention provide for shielding a sensitive file on a computer that can connect to a server computer via a network. The computer may determine whether it complies with security compliance requirements sent from another computer or not in response to a read instruction or a write instruction of the sensitive file by application software, and encrypt the sensitive file with an encryption key.

Abstract: Provided are a device and method for providing a video stream, in which a hash value of a frame is included in the header of a video stream, and authentication information about the header is inserted into the video stream, thus ensuring integrity against the forgery of the video stream. The device includes a base frame encoding unit which encodes a base frame, an enhancement frame encoding unit which encodes an enhancement frame, a frame encryption unit which encrypts the encoded base frame and the encoded enhancement frame, a hash processing unit which calculates hash values for the encrypted base frame and the encrypted enhancement frame and hash values included in headers of previous and subsequent video streams, a header management unit which includes information about the encoded base frame and the encoded enhancement frame and the calculated hash values, in a header, and manages the header, and an authentication information creation unit which creates authentication information about the header.

Abstract: A method and apparatus for controlling access restrictions for media resource playback may include defining a user-specific content control profile authorizing one or more classes of content to be delivered to a client device, generating a media resource request identifying a first media resource associated with a first class of content and one or more attributes of the content control profile, determining whether the first class of content has been authorized for delivery to the client device based at least in part upon the one or more attributes of the content control profile, and delivering the first media resource to the client device if the first class of content has been authorized for delivery to the client device.

Abstract: A method of displaying an image includes generating a contract in the display engine, transferring the contract to the memory controller before the end of a sweep, generating a contract amendment in response to changes in the display engine, transferring the contract amendment to the memory controller, making a decision whether the contract amendment can be processed, fetching data from the memory controller according to the contract incorporating the contract amendment if the decision is that the contract amendment can be processed, sending the fetched data to the display engine in an isochronous stream; and processing the fetched data using the display engine.

Abstract: A method and apparatus for processing an electronic document in a secure manner is provided. A client may verify that the configuration state of a standalone document-processing device has not changed since a prior configuration state by issuing a request to a security server. The security server may process the request to determine whether the configuration state of the standalone document-processing device has changed since the document-processing device was registered with the security server. The security server may also verify that actions performed on the document-processing device. A storage medium of a document-processing device may be protected against unauthorized removal of the storage medium by storing, separate from the storage medium, a password required to access the storage medium, and when the document-processing device is powered on, the password is provided to the storage medium.

Abstract: A data processor is connected to and communicating with an external device having at least one predetermined communication/authentication method. A first assigning unit assigns a first level of priority to each combination having a plurality of first type methods including a communication and authentication method. A first selecting unit selects a combination in order from the highest grade to the lowest grade of the first level. A second determining unit determines whether at least one of the plurality of the first type methods corresponds to a prescribed method. A canceling unit cancels the selection of the combination selected by the first selecting unit when the second determining unit determines that at least one of the plurality of the first type methods corresponds to the prescribed method.

Abstract: A method of verification of rights is disclosed, contained in a security module associated to an apparatus processing broadcasted digital data. The apparatus is connected to a management center transmitting encrypted rights messages for accessing the digital data. The method includes reception and reading by the security module of all or part of a rights message including at least one right and means for verifying the right, decryption and verification of the rights message and updating of a rights memory, and storage of all or part of the rights message in a messages memory. During a further verification step, the method includes identification of at least one right present in the rights memory, search of the corresponding stored rights message and verification of the rights message, comparison of the right contained in the rights message with the corresponding right stored in the rights memory, and determination of a default state when the result of the comparison indicates a difference.

Abstract: A method for managing access to scrambled broadcast or transmitted events received from a variety of service providers (including broadcast television networks, cable television networks, digital satellite systems). Each service provider employs the same public key for descrambling the access information message thereby permitting a user to access events from various service providers without changing the smart card. The method may also be expanded to manage access to a scrambled package of broadcast events.

Abstract: In a method of descrambling a scrambled content data object, at least a section of the scrambled content data object is descrambled by applying at least one decryption operation under a key at least partly derivable from a content descrambling key. At least one content descrambling key is obtained from a message received from a conditional access sub-system over a data communication channel. At least one cryptogram of data obtainable from at least one content descrambling key in the message, each of which cryptograms are carried in the message, is decrypted under an associated channel key. A first key is used to establish each channel key. At least the section of the scrambled content data object is descrambled by applying a further decryption operation under a key at least partly derivable from the first key.

Abstract: A proprietary portable audio player system for protecting digital content copyrights, which includes a proprietary portable audio player, a web access interface, and an online music server. The proprietary portable audio player has a hardware unique device identity. The proprietary portable audio player has a playback token acquirement mode and uses a first transmission medium to link with the online music server to thereby obtain a playback token for a corresponding music file playback. The online music server pre-stores a plurality of music files with compression formats, a plurality of playback tokens, and a mapping table. When a playback token signal from the web access interface is received, the online music server accordingly issues a playback token corresponding to a specific music file, updates the mapping table, and sends the playback token to the proprietary portable audio player through the first transmission medium.

Abstract: Technologies to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disk (200) carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations (225), access secure non-volatile storage, submit data to CODECs for output (250), and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies.

Abstract: A system structured from a management device, a content key distribution device and a plurality of terminals suppresses the data volume of a terminal revocation list (TRL). The management device generates and transmits a TRL formed from data that expresses terminal IDs of all terminals to be invalidated, by only a value and a position of a common bit string in the IDs, to the content key distribution device. Each terminal holds a terminal ID that includes a manufacturer ID and a serial number, and requests the distribution of a content key by sending the terminal ID to the content key distribution device. The content key distribution device refers to the TRL, judges whether the terminal ID transmitted from the terminal is that of an invalidated terminal, and if negative, encrypts and transmits the content key to the terminal.

Abstract: A system, device and method for allowing protected content to be transferred to end user communication devices that support different digital rights management (DRM) formats or schemes than the DRM format of the content provider. The method includes providing a Limited Rights Issuer (LRI) that issues content and associated digital rights to one or more of the end user devices within a domain defined by a Domain Authority with which the LRI has registered. The Limited Rights Issuer also translates content and associated digital rights information from the DRM format of an upstream DRM system to the DRM format of a downstream DRM system, which includes the end user devices within the defined domain. The system allows select end user devices to enjoy interoperability of content protected under different DRM schemes, while allowing content providers to still maintain a suitable level of DRM protection for their content.

Abstract: A method of authorising conditional access to an encrypted digital data product, includes storing at least one set of entitlements in a secure device, each entitlement including a product identifier and expiry information, receiving entitlement control messages from a decoder system including a device for decrypting encrypted digital data products using control words, each entitlement control message including a product identifier, and in a first mode, returning at least one control word in response to an entitlement control message including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including expiry information indicating the entitlement to be valid, and, in a second mode, progressively adjusting a counter to a pre-determined value and returning at least one control word in response also to entitlement control messages including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including

Abstract: The present invention is suitable for use in a multi-encrypted system that dynamically allocates stream identifiers in a secondary overlay stream depending upon the identifiers in a primary encrypted stream. The primary encrypted input stream is monitored to determine the presence of all identifier values. Once the identifier values are determined, the values are stored in an allocation table and marked as ‘in-use’ to ensure that these identifier values are not allocated to any of the secondary overlay streams. The primary encrypted stream is monitored and the allocation table is updated continuously to detect any changes or conflicts to the identifier values, and the secondary overlay streams are dynamically updated accordingly.