734 results about "Conditional access" patented technology

A set-top media system is disclosed which can be combined with an open architecture personal computer (PC) to provide a feature-rich secure integrated media center while meeting security rules of most major conditional access and content protection industry rules such as Cable Labs DFAST and PHILA agreements; and DTLA agreements for 5C-DTCP for IEEE1394, USB, and IP. The set-top media center and PC share common resources such as high definition display, remote control, hard disk drive, and other external unsecure storage devices. All media content is available seamlessly using a PC user interface, including controlled-content media such as high definition TV, within a PC desktop window. All controlled-content media is manipulated and managed within the set-top media system in a seamless manner. A novel mechanism is disclosed to allow controlled-content media to be stored on unsecure devices in encrypted form while overcoming the disk cloning attack problem for move operations.

A system and method for storing and retrieving program material for subsequent replay is disclosed. The method comprises the steps of receiving access control information and the program material encrypted according to a first encryption key, the access control information including the first encryption key and control data; further encrypting the access control information and the encrypted program material according to a second encryption key; encrypting the second encryption key according to a third encryption key to produce a fourth encryption key; and storing the encrypted access control information and encrypted program material and the fourth encryption key.

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

A content distribution system and method which prevents unauthorized access to secured content such as movies and music. The apparatus includes a source, a receiver, an authorized security device such as a conditional access module (CAM) for decrypting authorized content, an output device for outputting content and a backend for managing accounts and system operations. One aspect of this invention provides a mechanism for providing secured content on a medium such as a DVD optical disc. These devices may verify that there is authorization to play the secured content, add watermarks to the secured content, convert the secured content to a displayable form and provide a means for preventing output of the secured content.

A compact, self-contained, personal key is disclosed. The personal key comprises a USB-compliant interface releaseably coupleable to a host processing device; a memory; and a processor. The processor provides the host processing device conditional access to data storable in the memory as well as the functionality required to manage files stored in the personal key and for performing computations based on the data in the files. In one embodiment, the personal key also comprises an integral user input device and an integral user output device. The input and output devices communicate with the processor by communication paths which are independent from the USB-compliant interface, and thus allow the user to communicate with the processor without manifesting any private information external to the personal key.

Automated financing products, services, and processes are enabled by the more complete, timely, and accurate information provided by a conditional access network. In one example, the financing product is an automated loan process. The automated loan process is able to receive timely product information, such as product status and location, and adapt loan terms, rate, or loan amount responsive to the information. For example, a loan may be adapted according to product activations, products that are deactivated, or according to which distributor is holding product. Information from the conditional access network may also be used to evaluate repayment terms. For example, the loan provider can use information from the conditional access network to confirm status of collateral, and accelerate the loan as appropriate. In this way, loan risk is reduced.

A method is used to restore the security of a secure assembly such as a chip card, after the contents of its second memory zone have been read by a third party. The method is for generating a security key implemented by a secure module comprising a central unit, a first conditional access memory zone and at least one second memory zone containing all or part of the user program. The method includes reading of all or part of the second memory zone, and generation of at least one root key based on all or part of the second zone data and on at least one item of secret information stored in the first memory zone.

Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content delivery, conditional access, and digital rights management.

Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content repurposing, after it has been bridged to a secondary DRM system, but still under the control of the original DRM system.

In embodiments of the present invention capabilities are described for a prepaid expense card management platform, where the management platform may be presented as a graphical user interface. The prepaid expense card management platform allows businesses to increase spending control and decrease overhead time associated with the administering of reimbursement expenditures. Controls enabled include funds allocation, funds transfer, user account administration, user access, spend rules, reports generation, usage profiles, conditional access, time usage restrictions, location usage restrictions, settlements processing, and alerts.

In accordance with one embodiment, a method for storing a normal scrambled digital program is provided. The method includes receiving a scrambled program, and receiving a plurality of access requirements. Each access requirement can descramble the scrambled program. The method also includes selecting at least one of the access requirements, and storing the scrambled program and the selected requirement.

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

Methods and systems for a generic key packet for MPEG-2 transport scrambling and descrambling are disclosed and may comprise descrambling multiple package identifier channels in a transport stream utilizing a single generic key packet. The single generic key packet may comprise scrambling keys for each of the multiple package identifier channels, and may comprise scrambling keys for time intervals corresponding to two or more successive key change points. A key change point may be enabled to occur at the same time instant for each of the multiple package identifier channels, or may be enabled to occur at different time instants for one or more of the multiple package identifier channels. The scrambling/descrambling may comprise copy protection or conditional access descrambling. The generic key change packet may comprise information identifying a scrambling/descrambling algorithm, such as AES, DES and 3-DES, for example.

The present invention relates to broadcasting/multicasting of media content over a communication network using shared bandwidth available from peer-to-peer networking. The system of the present invention includes a plurality of broadcast devices, a plurality of receiving devices, a plurality of databases, and a control center. The control center is the central nerve of the network, and provides a number of services, including but not limited to channel control, ad insertion, conditional access, program guide services, and the like. The broadcast device converts media content, which can be television, radio, and other data, received from various content providers, into digital data packets, having a suitable format for transmission over the Internet. Each receiving device will request the relevant packets, decode the received packets, and display or present the media content contained in the packets via an associated device. Packets may be received directly from the broadcast devices or from peers (other receiving devices) on the network.

Provided are an apparatus for receiving cable broadcasting programs and a multiplexer and a de-multiplexer thereof for reducing data amount processed in a Cable CARD and for correcting synchronization of descrambled data stream. The apparatus includes: a multiplexing unit for filtering a broadcasting stream to select only programs selected by a viewer and multiplexing the selected programs; a conditional-access processing unit for receiving the multiplexed streams and processing the multiplexed streams for conditional access (descrambling); and a de-multiplexing unit for de-multiplexing the multi stream from the conditional-access processing unit and correcting a program clock reference (PCR).

A cache memory has a conditional access mechanism, operated by a locking condition. The conditional access mechanism uses the locking condition to implement conditional accessing of the cache memory.