Separate user accounts can be linked into a group of linked user accounts so that content items assigned to each of the user accounts can be accessed by each user account in the group. Linking user accounts in this way allows the individual user accounts to share content items while also retaining their individual properties such as username, password, preference data, etc. Linking user accounts allows each user account to retain the content items assigned to the user account when the user account is unlinked from the group. Linking user accounts can be restricted according to linking rules that dictate how many user accounts can be included in a group, when a user account can be added or removed from a group, etc. A master user account can set parameters restricting content items accessible to the user accounts in the group, as well as money spent be each user account.

Separate user accounts can be linked into a group of linked user accounts so that content items assigned to each of the user accounts can be accessed by each user account in the group. Linking user accounts in this way allows the individual user accounts to share content items while also retaining their individual properties such as username, password, preference data, etc. Linking user accounts allows each user account to retain the content items assigned to the user account when the user account is unlinked from the group. Linking user accounts can be restricted according to linking rules that dictate how many user accounts can be included in a group, when a user account can be added or removed from a group, etc. A master user account can set parameters restricting content items accessible to the user accounts in the group, as well as money spent be each user account.

Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

In various example embodiments, a system and method for managing supplemental content relating to a digital good are presented. The supplemental content relating to the digital good may be received, where the supplemental content may be for presentation to a consumer. The supplemental content may be stored in accompaniment with the digital good. Ownership criteria associated with ownership rights of the supplemental content may be determined. The ownership rights corresponding to the supplemental content may be transferred from a first entity to a second entity based, at least in part, on the determined ownership criteria. The second entity may be authorized to access the supplemental content based, at least in part, on the determined ownership criteria. The supplemental content may be caused to be distributed to the second entity.

In various example embodiments, a system and method for managing supplemental content relating to a digital good are presented. The supplemental content relating to the digital good may be received, where the supplemental content may be for presentation to a consumer. The supplemental content may be stored in accompaniment with the digital good. Ownership criteria associated with ownership rights of the supplemental content may be determined. The ownership rights corresponding to the supplemental content may be transferred from a first entity to a second entity based, at least in part, on the determined ownership criteria. The second entity may be authorized to access the supplemental content based, at least in part, on the determined ownership criteria. The supplemental content may be caused to be distributed to the second entity.

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.

The invention relates to a process for transmitting streaming digital content to a client device for access to digital content. The inventive process makes it possible, in particular, to apply an access control system to the protection of direct-mode video streams. The process also makes it possible to significantly improve the security and safety of the system, based on a periodic mandatory back-communication on the part of the client device.

A method and an associated device for detecting fraud during automatic face recognition, the method comprising the following steps: acquiring a first image of the face by means of a first sensor having a first field angle, and a second image of the face by means of a second sensor having a second field angle that is narrower than the first field angle; analyzing the first image to verify that there is no frame around the face; and analyzing the second image to verify that there is no moiré effect.

Methods and systems are described for a media guidance application that limits the incentive for authorized users to share content with unauthorized users, while still allowing users to access content virtually anywhere. Specifically, the media guidance application allows an authorized user to receive only a portion of a media asset that he or she is authorized to access on a different device, after a designated time period, and/or when the remaining portion of the media asset is inaccessible.