Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Systems and methods are described for monitoring content consumption. A method may comprise determining, by a device, content accessed by one or more user devices. The method may comprise causing a distributed ledger record to be generated. The distributed ledger record may comprise an indication of the content. The distributed ledger record may be stored on a distributed ledger. The distributed ledger may comprise other records indicating content accessed by a plurality of other devices.

Systems and methods for tracking creation and modification of digital records using consensus-driven semi-private blockchain. The present disclosure combines the benefits of Blockchain-like technology with traditional authentication by providing a verifiable immutable link between a low-delay Blockchain-like inscription and a highly trustworthy but delayed confirmation.

The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes a method of providing integrity protection for traffic on the overlay network.

A permission terminal 4 includes a generation unit 423 that generates access information for content using a content public key of the content and a user public key of a browser of the content, and a registration unit 424 that registers the access information in a blockchain. The access information includes an aggregate public key in which the content public key and the user public key are aggregated, a message for the content, and a content signature in which the message is signed with a content private key corresponding to the content public key. A browsing terminal 5 includes a checking unit 523 that acquires access information of requested content from a blockchain and verifies, with the aggregate public key of the access information, an aggregate signature where a user signature in which a message of the access information is signed with a user private key and the content signature of the access information are aggregated, and a request unit 524 that transmits a content request including the user signature or the aggregate signature if the verification succeeds.

The present disclosure provides systems and methods for authenticated control of content delivery. The method includes receiving a request for an item of content from a computing device, the request comprising a security token associated with the computing device and an identifier of a group of domains, identifying the group of domains from the identifier, and retrieving a security key associated with the group of domains. The method further includes decrypting a signature of the security token, identifying an authentication string, determining that the authentication string matches a server authentication string, and identifying characteristics of the security token. The characteristics of the security token include a confidence score. The method further includes comparing the confidence score of the security token to a threshold, determining that the confidence score does not exceed the threshold, and preventing transmission of content to the computing device.

Systems and methods to improve a technological process for signing documents are described. The system accesses a portable document format (PDF) file and a first signature tag marker element (STME) to parse the PDF to generate logical text block elements (LTBE). The LTBEs describe original document elements in the PDF including a first LTBE. The system sorts each LTBE against the first STME to pair the first LTBE with the first STME based on proximity. The system generates markup language information (MLI) for utilization at the client device (CD) for rendering a responsive markup language image (RMLI) in a responsive format and communicates the MLI to a CD for rendering the RMLI on the CD. The system receives the signing information from the CD causing the signing information to be associated with the first signature tag marker identifier and communicates the PDF and the signing information to the CD.

In a secure end-to-end transmission of data between a first device and a second device via a message broker, the following are performed: a sharing of an entropy pool between the first device and the second device via the message broker, by means of signalling messages, any payload of which is encrypted asymmetrically and which comprise a message signature; and a transmission of subsequent messages between the first device and the second device via the message broker, each said subsequent message comprising a header and a payload, the header comprising an identifier of an authentication key obtained from the shared entropy pool and an identifier of a symmetrical encryption key obtained from the shared entropy pool, the payload being encrypted symmetrically by means of the symmetrical encryption key, and the whole formed by the header and the payload being authenticated by means of a message authentication code obtained by means of the authentication key and inserted in the header. Thus, the subsequent messages benefit from the non-repudiation afforded by the way in which the entropy pool was previously shared.

Systems and methods for tracking media file playback are provided. A request to upload a media file and metadata associated with the media file is received. Next, the media file and metadata is uploaded via a blockchain protocol. Next, a request to play the media file is received from a client device or a digital service provider (DSP) platform. The request to play the media file is validated via the blockchain protocol. Upon validating the request to play the media file, the media file is transmitted for playback at the client device or DSP platform. Last, the number of times the media file is played is tracked via the blockchain protocol.

A system and method for media content management include creating, via a digital vault, a container file comprising media content submitted by a user and content metadata; verifying, via the digital vault, a completeness of the content metadata associated with the media content in the container file; classifying, via the digital vault, the container file based on the completeness of the media content; and capturing, via the digital vault, event metadata when a second user gains access to the container file, the event metadata comprising identification of the second user, an activation timestamp, a duration of access, portions of the container file accessed, and changes to the container file.