Techniques for on-demand issuance of private keys for encrypted video transmission are described. A video processing service of a provider network receives a request from a computing device outside the provider network to begin video processing of video data generated by a video source device outside the provider network. The video processing service sends instructions to a video encoding device associated with the video source device to establish the connection for video transmission. The video processing service sends an encryption key to the video encoding device, and sends a decryption key to a video decryption engine. Subsequently, the video processing service receives video data from the video source device, via the video encoding device.

The technology disclosed herein includes capturing a media content from a media recording device, generating a hash of the media content, storing the media content in a storage device, and transmitting a media transaction to a distributed ledger, the media transaction comprising the location of the media content in the storage device and the hash of the media content.

A system and method for tracking digital assets associated with video games. The digital assets may be in-game digital assets, such as in-game items or characters. The digital assets may be video game digital media assets representing moments of gameplay of a video game, such as video clips or images. The digital asset is created, and a distributed ledger tracking a history of the digital asset is created and stored across devices. A unique token for the digital asset can include a unique identifier and metadata identifying properties of the digital asset. Changes to properties of the digital asset, such as ownership, visual appearance, or metadata, can be identified in a request to update the history. A new block can be generated for, and appended to, the distributed ledger identifying the changes to the history of the digital asset. The new block can include hashes of previous blocks.

A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

A monitoring service monitors performance of an authentication application that authenticates a user or service and securely communicates a status of the authentication application to a service application providing a software service. The monitoring service generates a token using a private key. The token is stored in a secure datastore writable only by the monitoring service and is also provided to the service application. The service application validates a signature of the token using a public key and determines an authenticity of the token by comparing the received token to the stored token in the secure datastore. In doing so, there is a high degree of confidence that the token, or an associated encrypted message, originated from the monitoring service and properly identifies the status of the authentication application.

A cell phone is disclosed for acquiring information to be transmitted to a receiving facility and for transmitting such thereto. A capture device captures information from an external source. A processor is provided for associating with the captured information a representation of the date and time of the capture of the information, such that the representation of the date and time information in association with the captured information forms augmented captured information. The processor also places the augmented captured information in association with subscriber information in a transmission of the augmented captured information to a receiving facility requiring such subscriber information. A transmitter transmits the transmission including the augmented captured information and the subscriber information to the receiving facility. An encryptor encrypts the augmented captured information with a symmetrical encryption algorithm to provide encrypted augmented captured information in the transmission with the subscriber information.

A privileged node holds a secret key (SKEY), and normal nodes each hold a public key (PKEY). The normal nodes each include a transaction inputting unit that receives transaction data (TDATA), a transaction transmitting unit that transmits the TDATA, a transaction managing unit that manages a transaction history in a form of blockchain, and a block receiving unit that receives blocks from the privileged node. The privileged node includes a transaction receiving unit that receives TDATA from each of the normal nodes, a block generating unit that generates a signature value (SIG) on the basis of a SKEY, and generates a block containing TDATA and the SIG, and a block transmitting unit that transmits blocks. The transaction managing unit adds a block to the blockchain on condition that the authenticity of the SIG in the block is confirmed by using the PKEY.

A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.

A system includes an authentication server and a media authentication device. The authentication server stores authenticated media files. The authenticated media files have an associated string value. Generally, the authentication device is used to scan a barcode on a media sample, determine a string value from the scanned barcode, generate a string value based on fragments of the media sample, and determine a string value from an authenticated media file on the authentication server. The authentication device then concatenates the barcode string value with the generated string value, and it concatenates the authentication string value with the generated string value. A hash function is applied to the concatenated string values, and the resulting hash values are compared. The authentication device causes to be displayed an indication that the media sample is authentic when the hash values match.

Systems and methods are described to monitor consumption of a content item at a user device. Based on the monitored consumption, a token is generated, where the token represents an attribute of the content item and demographic data of a user associated with the user device. Access to the token is granted to a first content provider and denied to a second content provider based on received user input, and the token is converted into a first format. Converted token data associated with the first format is stored in a distributed ledger accessible to the first content provider and the second content provider, where the first content provider is capable of recovering the token from the converted token data, whereas the second content provider is not capable of such recovering. A content recommendation is received from the first content provider, based on the token recovered by the first content provider.