In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Provided are a method and an apparatus for providing a trust-based media service. First user related data and second user related data are collected from a media service and other service, the trust is analyzed based on the collected data, trust information including the trust index of the first user or the second user is obtained, and the trust information is provided. The trust index is calculated based on a value of trustworthiness for a user obtained based on a first individual measurement index calculated based on the collected data and a value of relationship between the first user and the second user obtained based on a second individual measurement index calculated based on the collected data.

Tools are provided for distributing access-restricted content in an internet protocol television (IPTV) environment based on portable entitlement keys. Such tools can include a decoder, an encoder, and a network entitlement handler. The decoder may be configured to receive a key associated with entitlement information, and transmit the entitlement information over a network. The encoder may be configured to receive content from content providers, and to encode the content to create IP-compatible content, with access restrictions based on entitlement. The network entitlement handler may be configured to receive a request for requested content from the decoder; receive the access-restricted content (including the requested content) from the encoder; and transmit the requested content over the network to the decoder using IP, when the decoder is entitled to receive the requested content.

A server includes a hardware platform, a hypervisor platform, and a virtual machine operating as an independent guest computing device. The virtual machine executes a remote graphics generation protocol to generate a bitmap to be transmitted for display on a client machine associated with the virtual machine, determine a protection label to be inserted within the bitmap, and determine an optimization technique to be performed on the bitmap. The remote graphics generation protocol also determines if the optimization technique, if performed, alters the protection label. If yes, then the protection label is inserted within the bitmap without performing the optimization technique. If no, then the optimization technique is performed and the protection label is inserted within the bitmap.

A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B. Once the content transfer has completed B ensures that the received content has been physically written to non-volatile storage (to account for crashes etc. during the next step). B then calculates a hash over the received content and returns this value to the DRM Controller. If this value matches the value previously given then the transfer has been successful and the DRM Controller updates whatever central records are appropriate, while also returning a decrypt key to B to allow it to decrypt the content.

Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

A method of operating a data publishing device to distribute data content to receiving devices in a network and a method of operating a device to receive data content in a network, as well as devices performing the methods. In one aspect, a method comprises: receiving, from another device, data content that has been encrypted with a symmetric key shared with a trusted data content publisher device, requesting, from the trusted data content publisher device, a subset of the encrypted data content received from said another device in the network, and verifying whether the received subset of the encrypted data content matches a selected section of the encrypted data content received from said another device, wherein a match indicates that the encrypted data content received from said another device can be trusted.

A user terminal generates a first key pair and a second key pair, transmits a permission request including a public encryption key of the second key pair after electronically signing the permission request with a secret encryption key, and acquires, from permission information transmitted from a right-holder terminal, a content decryption key by using a secret decryption key of the second key pair and uses the content. The right-holder terminal stores a third key pair and the content decryption key, verifies the permission request received, and encrypts the content decryption key by using the public encryption key of the second key pair included in the permission request and transmits the permission information including the encrypted content decryption key after electronically signing the permission information with a secret encryption key of the third key pair. The permission request and the permission information are transmitted and received via a blockchain.

A system is disclosed for securely communicating between a user device and a target device, which includes a user input receiving user inputs and a user device memory for storing at least one fixed dataset having a plurality of data bits and an inherent entropy. At least one predetermined harvest process is stored in ser device memory, which is operable within a main harvest process to distill the dataset to a predetermined bit length to define a private key of the user at a predetermined key length. A processor operates to execute the main harvest process to receive a unique user Personal Information Number (PIN) acquired by the user and having a plurality of digits associated therewith, and wherein the at least one predetermined harvest process is dependent on the user PIN and the value of at least one of the digits therein, such that the at least one predetermined harvest process is parameterized by the value of the at least one of the digits and operates differently for each value of the at least one of the digits. The processor applies the at least one predetermined harvest process to the dataset to distill the dataset down to the predetermined key length to define the private key, and then stores the private key to the user device. A target device memory and an encryption engine on the target device interface with a proximity-based link. The private key is transferred to the target device via the proximity-based link and an interface on the target device stores the transmitted private key in the target device memory.

The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.