A system is disclosed for securely communicating between a user device and a target device, which includes a user input receiving user inputs and a user device memory for storing at least one fixed dataset having a plurality of data bits and an inherent entropy. At least one predetermined harvest process is stored in ser device memory, which is operable within a main harvest process to distill the dataset to a predetermined bit length to define a private key of the user at a predetermined key length. A processor operates to execute the main harvest process to receive a unique user Personal Information Number (PIN) acquired by the user and having a plurality of digits associated therewith, and wherein the at least one predetermined harvest process is dependent on the user PIN and the value of at least one of the digits therein, such that the at least one predetermined harvest process is parameterized by the value of the at least one of the digits and operates differently for each value of the at least one of the digits. The processor applies the at least one predetermined harvest process to the dataset to distill the dataset down to the predetermined key length to define the private key, and then stores the private key to the user device. A target device memory and an encryption engine on the target device interface with a proximity-based link. The private key is transferred to the target device via the proximity-based link and an interface on the target device stores the transmitted private key in the target device memory.

A control logic component at the server side may, responsive to a request to access protected content residing on a client machine, dynamically evaluate one or more rules. The request may be received from a client application running on the client machine by a rights management services server or by an agent running on the client machine. In some embodiments, the control logic component can be hosted in a cloud computing environment, on an enterprise server, or provided as a service. Each rule may reference a policy such as a digital rights management policy. The control logic component may determine, based on condition(s) set forth in the rule, if any policy is current and applicable to the protected content and communicate its findings to the requesting server or agent such that they can take appropriate action to protect the downloaded content.

Systems and methods to download digital data files are provided. A particular method includes sending authentication data and a request to download a digital data file from a portable computing device to a remote network device via a first network access point. A first portion of the digital data file is received at the portable computing device. The first portion does not include a remaining portion of the digital data file. Communication is established between the portable computing device and a second network access point after communication is lost between the portable computing device and the first network access point and before the remaining portion of the digital data file is received. The remaining portion of the digital data file is received at the portable computing device without sending a second request related to downloading the digital data file.

A method for protecting digital media content from unauthorized use on a client, is described. The method comprising the steps of receiving from a server on the client a list of processes, instructions, activity descriptions or data types that must not be active simultaneously with playback of the digital media content (“the blacklist”). The method further comprising checking, on the client, for the presence of any items on the list; and continuing interaction with the server, key management and playback of protected content only if no items on the list are detected on the client. A system is also described.

The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.

Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

A method for enabling data classification and′ or enforcement of Information Rights Management (IRM) capabilities and′or encryption in a software application according to which, an agent is installed on each terminal device that runs the application and a central management module which includes the IRM, encryption and classification policy to be enforced, communicates with agents that are installed on each terminal device. The central management module distributes the appropriate IRM and′or classification policy to each agent and applies the policy to any application that runs on the terminal device.

Methods and systems for selecting and delivering content are provided. More particularly, content can be delivered to an output device from a user device through a device adaptor, such as an over-the-top (OTT) device. The OTT device or devices available to the user device are determined by a communication server. In particular, the OTT device or devices available to the user device are limited to those OTT devices associated with an output device in the user's room, or that the user is otherwise authorized to access.

A system and method for media content management include creating, via a digital vault, a container file comprising media content submitted by a user and content metadata; verifying, via the digital vault, a completeness of the content metadata associated with the media content in the container file; classifying, via the digital vault, the container file based on the completeness of the media content; and capturing, via the digital vault, event metadata when a second user gains access to the container file, the event metadata comprising identification of the second user, an activation timestamp, a duration of access, portions of the container file accessed, and changes to the container file.

Generating a modified protected file is disclosed, including: renaming a primary content object of a protected file; and creating a modified protected file based at least in part by inserting into the protected file a replacement object for the renamed primary content object. Using the modified protected file is disclosed, including: determining that a file includes a renamed primary content object; and redirecting a data access operation to the renamed primary content object.