An ecosystem for distributing digital content over an electronic communications network includes a content creator computer system having a processor and a memory configured to store raw digital content. The system further includes computer systems for content service and for a retailer, both in operable communication with the processor. The content service computer system is configured to receive the raw digital content and transmit packaged digital content. The retailer computer system is configured to receive the packaged digital content and display its availability to an electronic device of a user. The ecosystem further includes a blockchain in operable communication with the processor, and the content service and retailer computer systems. The blockchain is configured to verify a transfer of the packaged digital content from the content service system to the user, a payment from the user to the retailer, and an update with information regarding the verified transfer and payment.

A frequency domain resource configuration method and apparatus, the method including obtaining, by a base station, a first frequency hopping parameter set of UE in N sub-bands, where the N sub-bands have a mapping relationship with a frequency hopping pattern that is indicated by the first frequency hopping parameter set, where the sub-band is a length of consecutive frequency domain resources in a system bandwidth, and where N1, and further including sending, by the base station, first configuration information to the UE, where the first configuration information includes sub-band identifiers of the N sub-bands and the first frequency hopping parameter set.

A key delivery mechanism that delivers keys to an OS platform (e.g., iOS platform) devices for decrypting encrypted HTTP live streaming data. An HTTPS URL for a stateless HTTPS service is included in the manifest for an encrypted HTTP live stream obtained by an application (e.g., a browser) on an OS platform device. The URL includes an encrypted key, for example as a query parameter value. The application passes the manifest to the OS. The OS contacts the HTTPS service to obtain the key using the URL indicated in the manifest. Since the encrypted key is a parameter of the URL, the encrypted key is provided to the HTTPS service along with information identifying the content. The HTTPS service decrypts the encrypted key and returns the decrypted key to the OS over HTTPS, thus eliminating the need for a database lookup at the HTTPS service.

There is disclosed a method of controlling use of encrypted content by a plurality of client terminals each provided with a digital rights management (DRM) client and a content decryption module separate to the DRM client. First key information is provided for use by one or more selected ones of the DRM clients, and second key information is provided for use by one or more selected ones of the content decryption modules. Content key information is encrypted to form encrypted content key information such that the selected ones of the content decryption modules are enabled by the second key information to recover the content key information from the encrypted content key information. The encrypted content key information is further encrypted to form super-encrypted content key information such that the selected ones of the DRM clients are enabled by the first key information to recover the encrypted content key information from the super-encrypted content key information. Corresponding head-end and client terminal apparatus are also disclosed.

A method includes: receiving a blacklist identifying piracy threatening items that pose a piracy threat such that, if installed and active with playback of the digital media content on the client, the piracy threatening items facilitate unauthorized use of the digital media content, the piracy threatening items on the blacklist having associated priority values; identifying first and second subsets of piracy threatening items in the blacklist responsive to the associated priority values; determining whether one or more piracy threatening items associated with the first subset are present on the client; performing a DRM transaction provisioning the digital media content for playback responsive to determining that no piracy threatening items associated with the first subset are present on the client; and determining whether to play back the digital media content responsive to determining whether one or more piracy threatening items associated with the second subset are present on the client.

A Method and Apparatus is disclosed for Multi-Agent Authentication in a decentralized or distributed network of Cyber-Physical Systems for the purpose of enhancing the overall Utility of Agency and Ownership. This Apparatus consists of an End Agent Authentication Device (an Authenticator) that is necessary in all authentication processes, and this invention defines an End Agent State Machine, and a set of nine distributed authentication processes that are enabled by this Authenticator. This Method acknowledged the ability for an Authenticated End Agent to have its Semantic Data Model managed by its Authenticated Owner. This Method enhances security and reduces complexity by allowing the Authenticator to execute these nine processes in both decentralized or distributed network configurations.

An Example of this Method and Apparatus in use is a scenario with an internet-connected non-Authenticator Device (a Non-Authenticator End Agent) in a commercial/retail location whereby the Owner (an Owner Interested Agent) of that Device, very likely the Owner of the commercial/retail location, has Authenticated that Device using their Authenticator (an Authenticator End Agent) on a Decentralized or Distributed Network. In this example, the owner has pre-defined the Semantics of that Device's End Agent Sub-Class(es), State Machine Sub-Classes (if any), and its Classes and Attributed of Service to commercial/retail customers in the Device's Semantic Data Model. As a function of that Semantic Data Model, the owner has defined the Sub-Classes of commercial/retail customers (Non-Owner Interested Agents) who have the Permission to Authenticate with the internet-connected Device, be served by the Device, and in certain circumstances even Control the Device, within the Parameters set by the Owner of that Device in the Device's Semantic Data Model. When this Non-Owner Authentication occurs, an Owner-defined limited-to-significant set of capabilities are made available by the End Agent to the Non-Owner Interested Agent without compromising the notion in the Semantic Data Model of Ownership, Control and/or Authentication.

A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

A system, method, and computer-readable medium are disclosed for separating the purchase of digital assets from their fulfillment and activation. Digital assets purchase information comprising digital assets identifier information and activation key data, and system identifier information comprising system identifier data, is received. The purchase information and the system identifier information are processed to generate digital assets activation request data, which is then processed by the provider of the digital assets to generate digital assets activation data. Associated digital assets data is provided with the digital assets activation data and then processed with the purchase transaction data to generate digital assets entitlement data. A personalization agent associated with a target system automatically downloads the purchased digital assets and associated digital assets entitlement data, which is used to install the digital assets, thereby entitling the system to process the installed digital assets.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure output domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Management of key information as described herein enables a respective service provider to distribute encrypted content to subscribers, preventing improper use of the content without authorization. For example, the service provider can distribute encrypted content for recording by a subscriber at a remote location. At or around a time of recording the encrypted content, and on behalf of the user, the service provider initiates storage of the corresponding decryption information that is needed to decrypt the recorded encrypted content. In order to play back the recorded segments of the encrypted content, the subscriber communicates with a server resource to be authenticated. Subsequent to being authenticated, the server resource distributes a copy of decryption information needed to decrypt the previously recorded segments of encrypted content to the subscriber. Accordingly, the service provider retains control of playing back content via controlled distribution of the corresponding copy of decryption information.