A Controlled Environment Secure Media Streaming System manages the delivery of content to Secured Devices. Cloud Services provide content to Integration Hub. The Integration Hub interfaces with various cloud services providers and prepares content for consumption by a resident of a secured facility. Integration Hub utilizes Content Filter to inspect content received from cloud service providers for suitability for use in a secured environment. Once content is retrieved, filtered, formatted, and packaged by Integration Hub, the content is stored in Data Warehouse. Secured Devices request content from the Distribution Hub, the Distribution Hub retrieves the content from the Data Warehouse, and then Distribution Hub manages the transfer of content to the Secured Devices. In some embodiments, Distribution Hub utilizes Content Filter to determine whether or not a particular Secured Device can access particular content.

Systems and techniques for real-time feature level software security are described herein. A request may be received from a computing device for data from the feature of the software application. The request for data may include authorization information of a user of the computing device. It may be identified that the feature of the software application contains code containing a reference to a security configuration service. A security configuration may be determined for the feature of the software application by comparing a resource identifier and a feature identifier of the feature of the software application to a set of security configurations of the security configuration service. The security configuration may provide access rules for the feature of the software application. A response may be sent to the computing device based on a comparison of the received authorization information of the user of the computing device to the determined security configuration.

The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

A method and system provide the ability to process video content on a headend. A video processing server authenticates with a key server and public keys are exchanged. The key server generates and places a content key into a document that is signed with the public key. A client on the video processing server receives the document, extracts the content key, and saves the content key to a database. The video content is encrypted using the content key and DRM signaling elements are added to a manifest. The encrypted video content and manifest are received in the head end, a key ID is extracted from the manifest and provided to the CPIX client to retrieve the content key from the CPIX document. The encrypted video content is decrypted using the content key resulting in clear content that is provided to a downstream packager that encrypts and repackages the content for transmission to recipients.

The present disclosure related to managing a data license in a machine-to-machine (M2M) system, and a method for operating a first device may include generating a first resource including data and a second resource including information for managing a license of the data, receiving a message for requesting an operation for the data from a second device, determining, based on the information in the second resource, whether the operation is permitted, and transmitting a second message for performing the operation to the second device or a third device.

A system and method for identifying unauthorized uploaded content that has been uploaded before a stream has been ingested is disclosed herein. The stream is compared against the indexed uploaded content repeatedly as the stream is received. The matching process is done once per a time period until a match meeting a minimum match duration threshold is identified. The match is then determined to be unauthorized, and a claim is issued against the unauthorized uploaded content. The time period can be based on a utility based analysis that factors the computational costs of repeated matching versus the diminishing value of the stream as time progresses.

A Controlled Environment Secure Media Streaming System manages the delivery of content to Secured Devices. Cloud Services provide content to Integration Hub. The Integration Hub interfaces with various cloud services providers and prepares content for consumption by a resident of a secured facility. Integration Hub utilizes Content Filter to inspect content received from cloud service providers for suitability for use in a secured environment. Once content is retrieved, filtered, formatted, and packaged by Integration Hub, the content is stored in Data Warehouse. Secured Devices request content from the Distribution Hub, the Distribution Hub retrieves the content from the Data Warehouse, and then Distribution Hub manages the transfer of content to the Secured Devices. In some embodiments, Distribution Hub utilizes Content Filter to determine whether or not a particular Secured Device can access particular content.

A method for protecting content, comprising receiving, from a client device, a request for an encryption key for encrypting the content comprising a reference associated with the client device, identifying a set of supported security capabilities corresponding to the reference associated with the client device, identifying a set of required security capabilities corresponding to the content associated with the key request, determining if the set of supported security capabilities satisfy the set of required security capabilities, and in response to determining that the supported security capabilities satisfy the set of required security capabilities, transmitting the encryption key to the client device.

In one example, a device directory server may maintain a digital rights management list for a user device belonging to a device group associated with a user. The device directory server may maintain a primary digital rights management list associating a user device with a primary online account for a user having a content license for a digital content item. The device director server may receive a status update indicating the user device is still in use by the user if sent by the user device. The device directory server may determine whether a status update has been received from the user device. The device directory server may deactivate the user device on the primary digital rights management list when no status update has been received within a pruning period for the user device to be associated with the primary online account.

In one embodiment, a computing device includes: a media player operative to at least play a content item on the computing device, a blockchain-based wallet application operative to transfer a transaction amount to a publisher wallet ID via an associated blockchain-based transaction service, a secure digital rights management (DRM) client application operative to verify the transfer of the transaction amount to said publisher wallet ID according to a public transaction ledger associated with the associated blockchain-based transaction service and upon successful verification of the transfer of the transaction amount to the publisher wallet ID at least unlock a locked version of the content item, and a processor operative to execute the media player, the blockchain-based wallet application, and the DRM client application.