Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Methods and apparatus for selecting, purchasing and delivering content to users of a network so that the user has “virtual” ownership of and access to the content, thereby obviating the need for physical media (e.g., DVDs or CDs). In an exemplary embodiment, the network comprises a hybrid fiber coax (HFC) network, and on-demand (OD) sessions or broadcast modes are used to deliver the virtual content stored at the head-end (or hub site) to the requesting owner. The purchased content is associated with one or more users when stored, thereby providing the owner(s) unlimited access thereto, without the costs and effort associated with renting/purchasing and maintaining DVDs. The content may also comprise new release content, which would otherwise not be available over the network at that time but for the purchase and delivery mechanisms of the invention. Various other complementary features for enhancing the user's virtual ownership experience are also disclosed.

A video stream from a user device that is destined for a recipient device is received at a core network of a wireless carrier network. The video stream has a video quality that at least meets a quality threshold for behavioral biometric analysis. A determination of whether a video privacy policy for the user device permits transmission of the video stream of the video quality to the recipient device is made. In response to the video privacy policy not permitting the transmission of the video stream of the video quality, the video quality of the video stream is downgraded to generate a downgraded video stream that prevents behavioral biometric analysis for transmission to the recipient device. However, in response to the video privacy policy permitting the transmission of the video stream of the video quality, the video stream of the video quality is transmitted to the recipient device.

A video stream from a user device that is destined for a recipient device is received at a core network of a wireless carrier network. The video stream has a video quality that at least meets a quality threshold for behavioral biometric analysis. A determination of whether a video privacy policy for the user device permits transmission of the video stream of the video quality to the recipient device is made. In response to the video privacy policy not permitting the transmission of the video stream of the video quality, the video quality of the video stream is downgraded to generate a downgraded video stream that prevents behavioral biometric analysis for transmission to the recipient device. However, in response to the video privacy policy permitting the transmission of the video stream of the video quality, the video stream of the video quality is transmitted to the recipient device.

The present invention provides methods, apparatuses, and systems for delivering protected streaming content to a receiving device. In an aspect of the present invention, a broadcaster provides streaming content. To ensure viewers are properly authorized, the streaming content is encrypted with a traffic key. The traffic key is provided to the users via a key stream message, which is encrypted with a service key. The user obtains at least one rights object from a rights issuers and the at least one rights object includes the service key so that the streaming content may be used. The at least one rights object also contains information regarding usage rights that may be configured by the rights issuer so that, depending on the user and/or the receiving device, different rights may be available. The key stream message may include a program category variable value that indicates the type of content and in conjunction with the rights object, determines what usage rights exist for the streaming content.

A motion picture distribution system, the system including a central computer, an exhibitor computer, a communication channel, and a back channel. The central computer is located at a central site and configured to distribute a digital version of the motion picture. The exhibitor computer is located at an exhibitor location that is remote from the central site. The exhibitor computer is configured both to receive the digital version of the motion picture from the central computer, and to display the motion picture. The communication channel is configured to facilitate the electronic transfer of the digital version of the motion picture from the central computer to the exhibitor computer. The back channel is coupled between the central computer and the exhibitor computer, and configured to allow for the transfer of information between the exhibitor computer and the central computer.

A video signal transmitter or receiver for handling multiple video signals, including mainboard signal processing circuitry, one master fiber module, and one or more add-on fiber modules. Video data signal for the multiple videos are transmitted over the master and add-on fiber modules, but no video control signal is transmitted over any add-on fiber module. Video control signal for all of the multiple videos are transmitted on a first subset of channels of the master fiber module in a multiplexed manner. The mainboard signal processing circuitry cooperates with the signal processing chip of the master fiber module to process all video control signals, with the master fiber module processing video control signals for at least two videos. Non-video signals are processed by the mainboard circuitry and transmitted on a second subset of channels of the master fiber module (same as or different from the first subset of channels).

A video signal transmitter or receiver for handling multiple video signals, including mainboard signal processing circuitry, one master fiber module, and one or more add-on fiber modules. Video data signal for the multiple videos are transmitted over the master and add-on fiber modules, but no video control signal is transmitted over any add-on fiber module. Video control signal for all of the multiple videos are transmitted on a first subset of channels of the master fiber module in a multiplexed manner. The mainboard signal processing circuitry cooperates with the signal processing chip of the master fiber module to process all video control signals, with the master fiber module processing video control signals for at least two videos. Non-video signals are processed by the mainboard circuitry and transmitted on a second subset of channels of the master fiber module (same as or different from the first subset of channels).