This method for reading a video stream comprises a step of comparing a datum characteristic of a behavior of a user with a set of predetermined thresholds, each of which, when it is crossed, characterizes an abnormal behavior of the user, a step of signaling an abnormal behavior if at least one predetermined part of these thresholds is crossed, and, otherwise, the absence of this signaling of an abnormal behavior, and a step of executing a counter-measure which makes it more difficult or impossible to access the set of information items contained in a first baseband video stream on the basis of various proofs of a second baseband video stream composed by a first terminal, this execution step being triggered automatically in response to the signaling of an abnormal behavior and not being triggered in the absence of this signaling of an abnormal behavior.

The present invention relates to the domain of control of access to audiovisual content transmitted to a receiver, in particular control based on the localization of the receiver.

This invention proposes a method of control of access to content transmitted to a receiver, said receiver being part of an access geographic control system comprising verification means and security means, the method comprising the following steps:

acquisition of a current localization by a portable device,

transfer of the current localization to the verification means,

extraction, in a memory of the verification means, of a localization data set defining at least one area,

verification, by the verification means, that the current localization is included in said area, and if so, transmission of an authorization message for the reception of the audiovisual content to the security means relative to the receiver.

A top-level service executes a procedure call to at least one dependent service to determine an entitlement result for a user device making a request of the top-level service. A processing device generates an entitlement token comprising the entitlement result, encrypts the entitlement token and sends the entitlement token to the user device. The user device can return the entitlement token when making additional requests of the top-level service to prevent the top-level service from having to make additional procedure calls to the at least one dependent service.

Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

In one embodiment, a command is received from a video provider at a media rendering device, the command being a command to embed a subscriber ID in at least one video frame in a video stream. A random key, k is also received from the video provider at the media rendering device. An injective transformation is invoked for k and the subscriber ID, the injective transformation generating a sequence of pairs of: near-transparent patterns and corresponding time periods. Logical blocks of the at least one video frame in the video stream are overlaid with one of the near-transparent patterns for its one of the corresponding time periods. Related apparatus, systems, and methods are also described.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure output domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module.