Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

A method for determining an identifier of a conditional access card used in a conditional access system, in which the conditional access card autonomously modulates the timing of data packets sent by the conditional access card, to form a timing sequence that corresponds to the identifier of the card. The sequence is generated by a predefined non-linear function stored on the conditional access card, and the predefined non-linear function depends on both the identifier of the conditional access card and a non-linear random sequence that is known to the conditional access card and a monitoring station that receives transmissions from the conditional access card.

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

Systems and methods are disclosed herein for optimizing bandwidth for broadcast transmission. The disclosed techniques herein provide for receiving first and second content for transmission to subscriber devices on a first and second channels. The system then determines whether the first and second content contain a common segment. If so, the system updates metadata schema (e.g., homogeneous channel descriptor, homogeneous switch descriptor) to indicate there is a common segment. The system may generate a transport stream during multiplexing of the first and second channels based on the updated metadata schema. The transport stream, for a time duration based on the at least one common segment, includes a first audio feed of the first content and a first video feed of the first content to be provided on the second channel. The system then transmits the transport stream to the one or more subscriber devices.

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

A device (40) for generating a watermarked stream (39), comprising: at least one input interface (41) configured to receive encrypted control messages (20) and conditional access streams (30) including a main stream (33) and protected watermarking data streams (35) from which a watermarking information (38) can be embedded in said watermarked stream (39); a security module (43) configured to process said control messages (20) and to control access to said conditional access streams (30); a descrambler (45) configured to remove protection applied on at least some of said conditional access streams (30); a watermarking unit (47) configured to generate the watermarked stream (39) from said conditional access streams (30) by selectively processing said watermarking data streams (35) depending on access data (AC, AR) included in some of said control messages (20).

Systems and methods for securing communications in a playback device using a key base and at least one key contribution in accordance with embodiments of the invention are disclosed. In one embodiment, a process includes generating a key base using a decryption key and at least one key contribution, where the decryption key can be recovered using the key base and the at least one key contribution, receiving the key base, receiving the at least one key contribution, sending the key base to a decryption module, sending the key contribution to a control module, performing a control feature on the piece of content using the control module, providing the key contribution to the decryption module when the control feature is performed, generating the decryption key using the key base and the at least one key contribution, and accessing at least a portion of the piece of content.

The invention relates to a computer guard system for controlling delivery of encrypted media assets in a service which governs the delivery of a set of media assets to a group of authorized users comprising: an administrator interface configured to receive configuration data from an administrator to define at least one environment defining how media assets in that service are to be delivered to authorized users, wherein the configuration data defines, for each environment, (a) multiple DRM technologies for decrypting the same asset at multiple end user platforms, each DRM technology being associated with its own set of default license properties; (b) at least one software plug-in to be instantiated to perform a verification method to verify if an end user request for delivery of an asset is valid; a store for holding defined environments with respective environment identifiers; a key server module having an interface connectable to an encryption module and configured to: exchange (i) an asset identifier, which identifies an asset to be encrypted, (ii) a secret key for use in encrypting the asset, and (iii) a key identifier which is to be located in the encrypted asset and which identifies the secret key; execute a set of rules to compare a characteristic associated with the asset with multiple environments to associate at least one environment with the asset wherein the characteristic represents the service for which the asset is provided; and store an association between the asset and at least one determined environment, whereby multiple assets for the same service intended for delivery on different end users platforms are associated with a single environment, and wherein the configuration data for each environment identifies the default license properties and software plug-in to be applied to the asset, in dependence on the DRM technology used at the end user platform to enable the computer system to automatically respond to end user requests to play out an asset.