The present invention provides methods, apparatuses, and systems for delivering protected streaming content to a receiving device. In an aspect of the present invention, a broadcaster provides streaming content. To ensure viewers are properly authorized, the streaming content is encrypted with a traffic key. The traffic key is provided to the users via a key stream message, which is encrypted with a service key. The user obtains at least one rights object from a rights issuers and the at least one rights object includes the service key so that the streaming content may be used. The at least one rights object also contains information regarding usage rights that may be configured by the rights issuer so that, depending on the user and/or the receiving device, different rights may be available. The key stream message may include a program category variable value that indicates the type of content and in conjunction with the rights object, determines what usage rights exist for the streaming content.

A method of managing entitlements to program content of a content delivery system is disclosed comprising receiving a request, from a user, by a processing device, to subscribe to a video package or to purchase a video program from the content delivery system. The user has at least one user device configured for watching the program content. At least one entitlement resulting from the subscription or purchase is calculated and connection information for each of the plurality of user devices is retrieved from database. The at least one calculated entitlement is pushed to each user device by the processing device, via a network, using the connection information. A system configured to implement the method and a video streaming device, such as a set-top box and a smart device, for example, are also disclosed. The smart device may be a smart phone or tablet, for example.

A method for broadcasting protected multimedia content includes, at predetermined intervals, having an access-rights server broadcast each new right of access to the broadcast multimedia content only to those terminals whose logins are included in a broadcast list. In response to a predetermined event, a terminal sends, to the access-rights server, via a point-to-point connection, a status message indicating, to the access-rights server, that the terminal is in its ready state. Alternatively, if the terminal is occupied, it avoids sending a status message. In the absence of reception of the status message that was expected in response to the predetermined event, the access-rights server automatically removes the identifier of the terminal from the broadcast list.

Systems and methods for collecting audience measurement data using content protection signaling messages while playing back content are disclosed. One embodiment includes receiving content, where content is encrypted using at least one encryption key, receiving a content protection signaling message, where the content protection signaling message is associated with the content and includes a reference timestamp and decryption information associated with the content, processing the content protection signaling message to extract the reference timestamp and the decryption information and generating a message processing timestamp based on the time the content protection signaling message is processed, collecting audience measurement data and saving the audience measurement data into memory, where the audience measurement data includes the reference timestamp and message processing timestamp, recovering at least one decryption key using the decryption information, and decrypting the content using the at least one decryption key.

Disclosed herein are system, method, and computer program product embodiments for real-time enablement of over-the-top media service applications. An embodiment operates by receiving a device identifier from a customer device including a disabled third-party over-the-top (OTT) application, determining a verification status of the customer device based on the device identifier, determining a customer identifier associated with the customer device, and determining an entitlement status based on the customer identifier. The embodiment further operates by assigning a vendor-issued identifier to the customer identifier, generating a third-party token based on the verification status and the entitlement status, and sending the third-party token to the customer device and a third-party service associated with the disabled third-party OTT application. In some embodiments, the customer device and the third-party service may perform a handshake using the third-party token to enable the disabled OTT third-party application on the customer device.

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Some embodiments are directed to a method and to a device allowing an access control system to be applied to the protection of streamed video. The inventive system and associated method allow an existing access control system of Marlin type to be used innovatively based on the execution of two successive operation phases allowing DRM rights to be acquired followed by the delivery of content and the decryption thereof.

Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Systems and methods for securing communications in a playback device using a key base and at least one key contribution in accordance with embodiments of the invention are disclosed. In one embodiment, a process includes generating a key base using a decryption key and at least one key contribution, where the decryption key can be recovered using the key base and the at least one key contribution, receiving the key base, receiving the at least one key contribution, sending the key base to a decryption module, sending the key contribution to a control module, performing a control feature on the piece of content using the control module, providing the key contribution to the decryption module when the control feature is performed, generating the decryption key using the key base and the at least one key contribution, and accessing at least a portion of the piece of content.