Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Systems and methods for providing playback features to a device are disclosed. A manifest may be generated, which may comprise data associated with a content asset. A state file may be generated, which may comprise data associated with the manifest. Using one or more of the manifest and the state file, a device may modify segments of the content asset or may playback segments of the content asset.

A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.

Embedding of digital tokens within a digital video can occur cryptographically using a public key in some embodiments. The digital video may be altered in a variety of ways so that the video itself contains an integrated token that can represent various quantities. Audiovisual data can be altered to contain both a token and a perceptible user auditory or visual cue as to the presence of the encrypted digital token. A video with an embedded digital token may be sent to users on the Internet. A video recipient may be able to view the video and also take additional action or gain additional functionality from the digital token embedded in the video. Tokens can be embedded by altering video metadata so that the perceptible video content itself is not changed in some embodiments.

A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Example methods and systems for modifying the playback of content using pre-processed profile information are described. Example instructions, when executed, cause at least one processor to access a media stream that includes media and a profile of equalization parameters, the media stream provided to a device via a network, the profile of equalization parameters included in the media stream selected based on a comparison of a reference fingerprint to a query fingerprint generated based on the media, the profile of equalization parameters including an equalization parameter for the media; and modify playback of the media based on the equalization parameter specified in the accessed profile.

A system, a computer readable storage medium, and methods for delivering content from a zero-knowledge edge server node in a content delivery network to an end user device, ensuring content control by a content provider (i.e. reduce piracy) while ensuring privacy of an end user device. One method includes publicizing that a particular content is available for download from the server node; initiating with the server node a communication session using a zero-knowledge protocol between the end user device and the server node operating in zero knowledge; downloading, while in the communication session, the particular content from the server node to the end user device; and receiving a response message from the end user device, including an indication of a content media player application, using the particular content, successfully executed at the end user device. The indication can be accompanied by a cryptographically verifiable proof of integrity.

Various embodiments include computing devices and methods for provisioning a set top box (STB) with a software stack. A processor of a computing device may receive a software stack download request comprising downstream channel descriptor (DCD) information, determine region information for the STB based on the DCD information, determine a software stack authorization for the STB, select a software stack for the STB based on the region information and the software stack authorization for the STB, and obtain the selected software stack to enable the STB to replace existing software with the selected software stack.

There is provided a receiving apparatus including circuitry that is configured to receive a broadcasting stream including digital data according to an IP (Internet Protocol) having a protocol stack of layers. The circuitry is configured to use a first key acquired based on a first control signal at a first layer to decode a second key included in a second control signal transferred at a second layer, and decrypt an encoded component that corresponds to a particular broadcasting service which is included in a stream obtained through the broadcasting stream, the second layer being a higher layer than the first layer in the protocol stack.