A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

An information storage device including one or more processors configured to store an encrypted content and to control access of an external device to the information storage device is provided. The one or more processors are further configured to store a converted title key obtained by converting a title key which is an encryption key to be applied to decryption of the encrypted content, and a user token obtained by converting binding secret information to be applied to calculate the title key from the converted title key. The one or more processors are further configured to allow the external device having a confirmed access right to the information storage device to read out the user token.

Described herein are systems and methods for hardware enforcement of hardware functionality in a television receiver. An activation message containing an activation code for a specific hardware component within the television receiver can be transmitted from a television service provider system to a television receiver having an associated smart card. The smart card can decrypt the activation message, security check the activation message, confirm the activation message is intended for the television receiver, encrypt the activation message with a local key, and transmit the activation message to a security processor on the television receiver. The security processor can decrypt the activation message, security check the activation message to ensure it is from the smart card and has not been tampered with, and enable the hardware component within the television receiver based on the activation code within the activation message.

A system for securely providing streaming media content on-demand may include a plurality of receiving devices in which each receiving device may request the same or different streaming media content (e.g., stored at a content storage system of a content delivery network) on-demand using VOD or other available on-demand services and/or applications associated with, in communication with or running on the respective receiving devices. In response, the content storage system of the content delivery network will encrypt the requested content uniquely for each received request (e.g., according to an encryption key that is unique for each or virtually each request) and deliver the encrypted requested content to the appropriate respective receiving device of the receiving devices. The respective receiving devices will then each decrypt the streaming content as it is being received according to the corresponding decryption key communicated from a respective individual secure remote to the respective receiving device.

A communication system and method of operating the same includes a conditional access module and a customer service module customer service request signal. A handler receives the customer service request signal. The handler determines a communication path to the conditional access module through a connection pool and assigns the communication path for the customer service request signal. The handler communicates the request through the communication path and returns the path to the connection pool when communicating is complete.

A method and system for authenticating a user device includes an identity provider reading service and an external service provider receiving a request to access content from a user device and communicating the request to access content from a service provider to the reading service. The request to access content includes cookie data. The external service requests an identity provider token from the cookie data from the reading service based on the request to access. The identity provider reading service communicates the identity provider token to the external service provider. An identity provider communicates with the service provider. The external service generates and communicates an authentication request to the identity provider having the identity provider token and a service provider identifier. The identity provider communicates an assertion signal to the service provider when the cookie data is resolved at the identity provider. The service provider grants access to content to the user device in response to the assertion signal.

In one embodiment, a consumer device is assigned, at a broadcast headend to one of at least two groups of consumer devices, the two groups including a first group of consumer devices which is required to play content of a second type in order to view content of a first type and a second group of consumer devices which is not required to play content of the second type in order to view content of the first type. A video broadcast stream is sent from the broadcast headend to the consumer device, the video broadcast stream comprising content of the first type sent associated with a first packet ID (PID) and content of the second type sent associated with a second PID, wherein the first PID and the second PID are processed at the consumer device at the same time. An entitlement management message (EMM) is sent from the broadcast headend to the consumer device according to its group of consumer devices, the EMM being of one of a first type of EMM for devices of the first device type and a second type of EMM for devices of the second device type. An entitlement control message (ECM) stream is sent from the broadcast headend to the consumer device, the ECM stream including comprising three types of ECMs: ECM_P_i_start which enables the consumer device to produce a control word which decrypts a first portion of the content of the first type; ECM_A_(i−1) which enables the consumer device to produce a control word which decrypts content of the second type; and ECM_P_i_rest which enables the consumer device to produce a control word which decrypts a second portion of the content of the first type. Related hardware, systems and methods are also described.

A method for determining an identifier of a conditional access card used in a conditional access system, in which the conditional access card autonomously modulates the timing of data packets sent by the conditional access card, to form a timing sequence that corresponds to the identifier of the card. The sequence is generated by a predefined non-linear function stored on the conditional access card, and the predefined non-linear function depends on both the identifier of the conditional access card and a non-linear random sequence that is known to the conditional access card and a monitoring station that receives transmissions from the conditional access card.

A method for determining an identifier of a conditional access card used in a conditional access system, in which the conditional access card autonomously modulates the timing of data packets sent by the conditional access card, according to a sequence that depends on the identifier of the card. The sequence is generated by a predefined non-linear function stored on the conditional access card, and the predefined non-linear function depends on both the identifier of the conditional access card and a non-linear random sequence that is known to the conditional access card and a monitoring station that receives transmissions from the conditional access card.

The present invention aims to address the issue of deploying costly hardware by proposing a content protection layer with an easy distribution capability to clients. The aim is achieved by an network device for descrambling an access controlled audio/video content stream, said network device being configured to be connected to a network router comprises a memory to store a unique address UA specific to the network device, an network input/output interface, a descrambler to descramble the audio/video content stream, and a watermark engine configured to watermark the descrambled audio/video content stream by applying the unique address. A further object of the invention is a method to access scrambled audio/video content stream in a local or roaming mode by a multimedia reception device connected via an IP network to a network router having an IP port connected to the network device.