Disclosed herein are system, method, and computer program product embodiments for real-time enablement of over-the-top media service applications. An embodiment operates by receiving a device identifier from a customer device including a disabled third-party over-the-top (OTT) application, determining a verification status of the customer device based on the device identifier, determining a customer identifier associated with the customer device, and determining an entitlement status based on the customer identifier. The embodiment further operates by assigning a vendor-issued identifier to the customer identifier, generating a third-party token based on the verification status and the entitlement status, and sending the third-party token to the customer device and a third-party service associated with the disabled third-party OTT application. In some embodiments, the customer device and the third-party service may perform a handshake using the third-party token to enable the disabled OTT third-party application on the customer device.

Controlling or limiting visibility into particular metadata associated with the transfer of media content from a source device or system to a receiving device or system.

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

An electronic device for providing geolocation independent content rights management includes a non-transitory storage medium and a processing unit. The processing unit executes instructions stored in the non-transitory storage medium to receive a request for content from a content access device and, if the content access device is registered to an account associated with a geolocation, provides access to the content. In some implementations, the processing unit may determine if the content access device is registered using a token corresponding to the request. In various implementations, the processing unit may verify that one or more digital rights management and/or persistence policies allow the access, such as where access may be provided to one copy of the content at a time.

An electronic device for providing geolocation independent content rights management includes a non-transitory storage medium and a processing unit. The processing unit executes instructions stored in the non-transitory storage medium to receive a request for content from a content access device and, if the content access device is registered to an account associated with a geolocation, provides access to the content. In some implementations, the processing unit may determine if the content access device is registered using a token corresponding to the request. In various implementations, the processing unit may verify that one or more digital rights management and/or persistence policies allow the access, such as where access may be provided to one copy of the content at a time.

Some embodiments are directed to a method and to a device allowing an access control system to be applied to the protection of streamed video. The inventive system and associated method allow an existing access control system of Marlin type to be used innovatively based on the execution of two successive operation phases allowing DRM rights to be acquired followed by the delivery of content and the decryption thereof.

Systems and methods for securing communications in a playback device using a key base and at least one key contribution in accordance with embodiments of the invention are disclosed. In one embodiment, a process includes generating a key base using a decryption key and at least one key contribution, where the decryption key can be recovered using the key base and the at least one key contribution, receiving the key base, receiving the at least one key contribution, sending the key base to a decryption module, sending the key contribution to a control module, performing a control feature on the piece of content using the control module, providing the key contribution to the decryption module when the control feature is performed, generating the decryption key using the key base and the at least one key contribution, and accessing at least a portion of the piece of content.