Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.

A plurality of sets of primary product keys is established or generated, each set containing at least two different primary product keys. One primary product key of each set is made available to each receiver or group of receivers, such that each receiver or group of receivers is provided with a different combination of said primary product keys. For each set of primary product keys, the plurality of receivers or groups of receivers is provided with a different primary entitlement control message corresponding to each primary product key of said set, each such primary entitlement control message distributing a primary control word for recovery through decryption using the corresponding primary product key. The primary control words can then be used for purposes such as tracing compromise of the conditional access system, or arranging for differently fingerprinted content to be decoded at different receivers or groups of receivers.

A system for maximizing storage of encrypted content in a storage system includes one or more processors; and a storage medium storing instructions. When executed, the instructions may configure the one or more processors to: receive, from a first client device, a first data structure encrypted commutatively with a first key and a common key, the receiving system lacking access to the common key; receive the first key and a first segment identifier; receive, from a second client device, a second data structure encrypted commutatively with a second key and the common key; receive a second segment identifier; using the first key, partially decrypt the first data structure; storing the partially decrypted first data structure; and selectively storing a copy of the second data structure based on whether content of the first data structure corresponds to content of the second data structure.

The disclosure relates to content delivery systems such as gateways for use in locations where the services of many end user devices are provided by a common management entity, such as hospitality, dormitory, healthcare, or other enterprise settings. The disclosure includes methods of initializing a gateway configuration and operating a gateway by ingesting content from a variety of signals (satellite, broadcast, cable, and IP), processing the content to have additional desired features, and reassembling content in various forms for delivery to individual end user devices.

A buffer model in an HTTP streaming client may include receiving a first content fragment of a first content stream in response to a first HTTP request. It may also include receiving a second content fragment of a second content stream in response to a second HTTP request. The buffer model may further include storing the first and second content fragments in first and second buffers of a plurality of configurable buffers. The first and second content fragments may be multiplexed into a third buffer of the plurality of buffers. The multiplexed first and second content fragments may be stored in a fourth buffer of the plurality of buffers for playback. The buffer model may be implemented by an application. The buffers may be designed based on one or more constraints.

Methods and apparatus for distributing content using a spectrum generation device. In one embodiment, digital content is received via a time-multiplexed network transport (such as Gigabit Ethernet), and converted to frequency channels suitable for transmission over a content distribution (e.g., Hybrid Fiber Coaxial (HFC)) network. In one variant, the conversion is performed using digital domain processing performed by a full spectrum generation device. Additionally, methods and apparatus for selectively adding, removing, and/or changing digital content from the full spectrum device are also disclosed. Various aspects of the present invention enable physical (infrastructure) consolidation, and software-implemented remote management of content distribution.

Provided is a method for transmitting a packet in a communication system, comprising the steps of: identifying the packet according to a packet identification criterion; reallocating frames included in the identified packet and encrypting the packet in which the frames have been rearranged; and transmitting the encrypted packet.

A method and system provide the ability to deliver media content. A packager receives an original encrypted transport stream, and segments the stream into multiple fixed-duration transport stream files (chunks). The packager further generates a manifest file that describes the chunks and is consistent with a hypertext transfer protocol (HTTP) live streaming (HLS) protocol. The manifest file and chunks are delivered to a content delivery network (CDN). An enhanced HLS client is embed in an integrated receiver decoder (IRD). The enhanced HLS client retrieves the manifest file and the chunks from the CDN, and reconstructs the original encrypted transport stream for use by a service provider network.

The disclosure relates to content delivery systems such as gateways for use in locations where the services of many end user devices are provided by a common management entity, such as hospitality, dormitory, healthcare, or other enterprise settings. The disclosure includes a gateway system that is configurable to ingest content from a variety of signals (satellite, broadcast, cable, and IP), process the content to have additional desired features, and reassemble content in various forms for delivery to individual end user devices. The gateway can be constructed from a series of modular processing blades with specific processing functions all interconnected by a common backplane and managed by a control module. A gateway can be inserted downstream from a node to allow additional end units to be added without exceeding the node capacity.

A broadcast encryption method that allows a broadcaster to send encrypted content to a set of users such that only a subset of authorized users can decrypt the content, and to perform both temporary and permanent revocation of users. Accordingly, during a Setup stage, a Key Service generates a public key and a Master Secret Key (MSK) and sends the Public Parameters PP used to generate the public key to a broadcaster and to all users. The broadcaster uses the Public Parameters PP to create a message M, with which the broadcaster encrypts the content, and further creates a Cipher Text (CT), which is sent to all users. During a Key Gen stage, whenever a user wishes to decrypt the message M for decrypting the content, the user sends a request with his ID1 to the Key Service. The Key Service generates a corresponding secret key SK.sub.ID1 and the secret key SK.sub.ID1 is sent to the user ID1 via a secure data channel. During a Decrypt stage, the user uses the secret key SK.sub.ID1, to decrypt the Cipher Text (CT) and obtain the message M. During a Revoke stage of k users (k=1, 2, 3, . . . ) a State Update Message (SUM) which is sent to all users, is provided and each user updates his state with the SUM he received, such that the k users having identities ID.sub.1, ID.sub.2, . . . ID.sub.k will not be able to update their state and will be permanently revoked, while all the remaining users being admitted users will be able to update their state and will not be revoked. Temporary revocation is done by inserting a list of IDs (ID.sub.1, ID.sub.2, . . . ID.sub.k) to be revoked into the CT.