Embodiments relate to sending vertical synchronization data for a plurality of data streams in a selected data stream to perform authentication operations for the plurality of data stream. A port processor receives data streams from a plurality of transmitting devices. After receiving the data streams, the port processor selects one of the data streams for transmission to a decrypting device. The port processor extracts vertical synchronization data from the unselected data streams and inserts the extracted vertical synchronization data into the selected data stream to form a modified data stream. The port processor sends the modified data stream to a decrypting device. The decrypting device has at least one processing engine. The port processor discards the unselected data streams without sending the unselected data streams to the decrypting device.

A system for securely providing adaptive bit rate streaming media content on-demand may include a security server of a program distributor that selects, based on a received authorized request, which of a differently encrypted stored versions of a special segment of the requested program to deliver to the receiving device during the transmission of the requested program. The selection may be based on a pseudo-random selection process per request for the program based on an identifier of the request associated with the remote control device. The selection of which of the differently encrypted stored versions of the special segment of the ordered program to deliver may be=based on the current session. The secure remote then sends to the receiving device the correct decryption key for the receiving device to decrypt the particular encrypted version selected of the special segment to be sent to the receiving device.

A computer system generates, using a first codec, a first decompressed media stream based on a first compressed media stream. The computer system provides the first decompressed media stream to a presentation device. While providing the first decompressed media stream to the presentation device, the computer system receives a second compressed media stream corresponding to a second decompressed media stream to be presented by the presentation device and initializes a second codec after the first codec has stopped decompressing the first compressed media stream so that no more than one codec is decompressing compressed media at a time. The computer system generates, using the initialized second codec, the second decompressed media stream and provides the second decompressed media stream to the presentation device instead of providing the first decompressed media stream to the presentation device.

Various arrangements are presented for reducing channel change times. A first tuner of a television receiver may tune to a decryption key transponder stream. The decryption key transponder stream may include a plurality of decryption keys for a plurality of television channels that are transmitted to the television receiver via a plurality of transponder streams. A second tuner of the television receiver may be tuned to a media transponder stream to receive a television channel. Data obtained from the decryption key transponder stream may be used for decoding the television channel.

A device configuration for determining whether to send an activation notification based on whether a signal can be decoded by a tuner or codec are described herein. For example, a device may include a tuner, activated in response to receiving the user indication, to attempt to decode a signal corresponding to a channel, and a processor to execute instructions that: detect, prior to a start of a delay period, that the tuner is required to decode the signal, determine, during the delay period, whether the signal can be decoded by the tuner, deactivate the tuner after the delay period without sending a tuner activation notification, in response to a determination that the signal cannot be decoded by the tuner, and send the tuner activation notification to a remote server after the delay period, in response to a determination that the signal can be decoded by the tuner.

A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Described herein are systems and methods for providing hardware based security to software applications in a television receiver. The system can include a television receiver having a trusted hardware environment that includes a security processor and a standard environment that includes an application processor. The security processor can ensure that at least a portion of the software application executed by the application processor is secure. A portion of the software application code can be placed in an interrupt service routine memory space. During execution of the software application, the security processor can security check the portion of the software application in the interrupt service routine memory space, making it trusted code. The security processor can force the application processor to execute the trusted code by triggering an interrupt. Such forced execution can allow the security processor to not only ensure that code is trusted, but that it is executed.

Described herein are systems and methods for securing transmission of content from a smart card in a host television receiver to a client television receiver. The smart card can receive the encrypted content stream from the television service provider, decrypt the content stream with the global network key, identify the client television receiver as the destination of the content stream, generate a unique key specific to the content stream, encrypt the unique key with a local key known to the client television receiver, encrypt the content stream with the unique key, and transmit the encrypted content stream along with the encrypted unique key to the client television receiver. The client television receiver can then receive the encrypted content stream and the encrypted unique key, decrypt the unique key, decrypt the content stream with the unique key, and transmit the content stream to a display device of the client television receiver.

Described herein are systems and methods for providing a targeted and secure software image or other data to a television receiver. The data item can be provided to the smart card through a television service provider distribution system in blocks of data that are small enough to be processed by the smart card. For each block of data, the smart card can decrypt the block of data with a global network key, generate a partial hash representing the block of data, update a full hash with the partial hash, encrypt the block of data with a dynamically generated item key, and transmit the encrypted block of data to the television receiver. Once complete, the smart card can security check the software image including an integrity check using the full hash. If the security check passes, the smart card can transmit the dynamically generated item key to the television receiver.

A method for secure processing of encrypted data within a receiver includes receiving a packet of encrypted compressed data and allocating a region of memory for storing a decrypted version of the packet of encrypted compressed data. The allocation is in response to, and after, reception of the encrypted compressed data. A size of the region of the memory allocated is equal to a size of the packet of encrypted compressed data that is received. The method further includes modifying a configuration of an access authorization filter for defining access rights to the allocated region, decrypting the packet of encrypted compressed data, and storing, in the allocated region, the decrypted compressed data of the packet. The aforementioned allocation, modification, decryption, and storage steps are repeated in response to each new reception of a packet of encrypted compressed data so as to dynamically modify the configuration of the access authorization filter.