Techniques are described for communicating encoded data using start code emulation prevention. The described techniques include obtaining at least one partially encrypted packet, identifying at least one portion of the packet that is unencrypted, and determining that the identified unencrypted portion(s) emulates a start code. Start code emulation prevention data or emulation prevention bytes (EPBs) may be inserted into only the encrypted portion of the packet. The modified packet may be communicated to another device/storage, along with an indication of which portion(s) of the packet are unencrypted. Upon receiving the packet and indication, the receiving device may identify and remove the EPBs in the identified unencrypted portion(s) of the packet, and decrypt the packet to recover the data. In some aspects, upon identifying the indication, the receiving device may only search for EPBs in the unencrypted portion(s) of the packet, thus yielding a more efficient start code emulation prevention process.

A method and system for protecting video and image files processes from original files to detect skin tones of persons appearing in the media. Pixels determined to contain skin tones are blurred or blacked out, and the pixel locations and their original color values are stored in a metadata file. The metadata file is encrypted and stored with the redacted video file. Thereafter, when an authorized person wants to see an unredacted version of the video, the system decrypts the metadata and reconstituted the video, replacing the redacted pixels with their original color values, and inserting a unique watermark into the video that identifies the requesting person. The watermarked video is then provided to the requesting person.

A method for generating, from initial content data, output content data for provision to one or more receivers, wherein the initial content data is encoded according to a coding scheme, wherein for a quantity of data encoded according to the coding scheme, the coding scheme provides a mechanism for including in the quantity of encoded data additional data such that a decoder for the coding scheme, upon decoding the quantity of encoded data, does not use the additional data to generate decoded data, the method comprising: selecting one or more portions of the initial content data; for each selected portion, generating a data construct that comprises a plurality of data structures, each data structure comprising data, including a version of the selected portion, that is encrypted using a corresponding encryption process different from each encryption process used to encrypt data in the other data structures, wherein the data construct is arranged such that using a decryption process that corresponds to the encryption process for one data structure on the encrypted data in each data structure in the data construct produces a quantity of data encoded according to the coding scheme that uses the mechanism so that a decoder for the coding scheme would not use any data structure in the data construct other than said one data structure; and using the generated data constructs in the initial content data instead of their corresponding selected portions to form the output content data.

The present invention provides a conditional access method for an intelligent operating system that comprises a trusted execution environment. A digital TV module acquires all channel messages and a control management message. A media play module distributes a DescramblerId and sends the acquired videoPid, audioPid, casId, ecmPid and emmPid and the descrambler message DescramblerId to a conditional access module. The conditional access module selects a registered conditional access application module according to the casId. The conditional access application module acquires corresponding ecm Data and emm Data from the digital TV module, and sends the ecm Data and emm Data to the conditional access module. The conditional access module sends the messages to a trusted application module. The trusted application module performs parse to acquire EK1, EK2 and ECW. The security chip controls a descrambler corresponding to the DescramblerId to perform descrambling according to the acquired messages.

A method of encoding and encrypting input data (D1) to generate corresponding encoded and encrypted data (E2) is provided. The input data (D1) is encoded to generate intermediate encoded data streams. The intermediate encoded data streams include at least one critical data stream that is critical and essential for subsequent decoding of one or more remaining data streams of the intermediate encoded data streams. The at least one critical data stream is encrypted using one or more encryption algorithms to generate at least one intermediate encrypted data stream. Subsequently, unencrypted portions of the intermediate encoded data streams are merged together with the at least one intermediate encrypted data stream to generate the encoded and encrypted data (E2).

Systems and methods for partial frame encryption in accordance with embodiments of the invention are disclosed. In one embodiment, the method receives a video bitstream that includes several frames, each frame including several independently encoded compression units within the frame, encrypts a portion of each of several compression units in several frames, and generates an output bitstream that includes the several independently encoded compression units including the encrypted portions of the compression units.

A system and method for distributing content in a network architecture using a common intermediary mezzanine distribution format (CMZF). A media content asset may be processed for packaging in a CMZF container structure configured to carry each bitrate representation of the media content in a valid CMZF stream scheme, the media content encrypted in one or more encryption schemes. The CMZF formatted media content may be provided to an origin server for file-based distribution over a network which is of one of the following types; unmanaged network, managed network, or a combination thereof, and/or to a streaming network node for stream-based distribution over a over a network which is of one of the following types; unmanaged network, managed network, or a combination thereof. In one embodiment, the CMZF container structure may be based on an MPEG-TS format extended to facilitate carriage of ISOBMFF track and track metadata data objects in PES payload in additional elementary streams. In another embodiment the CMZF container structure may be based on an MPEG-TS format to facilitate carriage of sample variants in PES payload.

A playback method using a playback device that plays a system stream file is provided. The playback device includes an individual decryption key that is owned individually by each of playback devices, and a common decryption key that is owned in common by a plurality of playback devices. The system stream file includes a first system stream file configured to be played back using both the individual decryption key and the common decryption key, and a second system stream file configured to be played back using only the common decryption key among the individual decryption key and the common decryption key. The method includes identifying whether the system stream file to be playback is the first system stream file or the second system stream file, in accordance with a file extension of the system stream file, and selecting a decryption process of the system stream file.

A method and system for protecting video and image files processes from original files to detect skin tones of persons appearing in the media. Pixels determined to contain skin tones are blurred or blacked out, and the pixel locations and their original color values are stored in a metadata file. The metadata file is encrypted and stored with the redacted video file. Thereafter, when an authorized person wants to see an unredacted version of the video, the system decrypts the metadata and reconstituted the video, replacing the redacted pixels with their original color values, and inserting a unique watermark into the video that identifies the requesting person. The watermarked video is then provided to the requesting person.

A system and method for facilitating fast channel change in a streaming media network comprises receiving media content assets packaged in a common mezzanine distribution format (CMZF) container structure, wherein the media content asset is provided as CMZF-formatted media content in a CMZF stream scheme. Upon receipt, the CMZF-packaged media content assets are transformatted into corresponding CMZF segments stored in a local cache corresponding to a plurality of media channels. Responsive to a channel change request from a user equipment (UE) device, a unicast or multicast burst is sent comprising Reliable User Datagram Protocol (R-UDP) packets or Real-time Transport Protocol (RTP)-encapsulated partial or full virtual segments (R-SEG) generated from the CMZF segments corresponding to the requested channel.