Techniques are described for communicating encoded data using start code emulation prevention. The described techniques include obtaining at least one partially encrypted packet, identifying at least one portion of the packet that is unencrypted, and determining that the identified unencrypted portion(s) emulates a start code. Start code emulation prevention data or emulation prevention bytes (EPBs) may be inserted into only the encrypted portion of the packet. The modified packet may be communicated to another device/storage, along with an indication of which portion(s) of the packet are unencrypted. Upon receiving the packet and indication, the receiving device may identify and remove the EPBs in the identified unencrypted portion(s) of the packet, and decrypt the packet to recover the data. In some aspects, upon identifying the indication, the receiving device may only search for EPBs in the unencrypted portion(s) of the packet, thus yielding a more efficient start code emulation prevention process.

A receiver apparatus and a method for controlling the access to at least a portion of a content broadcasted via satellite, wherein the receiver apparatus includes a receiver for receiving broadcast signals configured for receiving at least a broadcast signal having at least a content, a receiver for receiving terrestrial signals configured for receiving at least a terrestrial signal, and a processor configured for determining access information on the basis of at least the received terrestrial signal, and allowing or blocking, on the basis of at least the access information, the access to the at least one content of the broadcast signal.

Systems and methods for partial frame encryption in accordance with embodiments of the invention are disclosed. In one embodiment, the method receives a video bitstream that includes several frames, each frame including several independently encoded compression units within the frame, encrypts a portion of each of several compression units in several frames, and generates an output bitstream that includes the several independently encoded compression units including the encrypted portions of the compression units.

There is disclosed a head-end system in which differently processed copies of content portions are reordered such that copies from different content portions are not interleaved in the final transport stream.

A memory storing AV data for playing back encrypted video on a playback device is provided. The AV data includes a system stream file including encrypted video information, and a management information file. The system stream file includes a first segment in which is repeated a first data unit that can be individually decrypted using a first decryption key, and has a second data unit of the same data size as the first data unit but cannot be decrypted by the first decryption key. The system stream file also includes a second segment which can all be decrypted using a second decryption key that the playback device has in common with another playback device. The management information file has a time map in which are correlated I-picture serving as random access point, and a presentation clock time of the I-picture. The I-picture is multiplexed in the second segment.

Various systems, methods and devices are presented for performing media encryption. A media stream comprising audio packets and video packets can be received. A chunk of the media stream can be sorted to create a first group of a plurality of audio packets with an I-frame header and a second group of a plurality of P-frames and an I-frame payload. The first group can be encrypted while the second group is not encrypted. A fully-protected output media stream that includes the encrypted first group and the second group can then be streamed to a remote device via a network for output.

In a playback method of a playback device that plays a system stream file including encrypted video information, the system stream file includes a first segment in which is repeated a first data unit that can be decrypted using a first decryption key that the playback device has and a second data unit of the same data size as the first data unit but cannot be decrypted by the first decryption key, and a second segment which can all be decrypted using a second decryption key that differs from the first decryption key. The playback method reads the system stream file, and performs conversion processing to convert the system stream file that has been read out into a post-conversion system stream, in which the second data unit in the first segment in the system stream file that has been read out is replaced with a plurality of continuous invalid packets, and outs the post-conversion system stream.

Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

A system and method for providing load balanced secure media content and data delivery in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center. Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes. Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers. Requests are received from clients for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback.

Systems and methods for partial frame encryption in accordance with embodiments of the invention are disclosed. In one embodiment, the method receives a video bitstream that includes several frames, each frame including several independently encoded compression units within the frame, encrypts a portion of each of several compression units in several frames, and generates an output bitstream that includes the several independently encoded compression units including the encrypted portions of the compression units.