A pre-key is combined with non-pre key data to render a content key useful for decrypting content, such as audio-video content. This other, non-pre key data may be anything that, for example, an ATSC 3.0 source such as a Broadcaster would like to authenticate into the content. For example, the data that is XOR'd with pre-key information may include various fields such as the Broadcaster designated market area (DMA), a copyright notice, the identification of the content to be decrypted, the user's group ID (subscriber group), etc.

Aspects of the subject disclosure may include, for example, authenticating a user device based on communication over a data plane of a network, generating a decryption key, transmitting the decryption key to the user device, and transmitting encrypted content to the user device. The encrypted content may be accessible at the user device via the encryption key, potentially as a function of location and/or time. Other embodiments are disclosed.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes a method of providing integrity protection for traffic on the overlay network.

A system for transcoding a media stream includes at least one network interface; at least one memory; and at least one processor each coupled to one or more of the at least one network interface and one or more of the at least one memory. The at least one processor is configured to publish, via a messaging bus, a segment transcode request in a segment transcode request queue, retrieve the segment transcode request by a transcode worker thread, wherein the first transcode worker thread monitors the segment transcode request queue, transcode by a second transcode worker thread a segment referenced by the segment transcode request, determine by the manifest processor whether the second transcode worker thread has completed transcoding the segment and is still operating, and, if not, transcode the segment by a third transcode worker thread, and store the transcoded segment.

A system for transcoding a media stream includes at least one network interface; at least one memory; and at least one processor each coupled to one or more of the at least one network interface and one or more of the at least one memory. The at least one processor is configured to publish, via a messaging bus, a segment transcode request in a segment transcode request queue, retrieve the segment transcode request by a transcode worker thread, wherein the first transcode worker thread monitors the segment transcode request queue, transcode by a second transcode worker thread a segment referenced by the segment transcode request, determine by the manifest processor whether the second transcode worker thread has completed transcoding the segment and is still operating, and, if not, transcode the segment by a third transcode worker thread, and store the transcoded segment.

Aspects of the subject disclosure may include, for example, identifying unselected video content items and preconfiguring playback views for unselected video content items. During a warm-up phase, access to the unselected video content items is precoordinated individually with a separate video player, manifests and license/key are retrieved in anticipation for possible selection for playback. Subsequent selection of one of the unselected video content items initiates playback responsive to selection without repeating any of the preconfiguring, preauthorizing or fetching. Other embodiments are disclosed.

A system for converting an adaptive media stream to downloadable media includes at least one network interface, at least one memory, and at least one processor. The at least one processor is configured to receive, from a requesting device, a request for converting at least a portion of a media stream into a downloadable multimedia container, initialize a plurality of worker threads, retrieve, via one of the plurality of worker threads, a segment of the media stream from a storage location, concatenate, via the one of the plurality of worker threads, the retrieved segment into a multimedia container, determine that each segment of the media stream associated with the at least a portion of the media stream is included in the multimedia container, and transmit, via the at least one network interface, the multimedia container to the requesting device.

The present invention provides methods, apparatuses, and systems for delivering protected streaming content to a receiving device. In an aspect of the present invention, a broadcaster provides streaming content. To ensure viewers are properly authorized, the streaming content is encrypted with a traffic key. The traffic key is provided to the users via a key stream message, which is encrypted with a service key. The user obtains at least one rights object from a rights issuers and the at least one rights object includes the service key so that the streaming content may be used. The at least one rights object also contains information regarding usage rights that may be configured by the rights issuer so that, depending on the user and/or the receiving device, different rights may be available. The key stream message may include a program category variable value that indicates the type of content and in conjunction with the rights object, determines what usage rights exist for the streaming content.

A motion picture distribution system, the system including a central computer, an exhibitor computer, a communication channel, and a back channel. The central computer is located at a central site and configured to distribute a digital version of the motion picture. The exhibitor computer is located at an exhibitor location that is remote from the central site. The exhibitor computer is configured both to receive the digital version of the motion picture from the central computer, and to display the motion picture. The communication channel is configured to facilitate the electronic transfer of the digital version of the motion picture from the central computer to the exhibitor computer. The back channel is coupled between the central computer and the exhibitor computer, and configured to allow for the transfer of information between the exhibitor computer and the central computer.