An embodiment of the invention provides a method for a secure connected digital media platform where a request is received to create a secure partition for accessing a content provider in a digital media device. A security code is received from the content provider. A hypervisor is invoked at the digital media device, where at least part of the hypervisor is comprised of a hardware circuit. The hypervisor compares the received security code with a key value that is burned into a memory unit at the hardware circuit to determine if the security code is from an authorized content provider. If the content provider is determined to be authorized, a secure partition is created at the digital media device. The creation of the secure partition includes creating a memory partition that corresponds to the secure partition in a non-volatile memory at the digital media device.

A system for securely providing streaming media content on-demand may include a plurality of receiving devices in which each receiving device may request the same or different streaming media content (e.g., stored at a content storage system of a content delivery network) on-demand using VOD or other available on-demand services and/or applications associated with, in communication with or running on the respective receiving devices. In response, the content storage system of the content delivery network will encrypt the requested content uniquely for each received request (e.g., according to an encryption key that is unique for each or virtually each request) and deliver the encrypted requested content to the appropriate respective receiving device of the receiving devices. The respective receiving devices will then each decrypt the streaming content as it is being received according to the corresponding decryption key communicated from a respective individual secure remote to the respective receiving device.

Systems and methods for quick start-up of playback in accordance with embodiments of the invention are disclosed. Media content may be encoded in a plurality of alternative streams and a quick start-up stream. The quick start-up stream may include media content that is encoded at a lower quality that the alternative streams and may be encrypted with a different, less secure encryption process than that of the alternative streams. During a start-up of playback, the playback device streams the media content from a quick start-up stream until a metric, such as a decryption key for the alternative streams is met. The device then streams the media content from the alternative streams in response to the metric being met.

A method for enforcing entitlements includes configuring a wide variety of entitlements at a server; determining applicable combination of entitlements for a given client request; sending entitlements to the requesting client securely; handling entitlement information securely on a plurality of client devices at run time; storing entitlement information securely on a plurality of client devices for offline use; and enforcing entitlements on a plurality of client devices. The method employs manipulation of manifest files by a proxy that may be included in the client device or located in the network.

A system for validating an authorization request to facilitate controlling access to content or computer commands, in which the access is requested by multiple entities operated on discrete computing environments. The techniques make use of a system including a switchboard and a rule engine that collect parameter sets required for validation from the entities and dynamically generate a lock and key combination based on the collected parameter sets. The key of the lock and key combination allows the system to validate each entity independently regardless of the required parameters specified in the lock and key combination.

A system that incorporates teachings of the present disclosure may include, for example, a gateway comprising a controller to receive from a communication device a request for media content, receive a key and a record associated with the communications device from an interactive television system, wherein the record comprises a list of entitled media content, determine whether the requested media content is in the list of entitled media content, retrieve the requested media content from the interactive television system when the requested media content is determined to be in the list of entitled media content, encrypt the retrieved media content utilizing the key, and transmit the encrypted media content to the communications device. Other embodiments are disclosed.

A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

A system includes a session and resource manager and a video pump. The session and resource manager negotiates encryption keys from a headend controller and provides the encryption keys to a video pump. The video pump uses the encryption keys from the session and resource manager to encrypt content. Thus, the video pump uses encryption keys to encrypt the content so that it is encrypted right from the video pump prior to transmission over the entire transport system. A generic modulation device may thus be used to modulate the encrypted content over the delivery network.

A system and method to watermark a compressed content encrypted by at least one content key, said content key as well as pre-marking data forming Conditional Access System (CAS) data, said CAS Data being encrypted by a transmission key and comprising at least one signature to authenticate all or part of the CAS Data, said compressed content being received by a client device comprising: a Descrambler having an input to receive the encrypted compressed content and an output to produce an compressed content, a Watermark (WM) inserter directly connected to the output of the Descrambler, said Descrambler and said WM inserter being connected with a Conditioner, said Conditioner executing the following steps: receiving the CAS Data, decrypting the CAS Data with the transmission key, verifying the signature of the CAS Data, and if the signature is valid, transferring the content key to the descrambler and the pre-marking data to the WM inserter, and watermarking by the WM inserter, the decrypted content received by the descrambler using the pre-marking data and the identifier.

In an information processing system, a speculative DL content information acceptor 324 accepts identification information of content selected by a server. A list generator generates a speculative DL list of the accepted content identification information. Based on the speculative DL list, a DL processor sets the time of start of download of content data and downloads the content data at the set time.