A network media environment includes a first hub network and a second hub network. The first hub network encompasses a first local environment based on a first server which is coupled to a first client. The second hub network encompasses a second local environment based on a second server which is also coupled to the first client. The first local environment and the second local environment overlap. The second local environment is movable with a movement of the second server.

One or more circuits for use in a transceiver that is collocated with a satellite dish, may receive a satellite signal carrying media content, and remove content protection from the received media content. After removing the first content protection, the one or more circuits may apply second content protection to the media content. The content protection applied by the one or more circuits may adhere to a different protocol, utilize different keys, and/or otherwise be distinguishable from the content protection that was removed. After applying the content protection, the one or more circuits may transmit the media content onto one or more links between the satellite dish and one or more client devices. The removal of the content protection may comprise descrambling and/or decrypting the media content. The application of the content protection may comprise scrambling and/or encrypting the media content.

Disclosed are methods and systems of implementing a right over a content or contents. Various implementations may include means and operations for receiving, for example in an execution environment and from a secure element, a first key for implementing a right over an encrypted content; decrypting said content in said execution environment with the help of the first key; and implementing the right over the content in said execution environment. Various implementations may also include means and operations for receiving a second key in, for example, said execution environment, from the secure element; and encrypting said content in sad execution environment with the help of the second key.

A broadcast encryption method that allows a broadcaster to send encrypted content to a set of users such that only a subset of authorized users can decrypt the content, and to perform both temporary and permanent revocation of users. Accordingly, during a Setup stage, a Key Service generates a public key and a Master Secret Key (MSK) and sends the Public Parameters PP used to generate the public key to a broadcaster and to all users. The broadcaster uses the Public Parameters PP to create a message M, with which the broadcaster encrypts the content, and further creates a Cipher Text (CT), which is sent to all users. During a Key Gen stage, whenever a user wishes to decrypt the message M for decrypting the content, the user sends a request with his ID1 to the Key Service. The Key Service generates a corresponding secret key SK.sub.ID1 and the secret key SK.sub.ID1 is sent to the user ID1 via a secure data channel. During a Decrypt stage, the user uses the secret key SK.sub.ID1, to decrypt the Cipher Text (CT) and obtain the message M. During a Revoke stage of k users (k=1, 2, 3, . . . ) a State Update Message (SUM) which is sent to all users, is provided and each user updates his state with the SUM he received, such that the k users having identities ID.sub.1, ID.sub.2, . . . ID.sub.k will not be able to update their state and will be permanently revoked, while all the remaining users being admitted users will be able to update their state and will not be revoked. Temporary revocation is done by inserting a list of IDs (ID.sub.1, ID.sub.2, . . . ID.sub.k) to be revoked into the CT.

Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

Provided is novel technology for secure security data transmission and more particularly for registering network-enabled security devices such as IP cameras to a security server over a public network such as to a cloud-based security service. An enrollment server is provided that is logged into using a computing device to request and receive an activation code for the security device. The activation code is then provided to the security device, e.g. directly by the computing device. The Security device authenticates itself based on the activation code and in one example provides a public key that will be used to verify its registration. Data transmissions by the device are secured in part on the basis of its registration.

An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

A cable distribution system that includes a head end connected to a plurality of customer devices through a transmission network that includes a remote fiber node that converts digital data to analog data suitable for the plurality of customer devices, where the head end includes a processor. A packetized elementary stream of a video is provided from the head end to customer devices through the transmission network, wherein the packetized elementary stream includes a plurality of groups comprising pairs of packetized elementary stream headers and packetized elementary stream payloads. A first one of the plurality of groups corresponding to a non-predicted coded picture of the video of the packetized elementary stream is determined. The first one of the plurality of groups is encrypted while not encrypting all of the plurality of groups of the video. A signal is provided from a conditional access system to a selected one of the plurality of customers that is suitable to be used to decrypt the first one of the plurality of groups.

Techniques for rapid video on demand (VOD) media content breach response are described. In some embodiments, during content preparation, a server generates an encrypted media content item by generating a first encrypted portion using a first key derived from a first seed that is of a first type and generating a second encrypted portion using a second key derived from a second seed that is of a second type. In some embodiments, the server classifies the first portion in a first category (e.g., a prioritized category) and the second portion in a second category (e.g., a non-prioritized category). During a breach response, the server repairs the encrypted media content item by re-encrypting portions in the first category, e.g., re-encrypting the first encrypted portion using a replacement key derived from a replacement seed that is of the first type, and updating encryption metadata.

Methods, systems, and media for protecting and verifying video files are provided. In some embodiments, a method for verifying video streams is provided, the method comprising: receiving, at a user device, a request to present a video that is associated with a video archive, wherein the video archive includes a file list, a signature corresponding to the file list, video metadata, a signature corresponding to the video metadata, and at least one encrypted video stream corresponding to the video, and wherein the file list indicates a plurality of files that are to be included in the video archive; verifying the signature corresponding to the file list; in response to determining that the signature corresponding to the file list has been verified, determining whether the plurality of files indicated in the file list are included in the video archive; in response to determining that the plurality of files indicated in the file list are included in the video archive, verifying the signature corresponding to the video metadata; in response to determining that the signature corresponding to the video metadata has been verified, requesting a decryption key corresponding to the video stream; in response to receiving the decryption key, decrypting the encrypted video stream; and causing the decrypted video stream to be presented on the user device.