System and methods are provided for determining whether a media file in a private network has been suspiciously modified. In embodiments, a server controlled by a service provider, for example, can generate a digital provenance for a media file from a trusted device and immutably store a hash value representing the digital provenance of the media file. Subsequent instances of the media file that are detected within the private network, in embodiments, are evaluated by the server using the digital provenance of the media file in order to identify changes to the content of the media file. In further embodiments, the server can modify the content of a suspiciously modified media file to include a marker that disclaims the content and/or otherwise indicates that the media file has been modified.

Embodiments are disclosed for techniques to detect electronic system modification. The techniques include causing an electronic system to perform a predetermined set of routines. The techniques also include generating field scans of the electronic system while the predetermined set of routines is performed. The techniques further include comparing the field scans to baseline scans of the electronic system. Additionally, the techniques include determining that one of the field scans and one of the baseline scans are different. Further, the techniques include identifying at least one difference between the one field scan and the one baseline scan.

An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.