A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group. During the encryption, the system acquires a corresponding aggregate function according to an encryption mode; acquires any selected subset S and public parameters, and outputs an aggregate value of the subset S; generates a ciphertext of to-be-transmitted information according to the public parameters, a to-be-transmitted message and the aggregate value; acquires the encryption mode and the subset S comprised in the received ciphertext, operates the subset S and an identity of a current decryptor according to the encryption mode, and outputs a new subset S′; acquires an aggregate function corresponding to the encryption mode during the decryption; outputs an aggregate value of the new subset S′; and decrypts the received ciphertext according to the public parameters and the aggregate value, so as to obtain the to-be-transmitted information.

An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

In a system and method for distribution of media content, a cable provider gateway cooperates with a broker API, one or more streaming provider gateways, and one or more streaming applications to locally cache and display media content from the streaming provider gateways even when the streaming applications do not have connectivity to their gateways.

A system includes a processor configured to wirelessly broadcast a message obtained from a first originating vehicle BUS or controller, following a determination that the message was on a pre-approved list for broadcast and having encrypted the message utilizing a temporary random key generated for a message session. The system may include vehicle controllers, a gateway module, and vehicle BUSSES connecting the system controllers to the gateway module. The gateway module may include a memory storing a list of pre-approved message types and corresponding source types, and a processor configured to receive a message from one of the vehicle controllers over one of the vehicle BUSSES to determine if a message type and source type of the received message matches an element of the list.

Management of key information as described herein enables a respective service provider to distribute encrypted content to subscribers, preventing improper use of the content without authorization. For example, the service provider can distribute encrypted content for recording by a subscriber at a remote location. At or around a time of recording the encrypted content, and on behalf of the user, the service provider initiates storage of the corresponding decryption information that is needed to decrypt the recorded encrypted content. In order to play back the recorded segments of the encrypted content, the subscriber communicates with a server resource to be authenticated. Subsequent to being authenticated, the server resource distributes a copy of decryption information needed to decrypt the previously recorded segments of encrypted content to the subscriber. Accordingly, the service provider retains control of playing back content via controlled distribution of the corresponding copy of decryption information.

An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.

Embodiments disclosed systems and methods to broadcast a message to one or more virtual data processing (DP) accelerators. In response to receiving a broadcast instruction from an application, the broadcast instruction designating one or more virtual DP accelerators of a plurality of virtual DP accelerators to receive a broadcast message, the system encrypts the broadcast message based on a broadcast session key for a broadcast communication session. The system determines one or more public keys of one or more security key pairs each associated with one of the designated virtual DP accelerators. The system encrypts the broadcast session key based on the determined one or more public keys. The system broadcasts the encrypted broadcast message, and the one or more encrypted broadcast session keys to adjacent virtual DP accelerators for propagation.

A key exchange technique of performing a key exchange among N (≥2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device U.sub.i generates a first key; a first anonymous broadcast step in which the communication device U; anonymously broadcasts the first key with a set R-{U.sub.i} being designated for i∈{1, . . . , n} and the communication device U.sub.i anonymously broadcasts the first key with φ being designated for i∈{n+1, . . . , N}; a second key generation step in which the communication device U.sub.i generates a second key; a second anonymous broadcast step in which the communication device U.sub.i anonymously broadcasts the second key with the set R-{U.sub.i} being designated for i∈{1, . . . , n} and the communication device U.sub.i anonymously broadcasts the second key with φ being designated for i∈{n+1, . . . , N}; and a session key generation step in which the communication device U.sub.i generates a session key SK for i∈{1, . . . , n} if a predetermined condition is satisfied.

Content screening operations, which can include watermark extraction and the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted by different devices that are connected via connectors such as HDMI (High-Definition Multimedia Interface (HDMI), analog composite video, DVI (Digital Visual Interface), SDI (Serial Digital Interface), DisplayPort, or networked via Ethernet or wireless. Authentication and encryption methods are disclosed that can be used to establish the trust and secure communication between devices that conduct collaborative content screening. Delegation architecture may be based on ascertained screening capabilities of the sink device wherein the source device verifies that the sink device is capable and trusted to perform partial or whole screening operations delegated by the source. Alternatively, delegation architecture may be based on ascertained screening capabilities of the source device wherein the sink device verifies that the source device is capable and trusted to provide correct content credential and content use policy (“content credential”) that is needed for the sink device to determine whether content screening should be performed, and if yes, what content screening operations should be performed.

An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.