The invention relates to a process for transmitting streaming digital content to a client device for access to digital content. The inventive process makes it possible, in particular, to apply an access control system to the protection of direct-mode video streams. The process also makes it possible to significantly improve the security and safety of the system, based on a periodic mandatory back-communication on the part of the client device.

In one embodiment, a command is received from a video provider at a media rendering device, the command being a command to embed a subscriber ID in at least one video frame in a video stream. A random key, k is also received from the video provider at the media rendering device. An injective transformation is invoked for k and the subscriber ID, the injective transformation generating a sequence of pairs of: near-transparent patterns and corresponding time periods. Logical blocks of the at least one video frame in the video stream are overlaid with one of the near-transparent patterns for its one of the corresponding time periods. Related apparatus, systems, and methods are also described.

The present invention concerns a method for processing messages intended to allow the access to conditional access content and to a security module arranged for implementing this method. The method comprises the steps of receiving by a security module comprising at least one decryption module, a plurality of messages, these messages belonging to at least two different categories; assigning a different priority level to messages from each different category, one of said priority level being defined as high and another priority level, lower that the high priority level, being defined as the standard priority level; associating a value to the messages to which the standard priority level has been assigned; assigning at least one threshold value for the value associated with messages having a standard priority level; and comparing between the threshold value for a determined message and the value associated with said message. If no value associated with said message having standard priority level exceeds the corresponding threshold value, processing the messages according to their priority level, a message to which the high priority level has been assigned being processed before a message to which a lower priority level has been assigned, and change of the value associated with the messages having a standard priority level according to said predefined rule. If the value associated with one of said messages having a standard priority level exceeds the threshold value for the corresponding message, processing one of the messages having a standard priority level before processing a message having a higher priority level, and change of the value associated with the messages having a standard priority level according to said predefined rule.

A video signal processing device includes an SoC that receives input of a plurality of video signals, each including a plurality of packets, and multiplexing the video signals to output a multiplexed video signal, and an FPGA that receives input of a multiplexed video signal and demultiplexes the multiplexed video signal to output the plurality of video signals. When deficient data whose size is less than the size of one packet is detected in any of a plurality of video signals, the FPGA performs one of (i) processing for discarding the detected deficient data and (ii) processing for adding dummy data to the detected deficient data to make the size of the deficient data equal to the size of an integral multiple of one packet.

A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Systems, methods, apparatuses, and computer-readable media for secure management of accounts on display devices using a contactless card. An application executing on a display device may receive a request specifying a service provider. The display device may receive a cryptogram generated a contactless card, and transmit the cryptogram to an authentication server. The authentication server may decrypt the cryptogram and generate a virtual account number associated with the contactless card. The authentication server may transmit the virtual account number to the service provider, which may create an account based at least in part on the virtual account number and the decryption of the cryptogram by the authentication server. The display may receive an authentication token generated by the service provider for the account, and access the account created by the service provider based at least in part on the authentication token.

The present invention allows the combination and adaptation of a broadcast data reception system with a Conditional Access System which may be embedded in the receiving device, such as a television, or can be provided as a module which is connected to the receiving device and which allows service provider controlled, typically cloud based, interactivity via the same CAS with different Multi Channel video programming distributors (MVPD) service providers.

Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

A communication system and a family of methods for remote access to personal television service are disclosed. According to this invention, a remote personal TV service center provides centralized program guide information. A user may access to the personal TV service center through a digital video recorder which is connected to the personal TV service center via telephone modem or a network server. A user may access to the personal TV service center through a remote computer terminal or a personal digital assistant which is connected to a computer network. The user selects program events and programs the digital video recorder by using a graphical user interface installed in the front panel of the digital video recorder in case of local programming, or using a similar GUI which is incorporated into the Web pages presented to remote users by a Web server in case of remote programming. The media stream stored in one digital video recorder may be transferred to another digital video recorder. For data security protection during data transfer, all communication are authenticated and encrypted.

Techniques for a smartphone-based conditional access (CA) system are described. In some embodiments, a headend in the CA system obtains a security profile associated with a pair of receiving devices used by a user, e.g., a first device (e.g., a smartphone) and a second device (e.g., a set-top-box or a TV). The headend dynamically regulates user access to requested media content during each entitlement period by assigning and distributing separate keys to the first and second device based on the security profile. The headend also uses the distributed keys to protect the media content before broadcasting. On the receiving end, one receiving device receives the media content and determines whether it is decryptable by the device. If decryptable, the receiving device (e.g., the set-top-box/TV) decrypts the media content using the keys assigned by the headend. Otherwise, the receiving device forwards the media content to the pairing device for decryption.