Patent application number | Description | Published |
20080310445 | Provisioning Bandwidth For A Digital Media Stream - Provisioning bandwidth for a digital media stream, the digital media stream characterized by a bandwidth, including adapting by a media server a first portion of the bandwidth for transmission of the content of a first channel and at least one second, smaller portion of the bandwidth for transmission of the content of at least one second channel; and transmitting, multiplexed together in the digital media stream, by the media server to a media display device, the content of the first channel and the content of the second channel, the content of the second channel transmitted with a lower quality than the content of the first channel. | 12-18-2008 |
20080310446 | Provisioning Bandwidth For A Digital Media Stream - Provisioning bandwidth for a digital media stream, the digital media stream characterized by a bandwidth, including monitoring, by a media display device, a user's viewing behavior to create a user profile; transmitting, to a media server, the user profile; and responsive to receiving, by the media server, a user selection of a first channel: selecting, for transmission to the media display device, in dependence upon the user profile, at least one second channel; adapting a first portion of the bandwidth for transmission of the content of the first channel and a second, smaller portion of the bandwidth for transmission of the content of the second channel; and transmitting, multiplexed together in the digital media stream, the content of the first channel and the content of the second channel, the content of the second channel transmitted with a lower quality than the content of the first channel. | 12-18-2008 |
20080310454 | Provisioning Bandwidth For A Digital Media Stream - Provisioning bandwidth for a digital media stream, the digital media stream characterized by a bandwidth, including receiving, by a media server from a media display device, information describing a user's anticipated viewing requirements; selecting, by the media server in dependence upon the information describing the user's anticipated viewing requirements, a first channel and at least one second channel; and before receiving, by the media server from the media display device, a user selection of either channel: adapting a first portion of the bandwidth for transmission of the content of a first channel and a second, smaller portion of the bandwidth for transmission of the content of the second channel; and transmitting, multiplexed together in the digital media stream, the content of the first channel and the content of the second channel, the content of the second channel transmitted with a lower quality than the content of the first channel. | 12-18-2008 |
20090242142 | PRIVACY SCREEN FOR A DISPLAY DEVICE - A privacy screen for a display device includes a frame having first and second opposing members joined by third and fourth opposing members that collectively define a central opening. The privacy screen further includes a transparent film extending across the central opening. The transparent film includes a plurality of vertical micro-louvers. The plurality of vertical micro-louvers are arranged in at least one of a first configuration wherein the plurality of micro-louvers are positioned at variable angles relative to a vertical fixed reference point, a second configuration wherein the plurality of micro-louvers have varying depths relative to the vertical fixed reference point, and a third configure wherein a spacing between adjacent ones of the plurality of micro-louvers varies relative to the vertical fixed reference point. | 10-01-2009 |
20100318677 | CONTENT PROTECTION CONTINUITY THROUGH AUTHORIZED CHAINS OF COMPONENTS - Provided is a method for the distribution and control of digital content such that Quality of Experience (QoE) is maintained. Content is protected from when the content is encrypted to when it is used. To ensure the QoE of particular content, a content owner embeds a list of required or preferred components that must be employed to render the content. The content owner's list of required or preferred components specifies specific components “trusted” to correctly process the content. The specified chain of preferred components is compared to possible devices in the system that processes the content. If there are multiple acceptable devices for a specific link, a preference system is employed to determine the device that executed the particular part of the chain. The preference system is based upon a number of factors, such as, but not limited to, performance characteristics, user preferences, expected stability, power requirements and system preferences. | 12-16-2010 |
20110026713 | Efficient Rebinding of Partitioned Content Encrypted Using Broadcast Encryption - Provided is a method for rendering media content wherein a request to render a first media content stored in a first partition is received, wherein the first partition stores the first and a second media content; the media content is correlated to a first management key block (MKB), binding ID (IDb) and authorization table (AT); the first MKB, IDb and AT are compared to a current MKB, IDb and AT; and if any of the first MKB, IDb or AT do not correspond to the current MKB, IDb or AT, respectively, generating a second partition by rebinding the first media content with respect to the current MKB, IDb and AT to generate a title key; and associating the first media content, the current MKB, IDb, AT and title key with the second partition, wherein the second media content remains associated with the first MKB, IDb, AT and partition. | 02-03-2011 |
20120128152 | BROADCAST ENCRYPTION BASED MEDIA KEY BLOCK SECURITY CLASS-BASED SIGNING - Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block. | 05-24-2012 |
20120131337 | DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content. | 05-24-2012 |
20120131338 | AUTHENTICATION AND AUTHORIZATION OF A DEVICE BY A SERVICE USING BROADCAST ENCRYPTION - Provided are techniques to enable a device that provides a service to authorize a second device for receiving the service and the delivery of the service to the second device and other devices within a trusted network. A signed Management Key Block (MKB) is generated and transmitted over a network. Devices authorized to access a particular service parse the MKB and transmit a request. A server associated with the service determines whether or not the device is authorized to access the service based upon data included in the request. The first device may issue a challenge to the second device for authentication purposes. If service is approved, service is initiated, either from the first device or another authorized device. Devices may be organized into classes such that devices of a specific class are authorized to access the service. | 05-24-2012 |
20120131344 | IDENTIFYING AND LOCATING AUTHENTICATED SERVICES USING BROADCAST ENCRYPTION - Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request. | 05-24-2012 |
20120131638 | PROCESSING PERFORMANCE OF REPEATED DEVICE COMPLIANCE UPDATE MESSAGES - A message comprising an indication of a management key block and an indication of an authorization table is received at a first network device from a second network device. The indication of the management key block, the indication of the authorization table, and a response message generated based on validating the indication of the management key block and the indication of the authorization table are stored. A second message comprising a second indication of the management key block and a second indication of the authorization table is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response associated with the first message on determining that the second indication management key block and the second indication of the authorization table match corresponding stored indications of the management key block and the authorization table. | 05-24-2012 |
20120170752 | BROADCAST ENCRYPTION BASED MEDIA KEY BLOCK SECURITY CLASS-BASED SIGNING - Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block. | 07-05-2012 |
20120308002 | DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content. | 12-06-2012 |
20130007214 | Content Protection Continuity Through Authorized Chains of Components - Provided is techniques for the distribution and control of digital content such that Quality of Experience (QoE) is maintained. Content is protected from when the content is encrypted to when it is used. To ensure the QoE of particular content, a content owner embeds a list of required or preferred components that must be employed to render the content. The content owner's list of required or preferred components specifies specific components “trusted” to correctly process the content. The specified chain of preferred components is compared to possible devices in the system that processes the content. If there are multiple acceptable devices for a specific link, a preference system is employed to determine the device that executed the particular part of the chain. The preference system is based upon a number of factors, such as, but not limited to, performance characteristics, user preferences, expected stability, power requirements and system preferences. | 01-03-2013 |
20130022200 | Broadcast Encryption Based Security System - Provided are techniques for providing a home or business security system that relies upon data encryption for both communication and the storage of content. The disclosed technology incorporates all the devices necessary for a comprehensive security system, including, but not limited to, controllers, monitors, alarms and communication media. The system may include an unlimited number of devices and, further, individual devices may be added and removed as needed. Users may define and change the boundaries of a security system or, in other words, decide what devices to include or not include in such a system. A defined boundary does not need to be confined to a single location. In one embodiment, the claimed subject matter incorporates xCP based broadcast encryption technology. | 01-24-2013 |
Patent application number | Description | Published |
20080235197 | Systems and methods for user-constructed hierarchical interest profiles and information retrieval using same - Systems and methods for delivering Web content are provided. The systems and methods include a mechanism for providing interest data that may be applied to filter Web content at the provider side. A hierarchical data set of user-identified interests in received from the user's Web client. The hierarchical data set is parsed, and responsive thereto, one or more keyword attribute values are extracted from the hierarchical data set. The extracted keyword values are applied to filter content for delivery to a requesting Web client. | 09-25-2008 |
20090028342 | Systems, Methods, and Media for Adding an Additional Level of Indirection to Title Key Encryption - Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key. | 01-29-2009 |
20090307216 | Systems and Methods for User-Constructed Hierarchical Interest Profiles and Information Retrieval Using Same - Systems and methods for delivering Web content are provided. The systems and methods include a mechanism for providing interest data that may be applied to filter Web content at the provider side. A hierarchical data set of user-identified interests in received from the user's Web client. The hierarchical data set is parsed, and responsive thereto, one or more keyword attribute values are extracted from the hierarchical data set. The extracted keyword values are applied to filter content for delivery to a requesting Web client. | 12-10-2009 |
20100183148 | RECORDING KEYS IN A BROADCAST-ENCRYPTION-BASED SYSTEM - According to one embodiment of the present invention, a method for protecting content in a broadcast-encryption-based system, where the devices in the system receive a recording key table. Each device generates a set of recording keys from the recording key table using a media key variant calculated from the broadcast encryption system's media key block. The digital content is encrypted in a title key picked by the recorder. The selected title key is also encrypted in each one of the recorder's generated recording keys. To play back the content, a player uses one of its generated recording keys to decrypt the title key and the decrypt the content. The recording key table is designed so that any two devices are guaranteed to have at least one key in common during normal operation, although during a forensic situation, this rule can be abandoned. | 07-22-2010 |
20140283010 | Virtual key management and isolation of data deployments in multi-tenant environments - Tenants in a multi-tenant shared deployment are provided their own distinct key spaces over which they control a key management system. In this manner, virtual key management domains are created on a per-tenant (per-customer) basis so that, whenever a particular customer's data is co-tenanted, stored, transmitted or virtualized in the IT infrastructure of the provider's datacenter(s), it is secured using key management materials specific to that customer. This assures that the entirety of a tenant's data remains secure by cryptographically isolating it from other tenants' applications. The virtual key management domains are established using a broadcast encryption (BE) protocol and, in particular, a multiple management key variant scheme of that protocol. The broadcast encryption-based virtual key management system (VKMS) and protocol achieves per-tenant (as well as per-application) secured isolation of data and can be used across any combination of resources in or across all levels of a co-tenanted IT infrastructure. | 09-18-2014 |