A cable television system provides conditional access to services. The cable television system includes a headend from which service "instances", or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may als...

Scrambling and descrambling techniques are described which, unlike many typical scrambling systems, are compatible with all conceivable forms of signal compression systems. The scrambling technique is based on the principle of applying local spatial distortion to the pixels in a video image, and the like, to locally displace the pixels from their normal locations. Most compression systems rely on the condition that good correlation exists in the image and that any small portion, i.e., pixel, in ...

Method and apparatus for scrambling a high definition television signal to discourage unauthorized recording of same. While recording per se is not prevented, the resulting recorded signal is rendered unusable due to an induced "wobble" between the active video and the associated sync pulses. The scrambled television signal is readily viewable on a compliant high definition television set which descrambles the HDTV signal using an encoded indication of the amount of wobble accompanying the HDTV ...

In one way to improve the security of bilateral authentication procedures while keeping transmission overhead to a minimum, a first party wishing to initiate communications with a second party generates a random number having a first number of digits. The first party the enciphers the random number using a secret ciphering key to obtain an enciphered version of the random number that has a second number of digits greater or equal to the first number. A third number of selected digits of the enci...

A method and apparatus for authenticating a pair of correspondents C, S in an information exchange session to permit exchange of information therebetween. The first correspondent C having log on applets and the correspondent having means for processing applets. The method is characterized in that the first correspondent C transmitting to the second correspondent S a first unique information, the second correspondent S verifying the identity of C and generating a second unique information; transm...

There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to effect the inventive process.

A method of communicating securely between an application program and a secure kernel is performed by passing command requests and arguments between the application program and the secure kernel through a kernel block memory and a command block memory so that security intensive and real time intensive applications can co-exist without a security breach. The secure kernel retrieves the command requests and the arguments from an application program data memory and processes the information within ...

A method for providing network security is disclosed wherein a network is comprised of at least one client and at least one server. The server identity may be unknown at the time of a client request. The method begins when a client transmits an information processing request and a negotiator object reference to a server. The server receives the information processing request and the negotiator object reference. If the server can process the request it becomes the accepting server. If the server ...

An apparatus and method facilitates information security policy control for an information security engine by utilizing security policy association data on a per security engine user basis. Security policy association data may include, for example, data representing identification information of the user of the security engine along with corresponding policy identification data. Policy user identification data may be a hash value of the disk image of an executable software application which uses...

A conditional access broadcast system for realizing conditional access while maintaining the safety level is disclosed. A contract management device at a broadcast station side delivers a reception contract information containing at least a contract information for controlling decryption of encrypted contents information delivered from a broadcast station by broadcast and a reception device ID in correspondence, which is encrypted using a master key which is commonly provided with respect to all...