WO2004012378A2 - Digital content security system and method - Google Patents

Digital content security system and method Download PDF

Info

Publication number
WO2004012378A2
WO2004012378A2 PCT/US2003/023880 US0323880W WO2004012378A2 WO 2004012378 A2 WO2004012378 A2 WO 2004012378A2 US 0323880 W US0323880 W US 0323880W WO 2004012378 A2 WO2004012378 A2 WO 2004012378A2
Authority
WO
WIPO (PCT)
Prior art keywords
digital content
key
encrypted
determined
payload
Prior art date
Application number
PCT/US2003/023880
Other languages
French (fr)
Other versions
WO2004012378A3 (en
Inventor
Royal O'brien
Original Assignee
Digital Interactive Streams, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Interactive Streams, Inc. filed Critical Digital Interactive Streams, Inc.
Priority to AU2003268037A priority Critical patent/AU2003268037A1/en
Publication of WO2004012378A2 publication Critical patent/WO2004012378A2/en
Publication of WO2004012378A3 publication Critical patent/WO2004012378A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/475End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
    • H04N21/4753End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for user identification, e.g. by entering a PIN or password
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • This invention relates generally to data security, and more particularly to an end-to-end system and method for secure delivery and playback of multimedia data.
  • VOD Video on Demand
  • D&S Download and Store
  • the security system should not compromise playback, such as by introducing material delays, create unreasonable complications for the end-user, or result in increased cost, such as by requiring new hardware. Achieving these objectives for
  • VOD, D&S and related systems requires encryption and authentication.
  • the exemplary methodology achieves a high level of security.
  • Figure 1 conceptually depicts an exemplary sign-up process
  • Figure 2 conceptually depicts an exemplary player software
  • Figure 3 conceptually depicts a working session initiation process
  • Figure 4 conceptually depicts a movie database update process
  • Figure 5 conceptually depicts a transaction request process
  • Figure 6 conceptually depicts a key fragmentation process
  • Figure 7 conceptually depicts a playback authentication process
  • FIG. 8 conceptually depicts a decryption process in accordance
  • the present invention may include several processes (as referenced in the
  • An exemplary setup process entails establishing an account and
  • a new user may visit a web site and sign-up for a new
  • the user may provide a name, address and
  • the user may be any relevant information 110.
  • the user may be any relevant information 110.
  • the user may be any relevant information 110.
  • the user may be any relevant information 110.
  • a unique private key 120 associated with the new user may be stored on a database resident at a remote
  • an account may be established by dialing a number and entering
  • TPI Transaction interface
  • a new user preferably
  • certain software such as a video player software application (i.e., player
  • the newly registered user may log into the web site 260 to
  • the client installs the player
  • a copy of the player software may be recorded on a
  • a medium such as a diskette, CD-ROM or hardware (e.g., firmware, a set-
  • top box or ROM
  • player software as provided
  • Such a medium may either be pre-configured with a stamped scrambled version of the account key or require the user to download and
  • the player software may also be downloaded while the digital
  • the player software preferably incorporates security features to
  • a decryptor may
  • the player software may send information to a server
  • the player software may scramble and send to a
  • the local server a small portion of the user information, such as the User ID
  • the server may unscramble the user information and use it to
  • the slave server 230 may then send an AES encrypted authentication challenge 240 to the client, along with additional connection
  • the client may deploy its locally stamped account key to
  • connection information may be used by the client to create a new private
  • connection key connection information + user's private key
  • AES Advanced Encryption Standard
  • AES is
  • the server may then decrypt the message and read the response.
  • the server may log the IP and hardware hash
  • AES encryption on the payload In addition to performing authentication steps prior to use of the player software for downloading and playing content, the client (via the
  • player software may create a unique private working session key that
  • connection information and the account key 330, 350.
  • 340 may be used for all future communications during the current active session, including user login.
  • the user may be authenticated via her User
  • the user's login password may be transmitted to
  • the client may then request updates (e.g., an updated database of
  • the databases are preferably AES encrypted on the master server
  • database key may be encrypted with the working session key, and sent to
  • a user's request to download or stream media 540 may be relayed
  • the slave servers may process the request by interfacing with credit card
  • the delivery of the media i.e., digital content
  • the delivery of the media i.e., digital content
  • slave server may dynamically select a connection port for future
  • the server communications and calculate a server port hash value 570.
  • the server preferably assigns ports dynamically, because standard
  • the client may then decipher the
  • connection specific information 550 A copy of the connection specific information can be
  • the server When a first packet is sent, preferably the server will wait a
  • the key for the actual media 620, 660 may be encrypted with the
  • the session ID is stored in the account for the media file on the server.
  • the key may be broken up into fragments 630, 670, which are preferably
  • the fragments may be of equal or unequal sizes.
  • They may be embedded in the payload in order (least significant to most
  • the fragments may be any significant bit or vice versa) or out of order.
  • the fragments may be any significant bit or vice versa) or out of order.
  • the fragments may be any significant bit or vice versa) or out of order.
  • the algorithm may be based upon formulae, packet
  • session information media data, client information, user
  • the algorithm may
  • the algorithm may
  • the fragments may be embedded within buffered frames
  • variables i.e., frames containing fragments, fragment size, fragment
  • the client will receive the media stream, extract the fragments of
  • the media key segment by segment, from the payload, and either
  • container 710 (e.g., an encrypted temporary file or sector) or place the
  • the media key may
  • a streaming mode e.g., VOD
  • the media key may be deciphered in volatile memory (or in non-
  • the media key can be kept
  • the media key When not in active use, the media key may be rescrambled
  • client may request authentication from the server 740. If successful, the
  • connection specific information e.g., session ID
  • connection specific information is the only
  • Decryption of the media file may be performed during playback.
  • the process begins by querying attributes of each video and time frame to
  • All server-side keys are preferably scrambled by algorithms that
  • the video payload decryption key which may be dynamically
  • the encryption key is dependent on the media itself and the selection of media samples (e.g., frames or portions thereof) to be encrypted may be dictated by a determined cryptographic formula 840.
  • Several layers of encryption are applied as the encrypted media content is packaged for delivery to the user. These layers involve encryption of the decryption keys prior to transmission to the client and, of course, encryption of the video payload itself.
  • portions of determined frames are encrypted.
  • the portions may be from one byte to an entire frame.
  • Each frame may include from zero to a plurality of encrypted portions.
  • the location of an encrypted portion within a frame may be determined according to an algorithm (i.e., a determined cryptographic formula).
  • Such an algorithm may be based upon formulae, random data, packet information, session information, media data, client information, user information and/or a combination of the foregoing.
  • the algorithm may be hard-coded into the player software, or downloaded (in an encrypted format), in whole or in part, periodically or with each session as a rule defined by the server.
  • the system may
  • the player software preferably re-negotiates the
  • the player software preferably
  • (temporal) stamp can be embedded in the cipher, thereby allowing viewing
  • the system preferably decrypts content
  • Stored content may be deleted from the client during the next connection to the server by overwriting a
  • encryption is a dynamic process requiring cooperation between server and
  • the player preferably decrypts the media (i.e., digital content),

Abstract

A digital content security system and method encrypts a key required for playback of digital content, fragments the encrypted key and embeds the fragments in portions of a payload; encrypts determined portions of frames of the digital content, and uses the decrypted key to decrypt the encrypted portions for playback in real-time; and requires an active authenticated session to access the encrypted key, decrypt it, access the encrypted portions and decrypt them.

Description

DIGITAL CONTENT SECURITY SYSTEM AND METHOD FIELD OF THE INVENTION
This invention relates generally to data security, and more particularly to an end-to-end system and method for secure delivery and playback of multimedia data.
BACKGROUND
Intellectual property rights management is critical to the successful deployment of Video on Demand (VOD) and Download and Store (D&S) systems. Copyright owners demand that their content be distributed in a secure manner such that only authorized parties have access to the content, only on authorized equipment, typically only for an authorized time period (e.g., 1 viewing or X hours), and only for authorized viewing
(i.e., not reproduction or distribution). Concomitantly, the security system should not compromise playback, such as by introducing material delays, create unreasonable complications for the end-user, or result in increased cost, such as by requiring new hardware. Achieving these objectives for
VOD, D&S and related systems requires encryption and authentication.
SUMMARY
It is therefore an object of the present invention to provide a digital
data security system that enables efficient encryption and decryption.
It is another object of the present invention to provide a digital data
security system that enables user authentication and playback equipment
authentication.
It is also another object of the invention to provide a digital data
security system that is suitable for implementation with Video On Demand,
Download and Store (video and/or music), Video Conferencing and
Streaming Music systems.
It is yet another object of the invention to provide a digital data
security system that encrypts a key required for playback, fragments the
encrypted key and embeds the fragments in portions of the payload.
It is a further object of the invention to provide a digital data security
system that requires an online session using authenticated ports to
decrypt and play downloaded data.
To achieve these and other objects, an exemplary methodology is
provided that encrypts a key required for playback of digital content,
fragments the encrypted key and embeds the fragments in portions of a
payload; encrypts determined portions of frames of the digital content, and
uses the decrypted key to decrypt the encrypted portions for playback in real-time; and requires an active authenticated session to access the
encrypted key, decrypt it, access the encrypted portions and decrypt them.
Applying dynamic layers of authentication, key encryption and data
encryption, the exemplary methodology achieves a high level of security.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other objects, features and advantages of the
present invention will become better understood with reference to the
following description and accompanying drawings, where:
Figure 1 conceptually depicts an exemplary sign-up process in
accordance with a preferred implementation of the present invention;
Figure 2 conceptually depicts an exemplary player software
download process in accordance with a preferred implementation of the
present invention;
Figure 3 conceptually depicts a working session initiation process in
accordance with a preferred implementation of the present invention;
Figure 4 conceptually depicts a movie database update process in
accordance with a preferred implementation of the present invention;
Figure 5 conceptually depicts a transaction request process in
accordance with a preferred implementation of the present invention;
Figure 6 conceptually depicts a key fragmentation process in
accordance with a preferred implementation of the present invention; Figure 7 conceptually depicts a playback authentication process in
accordance with a preferred implementation of the present invention; and
Figure 8 conceptually depicts a decryption process in accordance
with a preferred implementation of the present invention.
DETAILED DESCRIPTION
A methodology in accordance with an exemplary embodiment of
the present invention may include several processes (as referenced in the
brief description of the drawings and the following detailed description) in
combination to provide an end-to-end solution. Alternatively, a process
(such as the encrypted key fragmentation and embedding process) may
be used individually, apart from the other processes described below, and
come within the scope of the present invention.
An exemplary setup process entails establishing an account and
obtaining necessary software, such as a player. To access a video
distribution system in accordance with a preferred implementation of the
present invention, a new user may visit a web site and sign-up for a new
account. Referring to Figure 1 , the user may provide a name, address and
other relevant information 110. To establish the account, the user may be
asked to create a user ID (Login) and password. When the user finishes creating the account, a unique private key 120 associated with the new user, the account key, may be stored on a database resident at a remote
master server.
Alternative methods for account setup include telephonic, with or
without the assistance of a customer service representative, and
conventional account establishment means known in the art. For
example, an account may be established by dialing a number and entering
data telephonically to a server having a telephony application program
interface (TAPI), or by other data entry methods known in the art.
In addition to setting-up an account, a new user preferably
downloads and installs on her equipment, such as a PC (i.e., the client),
certain software such as a video player software application (i.e., player
software). The newly registered user may log into the web site 260 to
download the player software. Upon logging in, the account key is
retrieved from the remote master server 210. The client installs the player
software across the Internet 270 and 280 and the player software package
is stamped with (i.e., associated with) a scrambled version of the account
key.
Alternatively, a copy of the player software may be recorded on a
medium, such as a diskette, CD-ROM or hardware (e.g., firmware, a set-
top box, or ROM) and provided to a user. The player software as provided
on such a medium may either be pre-configured with a stamped scrambled version of the account key or require the user to download and
install it. The player software may also be downloaded while the digital
content is downloaded as an integral part of the digital content payload or
as a separate payload sent before, during or after the digital content
payload.
The player software preferably incorporates security features to
prevent tampering with its functionality. The player may be broken into
components, and as the components are combined, a decryptor may
check the integrity of each component by byte signature and 32 bit CRC
checks. In addition, during playback, if any component fails, the decryptor
will render no input or output pins, and will attempt to unload itself. This
prevents the media stream from being decrypted by a tampered player.
During use, the player software may send information to a server
and receive information from the server to verify and authenticate
information pertaining to the user, player software, equipment and/or
session. For example, the player software may scramble and send to a
local server a small portion of the user information, such as the User ID
250. The server may unscramble the user information and use it to
retrieve the account key from the remote master server 210 and copy the
user account information to the local master 220 and slave 230 servers for
caching. The slave server 230 may then send an AES encrypted authentication challenge 240 to the client, along with additional connection
information. The client may deploy its locally stamped account key to
decipher the authentication challenge and the connection information. The
connection information may be used by the client to create a new private
key, the connection key (connection information + user's private key [i.e.,
account key]), which may be used to encrypt computer-specific
information along with the authentication response.
The preferred Advanced Encryption Standard (AES) specifies a
Federal Information Processing Standards-approved symmetric block
cipher that can be used to encrypt and decrypt electronic data. AES is
capable of using cryptographic keys of 128, 192 and 256 bits to encrypt
and decrypt data in blocks of 128 bits. Those skilled in the art will
appreciate that other encryption methodologies, whether proprietary or not
and whether adopted as an industry or government standard or not, may
be used in lieu of AES without departing from the scope of the present
invention.
The server may then decrypt the message and read the response.
If the server can read the response, it may log the IP and hardware hash
to the account and grant access by response with the final key used with
AES encryption on the payload. In addition to performing authentication steps prior to use of the player software for downloading and playing content, the client (via the
player software) may create a unique private working session key that
may be unlocked using a hash comprised of computer specific
information, connection information and the account key 330, 350. Both
the client and server know each of these locally. This working session key
340 may used for all future communications during the current active session, including user login. The user may be authenticated via her User
ID and password 310. The user's login password may be transmitted to
the server encrypted using the working session key.
The client may then request updates (e.g., an updated database of
available movies) from the server and process them as well as commands
to remove expired media and update the local databases 430.
The databases are preferably AES encrypted on the master server
with a randomized master server key and then duplicated to the slave
servers 410 and 420. When the client requests the databases, it receives
the encrypted database and the key for the database separately 440. The
database key may be encrypted with the working session key, and sent to
the client to decrypt the database locally.
A user's request to download or stream media 540 may be relayed
from the web site server to the slave servers 510 and 520. The slave servers may process the request by interfacing with credit card
authorization systems and by checking any security policies 530.
If the delivery of the media (i.e., digital content) is authorized, the
slave server may dynamically select a connection port for future
communications and calculate a server port hash value 570. The server
may then transmit to the client connection information based on the
client's computer specific information and server side port hash values
550. The server preferably assigns ports dynamically, because standard
static ports are much easier to trace. The client may then decipher the
actual port number from the payload using its computer specific
information 550. A copy of the connection specific information can be
stored in the account for the specific media file on the server.
When a first packet is sent, preferably the server will wait a
determined amount of time (e.g., a maximum of 2000 ms) for an
acknowledgement from the client. If one is not received, then the server
may issue a new session ID and instruct the client to renegotiate the port
and packet again. This deters freezing the system (i.e., "ice capping") and
attempts to decipher the byte flow.
The key for the actual media 620, 660 may be encrypted with the
working key, scrambled in a determined fashion and then sent. A copy of
the session ID is stored in the account for the media file on the server. The key may be broken up into fragments 630, 670, which are preferably
embedded and transferred in portions of the payload in a download and
store implementation. The fragments may be of equal or unequal sizes.
They may be embedded in the payload in order (least significant to most
significant bit or vice versa) or out of order. The fragments may be
separated according to a determined algorithm, which may embed each
fragment at a location determined relative to a location for a preceding
fragment (if any). The algorithm may be based upon formulae, packet
information, session information, media data, client information, user
information and/or any combination of the foregoing. The algorithm may
be hard-coded into the player software, or variable, in whole or in part,
periodically, as a rule defined by a server. If variable, the algorithm may
change from time to time during a session, after each nth session, after a
random interval and/or upon management directive. If downloaded, the
algorithm would preferably be provided during a secure authenticated
session in an encrypted form, perhaps as part of the payload. In a
streaming mode, the fragments may be embedded within buffered frames
(e.g., approximately 90 frames for a 3 second buffer) 680. These several
variables (i.e., frames containing fragments, fragment size, fragment
location, fragment order, and fragment encryption) substantially reduce
the risk of successful hacking. Only by obtaining all frames containing all encrypted fragments, determining the location and size of each fragment,
reconstructing the encrypted key based on a proper ordering of the
fragments, and decrypting the reconstructed key, would security
potentially be compromised.
The client will receive the media stream, extract the fragments of
the media key, segment by segment, from the payload, and either
reconstruct the encrypted key and place it into an encrypted secure
container 710 (e.g., an encrypted temporary file or sector) or place the
fragments into the encrypted secure container 710. The media key may
remain in encrypted form (and possibly in a fragmented form) within the
secure container.
In a streaming mode (e.g., VOD), once the buffer is ready for
playback, the media key may be deciphered in volatile memory (or in non-
volatile memory) and playback begins 730. The media key can be kept
scrambled in memory except when it is actively being used by the
"decryptor". When not in active use, the media key may be rescrambled
using a new value.
In a download and store mode, upon user request for playback, the
client may request authentication from the server 740. If successful, the
server will send the connection specific information (e.g., session ID)
stored for that media file to the client 750 using AES encryption with the working session key 760. The connection specific information is the only
component that is not present in the encrypted secure container but which
is necessary to unlock the media key. As a result, the hardware
information from time of download to time of playback must stay the same.
Decryption of the media file may be performed during playback.
The process begins by querying attributes of each video and time frame to
determine the type of decryption (if any) that needs to be applied 810 -
830. If a frame is not encrypted, decryption is not performed 850. The
"decryption key" used for decryption of the actual media values in each
block of data is extracted through several decryption iterations that start
with decryption of the media key and other attributes of the media 840.
All server-side keys are preferably scrambled by algorithms that
use 512-bit keys, and are securely stored at the video storage site. In
addition, 128/192/256-bit AES encryption is applied to the video payload
itself. The video payload decryption key, which may be dynamically
created at the video server and fragmented and embedded throughout the
actual video payload moments before downloading or streaming begins as
described above, is preferably unique for each particular user session and
media content.
Initial encryption of the media content is performed during the
encoding process. The encryption key is dependent on the media itself and the selection of media samples (e.g., frames or portions thereof) to be encrypted may be dictated by a determined cryptographic formula 840. Several layers of encryption are applied as the encrypted media content is packaged for delivery to the user. These layers involve encryption of the decryption keys prior to transmission to the client and, of course, encryption of the video payload itself.
In a preferred implementation, portions of determined frames are encrypted. The portions may be from one byte to an entire frame. Each frame may include from zero to a plurality of encrypted portions. The location of an encrypted portion within a frame may be determined according to an algorithm (i.e., a determined cryptographic formula). Such an algorithm may be based upon formulae, random data, packet information, session information, media data, client information, user information and/or a combination of the foregoing. The algorithm may be hard-coded into the player software, or downloaded (in an encrypted format), in whole or in part, periodically or with each session as a rule defined by the server. Only by determining which frames contain one or more encrypted portions, determining the number of encrypted portions in each such frame, determining the location and size of each encrypted portion within each such frame, and then decrypting the portions, would security potentially be compromised. Those skilled in the art will appreciate that the last step (i.e., decrypting the portions) will preferably
require an active authenticated session and decryption of the
reconstructed key as described above, thus combining additional layers of
security.
In the Download and Store and streaming modes, the system may
require the client to be connected to the server throughout the entire
playback (for example, the entire movie) for successful playback of the
content resident on the client's disk (Download and Store mode) or being
streamed and buffered (streaming mode). If the connection is lost, or
deliberately broken, the player software preferably re-negotiates the
session, re-authenticates and continues viewing. If re-authentication is not
accomplished after a predetermined time, the player software preferably
halts playback. Alternatively, or in addition to the foregoing, a presentation
(temporal) stamp can be embedded in the cipher, thereby allowing viewing
of downloaded video after an initial authentication, with or without the
need to remain connected to the system throughout the length of the
movie, for a limited time. Upon expiration of the time stamp (a given
number of hours or days), video decryption and playback will cease.
To protect content further, the system preferably decrypts content
only for authorized playback. Storage of encrypted content may only be
allowed in the Download and Store mode. Stored content may be deleted from the client during the next connection to the server by overwriting a
zeroed file to the same location and then deleting the file. In the VOD
Streaming mode, preferably no content is stored except for in the frame
buffer. Even if encrypted content is somehow extracted from the client
playback, unauthorized decryption may not be feasible because
encryption is a dynamic process requiring cooperation between server and
client.
The player preferably decrypts the media (i.e., digital content),
decompresses (i.e., decodes) it and passes it directly to a renderer 860,
which may send the media directly to the frame buffer, thereby deterring
'frame sample' ripping. This also allows for a high quality image by
eliminating color translation.
Those skilled in the art will appreciate that the exemplary
methodology was designed to discourage attacks by sophisticated
amateur hackers and to make it difficult and expensive for professional
hackers to break the security of the system and extract a clean video
payload. Concomitantly, the exemplary encryption methodology was
designed to minimize the processing and latency overheads frequently
associated with encryption technologies, making the system scalable and
providing a pleasant user experience by eliminating unnecessary delays in
the playback of the media content. While the invention has been described in terms of its preferred embodiments, those skilled in the art will recognize that the invention can be practiced with modifications within the spirit and scope of the foregoing detailed description. Such alternative embodiments and implementations are intended to come within the scope of the present invention.

Claims

Having thus described the present invention, what is claimed as new and desired to be secured by Letters Patent is as follows: 1. A digital content security method comprising steps of encrypting a portion of a digital content payload, encrypting a first key required for decryption of the digital content payload, fragmenting the encrypted first key into a plurality of encrypted first key fragments, and embedding the encrypted first key fragments in determined locations of the payload.
2. A digital content security method according to claim 1 , further comprising a step of providing a second key for decrypting the encrypted first key.
3. A digital content security method according to claim 2, further comprising dynamically assigning a port for a session.
4. A digital content security method according to claim 3, further comprising a step of providing a third key.
5. A digital content security method according to claim 4, wherein the second key, as provided, is encrypted using the third key.
6. A digital content security method according to claim 5, wherein the portion of the digital content payload that is encrypted is comprised of determined frames that comprise portions of the digital content payload.
7. A digital content security method according to claim 5, wherein the portion of the digital content payload that is encrypted is comprised of determined frames that comprise portions of the digital content payload.
8. A digital content security method according to claim 5, wherein the portion of the digital content payload that is encrypted is comprised of determined portions of determined frames that comprise portions of the digital content payload.
9. A digital content security method according to claim 8, wherein the determined frames and the determined portions of the determined frames are determined according to a determination means comprised of means from the group consisting of: a formula, random data, packet information, session information, media data, client information, and user information.
10. A digital content security method according to claim 8, wherein the determined portions of determined frames are one determined portion per determined frame.
11. A digital content security method comprising steps of encrypting a portion of a digital content payload, encrypting a first key required for decryption of the digital content payload, fragmenting the encrypted first key into a plurality of encrypted first key fragments, embedding the encrypted first key fragments in determined locations of the payload, and communicating the payload with the encrypted portions and the encrypted first key fragments in determined locations from a computer server to a client computer.
12. A digital content security method according to claim 11 , further comprising a step of providing a second key for decrypting the encrypted first key.
13. A digital content security method according to claim 12, further comprising dynamically assigning a port for communication of the payload with the encrypted portions and the encrypted first key fragments in determined locations from a computer server to a client computer.
14. A digital content security method according to claim 13, further comprising a step of providing a third key.
15. A digital content security method according to claim 14, wherein the second key, as provided, is encrypted using the third key.
16. A digital content security method according to claim 15, wherein the portion of the digital content payload that is encrypted is comprised of determined frames that comprise portions of the digital content payload.
17. A digital content security method according to claim 15, wherein the portion of the digital content payload that is encrypted is comprised of determined frames that comprise portions of the digital content payload.
18. A digital content security method according to claim 15, wherein the portion of the digital content payload that is encrypted is comprised of determined portions of determined frames that comprise portions of the digital content payload.
19. A digital content security method according to claim 18, wherein the determined frames and the determined portions of the determined frames are determined according to a determination means comprised of means from the group consisting of: a formula, random data, packet information, session information, media data, client information, and user information.
20. A digital content security method according to claim 18, further comprising a step of authenticating a communication session between the computer server and the client computer, monitoring status of the session and disabling access to the first key, second key or third key if the session becomes inactive or unauthenticated.
PCT/US2003/023880 2002-07-30 2003-07-30 Digital content security system and method WO2004012378A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003268037A AU2003268037A1 (en) 2002-07-30 2003-07-30 Digital content security system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US60/339,846 2001-11-16
US33984602P 2002-07-30 2002-07-30

Publications (2)

Publication Number Publication Date
WO2004012378A2 true WO2004012378A2 (en) 2004-02-05
WO2004012378A3 WO2004012378A3 (en) 2004-05-27

Family

ID=31188245

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/023880 WO2004012378A2 (en) 2002-07-30 2003-07-30 Digital content security system and method

Country Status (2)

Country Link
AU (1) AU2003268037A1 (en)
WO (1) WO2004012378A2 (en)

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007045746A1 (en) * 2005-10-21 2007-04-26 Centre National De La Recherche Scientifique-Cnrs Method for secure transmission of data
US8917872B2 (en) 2011-07-06 2014-12-23 Hewlett-Packard Development Company, L.P. Encryption key storage with key fragment stores
US10856020B2 (en) 2011-09-01 2020-12-01 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US10880620B2 (en) 2013-05-31 2020-12-29 Divx, Llc Playback synchronization across playback devices
US10893305B2 (en) 2014-04-05 2021-01-12 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US10904594B2 (en) 2016-05-24 2021-01-26 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US10917449B2 (en) 2013-03-15 2021-02-09 Divx, Llc Systems, methods, and media for delivery of content
US10931982B2 (en) 2011-08-30 2021-02-23 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US10979782B2 (en) 2012-08-31 2021-04-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US10992955B2 (en) 2011-01-05 2021-04-27 Divx, Llc Systems and methods for performing adaptive bitrate streaming
US11012641B2 (en) 2003-12-08 2021-05-18 Divx, Llc Multimedia distribution system for multimedia files with interleaved media chunks of varying types
US11017816B2 (en) 2003-12-08 2021-05-25 Divx, Llc Multimedia distribution system
US11044502B2 (en) 2016-05-24 2021-06-22 Divx, Llc Systems and methods for providing audio content during trick-play playback
US11050808B2 (en) 2007-01-05 2021-06-29 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11064235B2 (en) 2016-06-15 2021-07-13 Divx, Llc Systems and methods for encoding video content
US11102553B2 (en) 2009-12-04 2021-08-24 Divx, Llc Systems and methods for secure playback of encrypted elementary bitstreams
US11115450B2 (en) 2011-08-31 2021-09-07 Divx, Llc Systems, methods, and media for playing back protected video content by using top level index file
USRE48748E1 (en) 2011-06-29 2021-09-21 Divx, Llc Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
USRE48761E1 (en) 2012-12-31 2021-09-28 Divx, Llc Use of objective quality measures of streamed content to reduce streaming bandwidth
US11134115B2 (en) 2015-02-27 2021-09-28 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11178435B2 (en) 2011-09-01 2021-11-16 Divx, Llc Systems and methods for saving encoded media streamed using adaptive bitrate streaming
US11178200B2 (en) 2013-12-30 2021-11-16 Divx, Llc Systems and methods for playing adaptive bitrate streaming content by multicast
US11190497B2 (en) 2011-08-31 2021-11-30 Divx, Llc Systems and methods for application identification
US11245938B2 (en) 2014-08-07 2022-02-08 Divx, Llc Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
US11272232B2 (en) 2013-05-31 2022-03-08 Divx, Llc Synchronizing multiple over the top streaming clients
US11343300B2 (en) 2017-02-17 2022-05-24 Divx, Llc Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
US11349892B2 (en) 2015-01-06 2022-05-31 Divx, Llc Systems and methods for encoding and sharing content between devices
US11438394B2 (en) 2012-12-31 2022-09-06 Divx, Llc Systems, methods, and media for controlling delivery of content
US11457054B2 (en) 2011-08-30 2022-09-27 Divx, Llc Selection of resolutions for seamless resolution switching of multimedia content
US11470405B2 (en) 2013-05-30 2022-10-11 Divx, Llc Network video streaming with trick play based on separate trick play files
US11495266B2 (en) 2007-11-16 2022-11-08 Divx, Llc Systems and methods for playing back multimedia files incorporating reduced index structures
US11526582B2 (en) 2012-01-06 2022-12-13 Divx, Llc Systems and methods for enabling playback of digital content using status associable electronic tickets and ticket tokens representing grant of access rights
US11539780B2 (en) 2016-03-30 2022-12-27 Divx, Llc Systems and methods for quick start-up of playback
US11825142B2 (en) 2019-03-21 2023-11-21 Divx, Llc Systems and methods for multimedia swarms
US11849112B2 (en) 2013-03-15 2023-12-19 Divx, Llc Systems, methods, and media for distributed transcoding video data
US11886545B2 (en) 2006-03-14 2024-01-30 Divx, Llc Federated digital rights management scheme including trusted systems

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4803725A (en) * 1985-03-11 1989-02-07 General Instrument Corp. Cryptographic system using interchangeable key blocks and selectable key fragments
US5937067A (en) * 1996-11-12 1999-08-10 Scientific-Atlanta, Inc. Apparatus and method for local encryption control of a global transport data stream
US6185685B1 (en) * 1997-12-11 2001-02-06 International Business Machines Corporation Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
US6266416B1 (en) * 1995-07-13 2001-07-24 Sigbjoernsen Sigurd Protection of software against use without permit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4803725A (en) * 1985-03-11 1989-02-07 General Instrument Corp. Cryptographic system using interchangeable key blocks and selectable key fragments
US6266416B1 (en) * 1995-07-13 2001-07-24 Sigbjoernsen Sigurd Protection of software against use without permit
US5937067A (en) * 1996-11-12 1999-08-10 Scientific-Atlanta, Inc. Apparatus and method for local encryption control of a global transport data stream
US6185685B1 (en) * 1997-12-11 2001-02-06 International Business Machines Corporation Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DI CRESCENZO G. ET AL.: 'Efficiently providing secure multimedia conferencing in SEC' IEEE May 2002, pages 2479 - 2483, XP010589927 *
JENNIFER DISABATINO: 'New virus targets, encrypts.exe files' COMPUTERWORLD vol. 35, no. 36, 03 September 2001, page 6, XP002975203 *
ZEHNG Y.: 'Compact and unforgeable key establishment over an ATM network' IEEE 09 December 1997, pages 411 - 418, XP000852019 *

Cited By (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11509839B2 (en) 2003-12-08 2022-11-22 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11159746B2 (en) 2003-12-08 2021-10-26 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11297263B2 (en) 2003-12-08 2022-04-05 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11355159B2 (en) 2003-12-08 2022-06-07 Divx, Llc Multimedia distribution system
US11017816B2 (en) 2003-12-08 2021-05-25 Divx, Llc Multimedia distribution system
US11735227B2 (en) 2003-12-08 2023-08-22 Divx, Llc Multimedia distribution system
US11012641B2 (en) 2003-12-08 2021-05-18 Divx, Llc Multimedia distribution system for multimedia files with interleaved media chunks of varying types
WO2007045746A1 (en) * 2005-10-21 2007-04-26 Centre National De La Recherche Scientifique-Cnrs Method for secure transmission of data
US8374340B2 (en) 2005-10-21 2013-02-12 Centre National De La Recherche Scientifique-Cnrs Method for secure transmission of data
FR2892583A1 (en) * 2005-10-21 2007-04-27 Centre Nat Rech Scient SECURE DATA TRANSMISSION METHOD
US11886545B2 (en) 2006-03-14 2024-01-30 Divx, Llc Federated digital rights management scheme including trusted systems
US11706276B2 (en) 2007-01-05 2023-07-18 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11050808B2 (en) 2007-01-05 2021-06-29 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11495266B2 (en) 2007-11-16 2022-11-08 Divx, Llc Systems and methods for playing back multimedia files incorporating reduced index structures
US11102553B2 (en) 2009-12-04 2021-08-24 Divx, Llc Systems and methods for secure playback of encrypted elementary bitstreams
US11638033B2 (en) 2011-01-05 2023-04-25 Divx, Llc Systems and methods for performing adaptive bitrate streaming
US10992955B2 (en) 2011-01-05 2021-04-27 Divx, Llc Systems and methods for performing adaptive bitrate streaming
USRE48748E1 (en) 2011-06-29 2021-09-21 Divx, Llc Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
US8917872B2 (en) 2011-07-06 2014-12-23 Hewlett-Packard Development Company, L.P. Encryption key storage with key fragment stores
US11611785B2 (en) 2011-08-30 2023-03-21 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US11457054B2 (en) 2011-08-30 2022-09-27 Divx, Llc Selection of resolutions for seamless resolution switching of multimedia content
US10931982B2 (en) 2011-08-30 2021-02-23 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US11716371B2 (en) 2011-08-31 2023-08-01 Divx, Llc Systems and methods for automatically generating top level index files
US11115450B2 (en) 2011-08-31 2021-09-07 Divx, Llc Systems, methods, and media for playing back protected video content by using top level index file
US11190497B2 (en) 2011-08-31 2021-11-30 Divx, Llc Systems and methods for application identification
US11870758B2 (en) 2011-08-31 2024-01-09 Divx, Llc Systems and methods for application identification
US11683542B2 (en) 2011-09-01 2023-06-20 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US11178435B2 (en) 2011-09-01 2021-11-16 Divx, Llc Systems and methods for saving encoded media streamed using adaptive bitrate streaming
US10856020B2 (en) 2011-09-01 2020-12-01 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US11526582B2 (en) 2012-01-06 2022-12-13 Divx, Llc Systems and methods for enabling playback of digital content using status associable electronic tickets and ticket tokens representing grant of access rights
US11528540B2 (en) 2012-08-31 2022-12-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US10979782B2 (en) 2012-08-31 2021-04-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US11785066B2 (en) 2012-12-31 2023-10-10 Divx, Llc Systems, methods, and media for controlling delivery of content
US11438394B2 (en) 2012-12-31 2022-09-06 Divx, Llc Systems, methods, and media for controlling delivery of content
USRE48761E1 (en) 2012-12-31 2021-09-28 Divx, Llc Use of objective quality measures of streamed content to reduce streaming bandwidth
US10917449B2 (en) 2013-03-15 2021-02-09 Divx, Llc Systems, methods, and media for delivery of content
US11849112B2 (en) 2013-03-15 2023-12-19 Divx, Llc Systems, methods, and media for distributed transcoding video data
US11470405B2 (en) 2013-05-30 2022-10-11 Divx, Llc Network video streaming with trick play based on separate trick play files
US11272232B2 (en) 2013-05-31 2022-03-08 Divx, Llc Synchronizing multiple over the top streaming clients
US10880620B2 (en) 2013-05-31 2020-12-29 Divx, Llc Playback synchronization across playback devices
US11765410B2 (en) 2013-05-31 2023-09-19 Divx, Llc Synchronizing multiple over the top streaming clients
US11178200B2 (en) 2013-12-30 2021-11-16 Divx, Llc Systems and methods for playing adaptive bitrate streaming content by multicast
US11711552B2 (en) 2014-04-05 2023-07-25 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US10893305B2 (en) 2014-04-05 2021-01-12 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US11245938B2 (en) 2014-08-07 2022-02-08 Divx, Llc Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
US11349892B2 (en) 2015-01-06 2022-05-31 Divx, Llc Systems and methods for encoding and sharing content between devices
US11711410B2 (en) 2015-01-06 2023-07-25 Divx, Llc Systems and methods for encoding and sharing content between devices
US11134115B2 (en) 2015-02-27 2021-09-28 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11824912B2 (en) 2015-02-27 2023-11-21 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11539780B2 (en) 2016-03-30 2022-12-27 Divx, Llc Systems and methods for quick start-up of playback
US11044502B2 (en) 2016-05-24 2021-06-22 Divx, Llc Systems and methods for providing audio content during trick-play playback
US10904594B2 (en) 2016-05-24 2021-01-26 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US11546643B2 (en) 2016-05-24 2023-01-03 Divx, Llc Systems and methods for providing audio content during trick-play playback
US11895348B2 (en) 2016-05-24 2024-02-06 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US11729451B2 (en) 2016-06-15 2023-08-15 Divx, Llc Systems and methods for encoding video content
US11483609B2 (en) 2016-06-15 2022-10-25 Divx, Llc Systems and methods for encoding video content
US11064235B2 (en) 2016-06-15 2021-07-13 Divx, Llc Systems and methods for encoding video content
US11343300B2 (en) 2017-02-17 2022-05-24 Divx, Llc Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
US11825142B2 (en) 2019-03-21 2023-11-21 Divx, Llc Systems and methods for multimedia swarms

Also Published As

Publication number Publication date
WO2004012378A3 (en) 2004-05-27
AU2003268037A1 (en) 2004-02-16
AU2003268037A8 (en) 2004-02-16

Similar Documents

Publication Publication Date Title
US20040022391A1 (en) Digital content security system and method
WO2004012378A2 (en) Digital content security system and method
JP6921075B2 (en) Secure hierarchical encryption of data streams
EP1944905B1 (en) An encrypted transmission method and equipment system for preventing copying the data resource
US7376624B2 (en) Secure communication and real-time watermarking using mutating identifiers
US7383438B2 (en) System and method for secure conditional access download and reconfiguration
EP1913774B1 (en) Multimedia data protection
US8223969B2 (en) Methods and systems for secure distribution of subscription-based game software
CN100592312C (en) Digital literary property protection method, system, user equipment and multimedia server
US20060200415A1 (en) Videonline security network architecture and methods therefor
LV13618B (en) Process and streaming server for encrypting a data stream to a virtual smart card client system
WO2008085917A2 (en) Token passing technique for media playback devices
US8417937B2 (en) System and method for securely transfering content from set-top box to personal media player
AU2010276315A1 (en) Off-line content delivery system with layered encryption
CN101841411A (en) Data resource anti-copying encrypted transmission method and device system
KR101810904B1 (en) Video protection system
EP2071801B1 (en) Method and apparatus for securing content using client and session specific encryption with embedded key in content
JP2002204228A (en) Device and method for distributing contents, and program and device for downloading contents
CN117857852A (en) Method and device for preventing video downloading
JP2004252966A (en) Content delivery system
JP2001268067A (en) Key recovery method and key management system
JP2004064783A (en) Apparatus and method for making safe distributed network
KR20060010860A (en) System and method for secure multimedia contents streaming service
WO2007113787A2 (en) Certificate implementation system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PG PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP