Recherche Images Maps Play YouTube Actualités Gmail Drive Plus »
Connexion
Les utilisateurs de lecteurs d'écran peuvent cliquer sur ce lien pour activer le mode d'accessibilité. Celui-ci propose les mêmes fonctionnalités principales, mais il est optimisé pour votre lecteur d'écran.

Brevets

  1. Recherche avancée dans les brevets
Numéro de publicationWO2006051043 A1
Type de publicationDemande
Numéro de demandePCT/EP2005/055613
Date de publication18 mai 2006
Date de dépôt27 oct. 2005
Date de priorité10 nov. 2004
Numéro de publicationPCT/2005/55613, PCT/EP/2005/055613, PCT/EP/2005/55613, PCT/EP/5/055613, PCT/EP/5/55613, PCT/EP2005/055613, PCT/EP2005/55613, PCT/EP2005055613, PCT/EP200555613, PCT/EP5/055613, PCT/EP5/55613, PCT/EP5055613, PCT/EP555613, WO 2006/051043 A1, WO 2006051043 A1, WO 2006051043A1, WO-A1-2006051043, WO2006/051043A1, WO2006051043 A1, WO2006051043A1
InventeursAlain Durand, Yan-Mei Tang-Talpin
DéposantThomson Licensing
Exporter la citationBiBTeX, EndNote, RefMan
Liens externes:  Patentscope, Espacenet
Method for securely binding content protection information to a content and method for verifying this binding
WO 2006051043 A1
Résumé
The invention introduces a solution to ensure the secure binding between Content Protection Information associated to a content and this content, using authentication mechanism. The content source (20, 21 , 23, 24) embeds a watermark value in the content, this value being different for each piece of content. Then, the content source authenticates the watermark value together with the Content Protection Information by computing a signature or a MAC (Message Authentication Code) on both CPI and watermark value. Next, the content source can broadcast the watermarked content, the CPI and the authentication item (MAC or signature). When a compliant device receives the content, it extracts the watermark value from the content and checks the validity of the authentication item. If the check fails (meaning the content has been tampered), the device refuses the content; otherwise the content is consumed according to the usage rules indicated in the CPI.
Revendications  (Le texte OCR peut contenir des erreurs.)
1. Method for securely binding Content Protection Information (CPI) to a content to which this CPI relates comprising the steps of: embedding at a content source (10, 14, 20, 21 , 30, 31 ) a watermark value in the content, the watermark value being unique for each content or having a low probability of being common to another content; generating at the content source an authentication item from the CPI and the watermark value; and transmitting the watermarked content together with the CPI and the authentication item from the content source to at least one receiving device (16, 26, 35).
2. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key (KPRI) of the content source (10, 14, 30, 31 ).
3. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of a key management authority (24) in charge of generating the CPI for the content source.
4. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a Message Authentication Code on the CPI and the watermark value using a key shared between the content source and any compliant receiving device.
5. Method according to one of claims 1 to 4, wherein the watermark value is transmitted together with the CPI or within the CPI during the step of transmitting the watermarked content.
6. Method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a receiving device (16, 26) from a content source (10, 14, 20, 21 , 23) comprising the steps of: detecting a watermark value in the received content; verifying the validity of an authentication item attached to the content using the detected watermark value and the CPI; and rendering the content in case of successful verification.
7. Method according to claim 7, wherein the watermark value is furthermore contained in the CPI received with the content and wherein the step of verifying the validity of the authentication item is performed using the CPI and the watermark value contained in the CPI, the method further comprising, before the step of rendering the content, a step of: verifying that the watermark value detected in the received content matches the watermark value contained in the CPI.
8. Method according to one of claims 6 or 7, wherein the authentication item is a signature and the step of verifying the signature is performed using a public key (KPUB) of the content source (10, 14, 20, 21 , 23, 24, 33).
9. Method according to one of claims 6 or 7, wherein the authentication item is a Message Authentication code (MAC) and the step of verifying the MAC is performed using a key shared between the content source and any compliant receiving device.
10. Method according to one of claims 6 or 7, wherein the receiving device (35) is an acquisition device in a given domain (40) whose devices (35, 36,
37) share a common network key, the method further comprising, instead of rendering the content, the steps of: computing a Message Authentication code (MAC) on the CPI and the watermark value using the network key; and replacing the authentication item by the computed MAC or appending the MAC to the authentication item before broadcasting the content within the domain (40).
11. Method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a presentation device (36,
37) belonging to a given domain (40) whose devices (35, 36, 37) share a common network key, comprising the steps of: detecting a watermark value in the received content; verifying the validity of Message Authentication code (MAC) attached to the content using the detected watermark value, the CPI and the network key; and rendering the content in case of successful verification.
Description  (Le texte OCR peut contenir des erreurs.)

Method for securely binding content protection information to a content and method for verifying this binding

Field of the invention The present invention relates to the field of content protection and more particularly to a method for securely binding content protection information to a content to which this information relates and a method for verifying this binding.

Background art Content protection aims at enforcing usage rules associated to a given piece of content. The usage rules indicate the usage permission (e.g. accessing, copying, rendering the content), the authorized users (e.g. a device, a person, a group of persons), and other information like the usage constraints (e.g. N hours, N times), etc. Enforcement of these usage rules relies on content scrambling. For example, a given content may be protected by scrambling (also known as encryption or ciphering). In this case, the content can be descrambled only after usage rules associated to the content have been verified and only authorized parties have the relevant keys to descramble the content.

The terms Content Protection Information (CPI) as used in the present description encompass usage rules related to the content as well as data (e.g. keys) used to protect the content (e.g. by scrambling).

In most systems, the usage rules are bound to a content using cryptographic operation. The content is for example scrambled with a key (K) unique to this content. The Content Protection Information (CPI) is the key K together with the usage rules encrypted with another key (LK). This key LK is shared between the content provider and authorized users. Then, the scrambled content EK(Content) and the CPI = ELK(Usage Rules, K) are provided to users. Only the users who have the key LK can retrieve the key K from the CPI to descramble the content. In DRM systems ("DRM" standing for "Digital Rights Management"), the

Content Protection Information corresponds for example to the License. In CA systems ("CA" standing for "Conditional Access"), the CPI corresponds for example to the Entitlement Management Message (EMM) and the Entitlement Control Message (ECM). In these systems, only users who have acquired the corresponding license or EMM/ECM, can consume the content.

Pre-recorded media, such as DVD (standing for "Digital Versatile Discs"), also contain encrypted content and usage rules. DVD CSS (DVD Content Scrambling System) specifications define for example the content protection system for DVD-ROMs. In this system, the content is scrambled using a Title Key, which is itself encrypted by a Disk Key. Here, the CPI is called the Secured Disk Key Set that contains the Disk Key encrypted by a set of Player Keys. Compliant players which have the Player Keys can retrieve the Disc Key and finally descramble the content.

New content protection systems for prerecorded or recordable media, for example AACS (Advanced Access Content System), CPPM (Content Protection for Prerecorded Media) or CPRM (Content Protection for Recordable Media) use a revocation mechanism based on broadcast encryption. The mechanism of "broadcast encryption" has been described in "A. Fiat and M. Naor, Broadcast Encryption, Advances in Cryptology, CRYPTO '93, Lecture Notes in Computer Science 773, Springer, 1994, pp. 480 — 491". In this kind of system, each compliant device is given a set of keys {DeviceKi} among which some are shared by many devices and at least one is known by only this device. The content is scrambled with a Title Key, which itself can be built based on a Media Key (MK) and this Media Key is transported in a Media Key Block (MKB) that contains the encryption of MK using different device keys DeviceKi. The Media Key Block MKB is built in such a way that only non-revoked players can retrieve the Media Key with their device keys. Here, MKB represents the Content Protection Information and it is stored on the media (a disc for example) with the scrambled content. In this case, the default usage permission is "playback" or "record" and the usage rules are implicit: either a device is not revoked and has the right device keys to retrieve MK from MKB (the device is therefore authorized to playback or record the content) or a device is revoked and its device keys DeviceKi do not allow to retrieve MK from MKB (the device is therefore not authorized to playback or record the content).

Free-to-air content is an exception since the content is not scrambled. There are however some requirements to bind usages rules to free-to-air content. For example the U.S. Federal Communications Commission (FCC) has required that a "Broadcast Flag" be used to prevent unauthorized, indiscriminate Internet redistribution of digital broadcast content. If usage rules (such as the "Broadcast Flag") are transported in the clear in the broadcast stream, the security is only based on the trust that receivers will obey some compliance rules. For this kind of content, the CPI corresponds to the usage rules.

In the systems previously disclosed, the binding between the Content Protection Information and the content may be broken if the keys (e.g. device keys in systems using broadcast encryption) are compromised. For example, once one or several sets (depending on the used broadcast encryption scheme) of device keys has (have) been published, it is easy to build a fake MKB that every legacy device (revoked or not) will be able to process. It is also possible for an attacker who obtains the device keys DeviceKi of his device to retrieve the key MK from the MKB included in one disc. Using this key MK, the attacker can get the clear content of the disc. Then, using an old MKB' (e.g. a Media Key Block created when no device was revoked) and its corresponding key MK', he can build an illegal disc with the same content protected thanks to the MK' and containing the MKB'. This illegal disc can be played back by any compliant device, even the ones currently revoked, which are not able to play the original disc containing the MKB

This opens security holes because a professional attacker may be able to build an illegal distribution channel. Similar attacks can be conducted on DVD CSS, DRM or CA systems.

For free-to-air content, some systems require the usage rules to be protected in integrity. A basic solution would be that free-to-air broadcasters sign the usage rules. However, this is not satisfactory since the signed usage rules could be associated with any content. A second solution would be to sign together the usage rules and the content. This would be very inefficient since video files may be huge and generating or verifying the signature would be very long. Furthermore, this would not be adapted to streamed content since one should first have the entire content before being able to verify the signature.

Solutions exist were the signature of a file is checked step-by-step (as described for example in patent application WO 03/017213) but they are still not adapted to free-to-air content. Actually, in order to use these solutions, one should have the file from the beginning in order be able to check its signature. This kind of solutions is not adapted because it would not allow a random access to the content.

Summary of the invention The invention introduces a solution to ensure the secure binding between Content Protection Information associated to a content and this content, using authentication mechanism.

The content source embeds a watermark value in the content, this value being different for each piece of content. A piece of content may be a film, a TV program, a song, a software application, a picture, etc. The watermark value may be a random number (or more precisely, a pseudo-random number) or a content identifier uniquely identifying the piece of content. Practically, the watermark value used for one piece of content should have a low probability of being identical to another watermark value used for a different piece of content. For example the probability to have two identical values watermarked in two different pieces of content should be bellow 10%. This probability is defined by the content source and is a compromised between costs and security.

Then, the content source authenticates the watermark value together with the Content Protection Information (the CPI being for example the MKB in systems using broadcast encryption or the usage rules in free-to-air systems) by computing a signature or a MAC (Message Authentication Code) on both CPI and watermark value. In case of signature, the latter is computed using a private key of the content source and the signature may be verified with a corresponding public key of the content source thanks to standard PKI (Public Key Infrastructure) techniques. In case of MAC computation, a symmetric key shared by the content source and the compliant devices able to receive the content is used to compute the MAC and to verify the MAC.

After that, the content source can broadcast the watermarked content, the CPI and the authentication item (MAC or signature).

It should be noted that the content source may be a single entity but it may also comprise several different entities, each having a specific function, for example a first entity generating the content, a second entity embedding the watermark in the content, a third entity computing the authentication item (signature or MAC) and still another entity broadcasting the content. Of course, a content source may also comprise only two or three entities, each entity carrying out one or more of the above-cited functions.

When a compliant device receives the content, it first retrieves the clear content using the CPI (e.g. MKB in broadcast encryption systems) in case the content is scrambled. Then it extracts the watermark value from the content and then, it checks the validity of the authentication item. If the check fails (meaning the content has been tampered), the device refuses the content, otherwise the content is consumed according to the usage rules indicated in the CPI. The validity of the authentication item ensures that the CPI (e.g. the usage rules) associated to the content are indeed issued by the content source. This prevents the attack described in the background art.

More precisely, a first aspect of the invention is a method for securely binding Content Protection Information (CPI) to a content to which this CPI relates comprising the steps of: embedding at a content source a watermark value in the content, the watermark value being unique for each content or having a low probability of being common to another content; generating at the content source an authentication item from the CPI and the watermark value; and transmitting the watermarked content together with the CPI and the authentication item from the content source to at least one receiving device. According to specific characteristics of this method:

- the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of the content source;

- the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of a key management authority in charge of generating the CPI for the content source; - the step of generating an authentication item comprises computing a

Message Authentication Code on the CPI and the watermark value using a key shared between the content source and any compliant receiving device;

- the watermark value is transmitted together with the CPI or within the CPI during the step of transmitting the watermarked content. The invention relates, according to a second aspect to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a receiving device from a content source comprising the steps of: detecting a watermark value in the received content; verifying the validity of an authentication item attached to the content using the detected watermark value and the CPI; and rendering the content in case of successful verification. In a preferred embodiment, the watermark value is furthermore contained in the CPI received with the content and the step of verifying the validity of the authentication item is performed using the CPI and the watermark value contained in the CPI, the method further comprising, before the step of rendering the content, a step of verifying that the watermark value detected in the received content matches the watermark value contained in the CPI.

According to particular characteristics of this method: - the authentication item is a signature and the step of verifying the signature is performed using a public key of the content source;

- the authentication item is a Message Authentication code (MAC) and the step of verifying the MAC is performed using a key shared between the content source and any compliant receiving device. In another particular embodiment, the receiving device is an acquisition device in a given domain whose devices share a common network key and the method further comprises, instead of rendering the content, the steps of: computing a Message Authentication code (MAC) on the CPI and the watermark value using the network key; and replacing the authentication item by the computed MAC or appending the MAC to the authentication item before broadcasting the content within the domain.

The invention further relates, according to a third aspect, to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a presentation device belonging to a given domain whose devices share a common network key, comprising the steps of: detecting a watermark value in the received content; verifying the validity of Message Authentication code (MAC) attached to the content using the detected watermark value, the CPI and the network key; and rendering the content in case of successful verification.

Brief description of the drawings

The various features of the present invention and its preferred embodiments will now be better understood by referring to the following description and the accompanying drawings in which:

Fig. 1 illustrates a first embodiment of the invention for a free-to-air content;

Fig. 2 illustrates a second embodiment of the invention for a content protected by broadcast encryption mechanism;

Fig. 3 shows a third exemplary embodiment of the invention for a content protected by a CA or a DRM system.

The following description and the drawings are set forth as example only and should not be understood to represent limitations upon the scope of the present invention.

Description of the preferred embodiments of the invention

In order to embed a watermark value in the content, known watermarking techniques can be used. It should only be noted that the watermarking technique chosen should allow the insertion of a payload.

The watermark value can only be inserted by the content source and it may only be extracted or detected by compliant devices.

In case a symmetric watermarking technique is used, this means that the content source and the compliant devices share a secret which allow to insert and to detect the watermark value. Of course, this secret is embedded within a secure memory of the compliant devices. Fig. 1 illustrates a first embodiment of the invention where free-to-air contents, such as TV programs, from a content provider 10, are broadcast by a broadcaster 14 and are received by at least one receiver 16 (such as a television set or a set-top box connected to a display device). In Fig. 1 , we have represented functional entities which may be implemented by hardware devices (such as servers, computers ...), hardware modules, software modules (e.g. applications running on servers) or by any combination of these elements as is well known to the ones skilled in the art. In this embodiment, the content source comprises two entities: the content provider 10 and the broadcaster 14. As explained previously, in some cases, the content provider or the broadcaster may define particular usages rules associated to a given piece of content. For example, the presence of a Broadcast Flag in the content means that this content should be protected before any transmission; another example of usage rule is "View N hours" authorizing the rendering of the content during a specified time period.

These usage rules, which are one possible category of Content Protection Information, are securely bound to the content to which they refer thanks to the invention.

To this end, a watermark inserter 12, which is a secure module linked to the content provider or inserted within the content provider, embeds a watermark value R within the content. This watermark value R may be a number generated by a pseudo-random generator (included in the content provider 10 or in the watermark inserter 12) or may be a unique content identifier associated with the content. The watermark value should be unique for each content. In practice, the content provider 10 or the broadcaster 14 defines the acceptable probability to have two identical watermark values for two different contents depending on the level of security required. Of course, the lower the probability is, the highest the security level is.

Then the watermarked content is passed to the broadcaster 14 which signs the content usage rules together with the embedded watermark value R in order to constitute a license. This license will be necessary for a legacy device to consume the content. This license guarantees the integrity and the origin of the usage rules. It is unique to that piece of content since every content will embed a different watermark value R. The signature is computed in a cryptographic module of the broadcaster 14 for example by applying a signature scheme based on RSA PKCS#1 v2.1 public key cryptography standard. The broadcaster uses a private key KPRI to calculate the signature. This private key KPRI is provided by a Key Management Authority 15 which is a trusted third party generating pairs of private/public keys in a Public Key Infrastructure (PKI) according to known techniques.

The broadcaster 14 then broadcasts data as follows:

R) | WM(Content, R) | UsageRules

were "SignKpRi" represents a signature calculated with a private key KPRI, R is the watermark value and "WM(Content, R)" represents the content watermarked with the value R.

In an alternative embodiment, the signature of both usage rules and watermark value may be calculated by the content provider and transmitted, with the watermarked content, to the broadcaster. In this case, the content provider obtains the key KPRI from the Key Management Authority 15.

In another alternative embodiment, the watermark inserter 12' may be linked or be part of the broadcaster 14. In this case, the content is passed "as is" from the content provider to the broadcaster (i.e. without watermark value and signature) and the broadcaster, using the watermark inserter 12', inserts the watermark value R within the content and signs the watermark value together with the usage rules to generate a license SignκpRi(t/sagef?w/es, R).

In still another alternative embodiment, the watermark value R is broadcast with the usage rules, the license and the watermarked content.

When the broadcast content is received by a legacy device 16, the latter first extracts the watermark value R from the content using a watermark detector 18, which is linked to the receiver or is part of the latter. Then it verifies the signature using a public key KPUB corresponding to the private key KPRI and provided by the Key Management Authority (for example in the form of a certificate prestored in the receiver 16).

The signature may be verified using a function:

VerifSignκpuB (SignκpRi(C/sagef?u/es, R), UsageRules, R) which returns a Boolean value indicating whether the signature is valid or not valid.

In case the signature is found invalid, which means that the usage rules have been altered for example, the compliant receiver device 16 refuses to play or to render the content or to transmit it to another device (e.g. a display). Otherwise, when the signature is found valid, the content is played normally. It should be noted that in case the watermark value R is broadcast with the usage rules, the license and the watermarked content, the verification of the signature can be made in parallel, or even before, the detection of the watermark value in the content. In case the signature is found valid, it is further checked that the watermark value detected in the content actually matches the watermark value broadcast with the watermarked content.

Fig. 2 shows an implementation of the invention for content protected with broadcast encryption mechanism.

In the example shown on Fig. 2, the content source comprises the following entities:

- a content provider 20 which generates the content or supplies the original content; - a watermark inserter 22, being linked to the content provider 20 (or being part of it) which watermarks the content with a watermark value R. This watermark insertion module 22 is similar to the watermark inserter 12 of Fig. 1 described previously;

- an Authoring Facility 21 which is in charge of editing the content. For example, in case the content is a film, this entity adds subtitles, different language versions of the sound, etc. In an alternative embodiment, the insertion of the watermark value R in the content is made at the Authoring Facility thanks to a watermark inserter 22' linked to (or included in) the Authoring Facility 21 ;

- a Mastering Facility 23 which stamps discs 25 with the content received from the Authoring Facility 21.. This Mastering Facility is able to communicate securely with a Key Management Authority 24 as will be explained bellow.

As mentioned previously for Fig. 1 , the functional entities that are shown on Fig. 2 may be implemented by hardware devices / modules or software modules or by any combination of these elements.

In the embodiment shown on Fig. 2, the original content is first watermarked with a value R (random, pseudo-random or unique content identifier number) at the content provider 20 or at the Authoring Facility 21. As previously discussed in the first embodiment, the value R should have a low probability of being common for two different contents, this probability being defined by the content provider.

The watermarked content together with the watermark value R are transmitted by the Authoring Facility 21 to the Mastering Facility 23. Then, the Mastering Facility 23 sends R to the Key Management Authority 24 and receives from the Key Management Authority the Media Key Block MKB representing the Content Protection Information relating to the content and a signature of MKB and R.

As mentioned previously in the background art, the MKB contains a Media Key MK encrypted using different device keys DeviceKi of devices which have not been revoked at the time the MKB is generated. The Key Management Authority 24 generates first the key MK and then encrypts this key MK with a number of DeviceKi according to the known "broadcast encryption" technique to build a MKS. Then the Key Management Authority calculates a signature on both the MKB and the value R: Sign (MKB, R). This signature is calculated in the same way as the one calculated on Usage rules and R in the embodiment of Fig. 1. The Key Management Authority 24 is then able to send the key MK, the MKB and the signature Sign (MKB, R) to the Mastering Facility 23.

The Mastering Facility contains a scrambling unit (not represented) which is able, thanks to these data received from the Key Management Authority, to scramble the watermarked content (with a Unit Key wich can be built from the key MK). The Mastering Facility further contains a replicator (not shown) in charge of writing onto the discs 25 the MKB, the signature of MKB and R and the watermarked content. When a legacy player 26 receives this disc 25, it first extracts the key

MK from the MKB using its Device Key and then, thanks to the key MK, it retrieves the clear content. But, before playing the content, it extracts the watermark value R thanks to a watermark detector 27 which is preferably included in the player 26 and it verifies the validity of the signature Sign (MKB, R) contained in the disc in order to authenticate the origin of the MKB. The verification of the signature is similar as the one described in the first embodiment of Fig. 1. It should be noted that in the embodiment of Fig. 2, the signature Sign (MKB, R) is computed using a private key of the Key Management Authority and the corresponding public key is provided to the compliant/legacy player in order to verify the signature in the content read from the discs. If the verification of the signature fails, then the player stops the process and the content is not rendered to the user.

In an alternative embodiment, the Key Management Authority 24 further inserts the watermark value R in the MKB before transmitting the latter to the Mastering Facility 23. This allows verifying the signature Sign (MKB, R) in parallel with the detection of the watermark value in the content at the Player 26. Of course, in case the signature is found valid, it is further checked that the value R found in the MKB (and used to verify the signature) actually matches the watermark value detected in the content.

A further embodiment of the invention is now described with reference to Fig. 3. In this embodiment, the content is preferably protected using a DRM or a CA system. The entities involved in this embodiment are similar to those of Fig. 1 : a content provider 30 with a watermark inserter 32, a broadcaster 31 (which can be linked to a watermark inserter 32' in an alternative embodiment) and a Key Management Authority 33 which provides a private key KPRI to the entity 30 or 31 in charge of computing the signature and a public key KPUB to the verifying device (here an Acquisition devices 35).

In contrast with the embodiment of Fig.1 , here the broadcaster comprises means (cryptographic modules) to protect the content before broadcasting it. In the present embodiment, a content is broadcast in the form as follows:

License | SignKpRi(License, R) | ECwi(WM(Content, R)) were the "License", representing the Content Protection Information, contains the usage rules defined by the content provider 30 or the broadcaster 31 , and optionally the watermark value R (which can be a content identifier); "SignKpRi (License, R)" is the signature, with a private key KPRI of the content provider or the broadcaster, of the license and the value R; and

"Ecwi(WM(Content, R))" representes the content watermarked with a value R and further scrambled by control words CWi (preferably contained in the License). The value R is, as in the previous embodiments, either generated by a random or pseudo-random generator or is a unique content identifier. R should have a low probability of being common for two different contents, this probability being defined by the content provider or the broadcaster.

This kind of content can be received by a standalone device or by a device 35 usually called an acquisition device (or an access device) belonging to a domain 40 (i.e. a group of devices forming a home network of a given user). In the later case, the acquisition device 35 receives the content from the outside of the domain to transmit this content, for example via a digital bus 38, to other devices of the domain which are able to render the content and are called presentation devices 36, 37 (or presentation points). The belonging to a given domain is usually defined by the knowledge of a common network key KN.

In Fig. 3, when the acquisition device 35 of the domain 40 receives a content as shown above, it extracts the watermark value from the content (using its internal watermark detector) and verifies the validity of the signature (as explained previously) thanks to the public key KPUB of the content provider (or of the broadcaster). It should be noted that the watermark detector is optional in the acquisition device because, in an alternative embodiment, the watermark value R is initially inserted in the license broadcast with the content and the signature verification can be done using this watermark value.

If the verification of the signature succeeds, the acquisition device 35 replaces the signature by a MAC computed on both the License and the value R using the network key KN. The modified content is then broadcast on the user's domain 40 in the following form:

License | MACκN(License, R) | ECwi(WM(Content, R)) and all presentation devices 36, 37 are able to verify the validity of the MAC thanks to the network key KN that they possess. In an alternative embodiment, the MAC computed with the network key

KN on the License and the watermark value can be inserted in the content broadcast within the domain, in addition to the original signature SignKPRi(License,R).

When a presentation device 36 or 37 receives a content broadcast on the domain 40, it first recovers the control words CWi using known CA or DRM techniques. Then, it can descramble the content and extract from it the watermark value R using a preferably internal watermark detector. Knowing the value R, it is then able to verify the validity of the MAC thanks to the key KN. If the MAC is not recognized valid, then the presentation device stops and does not render the content to the user.

As in the previous embodiments of Fig. 1 and Fig. 2, it is possible to verify the signature in parallel with the watermark detection in the content in case the watermark value R is initially inserted in the license broadcast with the content. A further check is performed at the end to verify the matching between the watermark value detected in the content and the value (used included in the license.

It should be noted that in the above-described embodiments, the use of signatures or Message Authentication Codes is given as preferred example but MAC could be used instead of signatures or signatures could be used instead of MAC without departing from the scope of the invention.

Some advantages of the invention are as follows:

- It is an effective solution to securely bind usage rules to clear-to-air content;

- It is an efficient countermeasure against professional attacks in systems using broadcast encryption.

Citations de brevets
Brevet cité Date de dépôt Date de publication Déposant Titre
WO2003039155A2 *28 oct. 20028 mai 2003Matsushita Electric Industrial Co., Ltd.Apparatus of a baseline dvb-cpcm
WO2003098931A1 *21 mai 200327 nov. 2003Koninklijke Philips Electronics N.V.Digital rights management method and system
US20030076955 *18 oct. 200124 avr. 2003Jukka AlveSystem and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
Citations hors brevets
Référence
1 *FIAT A ET AL INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH: "BROADCAST ENCRYPTION" ADVANCES IN CRYPTOLOGY (CRYPTO). SANTA BARBARA, AUG. 22 - 26, 1993, PROCEEDINGS OF THE ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE (CRYPTO), BERLIN, SPRINGER, DE, vol. CONF. 13, 22 August 1993 (1993-08-22), pages 480-491, XP000502372 ISBN: 3-540-57766-1
Référencé par
Brevet citant Date de dépôt Date de publication Déposant Titre
WO2008027774A1 *23 août 20076 mars 2008Nbc Universal, Inc.Content validation for digital network
WO2009124715A1 *7 avr. 200915 oct. 2009Thomson LicensingMethod for preventing laundering and repackaging of multimedia content in content distribution systems
WO2012037422A2 *15 sept. 201122 mars 2012Verance CorporationImprovements in watermark extraction efficiency
WO2012037422A3 *15 sept. 201114 juin 2012Verance CorporationImprovements in watermark extraction efficiency
CN103189873A *15 sept. 20113 juil. 2013凡瑞斯公司Improvements in watermark extraction efficiency
US78361791 sept. 200616 nov. 2010Nbc Universal, Inc.Content validation for digital network
US834034828 sept. 201125 déc. 2012Verance CorporationMethods and apparatus for thwarting watermark detection circumvention
US83465676 août 20121 janv. 2013Verance CorporationEfficient and secure forensic marking in compressed domain
US845108630 janv. 201228 mai 2013Verance CorporationRemote control signaling using audio watermarks
US851625117 déc. 200820 août 2013Koninklijke Philips N.V.Device and method for digital right management
US85334813 nov. 201110 sept. 2013Verance CorporationExtraction of embedded watermarks from a host content based on extrapolation techniques
US85380664 sept. 201217 sept. 2013Verance CorporationAsymmetric watermark embedding/extraction
US854930729 août 20111 oct. 2013Verance CorporationForensic marking using a common customization function
US86151043 nov. 201124 déc. 2013Verance CorporationWatermark extraction based on tentative watermarks
US868197817 déc. 201225 mars 2014Verance CorporationEfficient and secure forensic marking in compressed domain
US86820263 nov. 201125 mars 2014Verance CorporationEfficient extraction of embedded watermarks in the presence of host content distortions
US872630413 sept. 201213 mai 2014Verance CorporationTime varying evaluation of multimedia content
US874540323 nov. 20113 juin 2014Verance CorporationEnhanced content management based on watermark extraction records
US874540420 nov. 20123 juin 2014Verance CorporationPre-processed information embedding system
US87819677 juil. 200615 juil. 2014Verance CorporationWatermarking in an encrypted domain
US879178924 mai 201329 juil. 2014Verance CorporationRemote control signaling using audio watermarks
US880651710 mai 201012 août 2014Verance CorporationMedia monitoring, management and information system
US88116554 sept. 201219 août 2014Verance CorporationCircumvention of watermark analysis in a host content
US88389775 avr. 201116 sept. 2014Verance CorporationWatermark extraction and content screening in a networked environment
US88389785 avr. 201116 sept. 2014Verance CorporationContent access management using extracted watermark information
US886922213 sept. 201221 oct. 2014Verance CorporationSecond screen content
US89235483 nov. 201130 déc. 2014Verance CorporationExtraction of embedded watermarks from a host content using a plurality of tentative watermarks
US900948226 sept. 201314 avr. 2015Verance CorporationForensic marking using a common customization function
US91069648 févr. 201311 août 2015Verance CorporationEnhanced content distribution using advertisements
US91172702 juin 201425 août 2015Verance CorporationPre-processed information embedding system
US915300615 août 20146 oct. 2015Verance CorporationCircumvention of watermark analysis in a host content
US918995528 juil. 201417 nov. 2015Verance CorporationRemote control signaling using audio watermarks
US920833425 oct. 20138 déc. 2015Verance CorporationContent management using multiple abstraction layers
US92513228 juin 20152 févr. 2016Verance CorporationSignal continuity assessment using embedded watermarks
US925154923 juil. 20132 févr. 2016Verance CorporationWatermark extractor enhancements based on payload ranking
US92529577 avr. 20092 févr. 2016Thomson LicensingMethod for preventing laundering and repackaging of multimedia content in content distribution systems
US926279314 mars 201416 févr. 2016Verance CorporationTransactional video marking system
US926279414 mars 201416 févr. 2016Verance CorporationTransactional video marking system
US929889123 avr. 201429 mars 2016Verance CorporationEnhanced content management based on watermark extraction records
US932390213 déc. 201126 avr. 2016Verance CorporationConditional access using embedded watermarks
US948508920 juin 20131 nov. 2016Verance CorporationStego key management
US954775313 déc. 201117 janv. 2017Verance CorporationCoordinated watermarking
US95585261 févr. 201631 janv. 2017Verance CorporationSignal continuity assessment using embedded watermarks
US957160614 mars 201314 févr. 2017Verance CorporationSocial media viewing system
US959652112 mars 201514 mars 2017Verance CorporationInteractive content acquisition using embedded codes
US960289118 déc. 201521 mars 2017Verance CorporationService signaling recovery for multimedia content using embedded watermarks
US96071315 avr. 201128 mars 2017Verance CorporationSecure and efficient content screening in a networked environment
US963991119 août 20152 mai 2017Verance CorporationWatermark detection using a multiplicity of predicted patterns
US964828212 oct. 20119 mai 2017Verance CorporationMedia monitoring, management and information system
US968120326 avr. 201613 juin 2017Verance CorporationInteractive content acquisition using embedded codes
US970421126 janv. 201711 juil. 2017Verance CorporationSignal continuity assessment using embedded watermarks
US970623517 avr. 201411 juil. 2017Verance CorporationTime varying evaluation of multimedia content
US976954324 nov. 201519 sept. 2017Verance CorporationEnhanced metadata and content delivery using watermarks
US980543419 août 201531 oct. 2017Verance CorporationContent management based on dither-like watermark embedding
Classifications
Classification internationaleG06F1/00
Classification coopérativeG06F21/10
Classification européenneG06F21/10
Événements juridiques
DateCodeÉvénementDescription
18 mai 2006AKDesignated states
Kind code of ref document: A1
Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW
18 mai 2006ALDesignated countries for regional patents
Kind code of ref document: A1
Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG
6 déc. 2006121Ep: the epo has been informed by wipo that ep was designated in this application
4 janv. 2007DPE1Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
5 déc. 2007122Ep: pct app. not ent. europ. phase
Ref document number: 05801673
Country of ref document: EP
Kind code of ref document: A1