KR20110061415A - Method and system for providing real-time contents service - Google Patents

Abstract

PURPOSE: A real time content service method and an apparatus for the same are provided to secure a safety for whole service section by regulating security intensity based on a single security mechanism. CONSTITUTION: A secure memory generator(114) creates security message which recognizes encryption information of a media content. The media content is extracted by layers through an SVC(Scalable Video Coding) content layer extracting unit(112). A bit stream transmitter(116) transmits the security message and a media content extracted by the layers into a bit stream type. An interconnector(400) changes the media content into a reusable content.

Description

METHOD AND SYSTEM FOR PROVIDING REAL-TIME CONTENTS SERVICE}

The present invention relates to a real-time content service, such as an IPTV (Internet Protocol Television) service, and in particular, provides a security service that is differentiated according to the service type, and provides safety (end-to-end) for the entire section for providing a real-time and reuse service. The present invention relates to a real-time content service method and apparatus suitable for providing a scalable security environment for real-time transmission and re-use of IPTV contents by adjusting security strength while ensuring security.

The present invention is derived from the research conducted as part of the IT growth engine technology development project of the Ministry of Knowledge Economy [2008-S-006-02, Development of open IPTV (IPTV2.0) technology in wired and wireless environments].

Conventional real-time broadcast service, CAS (Conditional Access System) technology, Digital Rights Management (DRM) technology for content reuse, etc. have been employed, and the technology related to the real-time broadcasting and the use of content exist independently of each other.

The CAS technology is a technology in which a subscriber who has received a scrambled (encrypted) signal from a transmitter of a digital broadcast can descramble (decode) and view a program.

In addition, DRM technology is a technology for technically protecting copyrighted digital content, and when the user wants to use the distributed copyrighted digital content, the DRM technology can be used only after obtaining a license to permit use. It is a technology that can be controlled.

Recently, as a user's demand for reusing such real-time broadcast content using various terminals increases, an interworking technology between CAS and DRM technologies has emerged. As shown in FIG. 7, the CAS and DRM interworking define a standard for a standard for an interface for safely delivering broadcast content from a CAS protection system to a DRM protection system.

However, this interworking technology deals with the definition of the interface between the two technologies and does not describe the specific security mechanism. In particular, in the process of converting CAS contents into DRM contents, it is necessary to change the protection method including encryption. In this process, since the protection system of CAS is deactivated (decrypted), it cannot be said that the security of all sections is guaranteed. .

Conventional content protection technologies, such as CAS and DRM, permit the presence or absence of usage rights through full encryption from a user's point of view. However, selective encryption (partial encryption) can be used as a means of artificially controlling the quality of service from the service provider's point of view according to the strength of encryption, and has the advantage of reducing the load due to encryption. As a related art, there is a selective encryption research that can be applied to H.264, which is widely used now, and Scalable Video Coding (SVC), which is recently increasing in interest.

However, by applying selective encryption to such video coding, there is no single security mechanism for real-time service of IPTV and reuse of serviced content.

IPTV service should be able to provide not only differentiated real-time broadcasting service but also services that can safely reuse broadcast contents. For this, the following four requirements must be satisfied from the security point of view.

First, from the service provider's point of view, selective encryption should be applied to provide differentiated security quality according to service.

Second, the reused content should not be less secure than real-time broadcast content. That is, the reused content can be used indiscriminately through various internet channels such as P2P, web hard, etc., and thus should be strengthened than the encryption strength applied to real time broadcasting. At this time, decryption of the encrypted content should not occur in the interworking process for real time broadcasting and reuse.

Third, the complex security configuration process required for differentiated real-time security service and content reuse service should be provided as a single security mechanism.

Fourth, end-to-end security should be maintained for the entire section where the service is provided.

In order to satisfy these security requirements, the present invention proposes a scalable security technology for real-time transmission and reuse of IPTV content using scalable video coding (SVC).

Scalable video coding is a hierarchical scalable video that enables one-source & multi-use to transmit a single content in the IPTV service area and receive services simultaneously from different terminals. One of the coding techniques.

In view of the above, the present invention firstly provides differential security quality by applying selective encryption for each layer in encoding of scalable video coding, and secondly, performs selective encryption without decryption in the interworking process for reuse. Third, by constructing such selective encryption information as a security message to provide a single security mechanism, to provide a real-time content service technology that can ensure the security of the entire section.

According to a real-time content service method for solving the problems of the present invention, the process of encoding the input media content, encrypting a specific parameter in a scalable video encoding process, extracting the encoded media content for each layer, Generating a security message to identify encryption information of the media content extracted for each layer, transmitting the media content in the form of a bitstream together with the generated security message, and reusing the transmitted media content And converting the content into content and decoding the converted reusable content for reuse in a reuse terminal.

Here, the process of encrypting the specific parameter may be a process of encrypting a parameter calculated during the scalable video encoding process.

The generating of the security message may include generating a security grade for each scalable video coding layer in a payload of a supplemental enhancement information (SEI) network adaptation layer (NAL) unit. can do.

The security level may be set by combining encryption information on a parameter basis and on a network adaptation layer (NAL) basis.

In addition, the decrypting process may be a process of decrypting using a parameter based encryption key and a NAL based encryption key.

The converting may include encrypting the media content based on the NAL, re-extracting the NAL-based encrypted content for each layer, and reusing the encrypted content re-extracted for each layer. And regenerating the security message to identify the encryption information for reuse in the terminal.

In addition, the NAL-based encryption may be a process of selectively encrypting a compressed file generated after the scalable video encoding process is finished.

The reproducing of the security message may include generating and recording a security level for each scalable video coding layer in the payload of the SEI NAL unit.

In addition, the security level may be set by combining encryption information on a parameter basis and on a NAL basis.

In addition, the media content may be media content for an IPTV service.

According to a real-time content service device for solving the problems of the present invention, an encoding unit for encoding the input media content, a scalable video coding content layer extraction unit for extracting the media content encoded by the encoding unit for each layer, A security message generator for generating a security message to identify encryption information of the media content extracted for each layer through a scalable video coding content layer extractor, and the security message generated through the security message generator, A bitstream transmitter for transmitting the media content extracted for each layer in the form of a bitstream, an interworking unit for converting the media content from the bitstream transmitter into reusable content, and the reusable content converted in the interworking unit Bless It may include a decoding unit to encrypt.

Here, the encoding unit may encrypt a specific parameter in the process of encoding the input media content.

In addition, the encryption of the specific parameter may be encryption of a parameter calculated during the scalable video encoding process.

In addition, the encryption of the specific parameter selectively encrypts at least one of an intra / inter residual sign, an intra prediction mode, and a motion vector difference value. It may be.

The security message may be generated by recording a security level for each scalable video coding layer in the payload of the SEI NAL unit.

In addition, the security level may be set by combining encryption information on a parameter basis and on a NAL basis.

The mutual interworking unit may include a NAL-based encryption unit for encrypting the media content based on a network adaptation layer (NAL) without decryption, a layer extracting unit for extracting content encrypted by the NAL-based encryption unit for each layer, and The layer extracting unit may include a secure message regenerating unit for regenerating a security message so that the encrypted information can be identified for reuse in the reuse terminal.

The NAL-based encryption unit selectively encrypts a compressed file generated after the SVC encoding process is completed, and includes Instantaneous Decoding Refresh (IDR), non-IDR, Sequence Parameter Set (SPS), and Picture Parameter Set (PPS). The payload of the NAL unit can be selectively encrypted.

In addition, the security message regenerator may record the security level for each SVC layer in the payload of the SEI NAL unit.

The decryption unit may be provided with a parameter-based decryption key and a NAL-based decryption key.

According to the present invention, in providing an IPTV service using scalable video coding, it is possible not only to provide a security service that is differentiated according to the service type, but also to adjust the security strength using a single security mechanism for the entire service interval. End-to-end security can be guaranteed.

Therefore, according to the present invention, in the secure and real-time transmission and reuse of IPTV content, unlike the existing invention by providing a security service that is differentiated in real time, by providing a secure interoperation function between terminals for reuse without a decryption process, IPTV Not only the service subscriber but also the service provider may provide various security functions.

The real-time content service technology to which the scalable security technology for real-time transmission and re-use of IPTV content according to the present invention is applied, encrypts specific parameters in the scalable video encoding (SVC) process, and encodes the encoded content. Extract by layer, generate security message to identify encrypted information of extracted encrypted content by layer, transmit extracted content in bitstream form, and interoperate after receiving the scalable video coding content It converts the content into reusable content through, and decoded to reuse the content converted by the second terminal in conjunction with each other.

Advantages and features of the present invention and methods for achieving them will be apparent with reference to the embodiments described below in detail with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but can be implemented in various different forms, and only the embodiments make the disclosure of the present invention complete, and the general knowledge in the art to which the present invention belongs. It is provided to fully inform the person having the scope of the invention, which is defined only by the scope of the claims. Like numbers refer to like elements throughout.

In describing the embodiments of the present invention, if it is determined that a detailed description of a known function or configuration may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted. In addition, terms to be described below are terms defined in consideration of functions in the embodiments of the present invention, which may vary according to intentions or customs of users and operators. Therefore, the definition should be based on the contents throughout this specification.

Combinations of each block of the accompanying block diagram and each step of the flowchart may be performed by computer program instructions. These computer program instructions may be mounted on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment such that instructions executed through the processor of the computer or other programmable data processing equipment may not be included in each block or flowchart of the block diagram. It will create means for performing the functions described in each step. These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block or flow chart step of the block diagram. Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

In addition, each block or step may represent a portion of a module, segment, or code that includes one or more executable instructions for executing a specified logical function (s). It should also be noted that in some alternative embodiments, the functions noted in the blocks or steps may occur out of order. For example, the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.

Hereinafter, with reference to the accompanying drawings will be described in detail an embodiment of the present invention.

1 is a conceptual diagram of an IPTV service using a scalable security system proposed in the present invention.

First, the scalable video coding based on scalable video coding (SVC) located in the service provider 100 encrypts the input content 1 and provides it to the streaming server 110.

The encrypted SVC bits-stream 2 is transferred from the streaming server 110 to the user terminal, such as the first client group 300, as shown in FIG. In FIG. 1, reference numerals 2 to 2 ″ denote encrypted SVC bitstreams and scalable transformed SVC bitstreams.

In this process, when the real-time broadcasting service is first provided and the content is to be reused again, it can be used after being safely converted into reusable content in the interworking unit 400. In FIG. 1, reference numerals 3 to 3 ″ denote additionally encrypted SVC bitstreams, and reference numeral 500 denotes a second client group, for example, a content reuse client group.

In Figure 1, while maintaining the encryption applied to the real-time service, the additional encryption is applied in the reuse service shows that the security is further enhanced.

2 is a schematic block diagram of a real-time content service device according to the present embodiment, the service providing unit 100, the first client group 300, the interworking unit 400, the second client group 500 It may include.

Here, the service provider 100 may include an encoder 102, an SVC content layer extractor 112, a security message generator 114, and a bitstream transmitter 116.

First, the encoding unit 102 serves to encode the input media content. In detail, the encoding unit 102 may encrypt a specific parameter in the process of encoding the input media content. The encryption of this particular parameter is to encrypt the parameter calculated during the SVC encoding process, for example Intra / Inter Residue Sign, Intra Prediction Mode, and Motion Vector Difference (Motion). Vector Difference Value) can be selectively encrypted.

The SVC content layer extractor 112 may serve to extract the media content encoded by the encoder 102 for each layer.

The security message generator 114 generates a security message to identify the encryption information for use in the first client group 300, which will be described later, by using the SVC content layer extractor 112. Can play a role. In this case, the security message is generated by recording a security level for each SVC layer in a payload (part of broadcast data) of a Supplemental Enhancement Information (SEI) Network Adaptation Layer (NAL) unit. do. Here, the security level may be set by combining encryption information based on a parameter and NAL.

The bitstream transmitter 116 may transmit the media content extracted for each layer described above to the first client group 300 in the form of a bitstream together with the security message generated through the security message generator 114. have.

On the other hand, the first client group 300 is a means for receiving media content from the bitstream transmitter 116 of the service provider 100, for example, the first client 301 in the first client group 300 is such a media. Receive content and watch live broadcast. When the first client 301 that has received the real-time broadcast content wants to watch the content, the decoding and decoding process may be performed. If you want to reuse additionally, it is necessary to transfer the encrypted content to the interworking unit 400 to convert.

The interworking unit 400 may include a NAL-based encryption unit 402, an SVC content layer extractor 404, and a security message generator 406.

In the interworking unit 400, the NAL-based encryption unit 402 may additionally perform NAL-based encryption in the encrypted state (without a decryption process) when the encrypted content is received. In this case, NAL-based encryption selectively encrypts a compressed file generated after the SVC encoding process is completed. For example, Instantaneous Decoding Refresh (IDR), non-IDR, Sequence Parameter Set (SPS), and PPS (Picture). Parameter Set) characterized in that the payload of the NAL unit is selectively encrypted.

The SVC content layer extractor 404 may serve to extract additional encrypted media content for each layer through the NAL-based encryption unit 402.

The security message generator 406 generates a security message so that the encrypted information can be identified in order to reuse the media content extracted for each layer through the SVC content layer extractor 404 in the second client group 500. can do. In this case, the security message may be a message including information encrypted based on a parameter, and the generation of the security message is characterized by recording the security level for each SVC layer in the payload of the SEI NAL unit. Like the security message generating unit 114 of the providing unit 100, it is characterized by being set by combining the encryption information on the basis of parameters and NAL.

On the other hand, the second client group 500 may include a second client 502 and a decryption unit 504 as a means for reusing encrypted media content through the interworking unit 400. The decryption unit 504 located in the second client 502 that reuses the content needs both the NAL-based decryption key as well as the parameter-based decryption key.

3A to 3D show the structure of the parameter based encryptor, and FIG. 3A shows the overall parameter encryption function included in the encoding structure. In order, FIG. 3B shows the encryption of the code of the intra / inter residual signal, FIG. 3C shows the encryption for the intra prediction mode, and FIG. 3D shows the encryption of the difference value of the motion vector. 3B, 3C, and 3D generate a random number and encrypt the data using an XOR operation. For convenience of key management, a random number may be generated using the same seed in three parts.

4A-4C illustrate the structure of a NAL based encryptor.

4A illustrates a process of encrypting NAL headers of encoded content according to NAL data types for each layer. The structure of the NAL header is the same as that of FIG. 4B. Among the 5 bit NAL unit types, as shown in FIG. 4C, non-Instantaneous Decoding Refresh (IDR) corresponding to 1, 5, 7, and 8, The payloads of IDR, Sequence Parameter Set (SPS) and Picture Parameter Set (PPS) NAL units are selectively encrypted.

5A and 5B illustrate a structure of a security message, and define a security message using the sixth Supplemental Enhancement Information (SEI) NAL unit of FIG. 4C. 5A and 5B, various security levels can be set within 8 bits for up to 64 layers (S × T × Q = 4 × 4 × 4 = 64). Therefore, up to 64 layers can be configured using a maximum of 1281 bits (service type 1 bit + 64 x 20 bits). Therefore, when constructing the bitstream of the content, the SEI NAL unit is located at the forefront to insert and use a security message.

6A to 6C are examples of applying the scalable security system proposed in the present embodiment, and show a configuration of a security message when reusing real-time transmitted content. The security message of FIGS. 6A to 6C is inserted into content to be reused by User 2, and two security levels are simultaneously applied to the base layer of the SVC.

7 is a conventional technology for an interworking interface defined for interworking between a CAS and a DRM technology. In other words, a change is required between different security mechanisms in the interworking process, and decryption is required for this. In addition, there is no function to adjust the security strength in a single security mechanism as in this embodiment.

As described above, in the present embodiment, differential encryption quality can be provided by applying selective encryption for each layer in encoding of scalable video coding, and additional selective encryption can be performed without decryption in the interworking process for reuse. In addition, this optional encryption information is composed of security messages and provided as a single security mechanism, so that security can be guaranteed for the entire section.

1 is a conceptual diagram of a scalable security service applied to an embodiment of the present invention;

2 is a block diagram of a scalable security system for a real-time content service according to the present embodiment;

3A to 3D are diagrams illustrating a structure of a parameter based encryptor;

4a to 4c are diagrams illustrating the structure of a NAL-based encryptor,

5A and 5B illustrate the structure of a secure message;

6A to 6C are diagrams showing an application example of this embodiment;

7 is a conceptual diagram of a conventional real-time content service device.

Claims (20)

Encoding input media content, encrypting a specific parameter in a scalable video encoding process, Extracting the media content to be encoded for each layer; Generating a security message to identify encryption information of the media content extracted for each layer; Transmitting the media content in the form of a bitstream together with the generated security message; Converting the transmitted media content into reusable content; Decrypting the converted reusable content for reuse in a reuse terminal; Real time content service method. The method of claim 1, The process of encrypting the specific parameter is a process of encrypting a parameter calculated during the scalable video encoding process. Real time content service method. The method of claim 1, The process of generating the security message, Including generating a security level for each scalable video coding layer in a payload of a Supplemental Enhancement Information (SEI) Network Adaptation Layer (NAL) unit Real time content service method. The method of claim 3, wherein The security level is set by combining encryption information on a parameter basis and on a network adaptation layer (NAL) basis. Real time content service method. The method of claim 1, The decoding process, The process of decrypting using a parameter based encryption key and a NAL based encryption key Real time content service method. The method of claim 4, wherein The conversion process, Encrypting the media content based on the NAL; Re-extracting the encrypted content based on the NAL for each layer; Regenerating a security message so that the encrypted information can be identified for reuse in the reuse terminal by re-extracting the encrypted content for each layer. Real time content service method. The method of claim 6, The encryption process based on the NAL, The process of selectively encrypting compressed files created after the scalable video encoding process Real time content service method. The method of claim 6, Regenerating the security message, And generating a security grade for each scalable video coding layer in the payload of the SEI NAL unit. Real time content service method. The method of claim 8, The security level is set by combining encryption information on a parameter basis and on a NAL basis. Real time content service method. The method according to any one of claims 1 to 9, The media content is media content for an IPTV service. Real time content service method. An encoding unit for encoding the input media content, A scalable video coding content layer extracting unit extracting media content encoded through the encoding unit for each layer; A security message generator for generating a security message to identify encryption information of the media content extracted for each layer through the scalable video coding content layer extractor; A bitstream transmitter for transmitting the media content extracted for each layer in the form of a bitstream together with the security message generated by the security message generator; An interworking unit converting the media content from the bitstream transmitter into reusable content; And a decoder configured to decode the reusable content converted by the mutual interworking unit. Real time content service device. The method of claim 11, The encoding unit encrypts a specific parameter in the process of encoding the input media content. Real time content service device. 13. The method of claim 12, The encryption of the specific parameter is the encryption of the parameter calculated during the scalable video encoding process. Real time content service device. The method according to claim 12 or 13, The encryption of the specific parameter selectively encrypts at least one of an intra / inter residual sign, an intra prediction mode, and a motion vector difference value. Real time content service device. The method of claim 11, The security message is generated by recording a security level for each scalable video coding layer in the payload of the SEI NAL unit. Real time content service device. The method of claim 15, The security level is set by combining encryption information on a parameter basis and on a NAL basis. Real time content service device. The method of claim 11, The mutual interworking unit, A NAL-based encryption unit for encrypting the media content based on a network adaptation layer (NAL) without a decryption process; A layer extraction unit for extracting content encrypted by the NAL-based encryption unit for each layer; It includes a secure message regenerator for regenerating a security message to identify the encrypted information to reuse the encrypted content extracted for each layer through the layer extraction unit in the reuse terminal; Real time content service device. The method of claim 17, The NAL-based encryption unit selectively encrypts a compressed file generated after the SVC encoding process is finished, and includes Instantaneous Decoding Refresh (IDR), non-IDR, Sequence Parameter Set (SPS), and Picture Parameter Set (PPS) NAL unit. To selectively encrypt the payload of Real time content service device. The method of claim 17, The security message regenerator is configured to record the security level for each SVC layer in the payload of the SEI NAL unit. Real time content service device. The method of claim 11, The decryption unit includes a parameter-based decryption key and a NAL-based decryption key Real time content service device.

Images