KR20160112578A - And image content using a multi-network mesh network real-time transmission / content protection apparatus and method - Google Patents
And image content using a multi-network mesh network real-time transmission / content protection apparatus and method Download PDFInfo
- Publication number
- KR20160112578A KR20160112578A KR1020150038564A KR20150038564A KR20160112578A KR 20160112578 A KR20160112578 A KR 20160112578A KR 1020150038564 A KR1020150038564 A KR 1020150038564A KR 20150038564 A KR20150038564 A KR 20150038564A KR 20160112578 A KR20160112578 A KR 20160112578A
- Authority
- KR
- South Korea
- Prior art keywords
- content
- network
- key
- contents
- transmission
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
- H04L41/0826—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network costs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/403—Arrangements for multi-party communication, e.g. for conferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
HLS, and DASH, it is possible to realize high-efficiency network transmission through multi-network configuration between nodes in a smooth stream type content transmission method in a unit of HTTP based file, and to realize a high- A video content networking system capable of supplying content; And a unit for encrypting contents using a separate encryption key for a unit content file such as an HLS segment or a DASH chunk and supplying a key for decryption, a key issuing method using a double security key, Even if the encryption key is leaked, a content protection device that can be used only by the device is implemented.
Description
The present invention relates to an apparatus and method for real-time transmission / content protection of video contents using multiple networks and a network, and more particularly, to an HLS (Dynamic Live Streaming) / DASH (Dynamic Adaptive Streaming over HTTP) A method for real-time transmission / content protection of video contents using multiple network and mesh network for transmitting contents with technology and divided transmission networking and grid network transmission technology and preventing content leakage by AES encryption technology and key management method will be.
As the spread of multimedia contents spreads, it becomes an important part for transmission of contents through a network. In the streaming type transmission, the file unit transmission method of the progressive download type such as HLS and DASH is spreading due to the simplicity of the structure and the ease and compatibility of the server configuration.
HLS is a method that divides streaming data into segment files of MPEG-2 Transport stream type, transmits through HTTP protocol, and transmits information of segment file of m3u8 type to player in the manner established by Apple USA. Compared to the existing RTSP (Real-Time Streaming Protocol) method, the player does not control the play and data transfer in the server that provides the content. Instead, the player obtains information about each segment and downloads it through HTTP It has the structural simplicity of being able to simply configure each client as long as it can support HTTP. DASH is a method jointly established by MPEG (Moving Picture Expert Group) and ISO (ISO / IEC 23009-1). It is an adaptive streaming method using HTTP like HLS. Supports two types of files: MP4 (ISO Base Media File Format) and MPEG-2 Transport Stream. A stream information file called an MPD (xml format) Provide information.
Although both methods are different from each other, they are commonly networked in Smooth streaming (streaming formatted data segment or chunk) method, and Adaptive streaming (quality of content according to QoS of network - amount of data per hour) Select content to dynamically change).
On the other hand, a conventional technique for digital cinema content processing is disclosed in
The prior art disclosed in
However, it is difficult to transmit movie contents or video data of UHD image quality in real time in the Internet environment, and it is disadvantageous in that it takes a lot of cost to operate a high capacity network line.
In many cases, high-quality video data such as movie contents or UHD-quality video has a capacity such that the amount of data per unit time can not be transmitted in real-time in a general Internet environment. For example, in the case of a UHD image, if a 30 Mbps image is to be served in real time, if the network speed of the client side is about 16 Mbps, it may be difficult to transmit in real time. In addition, in the case of distributing content in a centralized manner, a high-capacity network line is required to secure a server network, and it is costly to configure and operate a CDN (Contents Distribution Network).
In addition, HLS and DASH have the characteristic that original copy can be leaked in case of copyright protection of contents. In order to compensate for this, HLS applies encryption using AES, but if the encryption key is leaked, It becomes a situation that can not be done.
In the present invention, a technique for solving the problem of the transmission speed and the content protection related to the transmission of the above-mentioned video contents will be described.
In order to achieve the above object, the present invention provides a real-time video streaming system capable of real-time video production, and a client transmitting content, which can form multiple networks, A network management system that can configure a network and configure its transmission policy, a playback system that can play content and receive it, use HTTPS technology for content protection, and issue a split encryption key transmission, And a content protection system capable of performing a content protection function. In addition, multimedia data transmission between a plurality of nodes generated in a streaming system is characterized in that a divided network transmission scheme and a mesh network transmission scheme are adopted.
The method of transmitting, receiving, and reproducing in the reproduction system in the content creation includes: (a) acquiring information of the reproduction system and registering the information in the content protection system; (b) requesting the content protection system to receive the content rights to play the content in the content playback system and determining whether to acquire rights to the content rights; (c) compressing and encoding the image, issuing an encryption key for the content, and encrypting and distributing the content; (d) receiving the content; (e) decrypting the received content to generate a reproducible content.
The step (a) may include: (a1) receiving, by the playback system, an authorized certificate for the content protection system from an authorized certification authority; (a2) checking the validity of the public key certificate received in the reproducing system; (a3) collecting system information of the reproduction system; (a5) encrypting information of the reproduction system using the certificate; (a6) transmitting the encrypted data to the content protection system; (a7) extracting information of the encrypted reproduction system using the public certificate; (a9) acquiring approval of a system administrator for system registration; (a8) registering system information in a database and issuing an ID; (a9) transmitting the issued ID to the reproducing system.
Wherein (b) comprises: (b1) obtaining information of the reproduction system; (b2) generating an encryption key based on the system information; (b3) encrypting the system information using the generated encryption key; (b4) transmitting the encrypted information and the system ID; (b5) obtaining system information according to a playback system in the content protection system; (b6) generating a public key using system information according to the transmitted reproduction system; (b7) extracting system information from the received encrypted data using the generated encryption key; (b8) comparing extracted system information with system information obtained from a DB; (b9) determining authorization and denial of authority according to the result of the comparison; (b10) determining whether the rights acquisition and rejection transmitted from the content protection system are authorized; (b11) starting to receive the content according to whether the authority is acquired or to terminate the system.
(C) compressing and encoding an image, issuing an encryption key for the content, and encrypting and distributing the content, the method comprising the steps of: (c1) receiving a real-time uncompressed image generated by a device such as a camera; (c2) encoding and compressing the image; (c3) generating unit contents such as segments and chunks; (c4) requesting a content encryption key with the content protection system; (c5) generating an encryption key for the unit content; (c6) storing information of the unit contents and an encryption key; (c6) transmitting the encryption key to the playback system; (c7) receiving an encryption key in the streaming system; (c8) encrypting the content based on the received encryption key; (c9) distributing the content.
(D) receiving the content includes: (d1) classifying the network layer and setting a network policy for dividing and transmitting the content; (d2) transmitting from the first streaming system to the first lower node according to the set network policy; (d3) repeatedly retransmitting the content to the lower network node and the neighbor node through the established network policy after the first reception is completed; (d4) correcting / correcting the policy by applying the measured network quality through each step; (d5) dividing transmission / reception of a network through multiple networks between transmission nodes.
The step (e) of decrypting the received content to generate a reproducible content includes: (e1) acquiring information of the unit content; (e2) transmitting information of the received unit contents to the contents protection system; (e3) receiving information of the unit contents in the contents protection system; (e4) obtaining an encryption key based on information of the received unit contents; (e5) obtaining an encryption key of the reproduction system generated in (b2); (e6) duplicating the decryption key of the unit content through the encryption key of the playback system; (e7) transmitting the generated double encrypted data to the reproducing system; (e8) receiving encrypted data in a playback system; (e9) acquiring information of the reproduction system to obtain an encryption key of the reproduction system; (e10) extracting a decryption key of a unit content with an encryption key of the obtained reproduction system; (e11) restoring original content using the extracted content decryption key; (e12) reproducing the restored contents.
According to the present invention, in order to overcome the limitation of the network capacity of the streaming server that provides the original image for transmitting the centralized real-time streaming video contents, the present invention uses a high-cost system such as CDN On the contrary, it is to reduce the network cost by using a mesh network in which a peer to peer (P2P) scheme is introduced between each receiving node of a multi-distributed network. In addition, it is possible to use multiple networks between each node, thereby enabling a higher capacity content to be supplied per unit time.
Furthermore, even in distributing very high-capacity data such as digital cinema, it is possible to reduce transmission time and cost by using a network.
In addition, according to the present invention, it is possible to prevent leakage of real-time contents from a playback apparatus through a public certificate system and a dual security key system in an environment where it is difficult to fundamentally prevent the leakage of contents due to the structure of a file- There are advantages.
FIG. 1 is a network configuration diagram of a video content real-time transmission technique and a content protection apparatus using multiple networks and a network according to a preferred embodiment of the present invention; FIG.
FIG. 2 is a block diagram of a video content real-time transmission technique and a content protection apparatus using a multi-network and a mesh network according to a preferred embodiment of the present invention;
3 is a block diagram of an embodiment of the streaming system of FIG.
FIG. 4 is a block diagram of an embodiment of the network management system of FIG. 1;
FIG. 5 is a configuration diagram of an embodiment of the reproduction system of FIG. 1,
FIG. 6 is a block diagram of an embodiment of the content protection system of FIG. 1; FIG.
Figure 7 is an illustration of an embodiment of the inventive segmentation network and its effect.
8 is a block diagram of a mesh network embodiment of the present invention.
9 is a block diagram of an embodiment of the arm / decoder of the present invention
10 is a data structure diagram of an embodiment of a dual security key of the present invention,
Figure 11 is an operational flowchart of a system according to a preferred embodiment of the present invention,
FIG. 12 is a flowchart of the system registration process in FIG. 11,
FIG. 13 is a flowchart of a receiving authority checking process in FIG. 11,
FIG. 14 is a flowchart of the image production and distribution process in FIG. 11,
FIG. 15 is a flow chart of multiple network transmission in the image production and distribution process in FIG. 11,
FIG. 16 is a flow chart of a network transmission in the image production and distribution process in FIG. 11,
FIG. 17 is a flowchart of a process of reproducing contents in FIG. 11; FIG.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a video content real-time transmission technique and a content protection apparatus and method using a multi-network and a mesh network according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a system configuration diagram of a video content real-time transmission technique and a content protection apparatus using a multi-network and a mesh network according to a preferred embodiment of the present invention. FIG. Fig.
The video content real-time transmission technique and the content protection apparatus using the multiple networks and the mesh network according to the preferred embodiment of the present invention may be applied to a
The
As shown in FIG. 3, the
4, when the
The
5, the
The
As shown in FIG. 5, the
The
As shown in FIG. 7, in transmitting the contents in the system, a network may be configured and transmitted. Assuming that the total amount of QoS required to transmit data in real time is 5 when the transmission step is divided into two steps as shown in FIG. 7, the unit content data (HLS segement or DASH chunk) The
The encryption /
In this case, the duplicate security key D100 is more robust against attempting to extract an encryption key by extracting an encryption key through packet sniffing in the network when distributing a symmetric encryption key capable of decrypting contents through HTTP Provide content security. For example, HLS typically provides content protection through AES, ensuring content security with high speed and strong encryption capabilities. However, because of the nature of AES, it has the disadvantage that it can be decrypted easily when the encryption key and initialization vector are leaked.
Although a general HLS player downloads a content file and deletes the file after playing it by the smooth streaming method, the structure of the HLS is very simple and has a disadvantage that it is vulnerable to hacking imitating a client, packet interception, and the like Since the public key of the public certificate is a system that anyone can use, it is possible to use a system that imitates the client mentioned above, such as masquerade, replay, modification of message or denial of service Hacking techniques, and the like. In order to provide a strong security performance by supplementing the security key once more, the present invention can implement a situation in which a data structure, such as a dual security key, is introduced so that a content can not be reproduced even if a public key of the content is leaked. Also, it is preferable to use HTTPS (HTTP over Secured Socket Layer), which is basically a protocol for enhancing security of HTTP.
The duplicate security key D100 includes the content encryption symmetric key D110, as shown in FIG. The duplicate security key can make it impossible to extract the encryption key used for encrypting contents having different encryption keys for different systems even if the authorized certificate system is leaked by hacking or the like. The symmetric encryption key generation module for each system extracts system information and generates an encryption key from the unique information. At this time, in order to further enhance the security, it is possible to strengthen the security more aggressively by changing the encryption key periodically when encrypting each content, and sometimes changing the encryption generation algorithm through the unique information of the system-specific encryption key generation module. It is preferable that the reproducing
In addition, when the decrypted original contents are stored in the file, the file access right of the other process is excluded, and the dummy data is overwritten and deleted in the main part of the file before deleting the file, It is desirable to prevent leakage.
10 is a flowchart showing a transmission method and a reproduction method of the system according to the present invention, and S represents a step.
The video content real-time transmission technique and the content protection method using the multiple networks and the mesh network according to the present invention may include registering the system information in the
In operation S100, as shown in FIG. 12, a step S101 of receiving a public certificate for the contents protection system through a public certification authority in the reproduction system; Reviewing the validity of the received authorized certificate (S102); Collecting information of the reproduction system (S103); Encrypting information of the reproduction system using the certificate (S104); Transmitting the encrypted data to the contents protection system 300 (S105); Receiving encrypted data in the content protection system (S106); Acquiring the approval of the manager (S108); Registering system-specific information in the system information database and issuing an ID to the system (S109); Transmitting the generated ID (S110); And receiving the issued ID and storing the received ID in a playback system (S111).
In operation (S200), the
In operation S300, as shown in FIG. 14, the
As shown in FIG. 15, the step (S400) is a step of receiving contents through multiple networks, and is a step (S401) of starting contents reception in the
In step S500, as shown in FIG. 16, a step S501 of establishing a network network policy in the
As shown in FIG. 17, the step (S600) includes a step (S601) of requesting transmission of contents in a process of receiving and reproducing contents; Transmitting the content in the streaming system 100 (S602); Receiving contents (S603); Transmitting the information of the content and the system ID information and requesting the encryption key of the content (S604); Receiving content information and a system ID (S605); A step (S606) of generating a system-specific encryption key via an ID; A step of inquiring an encryption key of the content (S607); The system information of the
Although the present invention has been described in detail with reference to the above embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit of the present invention.
The present invention is applied to a technique for obtaining an efficient transmission rate while reducing the cost of a network when multimedia contents are transmitted using a network, and is applied to a technique for preventing the leakage of contents.
100: Streaming system
110: real time encoder
120: Amplifier
121: Authorized certificate interpretation module
122: Asymmetric key decryption module
123: Symmetric encryption key generation module by system
124: symmetric key encryption / decryption module
130: Segment Generator
113: Web server
300: Content Protection System
310: Receive rights management module for each system
400: Network management system
410: Network Policy Generator
420: Network Analyzer
500: Playback system
510: Streaming Client
520 decoder
530 Web server for playback system
Claims (5)
A network management system that configures a network capable of transmitting through a network in the form of a mesh network and establishes a network policy in which each receiving node can perform a role of a transmission point again for each layer without using data such as a CDN; And
In the network structure, the network policy is applied, the divided contents are received from a plurality of server nodes, and the contents are reassembled and reproduced in a form that can be integrated and displayed. In addition, And a playback system capable of distributing contents to a plurality of users via a network.
Wherein the encrypted content key is decrypted and decrypted into image content that can be extracted and reproduced by receiving and decoding the double secret key through the network and reproducing the encrypted key.
And real time transmission / content protection apparatus using the network and the network, wherein the encryption key is stored for each content in response to the request of the streaming system, and the playback system is registered and the reception rights thereof can be controlled.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150038564A KR20160112578A (en) | 2015-03-20 | 2015-03-20 | And image content using a multi-network mesh network real-time transmission / content protection apparatus and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150038564A KR20160112578A (en) | 2015-03-20 | 2015-03-20 | And image content using a multi-network mesh network real-time transmission / content protection apparatus and method |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160112578A true KR20160112578A (en) | 2016-09-28 |
Family
ID=57101506
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150038564A KR20160112578A (en) | 2015-03-20 | 2015-03-20 | And image content using a multi-network mesh network real-time transmission / content protection apparatus and method |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160112578A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200121019A (en) * | 2019-04-15 | 2020-10-23 | 주식회사 활엔터테인먼트 | Grid digital cinema content distribution system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110071748A (en) | 2009-12-21 | 2011-06-29 | 한국전자통신연구원 | Apparatus and method for processing a digital cinema contents |
-
2015
- 2015-03-20 KR KR1020150038564A patent/KR20160112578A/en unknown
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110071748A (en) | 2009-12-21 | 2011-06-29 | 한국전자통신연구원 | Apparatus and method for processing a digital cinema contents |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200121019A (en) * | 2019-04-15 | 2020-10-23 | 주식회사 활엔터테인먼트 | Grid digital cinema content distribution system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11822626B2 (en) | Secure web RTC real time communications service for audio and video streaming communications | |
US10057277B2 (en) | System and method for partial URL signing with applications to dynamic adaptive streaming | |
US10698985B2 (en) | Extending data confidentiality into a player application | |
EP3239877B1 (en) | Streamlined digital rights management | |
US10389689B2 (en) | Systems and methods for securely streaming media content | |
KR101617340B1 (en) | System and method for signaling segment encryption and key derivation for adaptive streaming | |
US9742736B2 (en) | Ethernet decoder device and method to access protected content | |
KR101312910B1 (en) | Protecting digital media of various content types | |
JP6384699B2 (en) | Token-based authentication and authorization information signaling and exchange for adaptive streaming | |
JP5021639B2 (en) | Protected content transport using streaming control and transport protocols | |
US20040199771A1 (en) | Method for tracing a security breach in highly distributed content | |
CN107707504B (en) | Streaming media playing method and system, server and client | |
CN108881205B (en) | HLS streaming media safe playing system and playing method | |
US10623409B2 (en) | Controlling access to IP streaming content | |
KR20080103599A (en) | Method, system, subscriber equipment and multi-media server for digital copylight protection | |
US20210377600A1 (en) | Systems and methods for data processing, storage, and retrieval from a server | |
US20150199498A1 (en) | Flexible and efficient signaling and carriage of authorization acquisition information for dynamic adaptive streaming | |
CN101980500B (en) | Digital signature-based point-to-point flow control method and system | |
KR20160112578A (en) | And image content using a multi-network mesh network real-time transmission / content protection apparatus and method | |
JP6104401B2 (en) | Asymmetric content distribution of media content | |
WO2011013196A1 (en) | Information processing device | |
CN115883883A (en) | Safe transmission method and system for broadcast and television live broadcast signals | |
Deen et al. | Broadcast encryption: paving the road to practical content protection systems | |
WO2008127092A2 (en) | Device and method for gaining conditional access to a data network |