Methods and system for authorizing record replication
The invention relates to a method of obtaining authorization for a media carrier replication process, to a method of authorizing a media carrier replication process, to a replication system and to a verifying system.
One of the most common ways to distribute content such as music, songs, movies, television programs, pictures and the likes, is to produce a number of physical media carriers like CDs or DNDs that can be sold in stores. The process of producing media carriers is called replication. Typically, a replication plant receives a master from a content producer such as a record label or television studio, together with an order for a certain number of copies. Various techniques are available to create these copies, such as making pressed discs, also known as replicates, from the master (replication) or writing the copies to a blank CD or DND disc (duplication). The replication plant is responsible for verifying the copyright status of the tracks (i.e., the individual songs, movies, video clips and so on) on the master. Today this is done based on paper information supplied together with the master, containing amongst other things metadata like artist, title and so on. This makes the present system vulnerable against attacks in which unauthorized copies of the master are supplied to a replication plant together with falsified information on copyright status. The replication plant is then duped into producing unauthorized media carriers, which could lead to copyright infringement lawsuits.
To improve this situation, at the time of writing of this document plans are underway to implement on-line connections between content producers and replication plants. This would allow master recordings to be distributed in a secure fashion, e.g. by encrypting the tracks before on-line transmission. However, this does not solve the problem that falsified (copyright) information can be supplied to the replication plant. If a pirate were to supply an unauthorized master recording together with information identifying himself as the copyright holder, the replication plant still has no way of verifying the authenticity of that information.
It is an object of the invention to provide a method of obtaining authorization for a media carrier replication process, which allows the detection of falsified information. This object is achieved according to the invention in a method comprising receiving a master recording comprising a number of tracks, computing respective fingerprints for each of said number of tracks, submitting the computed finge rints to a verifying server, and authorizing the replication process in dependence on a response received from the verifying server. A fingerprint of a multimedia object is a representation of the most relevant perceptual features of the object in question. Such fingeφrints are sometimes also known as "(robust) hashes". The fingeφrints of a large number of multimedia objects along with their associated respective metadata, such as the title, artist, genre and so on, are stored in a database. The metadata of a multimedia object is retrieved by computing its fingeφrint and performing a lookup or query in the database using the computed fingeφrint as a lookup key or query parameter. The lookup then returns the metadata associated with the fingeφrint.
An example of a method of computing such a fingeφrint is described in International patent application WO 02/065782 (attorney docket PHNL010110), as well as in Jaap Haitsma, Ton Kalker and Job Oostveen, "Robust Audio Hashing For Content Identification", International Workshop on Content-Based Multimedia Indexing, Brescia, September 2001.
Another example method is disclosed in WO 02/37316. According to the present invention, fingeφrinting is used to identify the tracks on the master recording. Based on the identifying information, a determination can be made of who the copyright holder is for these tracks, and/or whether the replication process is authorized. The fingeφrints are computed inside the replication plant and then transmitted to the verifying server. The verifying server identifies the tracks using the fingeφrints, and checks whether authorization has been granted by the content owner(s) for replication. If so, it issues a positive response and the replication plant can initiate the process. Using the above method the process of obtaining authorization can be completely automated. Further, the accuracy of the authorization process is increased, as it is no longer necessary to manually check the information. The verifying server is trusted to supply accurate information, and the chance of errors in the process is thereby reduced.
Security is increased too, as the authorization no longer relies on possibly falsified information regarding the tracks and/or the source of the master recording.
In an embodiment the response comprises an authoritative track list. This embodiment has the advantage that the replication plant now not only can verify that replication is authorized, but also now has an accurate set of metadata for the tracks. It can then e.g. add this metadata to the media carriers it replicates, or correct any errors in a preliminary track list it received together with the master recording.
In a further embodiment the method further comprises verifying a digital signature associated with the response. This embodiment has the advantage that the response can now be verified as authentic if the digital signature checks out. If the replication plant proceeds with replication based on a positive response with a valid digital signature, it can later easily argue that the copies were made in good faith. This makes it easier to combat copyright infringement accusations.
In a further embodiment the master recording is in an electronic format. Preferably this format is a secure electronic format. This has the advantage that no physical masters are necessary, and that the tracks on the master do not have to be converted to an electronic format for the prnpose of computing the fingeφrints.
It is an object of the invention to provide a method of authorizing a media carrier replication process, which allows the detection of falsified information. This object is achieved according to the invention in a method comprising receiving a number of fingeφrints from a replication system, matching each of said fingeφrints against entries in a database to obtain respective identifiers, comparing the obtained identifiers against authoritative track lists, and transmitting a positive response to the replication system in dependence on the comparison. This method, when executed by a party independent from the operator of the replication system, allows for independent authorization of the replication process. The database is used to identify the tracks based on the fingeφrints submitted under replication system, and content producers supply authoritative track lists to indicate which master recordings may be replicated. Having identified the tracks, it suffices to check the identified tracks against the authoritative lists to determine whether authorization should be given.
In an embodiment the response comprises an authoritative track list matching the obtained identifiers. Using this authoritative track list, the replication system can determine the accuracy of the track list it received together with the master recording.
In a further embodiment the method further comprises generating a digital signature for the response and transmitting the digital signature to the replication system. The digital signature allows the replication system to verify the authenticity of the response.
It is a further object of the invention to provide a replication system arranged for a media carrier replication process for which authorization must be obtained, comprising reception means for receiving a master recording comprising a number of tracks, fingeφrinting means for computing respective fingeφrints for each of said number of tracks, communication means submitting the computed fingeφrints to a verifying server, and for authorizing the replication process in dependence on a response received from the verifying server.
It is a further object of the invention to provide a verifying server arranged for authorizing a media carrier replication process, comprising input means for receiving a number of fingeφrints from a replication system, matching means for matching each of said fingeφrints against entries in a database to obtain respective identifiers, and response means for comparing the obtained identifiers against authoritative track lists, and for transmitting a positive response to the replication system in dependence on the comparison.
These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments shown in the drawing, in which:
Fig. 1 schematically illustrates a content replication system; Fig. 2 schematically shows a verifying server in more detail.
Throughout the figures, same reference numerals indicate similar or corresponding features. Some of the features indicated in the drawings are typically implemented in software, and as such represent software entities, such as software modules or objects.
Fig. 1 schematically illustrates a content replication system 100 comprising a content producer 101, a replication plant 110, and a verifying server 120. The content producer 101 collects a number of multimedia objects, such as music or other forms of audio recordings, movies, television programs and so on. These objects could be made by the content producer 101 itself, or be bought or licensed from another content producer. The collected objects are stored on a master recording 102 in the form of a number of tracks.
While the master recording 102 in this embodiment is a physical media carrier, it could equally well be an electronic recording, for instance in the form of a number of digital files each representing one or more tracks. Preferably the digital files represent the tracks in a secure format, e.g. by using encryption. The content producer 101 supplies the master recording 102 to the replication plant 110 together with an order to replicate (produce) a number of copies 112. These copies 112 can then be brought to the market, for example by distributing them to stores, or by offering them for sale in an e-commerce system. The copies 112 could also be distributed to radio stations or to other destinations, as is well known in the art. It is assumed that the tracks on the master recording 102 are protected by copyright. Since ordinarily the making of copies 112 from master recording 102 is one of tlie exclusive rights of the copyright holder, the replication plant 110 needs permission before it can start the replication process. This permission should include an identification of the tracks, so that later no misunderstandings can arise concerning which tracks were allowed to be copied.
In the replication plant 110, the tracks on the master recording 102 are received by reception module 111 and from there fed to fingeφrinting module 113. The fingeφrinting module 113 then generates a so-called robust fingeφrint for the received tracks. There are several techniques that can be used to compute such a robust fingeφrint. International patent application WO02/065782 (attorney docket PHNLOIOI 10) describes a method that generates robust fingeφrints for multimedia objects such as, for example, audio clips. The audio clip is divided in successive (preferably overlapping) time intervals. For each time interval, the frequency spectrum is divided in bands. A robust property of each band (e.g. energy) is computed and represented by a respective fingeφrint bit. A multimedia object is thus represented by a fingeφrint comprising a concatenation of binary values, one for each time interval. The fmgeφrint does not need to be computed over the whole multimedia object, but can be computed when a portion of a certain length, typically about three seconds, has been received. There can thus be plural fingeφrints for one multimedia object, depending on which portion is used to compute the fingeφrint over. For reasons of clarity, the term "the fingeφrint" will be used even in cases when multiple fmgeφrints for one multimedia object can exist.
Another method for computing a robust fingeφrint is described in WO02/37316, although of course any method for computing a robust fingeφrint can be used.
For another option, see WO01/62004 or US 5,918,223. The fingeφrinting module 202 then supplies the computed fingeφrint to the DBMS backend module 203.
The fingeφrinting module 113 then feeds the computed fingeφrints to a communication module 114. This module 114 establishes a connection 115 with the verifying server 120, e.g. over the Internet or using a dial-up telephone connection.
Establishing the connection may involve authentication procedures, preferably mutual. This way both parties in the communication can be relatively sure that they are communicating with the correct other party.
Using the established connection 115, the communication module 114 submits the fingeφrints to the verifying server 120. The verifying server 120 then performs a database lookup in database 121, which contains a number of previously computed fingeφrints and associated identifiers, to obtain respective identifiers associated with the respective received fingeφrints. The operations by the verifying server 120 to do so are explained with reference to Fig. 2 below. Based on the obtained identifiers, the verifying server 120 determines whether permission to replicate (or duplicate, depending on the process used) should be granted. This permission is then transmitted back as a positive response to the communication module 114 in the replicating plant 110. If no permission should be granted, a negative response is transmitted instead. Upon receiving a response 116 from the verifying server 120, the communication module 114 determines whether the permission is positive or negative, and if it is positive signals that the replication process can be started. The signal could be as simple as displaying or otherwise rendering a confirmation to an operator (giving "the green light"), but in an automated replication plant the signal could be sent electronically to the replicating equipment, causing that equipment to start automatically.
Preferably the response 116 includes a digital signature. The communication module 114 is then equipped with a digital certificate for the verifying server 120. Using this certificate, the communication module 114 can verify whether the digital signature is authentic and whether the response has been tampered with. Verifying digital signatures using digital certificates is well known in the field of cryptography. If the response has been tampered with, the communication module 114 should alert an operator, as this might be an indication of a possible fraud or an error in the communication channel between verifying server 120 and replication plant 110.
Fig. 2 schematically shows the verifying server 120 in more detail. The server 120 here comprises an input module 201, an optional fingeφrinting module 202, a Database Management System (DBMS) backend module 203, and a response module 204.
The input module 201 is activated when the communication module 114 contacts the server 120. The input module 201 receives a number of fingeφrints from the communication module 114 and feeds them to the DBMS backend module 203.
In an alternative embodiment, the input module 201 receives a plurality of audio clips through the connection established with the communication module 114 instead of a number of fingeφrints. These audio clips are then fed to the fingeφrinting module 202. The fingeφrinting module 202 computes a fingeφrint from the received audio clip. In this alternative embodiment, it is no longer necessary to have the fingeφrinting module 113 in the replication plant 110. It should be replaced with a module that can extract audio clips of sufficient quality to allow the fingeφrinting module 202 to compute the fingeφrint after receiving the clips over the connection between communication module 114 and input module 201.
The DBMS backend module 203 performs a query on the database 211 to retrieve a set of metadata associated with the received fingeφrints from the database 211. As shown in Fig. 2, the database 121 comprises fingeφrints FP1, FP2, FP3, FP4 and FP5 and respective associated sets of metadata MDS1, MDS2, MDS3, MDS4 and MDS5. The above- mentioned patent application WO02/065782 describes various matching strategies for matching fingeφrints computed for an audio clip with fingeφrints stored in a database. One disclosed method of matching a fingeφrint representing an unknown information signal with a plurality of fingeφrints of identified information signals stored in a database to identify the unknown signal uses reliability information of the extracted fingeφrint bits. The fingeφrint bits are determined by computing features of an information signal and thresholding said features to obtain the fingeφrint bits. If a feature has a value very close to the threshold, a small change in the signal may lead to a fingeφrint bit with opposite value. The absolute value of the difference between feature value and threshold is used to mark each fingeφrint bit as reliable or unreliable. The reliabilities are subsequently used to improve the actual matching procedure.
The database 121 can be organized in various ways to optimize query time and/or data organization. The output of the fingeφrinting module 113 (or fingeφrinting module 202) should be taken into account when designing the tables in the database 121. In
the embodiment shown in Fig. 2, the database 121 comprises a single table with entries (records) comprising respective fingeφrints and sets of metadata.
Another way to realize the database 121 is to set up several tables. A first table comprises a plurality of unique identifiers (primary keys) each associated with respective sets of metadata. Such tables can be obtained from various music identification sources. The combination of artist, title and year of release could be combined to form a unique identifier, although this is not guaranteed to be unique, so preferably a really globally unique value is used.
A second table is then set up with entries comprising for each multimedia object the fingeφrints and the unique identifiers from the first table. This way, multiple fingeφrints can be associated with one set of metadata without having to duplicate the metadata. If multiple fingeφrints are possible for one multimedia object, all these fingeφrints are stored in the second table, all associated with the one unique identifier for that multimedia object. The DBMS backend module 203 then matches the received fingeφrints against the fingeφrints in the second table, obtains an identifier and matches the identifier against the first table to obtain the metadata. If the database 211 is an SQL database, the two tables could be joined on the identifier.
The DBMS backend module 203 feeds the results of the query to the response module 204, which determines whether to give a positive or negative response to the communication module 114 based on the query results (i.e. the obtained identifiers).
When the content producer 101 creates the master recording 102, it also creates an authoritative track list 103 for the tracks on the master recording 102. The content producer 101 transmits this authoritative track list 103 to the verifying server 120, where it is received and made accessible to the response module 204. Additionally, the content producer 101 should supply fingeφrints and identifiers for the tracks on the master recording 102, which are then added to the database 121. This way the fingeφrints computed by the replicating plant 110 can be found in the database 121.
The response module 204 then attempts to match the results of the query with the authoritative track list 103. If a match is found, then the response module 204 concludes that the replicating plant 110 is authorized to perform the replication process. A positive response should then be given to the replicating plant 110.
If no matching authoritative track list could be found, then the response module 204 concludes that the master recording for which fingeφrints were supplied is not a
legitimate master recording, and so a negative response should be given to the replicating plant 110.
If a positive response has been given, the response module 204 could cause the matching authoritative track list to be deleted. This way, an illegal copy of the master recording 102 cannot be replicated again later, as a subsequent attempt to obtain authorization will fail due to a lacking matching authoritative track list. Alternatively, response module 204 could keep track of the number of times a match was found with a particular authoritative track list. The content provider 101 can then use this information to check on the replicating plant 110. The response 116 given by the verifying server 120 may include the authoritative track list 103. This way the replicating plant 110 obtains accurate metadata for the tracks together with authorization to replicate. The metadata could then be included on the copies 112.
Having determined the appropriate response, the response module 204 transmits the response to the communication module 114, so that the correct action can be taken in the replication plant 110, as set out above with reference to Fig. 1. Preferably the transmitted response includes a digital signature, allowing the communication module 114 to verify its authenticity.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements.
The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.