Streaming of Digital Content Over the Internet
Filed of the Invention
The present invention relates to the streaming of digital content over the Internet and refers particularly, though not exclusively to the streaming of digital content over the Internet with a security protocol.
Background to the Invention
Streaming digital content over the Internet is not a practice supported by, for example, most movie studios as it places the motion picture content (or "digital asset") at risk of being subject to piracy. In this case, piracy actions may include theft of content, substitution of content to the paying customer, or other interference to the service for which the customer has paid.
However, the Internet also presents an excellent marketing and distribution opportunity for studios to market content. But this is dependent on the additional risks being introduced by the Internet being reduced.
In many countries there is no alternative to IP networks for digital content distribution to the mass market. Moreover, almost all network capital investment by telecommunications carriers in these countries is directed towards expanding the growth and penetration of IP networks.
Today, intranet based video streaming is approved by most movie studios. The intranet is normally a local telecommunication network such as, for example, a cable network. This type of operation places the digital assets outside the Internet. It has the advantage of permitting motion picture product to be commercially distributed to the mass market. However it has certain disadvantages. The principal disadvantage is that it requires the participation of the local telecommunications network operator in the business. Without prejudice to the many advantages of such an arrangement, local intranet partnering does lead to some disadvantages. In some cases, these can include: (a) need for revenue-share participation;
(b) non-optimised capital costs;
(c) physical and supervisory service and security issues;
(d) non-access to the entire national market; and
(e) need to dampen the content marketing strategy so that it fits within the general product strategy of the particular carrier.
The market opportunities would be far greater if the problems with open Internet streaming could be alleviated to the satisfaction of the owners of digital content - generally movie studios.
The problems with open Internet streaming are: 1. risk of anonymous users and users from outside of the territory having the ability to access encrypted digital content. Although content is theoretically protected by encryption, if there were a general failure of the encryption systems (due to separate hacking activity or a general weakness being exploited) such users would have open access to all digital content - or at least much easier access;
2. risk of content being streamed to a user outside of the territory. The intranet arrangement provides an assurance that only users within a known territory can access the content — by virtue of physical connection. If digital assets were able to be streamed to any customer on the Internet, it would rely upon the customer configuration data (e.g. address) in the system to determine that the customer requesting the content is known, and within the territory. If this data is wrong (e.g. if the customer misleads the carrier in their registration process) the content may be streamed to an address outside of the rights licensed by the studio, and also in likely contravention of national censorship laws; and
3. risk of a hostile third party disrupting the content supply service. This is a risk of any Internet based service. A hostile third party may attempt to disrupt or deny service to paying customers, use the server to spread viruses and worms, and other illegal and antisocial behaviour. This detracts from the commerciality of the content supply service and may damage the brand of the studios, and content distributors. Such actions may also include attempts to commit piracy, to infect client computers by use of the server, and to steal unencrypted digital content.
Video on demand is of significant commercial value to movie studios because of its window of exhibition. Hence, digital piracy of this content represents a significant loss. In turn, people engaged in content piracy will expend greater resources and efforts towards obtaining video on demand content.
Summary of the Invention
In accordance with a first aspect there is provided a system for streaming digital content over the Internet. The system comprises an application server for communicating with a machine of a customer over the Internet; a management server for communicating with the application server; and a streaming server for communicating with the application server and the machine of the customer. The streaming server is also for streaming the digital content to the machine of the customer over the Internet.
The management server is preferable accessable only through the application server.
In another aspect there is provided a streaming server for use in streaming digital content over the Internet, the streaming server comprising a streaming server module, a static firewall, and a dynamic firewall.
The dynamic firewall may comprise at least one application programming interface for effecting control.
In a further aspect there is provided a method for steaming digital content over the Internet. The method comprises: upon an application server receiving a request for digital content from a customer's machine, the application server generates preassignment information and sends the preassignment information to a streaming server. The streaming server checks the preassignment information and, if no incompatibilities, issues a player release to be sent to the customer's machine. Upon receipt of the player release, the customer's machine requests the streaming server to release the digital content and also requests a licence from the application server. The application server receives the licence from a management server and sends it to the customer's machine. The customer's machine sends the licence to the streaming server and in consequence, receives the digital content stream.
For this and the first aspect, the application server may be a video on demand server; and the management server may be a digital rights management server.
The streaming server may comprise at least one of : (a) a streaming server module; (b) a static firewall module; and (c) a dynamic firewall module.
For all aspects, the dynamic firewall module may permits access to the streaming server of valid requests for streaming, the sending of the video stream, and may block all other transactions. The streaming server module may further comprise a streaming gate module. The streaming gate module may manage receiving and sending data to the application server. The data may comprise one or more of; (a) preassignment information; (b) acknowledgement information; and (c) stop stream instructions.
The preassignment information may comprise at least one of: (a) details of the digital content; (b) an Internet Protocol address of the customer's machine; (c) time; and (c) an identification code.
The acknowledgement information may comprise actions taken by the dynamic firewall module, and the stop stream instruction may comprise details of a stream to be stopped.
The streaming server may further comprise a digital verification and protection module, a server operating system, and a streaming server application.
For the further aspect, in step (b), the player release may be sent to the application server that, in turn, sends it to the customer's machine.
In step (c), the streaming server may send a stream release to the customer's machine, the customer's machine requesting the licence upon receipt of the stream release.
In step (d), the application server may send the request for licence to the management server. The management server may check for any incompatibilities and, if none, issue the licence to the application server. The application server may send the licence to the customer's machine.
In step (e), the streaming server may check for any incompatibilities and, if none, send the digital content stream.
The digital content stream may be encrypted. The licence may include a one-use, specific decryption key.
There is also provided a computer usable medium comprising a computer program code that is configured to cause at least one processor to execute one or more functions to enable the method described above to be performed.
Brief Description of the Drawings
In order that the invention may be fully understood and readily put into practical effect, there shall now be described by way of non-limitative example only a preferred embodiment of the present invention, the description being with reference to the accompanying illustrative drawings in which:
Figure 1 is a schematic view of a known prior art system;
Figure 2 is a schematic view of another known prior art system;
Figure 3 is a schematic view of the preferred embodiment; Figure 4 is a schematic view of the video server of Figure 3; and
Figure 5 is a flow chart of the operation of the embodiment of Figures 3 and 4.
Detailed Description of Preferred Embodiment
Figure 1 describes a typical digital video streaming arrangement that may be approved by a movie studio. This is actually the model used by Microsoft Corporation in their digital rights management product. However it is quite typical of other digital rights systems availableϊn the marketplace.
A machine A of a broadband customer of the local telecommunications network operator is connected to the intranet F of that carrier by an IP network service
(such as DSL or cable modem). It is then connected to the Internet E (or world wide web) via the local intranet F.
When the customer's machine A uses a video on demand service, they attach to the video on demand application server B, which is located in the Internet E (like any other web service). At the time the customer's rriachine A sends a request to purchase a piece of content (e.g. a movie), the request is sent to the video on demand application server B, in step 1. The customer's machine A may be a personal computer, laptop computer, set top box, or the like. The customer's machine's account is then verified in accordance with the business rules of the service and, if they are permitted to receive the content, a licence key will be returned from the video on demand application server B, in step 2. In practice, there are a number of ways that this may be effected. Typically, the customer's machine A may be given an acknowledgement from application server B that it has purchased the content in step 2, and the key may be delivered to customer's machine from the digital rights management server C at that time in step 4 or upon request step 3 at the time the customer actually views the content. In any event, the key is eventually stored on the customer's machine A. It contains the "licence rules" for viewing the particular piece of content. These rules may dictate the number of times the content may be viewed, whether copies can be made of the content, the period over which the content may be viewed before having to acquire another key, and so forth.
At the time content is to be viewed (which may be at the time of purchase, or afterwards), the customer's machine A requests the piece of content from the video streaming server D, which is located in the intranet F, in step 5. The content is sent in step 6. The streaming server D will always stream any content requested of it. However, the content is protected by virtue of it being encrypted. So it is only where a customer's machine A has a valid licence key can the digital asset may be viewed. If the customer's machine A does not already have a valid key for the content being streamed, a request 4 will be made of the digital rights management server C, which is located on the Internet E, and the key will be sent at that time if the customer's machine is authorised 3.
The video streaming server D cannot be accessed from the Internet E as shown by crossed-arrow 7. This is usually effected by it having a private IP address - and hence being unaddressable from the Internet E=. Both the digital rights
management server C and the video on demand application server D are accessible on the Internet E.
This video on demand model has a number of weaknesses, although it is in common use today:
1. the digital rights management server C is available on the Internet E. This is quite unnecessary to its operation, and simply introduces risks (e.g. risk of hacking);
2. keys are re-used; and 3. keys are not specific.
Figure 2 describes how another service works. This mode of operation is more secure that the mode described above. In this model, the digital rights management server C is protected behind the video on demand application server B and can only be accessed by known and authorised customers using in step 6, and that any and all direct accesses 11 from Internet E are rejected. The URL of the digital rights management Server C is hidden.
Also it uses "one-time use" keys. These are licence keys that have no "rules" to permit re-use. Once a customer machine A uses a key that has been issued, it cannot be used again. This means that the process of access via the video on demand application server B must be repeated each time a new key is needed (e.g. stop then play, viewing again within the licence period).
Finally, keys are individualised keys. This means that each licence key will only operate with a single digital asset (e.g. one movie) and for a specific, single customer's machine.
Hence an anonymous customer's machine A with a standard media player (e.g. "Windows" "Media Player") is unable to use the service from that player alone.
A customer's machine A requesting a movie must access the video on demand application server B in step 1. When the movie is selected and the "play" button commenced, the customer's machine embedded player is instructed (step 2) to request the content directly from the video streaming server D in steps 2 and 3. The encrypted stream then commences in step 4. The keys are not stored in the customer's machine A, and the key is requested in step 5 and 6 from the digital
δ
rights management server C. The digital rights management server C passes the correct key to the customer's machine in steps 7 and 8. It is individualised for the requested content and against that specific customer's machine A, as well as being for a single use only. The stream is then requested again in step 9 and the encrypted stream delivered to the customer's machine where it is decrypted in step 10.
The video content server D remains within the protection of the intranet F at all times.
Figures 3 to 5 illustrate a preferred embodiment.
With this embodiment, the operation of the Video on demand service from the perspective of the customer's machine is identical to that of Figure 2. The DRM server C operates in the same way, and individualised one-time use keys continue to be used. The VoD on demand Application Server B also operates in much the same way.
However, the video streaming server D is now connected to the Internet E. It has a public IP address - although this is kept secret from the general public and is invisible to customer's machines A.
The video streaming application within the video server D is surrounded by two separate firewalls - a static firewall G that permits only certain types of transactions to occur, and a dynamic firewall H that prohibits all ports and modes of access from the Internet E against individual client IP addresses. Both firewalls G, H are based on third party accredited firewall products such as, for example, Microsoft Internet Security and Acceleration (ISA) Server 2000.
A secure communication channel 2 is established between the Video Streaming Server D and the VoD on application server B and preassignment information is generated in server B and passed to the video streamer D for each and every stream that is to be enabled. This occurs at the same time the digital rights management key is issued - one token per key, one key per view.
When the video streamer D receives the preassignment information, it will configure the dynamic firewall H (in step 3a of Figure 5) to permit one streaming
instance of a specific piece of content to the specific IP address. This is valid for a preset period to compensate for Internet delays (3b). It then lapses (3c) if a corresponding stream request does not arrive.
There is also feedback (3d) from the video streaming server D to the Video on demand application server B of all such firewall variations and other received directions (e.g. stop stream). Any incompatibilities identified (3e) will result in a "stop streaming" direction (3f) being initiated by server B to server D. An incompatibility may be any session with an unauthorised IP address, any session that doesn't relate to an immediate past transaction, and so forth. This provides a basis for a failsafe operation.
When a customer's machine A submits a request for purchase of an item of content (e.g. a movie) in the same way as for the description in relation to Figure 2, it involves the video on demand application server B, the digital rights management server C, and exchanges 1, 2 and 3.
The video streaming server D, however, is located within the general Internet E. Figure 4 illustrates the main internal workings of this server. It contains three (3) elements that are additional to what one would normally find in a video streaming server. These elements are:
1. digital verification and protection module I is provided on the server D to provide assurance of the security and correct operation of the server D. This audit process is ongoing; and aims to ensure correct operation of all elements on the server D. As an added layer of security, the digital verification and protection module I may communicate with the corresponding digital verification and protection layer in the customer's machine A during any stream or connection, to verify that only authorised customer's machines can connect to the server. This creates an intranet out of the Internet E. Should communications be lost with the video server D, digital verification and protection also provides the means by which security of content may be assured through an audit of the software register and forced destruction of the content;
2. streaming gate J is a module that manages the process of receiving and sending tokens to the Video on demand application server B. There are three types of exchange: (i) preassignment information 13 from the application server B containing details of the content file to be accessed, the IP address of the customer's machine A, the time, or any other relevant information such as for example, an identification code; (ii) acknowledgement information 14 back to the application server B states what actions were taken by the dynamic firewall H; and (iii) stop stream 15 from the application server B containing details of the stream to be stopped (sent by the application server B in the event of a logic mismatch);
3. the dynamic firewall H. This is a dynamically configurable firewall. The default is to block all ports, and all types of access. In response to valid requests for stream 16 from stream gate J opens specific ports to specific IP addresses to allow the stream 17 to pass.
The dynamic firewall H has a set of application programming interfaces through which control is effected. It is based on an accredited firewall product with an application programming interfaces control toolbox; and
4. static firewall G. It permits mms type transactions only through the internet interface, and it permits "terminal services" and "ftp:" transactions only through the back end (non internet), to allow for administration
It also contains applications including a server operating system K such as / or example, "Windows 2003", "Windows 2000 Server", and "Windows 2000 Advance Server"; as well as a streaming server application.
The video server D is not a shared Internet web or content server. It is a dedicated streaming server only for the video on demand service.
The video on demand system has an Internet Protocol ("IP") checking utility, which can be used to ensure that only customers in the territory can receive content.
Digital rights management licences and preassignment authorisation would not be
issued for customers who fail to pass the IP address check (including domain range checking as well), as the video on demand server B would deny access
When the customer's machine A requests the particular digital content via the video on demand on demand application server B (1), preassignment information is generated by the application and sent to stream gate J on the video server D (2). This is timed to be sent so that it will be executed in the server D prior to the stream request arriving from the customer's machine A. In this way, the dynamic firewall H will therefore permit the streaming event to occur, as the details of the request will match exactly the preassignment data. A resultant acknowledgement will be sent back to the ideo on demand application server B (3g). If the Video on demand application server B does not receive an acknowledgement corresponding to the preassignment within a specified time (3g), or does not receive an acknowledgement that indicates a correct logic match with its own internal records, then a stop streaming token is generated and a security alert raised (3f).
Unauthorised streaming requests are simply ignored ("dropped") by the video streaming server D. This is the same behaviour as though the server were protected by a closed firewall.
The video on demand server B then issues a player release (4) to the customer's machine A and the customer's machine A requests the streaming server D to stream the digital content (5). As the firewalls G, H are opened, the server D sends a digital content release to the customer's machine A (6). The digital content release may also be sent to the server B. The customer machine A then sends a licence request to the video on demand server B (7). The licence request may include the digital content release. The request is sent on to the digital rights management server C (8) that checks to ensure there are no incompatibilities (8a) and, if there are, a stop streaming token issues (8b). If no incompatibilities, the server D issues the licence (including one-time use key) (9) and sends it to server B, whereup it is sent to the customer's machine A (10).
Customer's machine A sends the key to streaming server D with a second streaming request (11). If there are no incompatibilities (11a), the stream is released for decryption (12) and received, decrypted and used on customer's machine A (13). If incompatibilities are present, a stop streaming token issues
Although the public IP address is hidden from users until the stream is released this doesn't stop hostile third parties that scan the internet for servers. However the presence of the firewalls G, H will stop such threats.
No encrypted content files can be seen by any user other than one who is known, has paid for content, and is subject to relevant security software.
The video on demand system does not recognise customer's machine from outside the approved territory as a result of its independent IP checking. This means that no preassignment information is issued for such customer's machine and hence they have no ability to access any part of the video server B.
The invention also provides a computer usable medium comprising a computer program code that is configured to cause at least one processor to execute one or more functions to enable the method described above to be performed.
Whilst there has been described in the foregoing description a preferred embodiment of the present invention, it will be understood by those skilled in the technology that many variation or modification in details of design, construction or operation may be made without departing from the present invention.