WO2011064672A1 - Method for transfer of access criteria for multi-domain and trans-domain distribution of video and other media content - Google Patents

Method for transfer of access criteria for multi-domain and trans-domain distribution of video and other media content Download PDF

Info

Publication number
WO2011064672A1
WO2011064672A1 PCT/IB2010/003392 IB2010003392W WO2011064672A1 WO 2011064672 A1 WO2011064672 A1 WO 2011064672A1 IB 2010003392 W IB2010003392 W IB 2010003392W WO 2011064672 A1 WO2011064672 A1 WO 2011064672A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
information signal
access criteria
security module
content information
Prior art date
Application number
PCT/IB2010/003392
Other languages
French (fr)
Inventor
Ole Hansvold
Original Assignee
Ole Hansvold
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ole Hansvold filed Critical Ole Hansvold
Publication of WO2011064672A1 publication Critical patent/WO2011064672A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/235Processing of additional data, e.g. scrambling of additional data or processing content descriptors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/238Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidth; Processing of multiplex streams
    • H04N21/2389Multiplex stream processing, e.g. multiplex stream encrypting
    • H04N21/23892Multiplex stream processing, e.g. multiplex stream encrypting involving embedding information at multiplex stream level, e.g. embedding a watermark at packet level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/435Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91357Television signal processing therefor for scrambling ; for copy protection by modifying the video signal
    • H04N2005/91364Television signal processing therefor for scrambling ; for copy protection by modifying the video signal the video signal being scrambled

Definitions

  • the present invention relates to architecture for end to end protection of digital content in different domains and across media boundaries.
  • Content on TV, video and audio may be protected to enforce payment
  • CAS digital rights management
  • DRM digital rights management
  • the common architecture for protection of content being mass distributed to consumers based on broadcasting or multicasting techniques is to:
  • ECM Entitlement Control Messages
  • KSM Key Stream Messages
  • the ECM/KSM will usually also contain access criteria associated with the content. Access criteria are references and data associated with the right or privilege the users must possess to be able to make use of the content. iii) Send the encrypted content and the messages to receiver devices such as SetTopBoxes (or let the receiver devices retrieve the same).
  • Such environment is provided by dedicated security modules such as integrated circuit cards (smart cards), Subscriber Identity Modules (SIMs), secure micro SD cards, USB keys that are plugged into the receiver device or specially protected software that residing inside the receiver device.
  • dedicated security modules such as integrated circuit cards (smart cards), Subscriber Identity Modules (SIMs), secure micro SD cards, USB keys that are plugged into the receiver device or specially protected software that residing inside the receiver device.
  • the content decryption normally takes place in the receiver device, but outside the trusted environment. This among others because the security modules facilitating the trusted environment were not capable of content decryption.
  • Convergence of networks, multi function terminals and high capacity detachable non-volatile memory units allow content to be easily transported from one medium to another, to be stored to be consumed later, to be stored to be transported and consumed later, and so on.
  • Transmission formats for a particular domain usually only support security signaling and messages specified for that domain.
  • the present invention suggests a new way to transport the access criteria making secure transport of protected content across domains easier.
  • the present invention it is disclosed how to embed information giving the criteria for being able to access a stream of- or a piece of audiovisual content into the stream or piece of content itself.
  • one or more access criteria representations will be available in the content wherever it goes even if it enters into different domains than it originally was acquired in.
  • the embedded access criteria are used by security modules to determine if the content shall be made available to the user.
  • the present invention also includes embedding by the user security module of additional information such as usage information and user equipment identity information into the content.
  • additional information such as usage information and user equipment identity information
  • the latter is often denoted fingerprints.
  • Figure 1 block diagram illustrating the baseline mechanism of the present invention.
  • Figure 2. shows how the present invention supports secure transfer of content from one domain to another.
  • Figure 3 shows how additional user specific content protection information is embedded into the content information. DESCRIPTION OF PREFERRED EMBODIMENTS
  • the present invention it is disclosed a method for how to embed access criteria into a stream of - or a piece of television content, music content or other audiovisual content for the access criteria to be available in the content wherever it goes.
  • Figure 1 shows a block diagram which illustrates an exemplary embodiment of the present invention.
  • the figure depicts transportation of original content from a content source, encryption, decryption and preparation for viewing the content at a user.
  • the original content is denoted a and origins from a camera or another type of source.
  • the access criteria are generated by a access criteria generator A.
  • the access criteria are a data structure giving information about how the content can be rendered, stored and copied. Access criteria data typically includes the time and date beyond which the content shall not be available for consumption (expiry date), the number of times the content can be rendered, if the content is allowed copied and so on.
  • the access criteria should be protected against intentional or unintentional modification by a cryptographic message digest function and possibly an error correction code.
  • the content a and the access criteria ⁇ are sent to an access criteria embedding function B.
  • the access criteria embedding function embeds the access criteria information into the content.
  • the embedding itself may be just to add the access criteria into a part of the content where it causes least disturbance (simple embedding), or weave the rights information into the content, using e.g. advanced watermarking techniques, in a way making them hard to separate without destroying or degrading the content. The latter as a measure for making it possible to detect if the access criteria indeed belong to the content and not e.g. are access criteria belonging to other content.
  • the access criteria embedding function B may embed the access criteria not only at the beginning of the content, rather as a continuous process or as a repeated process over the entire or sufficient parts of the content.
  • the embedding of the access criteria in the content should be done in a way not disturbing the user consumption of the content. In other words, the access criteria would not have to be removed from the content to it to be consumed.
  • the content with embedded access criteria, ⁇ is encrypted by an encryption function C based on cryptographic keys, herein denoted content keys.
  • the content keys ⁇ used by C are generated by a key generator D.
  • the key generator obtains keys by deriving them from higher order keys (often denoted master keys or root keys) or by collecting numeric samples from a random or pseudorandom source.
  • the key generator may also perform testing of whether the derived key has acceptable characteristics.
  • the content keys ⁇ are also themselves encrypted by the content key encryption function E using a domain key ⁇ .
  • the resulting domain key encrypted content key ⁇ is normally sent alongside the encrypted content, but may also be sent prior or after the content within the same channel as the encrypted content or along other channels. There may be several domain keys to produce one encrypted domain key for each domain. Some or all domains may also share a common key.
  • the encrypted content p and the encrypted content keys ⁇ are transferred to the user receiver device R via some form of transfer method and network such as satellite, cable and terrestrial transmissions in the Digital Video Broadcasting (DVB) format and broadband and Internet transmission in the Internet Protocol (IP) format.
  • DVD Digital Video Broadcasting
  • IP Internet Protocol
  • the receiver device contains a security module S such as a particular secure chip inside a Set-Top-Box (STB) or other type of receiver and such as a secure USB stick, microSD card, PCMCIA card.
  • the security module S may even be a specific security hardened software.
  • the security module S also contains the domain key ⁇ .
  • the security module S uses the domain key ⁇ and the decryption function T to render the content key ⁇ .
  • the security module S uses the content key ⁇ and the content decryption function U to decrypt the content ⁇ containing rights information.
  • the security module S has a function V that retrieves a copy of the access criteria ⁇ from the content ⁇ . V does not remove the access criteria from the content.
  • the access criteria checking function W checks if the access criteria are genuine and not manipulated, then if accepted, the access criteria information ⁇ is interpreted and checked versus the particular rights and privileges ⁇ stored in the memory of the security module.
  • the security module may release the content for consumption in the cleartext digital format ⁇ .
  • the above receiver operation steps comprise a direct consumption mode of the present invention.
  • Figure 2 shows another mode according to the present invention where the receiver R prepares the content for further distribution and consumption in another domain than it was acquired in, i.e. trans domain transition.
  • This transfer mode is where the present invention provides a particular advantage as compared to prior art related to moving content among user consumption devices.
  • the security module S is not releasing the content in the cleartext digital format ⁇ , rather, a function X directly re-encrypts the content using a new content key ⁇ belonging to another domain to produce ⁇ .
  • the second content key ⁇ can be a local device key such as a High bandwidth Digital Content Protection (HDCP) key or it can be a content key of a CAS or DRM system different from the CAS/DRM system used to protect the content in transport from the origin to the security module S.
  • HDCP High bandwidth Digital Content Protection
  • the new content key ⁇ may be encrypted by a function Y using a new domain key ⁇ to produce ⁇ .
  • the security module S outputs the encrypted content ⁇ and the encrypted content key ⁇ .
  • ⁇ and ⁇ can be (stored and) forwarded to other types of security modules in other types of receivers that through knowing ⁇ , X, Y or their inverses can produce and output the cleartext content ⁇ for consumption.
  • An additional optional function of the present invention is to embed additional information into the content before releasing it or re-encrypting it. Such additional information may be consumption related to for example indicate how many times and at which times the content has been released for consumption. The additional information may also be some form of identification of the security module used to process the access criteria and the content.
  • the embedding of additional content is illustrated in Figure 3 as function Z with the ingoing content ⁇ and the outgoing cleartext content containing the additional information being ⁇ .
  • the present invention differs from prior art by binding the access criteria with the content itself instead of the prior art method of binding the access criteria with the content keys.
  • prior art has the advantage of not having to decrypt the content before deciding if the content shall be made available for the user
  • the present invention has, through possibly containing access criteria for several domains, indeed the advantage that the same content can be consumed in several domains, and the further advantage of not having to map rights when going from one domain to another as the present invention makes it possible just to decrypt using the algorithm and content keys of one domain and re-encrypt using the algorithm and content keys of the next domain.
  • the present invention allows the originator of the content to embed access criteria in content that will follow the content as it traverses and is accessed in various domains.
  • the present invention is compatible with prior art as the prior art method of sending the access criteria alongside instead of embedded in the content can be used as usual in a particular domain, for example to protect content being distributed via satellite. Then, if the user wants to further transport and store the content received in the satellite domain into for example the home entertainment network, the content is decrypted and re-encrypted in a specific security module, and stored in the second domain. When to be consumed in the second domain, it is the access criteria embedded in the content that is retrieved and used to determine if and how access to the content shall be granted.

Abstract

A method is presented where criteria for obtaining access to video or other media content are embedded into the content itself before the content is encrypted and sent or retrieved by a user terminal. The user terminals comprise a security module that decrypts the content and retrieves a copy of the embedded access criteria. The access criteria from the content are compared with rights and privilege information contained in the security module. If match is found concluding that access shall be granted, then the content is released for consumption. Several access criteria may be embedded in the content for it to be rendered on a wide variety of user terminals. A further aspect of the method is simplified secure transfer of the content from the security domain of one type of user terminals or - server to another.

Description

"Method for transfer of access criteria for multi-domain and trans- domain distribution of video and other media content"
TECHNICAL FIELD
The present invention relates to architecture for end to end protection of digital content in different domains and across media boundaries.
BACKGROUND AND PRIOR ART
Content on TV, video and audio may be protected to enforce payment
("pay-TV"), confidentiality ("closed used groups") or copyrights ("only for personal use"). The protection systems used are so called conditional access systems
(CAS) or digital rights management (DRM) systems.
The common architecture for protection of content being mass distributed to consumers based on broadcasting or multicasting techniques is to:
i) Encrypt the content using a cryptographic algorithm and content keys (often denoted control words (CW) or traffic encryption keys (TEK))
ii) Include the content key in specific messages alongside the content.
Encrypt the message using a higher order key. These messages are often denoted Entitlement Control Messages (ECM) or Key Stream Messages (KSM).
The ECM/KSM will usually also contain access criteria associated with the content. Access criteria are references and data associated with the right or privilege the users must possess to be able to make use of the content. iii) Send the encrypted content and the messages to receiver devices such as SetTopBoxes (or let the receiver devices retrieve the same).
iv) Let the receiver devices first decrypt the ECM/KSMs, then interpret and match the access criteria against the rights and privileges held by the receiver device. If the conditions for accessing the content are met, release the content keys for decryption of the content.
v) Decrypt the content using the content keys, and present the content to the user. Then, in this architecture, there are also messages to transport the rights and privileges as well as various types of management keys to the user's security modules. Such messages are often denoted Entitlement Management Messages (EMM) or Rights Messages.
To enforce content protection, all content protection related messages, i.e. ECM/KSMs, EMM, Rights Messages and similar, have to be processed - and all rights and privileges stored in a trusted environment.
By prior art, such environment is provided by dedicated security modules such as integrated circuit cards (smart cards), Subscriber Identity Modules (SIMs), secure micro SD cards, USB keys that are plugged into the receiver device or specially protected software that residing inside the receiver device.
By prior art, the content decryption normally takes place in the receiver device, but outside the trusted environment. This among others because the security modules facilitating the trusted environment were not capable of content decryption.
Systems based on this architecture represent a complete environment for content protection. Examples of prior art are the various proprietary CAS for DVB and the standards based Open Mobile Alliance (OMA) DRM.
Convergence of networks, multi function terminals and high capacity detachable non-volatile memory units allow content to be easily transported from one medium to another, to be stored to be consumed later, to be stored to be transported and consumed later, and so on.
So, it would be the most user-friendly to allow moving the content from the domain where it was acquired and controlled by the content protection system of this first domain to another domain protected by another content protection system. This is not in general supported by prior art.
To facilitate such trans-domain control of the content, one must, in addition to decrypt the content using the content key and re-encrypt the content for the new domain using content keys for the second domain, also, by prior art, either:
a) Map the access criteria applying to the content in the first domain to the access criteria of the next domain, or
b) Send access criteria for both domains, and possibly subsequent domains, alongside the encrypted content in the first domain. Neither a) nor b) are easy to achieve in practice:
Regarding a): As there already exist a number of proprietary CAS/DRM systems, a) requires mappings of proprietary access criteria structures to exist for each relevant domain boundary. An alternative is to develop some standard mapping formats, but the willingness to support standardization has been low in the history of CAS/DRM.
Regarding b): Transmission formats for a particular domain usually only support security signaling and messages specified for that domain.
Transmitting access criteria for other domains are therefore in general not supported.
Note that whereas the same domain boundary problem in general also exist for EMM/Rights messages, the transport of such messages are decoupled from the transport of the content, and they can be sent prior or after the encrypted content or along other paths than the encrypted content. This differs from the access criteria that need to follow the encrypted content.
The fact that both a) and b) are difficult to implement in practice, hinders secure transport of protected content between domains. Thus, either the content must be released and become unprotected, or users be denied moving their content between domains.
The present invention suggests a new way to transport the access criteria making secure transport of protected content across domains easier.
DISCLOSURE OF THE INVENTION
It is an object according to the present invention to overcome the
drawbacks indicated above related to preparing the content to be accessed in multiple domains and related to trans domain transport of access criteria.
According to the present invention it is disclosed how to embed information giving the criteria for being able to access a stream of- or a piece of audiovisual content into the stream or piece of content itself. By being embedded in the content itself, one or more access criteria representations will be available in the content wherever it goes even if it enters into different domains than it originally was acquired in. The embedded access criteria are used by security modules to determine if the content shall be made available to the user.
Whereas the original access criteria are embedded by the rights- or content issuer, the present invention also includes embedding by the user security module of additional information such as usage information and user equipment identity information into the content. The latter is often denoted fingerprints.
Further, according to the present invention it is disclosed a method according to the enclosed independent claim.
Other advantages, details and aspects according to the present invention will be apparent from the accompanying dependent claims.
Brief Description of Drawings
In order to make the invention more readily understandable the discussion that follows will refer to the accompanying drawings:
Figure 1 : block diagram illustrating the baseline mechanism of the present invention.
Figure 2. shows how the present invention supports secure transfer of content from one domain to another.
Figure 3: shows how additional user specific content protection information is embedded into the content information. DESCRIPTION OF PREFERRED EMBODIMENTS
In the following, the present invention will be discussed by describing preferred embodiments, and referring to the accompanying drawings. However people skilled in the art will realize other applications and modifications within the scope of the invention as defined in the enclosed independent claims.
According to the present invention it is disclosed a method for how to embed access criteria into a stream of - or a piece of television content, music content or other audiovisual content for the access criteria to be available in the content wherever it goes.
Figure 1 shows a block diagram which illustrates an exemplary embodiment of the present invention. The figure depicts transportation of original content from a content source, encryption, decryption and preparation for viewing the content at a user. The original content is denoted a and origins from a camera or another type of source. The access criteria are generated by a access criteria generator A. The access criteria are a data structure giving information about how the content can be rendered, stored and copied. Access criteria data typically includes the time and date beyond which the content shall not be available for consumption (expiry date), the number of times the content can be rendered, if the content is allowed copied and so on. The access criteria should be protected against intentional or unintentional modification by a cryptographic message digest function and possibly an error correction code.
The content a and the access criteria β are sent to an access criteria embedding function B. The access criteria embedding function embeds the access criteria information into the content. The embedding itself may be just to add the access criteria into a part of the content where it causes least disturbance (simple embedding), or weave the rights information into the content, using e.g. advanced watermarking techniques, in a way making them hard to separate without destroying or degrading the content. The latter as a measure for making it possible to detect if the access criteria indeed belong to the content and not e.g. are access criteria belonging to other content.
The access criteria embedding function B may embed the access criteria not only at the beginning of the content, rather as a continuous process or as a repeated process over the entire or sufficient parts of the content. The embedding of the access criteria in the content should be done in a way not disturbing the user consumption of the content. In other words, the access criteria would not have to be removed from the content to it to be consumed.
The content with embedded access criteria, ε, is encrypted by an encryption function C based on cryptographic keys, herein denoted content keys.
The content keys μ used by C are generated by a key generator D. The key generator obtains keys by deriving them from higher order keys (often denoted master keys or root keys) or by collecting numeric samples from a random or pseudorandom source. The key generator may also perform testing of whether the derived key has acceptable characteristics.
The content keys μ are also themselves encrypted by the content key encryption function E using a domain key σ. The resulting domain key encrypted content key Θ is normally sent alongside the encrypted content, but may also be sent prior or after the content within the same channel as the encrypted content or along other channels. There may be several domain keys to produce one encrypted domain key for each domain. Some or all domains may also share a common key.
The encrypted content p and the encrypted content keys Θ are transferred to the user receiver device R via some form of transfer method and network such as satellite, cable and terrestrial transmissions in the Digital Video Broadcasting (DVB) format and broadband and Internet transmission in the Internet Protocol (IP) format.
The receiver device contains a security module S such as a particular secure chip inside a Set-Top-Box (STB) or other type of receiver and such as a secure USB stick, microSD card, PCMCIA card. The security module S may even be a specific security hardened software.
The security module S also contains the domain key σ. When receiving the encrypted content key Θ, the security module S uses the domain key σ and the decryption function T to render the content key μ.
The security module S uses the content key μ and the content decryption function U to decrypt the content ε containing rights information. The security module S has a function V that retrieves a copy of the access criteria β from the content ε. V does not remove the access criteria from the content.
The access criteria checking function W checks if the access criteria are genuine and not manipulated, then if accepted, the access criteria information β is interpreted and checked versus the particular rights and privileges τ stored in the memory of the security module.
If the access criteria β from the content matches the rights and privileges τ stored in the memory of the security module, the security module may release the content for consumption in the cleartext digital format ε.
The above receiver operation steps comprise a direct consumption mode of the present invention.
Figure 2 shows another mode according to the present invention where the receiver R prepares the content for further distribution and consumption in another domain than it was acquired in, i.e. trans domain transition. This transfer mode is where the present invention provides a particular advantage as compared to prior art related to moving content among user consumption devices. In this mode, the security module S is not releasing the content in the cleartext digital format ε, rather, a function X directly re-encrypts the content using a new content key ω belonging to another domain to produce λ.
The second content key ω can be a local device key such as a High bandwidth Digital Content Protection (HDCP) key or it can be a content key of a CAS or DRM system different from the CAS/DRM system used to protect the content in transport from the origin to the security module S.
In the same way as the first content key μ is encrypted using a domain key σ, the new content key ω may be encrypted by a function Y using a new domain key ψ to produce η.
The security module S outputs the encrypted content λ and the encrypted content key η. λ and η can be (stored and) forwarded to other types of security modules in other types of receivers that through knowing ψ, X, Y or their inverses can produce and output the cleartext content ε for consumption. An additional optional function of the present invention is to embed additional information into the content before releasing it or re-encrypting it. Such additional information may be consumption related to for example indicate how many times and at which times the content has been released for consumption. The additional information may also be some form of identification of the security module used to process the access criteria and the content. The embedding of additional content is illustrated in Figure 3 as function Z with the ingoing content ε and the outgoing cleartext content containing the additional information being χ.
The present invention differs from prior art by binding the access criteria with the content itself instead of the prior art method of binding the access criteria with the content keys. Whereas prior art has the advantage of not having to decrypt the content before deciding if the content shall be made available for the user, the present invention has, through possibly containing access criteria for several domains, indeed the advantage that the same content can be consumed in several domains, and the further advantage of not having to map rights when going from one domain to another as the present invention makes it possible just to decrypt using the algorithm and content keys of one domain and re-encrypt using the algorithm and content keys of the next domain.
So, the present invention allows the originator of the content to embed access criteria in content that will follow the content as it traverses and is accessed in various domains.
With prior art, to traverse various domains, a sufficiently compatible mapping of rights has to exist for a domain-to-domain combination. In the present scenario none or very few such mappings exist preventing secure traversal of content through domains. One could also have sent access criteria for all relevant domains alongside the content, but present signaling architectures are not prepared for such multiple domain access criteria transport. For example, the access criteria sent according to the DVB standard does not map into the
Microsoft Protected Broadcast Driver Architecture.
The present invention is compatible with prior art as the prior art method of sending the access criteria alongside instead of embedded in the content can be used as usual in a particular domain, for example to protect content being distributed via satellite. Then, if the user wants to further transport and store the content received in the satellite domain into for example the home entertainment network, the content is decrypted and re-encrypted in a specific security module, and stored in the second domain. When to be consumed in the second domain, it is the access criteria embedded in the content that is retrieved and used to determine if and how access to the content shall be granted.

Claims

PATENT CLAIMS
1. A method for transfer of access criteria related to digital television, digital video, digital audio or other digital audiovisual content subject to conditional access characterized in that the method at least comprises the steps of:
embedding access criteria information (β) into a content information signal (a) before the resulting content information signal (ε) is encrypted and the encrypted content information signal (p) is either sent to a user terminal (R) or retrieved by a user terminal (R) and that a security module (S) inside or in conjunction with the terminal (R) decrypts the encrypted content information signal (p) to regenerate the cleartext content information signal (s),and retrieves the relevant access criteria (β) from the content information signal (ε) and only releases the content information signal (ε) in cleartext form for consumption by the user if the retrieved access criteria (β) matches the rights information or privileges (τ) held by the security module (S).
2. A method according to claim 1,
characterized in that instead of, or in addition to, releasing the content information (ε) in cleartext form, the said security module (S) re-encrypts the content information signal (ε) including the still embedded access criteria (β) using in general a different cryptographic algorithm (X) and keys (ω) than those (C, μ) used for the encrypted content information signal (p) that entered the security module.
3. A method according to claim 1 ,
characterized in that the said method is used in parallel/simultaneously with a conventional conditional access system or digital rights management system for which the access criteria are sent alongside the encrypted content information signal.
4. A method according to claims 1, 2 or 3,
characterized in that the cryptographic method (C) and content keys (μ) used to encrypt the content information signal (ε) is that of the conditional access system as described in claim 3.
5. A method according to claim 1,
characterized in that the said security module (S) embeds (Z) information into the content information signal (ε) that reflects the usage of the content where such usage information can be indicators for when the content first was rendered, when it last was rendered, the number of times it has been rendered, and so on for being able to control access to the content a certain number of times or within certain time limits.
6. A method according to claim 1 ,
characterized in that the said security module (S) embeds (Z) a representation of a unique identity of the security module (S) into the content information signal (ε) before releasing the content information signal (ε) for consumption according to claim 1 or for re-encryption according to claim 2.
7. A method according to claims 1 , 5 or 6,
characterized in that watermarking techniques are used for the embedding of access criteria (β) or of usage information or unique identity information (Z) into the content information signal (ε).
8. A method according to claim 1 ,
characterized in that multiple sets of access criteria (β) are embedded in the content information signal (ε) for the content to be rendered by different types of security modules (S) where each set of access criteria (β) matches a type of security module (S).
9. A method according to claims 1 or 2,
characterized in that the keys (μ) used when encrypting the content information signal (ε) are made available for the security module (S) in the terminal (R) either by being: - encrypted and sent alongside the encrypted content (p) to the security module (S),
- pre-generated and stored in the security module (S),
- re-generated by the security module (S) on the fly based on some seed.
10. A method according to claims 3 or 4,
characterized in that the security module (S) in the terminal (R) can comprise one physical module that manages the conventional CAS/DRM operation and another module performing the remaining processing according to the other claims, and that the two modules are connected or communicates in a secure way.
11.A method according to claims 1 , 5 or 6,
characterized in that the access criteria (β) or usage information or unique identity information (Z) are embedded as a continuous process or as a repeated process over the entire or sufficient parts of or blocks of the content.
PCT/IB2010/003392 2009-11-24 2010-11-25 Method for transfer of access criteria for multi-domain and trans-domain distribution of video and other media content WO2011064672A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20093404 2009-11-24
NO20093404A NO331570B1 (en) 2009-11-24 2009-11-24 Method for transmitting rights criteria for multi-domain and trans-domain distribution of video and other media content

Publications (1)

Publication Number Publication Date
WO2011064672A1 true WO2011064672A1 (en) 2011-06-03

Family

ID=43754954

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/003392 WO2011064672A1 (en) 2009-11-24 2010-11-25 Method for transfer of access criteria for multi-domain and trans-domain distribution of video and other media content

Country Status (2)

Country Link
NO (1) NO331570B1 (en)
WO (1) WO2011064672A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2806231A1 (en) * 2000-03-08 2001-09-14 France Telecom Digital image data transmission system includes user of digital watermark to carry access control information
EP1176827A2 (en) * 2000-07-21 2002-01-30 Hughes Electronics Corporation Super encrypted storage and retrieval of media programs with smartcard generated keys
WO2006089160A2 (en) * 2005-02-16 2006-08-24 Videonline, Inc. Videonline security network architecture and methods therefor
US20070294170A1 (en) * 2006-06-02 2007-12-20 Luc Vantalon Systems and methods for conditional access and digital rights management
US20080092239A1 (en) * 2006-10-11 2008-04-17 David H. Sitrick Method and system for secure distribution of selected content to be protected

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2806231A1 (en) * 2000-03-08 2001-09-14 France Telecom Digital image data transmission system includes user of digital watermark to carry access control information
EP1176827A2 (en) * 2000-07-21 2002-01-30 Hughes Electronics Corporation Super encrypted storage and retrieval of media programs with smartcard generated keys
WO2006089160A2 (en) * 2005-02-16 2006-08-24 Videonline, Inc. Videonline security network architecture and methods therefor
US20070294170A1 (en) * 2006-06-02 2007-12-20 Luc Vantalon Systems and methods for conditional access and digital rights management
US20080092239A1 (en) * 2006-10-11 2008-04-17 David H. Sitrick Method and system for secure distribution of selected content to be protected

Also Published As

Publication number Publication date
NO20093404A1 (en) 2011-05-25
NO331570B1 (en) 2012-01-30

Similar Documents

Publication Publication Date Title
US7769171B2 (en) Method for transmitting digital data in a local network
KR100966970B1 (en) Method of updating a revocation list of noncompliant keys, appliances or modules in a secure system for broadcasting content
US8627482B2 (en) Method, apparatus and system for secure distribution of content
US7568111B2 (en) System and method for using DRM to control conditional access to DVB content
US8474054B2 (en) Systems and methods for conditional access and digital rights management
US9479825B2 (en) Terminal based on conditional access technology
KR102206142B1 (en) Method for watermarking media content and system for implementing this method
US20070124252A1 (en) Reception device, transmission device, security module, and digital right management system
US8996870B2 (en) Method for protecting a recorded multimedia content
JP2003058510A (en) Method and system for transmitting and distributing license in online environment
EP1214840A1 (en) Multimedia digital terminal and detachable module cooperating with the terminal comprising an interface protected against copying
KR20110004332A (en) Processing recordable content in a stream
KR20090090332A (en) Method of controlling the access to a scrambled digital content
US7616763B2 (en) Validity verification method for a local digital network key
CN101202883B (en) System for numeral copyright management of IPTV system
WO2008031292A1 (en) Encrypting method for hard disk in set top box of cable television system
EP1467565A1 (en) Integrated circuit for decryption of broadcast signals
US20090144832A1 (en) Method for protecting content and method for processing information
WO2011064672A1 (en) Method for transfer of access criteria for multi-domain and trans-domain distribution of video and other media content
CN107547946B (en) Method and medium for transmitting streaming digital content over internet data communication network
JP2001251290A (en) Data transmission system and method for distributing and storing and reproducing contents
WO2004034705A1 (en) System for secure distribution, storage and conditional retrieval of multimedia content
KR20080113195A (en) Method for protecting content and method for processing information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10813010

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10813010

Country of ref document: EP

Kind code of ref document: A1