Method and system for end to end securing of content for video on demand
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
H04K-001/00
H94L-009/00
H04N-007/167
출원번호
US-0354920
(2003-01-29)
등록번호
US-7328345
(2008-02-05)
발명자
/ 주소
Morten,Glenn A.
Rassool,Reza P.
Claeys,Tom E.
Baker,Brian Andrew
출원인 / 주소
Widevine Technologies, Inc.
대리인 / 주소
Darby & Darby PC
인용정보
피인용 횟수 :
43인용 특허 :
102
초록▼
A system and method for providing end-to-end security of content over a heterogeneous distribution chain is provided. A content owner provides content to an aggregator that receives the content and processes the content. The processing may involve decrypting the content and associating at least one
A system and method for providing end-to-end security of content over a heterogeneous distribution chain is provided. A content owner provides content to an aggregator that receives the content and processes the content. The processing may involve decrypting the content and associating at least one of a unique fingerprint and a watermark to the decrypted content. The unique fingerprint and a watermark to the decrypted content provide identifying characteristics to the content. Additional content-based fingerprints may be used to monitor quality of consumer experience for Video and Audio. The content may be sent in a decrypted state to a client or in an encrypted state. When the content is encrypted the aggregator wraps and encrypts the content with a signature such that an end-to-end flow of the content may be determined. Application Level encryption is used to provide network/distribution medium transparency as well as persistent encryption. When the content is transmitted from a consumer to another consumer the transmitting consumer loses rights to the content.
대표청구항▼
What is claimed is: 1. A system for providing security of content within a heterogeneous distribution chain, comprising: a content owner having content; an aggregator arranged to perform the following actions: receiving the content, the content being encrypted with a content key, and appended to a
What is claimed is: 1. A system for providing security of content within a heterogeneous distribution chain, comprising: a content owner having content; an aggregator arranged to perform the following actions: receiving the content, the content being encrypted with a content key, and appended to a key wrapper chain, the key wrapper chain comprising the content key, the content key being encrypted with a first encryption key; decrypting the content key using the first encryption key; decrypting the content using the content key; modifying the decrypted content by combining the decrypted content with at least one of a unique fingerprint or a watermark, wherein the fingerprint or watermark identifies at least the aggregator; employing the content key to encrypt the modified content; encrypting the content key with the first encryption key; encrypting the first encryption key using a second encryption key; generating another key wrapper chain by appending the encrypted content key to the encrypted first encryption key; and appending the other key wrapper chain to the encrypted modified content. 2. The system of claim 1, further comprising: a service operator arranged to perform actions, including: receiving the encrypted modified content and appended other key wrapper from the aggregator; encrypting the second encryption key using a third encryption key, wherein the third encryption key is associated with a downstream recipient; generating yet another key wrapper chain by appending the encrypted second encryption key to the received encrypted modified content and the other key wrapper; and sending the appended key wrapper chain with the encrypted modified content to the downstream recipient. 3. The system of claim 2, further comprising: a consumer arranged to perform actions, including: receiving the key wrapper chain with the encrypted modified content from the service operator; encrypting the third encryption key using a fourth encryption key, wherein the fourth encryption key is uniquely associated with a second consumer; and generating another key wrapper chain by appending the encrypted third encryption key to the received encrypted modified content, such that the generated other key wrapper chain includes at least four key wrappers in the key wrapper chain, each encryption key being encrypted by a unique different key from each other key wrapper in the chain. 4. The system of claim 1, further comprising a key manager and a key exchange arranged to manage encryption keys and decryption keys, the decryption keys relating to content that has been encrypted by an upstream provider, and the encryption keys that are used for distribution of the content. 5. The system of claim 4, wherein the key manager is further configured to manage symmetric keys of the aggregator and asymmetric keys that may be employed for at least one of signing of the content, or of encrypting the content and key exchange. 6. The system of claim 4, wherein the unique fingerprint or the watermark further comprises a copyright notice. 7. The system of claim 6, wherein the content is watermarked and fingerprinted such that a distribution path and a service provider in a market stream relating to the content are uniquely identified. 8. The system of claim 1, wherein the watermark is configured to identify the recipient of the content. 9. The system of claim 1, wherein the watermark is configured to identify a source of the content. 10. The system of claim 1, wherein the second encryption key is associated with a downstream recipient of the content. 11. The system of claim 1, wherein the aggregator further comprises a persistent security database configured to store the encrypted content. 12. The system of claim 1, wherein the aggregator further comprises a content in the clear database configured to store the decrypted content having the at least one of the unique fingerprint and the watermark. 13. The system of claim 1, wherein the clear database may be used to initiate trans-encryption in order to change the encryption properties allowing the use of legacy conditional access and consumer premise equipment in next generation networks. 14. The system of claim 1, further comprising a bridge and a key exchange configured to encrypt the content as it is transmitted to a downstream recipient. 15. The system of claim 1, further comprising a QOS API configured to enable selection of Quality of Service profiles based on system and content attributes. 16. A method for providing end-to-end security of content over a heterogeneous distribution chain, comprising: receiving encrypted content with key wrappers that are appended to the encrypted content, wherein the key wrappers comprise an encrypted content key and an encrypted first encryption key, wherein the content key encrypted the content, the encrypted content key being encrypted with the first encryption key, and the encrypted first encryption key being encrypted with a second encryption key; decrypting the content by decrypting the first encryption key using the second encryption key, decrypting the content key using the decrypted first encryption key, and thereby decrypting the content using the decrypted content key; embedding at least one of a unique fingerprint or a watermark into the decrypted content, wherein the fingerprint or watermark identifies at least an entity performing the content decryption; generating other key wrappers by appending the encrypted content key to the encrypted first encryption key, encrypting the second encryption key using a third encryption key, and appending the encrypted second to the encrypted content key, and the encrypted first encryption key; appending the other key wrappers to the modified content; and transmitting the modified content and other key wrappers over a network. 17. The method of claim 16, further comprising managing encryption keys and decryption keys, the decryption keys relating to content that has been encrypted by the provider, and the encryption keys that are used for distribution of the content to the recipient. 18. The method of claim 17, wherein managing the encryption keys further comprises managing symmetric and asymmetric keys that may be employed for at least one of signing of the content, of encrypting the content and key exchange. 19. The method of claim 17, wherein the unique fingerprint or the watermark further comprises a copyright notice. 20. The method of claim 19, wherein the content is watermarked and fingerprinted such that a distribution path and a service provider in a market stream relating to the content are uniquely identified. 21. The method of claim 16, wherein the watermark is configured to identify the recipient of the content. 22. The method of claim 16, wherein the watermark is configured to identify a source of the content. 23. The method of claim 16, wherein the content is digitally signed. 24. The method of claim 16, further comprising enabling a selection of Quality of Service profiles based on system and content attributes. 25. The method of claim 24, wherein enabling the selection of Quality of Service profiles based on system and content attributes further comprises providing an upstream content provider with information concerning the unencrypted content. 26. The method of claim 16, further comprising: detecting tampering of the encrypted content or the key wrappers, and performing a tamper detection response including at least one of terminating transmission of the encrypted content, or revoking a credential associated with access to the content. 27. The method of claim 16, further comprising determining when the provider and the recipient are a consumer, and when: ensuring that the provider loses rights to the content after the transmission. 28. The method of claim 16, wherein the identifying of the last authorized decryption agent by watermarking the agent's fingerprint to the content is performed at least one of the following times including: the time of decryption and as part of the decryption process. 29. The method of claim 16, further comprising the use of content fingerprints taken before encryption and after decryption in order to determine the quality of experience for Video and Audio service. 30. The method of claim 16, wherein in application level encryption is used in order to provide network/distribution medium transparency and persistent encryption in storage devices and caches. 31. The method of claim 16, wherein selective encryption is used in order to provide network/distribution medium transparency and persistent encryption in storage devices and caches. 32. A system for providing end-to-end security of content over a heterogeneous distribution chain, comprising: means for receiving encrypted content with key wrappers that comprise a content key that is encrypted with a first encryption key, and the first encryption key that is encrypted with a second access; means for determining when to inspect the content; and when: means for decrypting the content using the keys in the key wrappers; means for adding at least one of a unique fingerprint and a watermark to the decrypted content, wherein the fingerprint or watermark provides information about the decryption means; means for wrapping and encrypting the decrypted content; and means for generating and appending other key wrappers that comprises the encrypted content key, encrypted first encryption key, and encrypted second encryption key, wherein the encrypted second encryption key is encrypted with a third encryption key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (102)
Horstmann Cay, Advertising-subsidized and advertising-enabled software.
Shimosato,Hideto; Ushiyama,Yuichi; Mogami,Kazuto, Apparatus, system and method for authenticating personal identity, computer readable medium having personal identity authenticating program recorded thereon method of registering personal identity au.
Gopinath Bhaskarpillai (Watchung NJ) Kurshan David (Sea Bright NJ), Composition of systems of objects by interlocking coordination, projection, and distribution.
Taku Kato JP; Takehisa Kato JP; Kenjiro Endoh JP; Hisashi Yamada JP; Naoki Endoh JP, Copy protection apparatus and information recording medium used in this copy protection apparatus.
Kawada,Hirotsugu; Katta,Noboru; Ibaraki,Susumu; Tatebayashi,Makoto; Harada,Shunji, Data player, digital contents player, playback system, data embedding apparatus, and embedded data detection apparatus.
Sudia Frank W. ; Asay Alan ; Brickell Ernest F. ; Ankney Richard ; Freund Peter C. ; Yung Marcel M. ; Kravitz David W., Electronic cryptographic packing.
Iwamura, Keiichi, Electronic watermarking method, digital information distribution system using such method, and storage medium storing program of such method.
Chang, Yuan-Chi; Li, Chung-Sheng; Han, Richard Yeh-whei; Smith, John R., Method and apparatus for networked information dissemination through secure transcoding.
Wasilewski Anthony John ; Woodhead Douglas F. ; Logston Gary Lee, Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity.
LaRocca Tobie ; Johnson Michael D., Method and apparatus for providing subscription-on-demand services, dependent services and contingent services for an interactive information distribution system.
Arn Robert M. (Toronto CAX) Csanky Peter H. (Toronto CAX) Waszek Glen F. (Toronto CAX), Method and apparatus for scrambling and unscrambling data streams using encryption and decryption.
Vegt Arjen Van Der,NLX, Method for automatically searching a frequency range for signal channels in a receiver for digitally modulated signals, and receiver for applying such a method.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Kudelski Andr (Crissier CHX) Laffely Laurent (Le Mont-sur-Lausanne CHX) Sasselli Marco (Chardonne CHX), Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof.
Handelman Doron,ILX ; Kranc Moshe,ILX ; Fink David,ILX ; Zucker Arnold,ILX ; Smith Perry,ILX ; Bar-on Gerson,ILX, Secure access system utilizing an access card having more than one embedded integrated circuit and/or plurality of secu.
Handelman Doron (Givataim ILX) Kranc Moshe (Jerusalem ILX) Fink David (Jerusalem ILX) Zucker Arnold (Ramat Modiim ILX) Smith Perry (Jerusalem ILX) Bar-On Gerson (Kohav Hashahar ILX), Secure access systems and methods utilizing two access cards.
Handelman Doron,ILX ; Kranc Moshe,ILX ; Fink David,ILX ; Zucker Arnold,ILX ; Smith Perry,ILX ; Bar-On Gerson,ILX, Secure access systems utilizing more than one IC card.
Anderson ; Jr. Bruce J. ; Lamont Nadine ; Drasner Sharyn L. ; Greenberg Arthur L., Set top terminal for an interactive information distribution system.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie, David M.; Weber, Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Herz Frederick ; Ungar Lyle ; Zhang Jian ; Wachob David ; Salganicoff Marcos, System and method for scheduling broadcast of and access to video programs and other data using customer profiles.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Mori Toshiya,JPX ; Takao Naoya,JPX ; Shimoji Tatsuya,JPX ; Okamura Kazuo,JPX ; Hirai Junichi,JPX ; Oashi Masahiro,JPX ; Kakiuchi Takashi,JPX ; Kusumi Yuki,JPX ; Miyabe Yoshiyuki,JPX ; Minakata Ikuo,J, Terminal apparatus and method for achieving interactive operations by displaying a desired piece of image information at high speed using cache memories, out of a large amount of image information se.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
Grab, Eric William; Russell, Chris; Chan, Francis Yee-Dug; Kiefer, Michael George, Federated digital rights management scheme including trusted systems.
Grab, Eric William; Russell, Chris; Chan, Francis Yee-Dug; Kiefer, Michael George, Federated digital rights management scheme including trusted systems.
Grab, Eric William; Russell, Chris; Chan, Francis Yee-Dug; Kiefer, Michael George, Federated digital rights management scheme including trusted systems.
Cocchi, Ronald P.; Gagnon, Gregory J.; McKee-Clabaugh, Frances C.; Gorman, Michael A., Method and apparatus for providing secure internet protocol media services.
Cocchi, Ronald P.; Gagnon, Gregory J.; McKee-Clabaugh, Frances C.; Gorman, Michael A., Method and apparatus for providing secure internet protocol media services.
Cocchi, Ronald P.; Gagnon, Gregory J.; Flaharty, Dennis R., Method and apparatus for supporting multiple broadcasters independently using a single conditional access system.
Cocchi, Ronald P.; Gagnon, Gregory J.; Flaharty, Dennis R., Method and apparatus for supporting multiple broadcasters independently using a single conditional access system.
Cocchi, Ronald P.; Gagnon, Gregory J.; Flaharty, Dennis R., Method and apparatus for supporting multiple broadcasters independently using a single conditional access system.
Oxford, William V., Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol.
Oxford, William V., Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Playback devices and methods for playing back alternative streams of content protected using a common set of cryptographic keys.
Klein, Daniel Paul Leon; Meikle, Neil; Page, Simon Ellett; Mufazzil, Jessica Hanefa, System and method of analysing transfer of data over at least one network.
Braness, Jason; van der Schaar, Auke Sjoerd; Soroushian, Kourosh, Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol.
Braness, Jason; Soroushian, Kourosh; van der Schaar, Auke Sjoerd, Systems and methods for performing smooth visual search of media encoded for adaptive bitrate streaming via hypertext transfer protocol using trick play streams.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Systems and methods for playing back alternative streams of protected content protected using common cryptographic information.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Systems and methods for playing back alternative streams of protected content protected using common cryptographic information.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Systems and methods for playing back alternative streams of protected content protected using common cryptographic information.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Systems and methods for playing back alternative streams of protected content protected using common cryptographic information.
Kiefer, Michael George; Grab, Eric William; Braness, Jason, Systems and methods for protecting alternative streams in adaptive bitrate streaming systems.
Braness, Jason; Amidei, William David; Srinivasan, Mayur, Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles.
Naletov, Ivan Vladimirovich; Zurpal, Sergey, Systems, methods, and media for transcoding video data according to encoding parameters indicated by received metadata.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.