The technology described in this document relates generally to capturing video or audio and more particularly to a capture controller configured to provide capture functionality according to a capture security policy.
Televisions (TVs) and set-top boxes (STBs) may include video capture functionality that allows a user to capture frames of video from source video. The functionality may have several uses. For example, for an Internet-connected device, the functionality may be used in a video fingerprinting technology to detect the video content being viewed, so that the device can automatically provide access to applications and features related to the video content. The functionality may also be used on a TV or STB to show frozen frames when the user changes from one channel to another. Numerous other uses for video capture functionality exist (e.g., allowing users to capture frames as image files and share them on a social network, allowing captured frames from multiple source videos to be combined in a video mosaic, etc.).
In providing this functionality, hardware and software is often used to capture the video frames and export them out of a video pipeline. In certain systems, the possibility exists for the functionality to be misused or used for illegitimate purposes (e.g., unauthorized copying of copyrighted video content). For example, an untrusted application may repeatedly capture frames of video, thus circumventing security measures of a secure video pipeline.
The present disclosure is directed to systems and methods for providing capture functionality according to a security policy. In a method for providing capture functionality according to a security policy, a request to capture content is received from a requesting application at a capture controller. The request is evaluated based on the security policy of the capture controller. Based on the evaluation, a determination is made as to whether the request is to be granted completely, denied, or granted subject to a constraint. Capture of the requested content is initiated via capture hardware or software if the request is granted completely or granted subject to the constraint.
In another example, in a method for providing capture functionality according to a security policy, a request to capture content is received from a requesting application at a capture controller. At the capture controller, it is determined if the request is from a trusted source or an untrusted source. If the request is from the trusted source, the request is granted completely. If the request is from the untrusted source, the request is evaluated based on the security policy of the capture controller, where the evaluation is used to make a determination as to whether the request is to be granted completely, denied, or granted subject to a constraint.
In another example, a system for providing capture functionality according to a security policy includes a capture controller. The capture controller is configured to receive a request to capture content from a requesting application and to evaluate the request based on the security policy. Based on the evaluation, the capture controller makes a determination as to whether the request is to be granted completely, denied, or granted subject to a constraint. If the request is granted completely or granted subject to the constraint, the capture controller initiates capture of the requested content via capture hardware or software.
Rather than automatically passing on the request 105 to the video capture block 108, the video capture controller 102 is configured to evaluate the request 105 based on the security policy 104. Based on the evaluation, the video capture controller 102 makes a determination as to whether the request 105 is to be granted completely, denied, or granted subject to constraints. If it is determined that the request is to be granted completely or granted subject to constraints, the video capture controller 102 initiates capture of the requested video content via the video capture block 108, and the requested video content is stored in memory 110 that is accessible to the requesting application CPU 106. The video capture controller 102 may also supply a response 109 to the requesting application CPU 106, where the response indicates whether the request 105 was granted completely, denied, or granted subject to constraints. The response may also be used to inform the requesting application CPU 106 of where the captured video content is stored in the memory 110.
The security policy 104 is used to determine whether the request 105 is to be granted completely, denied, or granted subject to constraints, and also to determine a manner by which the captured content may be constrained. To make these determinations, the security policy 104 includes one or more conditions that are enforced by the video capture controller 102. For example, a condition may cause the video capture controller 102 to make a determination as to whether the request 105 is from a trusted source and to process the request 105 based on that determination. In one example, the request 105 is granted completely if the request 105 is from a trusted source, and if the request 105 is from an untrusted source, the request 105 is evaluated based on other aspects of the security policy 104.
Another example condition of the security policy 104 may cause the video capture controller 102 to evaluate the request 105 based on one or more factors, where the factors may include a digital rights management (DRM) policy of the requested content (e.g., if the content is protected by a certain DRM, such as PlayReady, the video capture may be constrained to sub-SD resolution, whereas if the content is not protected by DRM, then full resolution capture may be allowed), a source of the requested content (e.g., whether the provider of the requested content distributes materials subject to copyright restrictions or not), a source of the request (e.g., whether the request is from a trusted or untrusted source), or a status of the requesting application (e.g., whether the requesting application has been designated as having special privileges regarding video capture). The factors may also be based on audio capture requests related to the requested content (e.g., whether simultaneous audio capture requests have been made by the requesting application or whether the requesting application has requested audio captures for a same period of time in the source video for which video capture requests have been made) or meta-data within the requested content. The factors may further be based on previous video capture requests made by the requesting application, previous video capture requests made by applications other than the requesting application, or repeated fast-forwarding or rewinding of the requested content.
Another example condition of the security policy 104 may cause the video capture controller 102 to evaluate the request 104 based on previous video capture requests received by the video capture controller 102. The evaluation may cause the video capture controller 102 to consider a rate at which the previous video capture requests were made or a number of the previous video capture requests. In an example implementation of this condition, an initial video capture request received by the video capture controller 102 may be granted completely, with the request being fulfilled via a high resolution video capture. As subsequent video capture requests are received by the video capture controller 102, the condition of the security policy 104 may cause the video capture controller 102 to deny the requests or cause the fulfillment of the requests to be delayed in time (i.e., rate controlled) while still being of the same high resolution as the initial video capture. Alternatively, the condition of the security policy 104 may cause the subsequent video capture requests be fulfilled without delay but via a lower resolution video capture. A combination of rate controlled and lower resolution video capture may also be used in processing the subsequent video capture requests.
As noted above, the video capture controller 102 may determine that the request 105 is to be granted subject to constraints. The constraints cause captured video content to be of a lower quality than a source video from which the captured video content was taken. The constraints may, for example, limit a resolution of captured video content, limit a frame rate of the captured video content, limit a size of the captured video content, limit a color fidelity of the captured video content, limit a bit rate of the captured video content, or limit a format of the captured video content.
The example system 100 of
Although the example system 100 of
In another example, the trusted or untrusted designation is made based on whether the request originates from a secure processor. In this example, certain applications can be marked as being “secure,” such that the certain applications are permitted to run on a secure processor. Alternatively, a certain signature of an application or other characteristic of the application may enable the application to be executed on a secure processor. In the above-described examples, the capture controller and capture block may be implemented within a trust zone or on a secure processor.
If the request is determined to be from a trusted source, at 206, the request is granted completely. If the request is granted completely, the request is granted without constraints and according to the terms of the request. For example, if the request is for a high resolution or high data rate capture, the request is granted at the high resolution or the high data rate. Further, if the capture controller determines that the request is from a trusted source, such that the request is to be granted completely, the capture controller may instruct a capture block to grant the request without any consideration as to whether prior requests have been fulfilled. Thus, a trusted source's repeated requests for high resolution captures may be granted without consideration as to whether the repeated requests are for a legitimate or illegitimate use. Requests originating from trusted sources may thus utilize the capture controller as often as desired and at the highest quality desired.
If the request is determined to be from an untrusted source, at 208, the capture controller evaluates the request based on a security policy of the capture controller. Based on the evaluation, the capture controller makes one of three determinations: (1) at 210, the capture controller may determine that the request is to be granted completely; (2) at 212, the capture controller may determine that the request is to be granted with constraints; or (3) at 214, the capture controller may determine that the request is to be denied. As described above with respect to
In the example flowchart 200 of
In the example of
The system of
The system of
If the request is not to be granted fully, at 456, a determination is made as to whether the request should be granted with constraints. If the request is to be granted with constraints, at 458, the video capture controller initiates capture through video capture hardware, subject to the constraints. At 460, the captured content is copied to unsecure memory, where the content can be accessed by the requesting application. If the request is not to be granted with constraints, at 462, the request is denied.
Although the systems of
At 500,
At 508, previous video capture requests may be considered in evaluating the request pursuant to the security policy. In one example illustrating an implementation of this condition, an initial video capture request received by the video capture controller is granted completely, with the request being fulfilled via a high resolution video capture. As subsequent video capture requests are received by the video capture controller, the condition of the security policy may cause the video capture controller to deny the requests or cause the fulfillment of the requests to be delayed in time (i.e., rate controlled) while still being of the same high resolution as the initial video capture. Alternatively, the condition of the security policy may cause the subsequent video capture requests to be fulfilled without delay but via a lower resolution video capture. A combination of rate controlled and lower resolution video capture may also be used in processing the subsequent video capture requests. A threshold value may be associated with the subsequent video capture requests, where the threshold value is a rate of requests or a number of requests. When the subsequent video capture requests reach the threshold value, the requests are denied, delayed in time, or fulfilled at a lower resolution, as described above.
In evaluating the request pursuant to previous video capture requests made to the video capture controller, the video capture controller may maintain a hysteresis curve that is used to track the requests. Using the hysteresis curve, short bursts of video capture of high quality may be allowed with quality quickly degrading when a threshold is passed, where the threshold is a rate of video capture requests or a number of video capture requests. Further, using the hysteresis curve, quality may improve when the rate of video capture requests is reduced.
At 550,
Other constraints may be part of the capture security policy. For example, constraints may limit a color fidelity of captured video content, limit a bit rate of the captured content, or limit a format of the captured content. The capture security policy may include any one of the constraints 550 of
This written description uses examples to disclose the invention, including the best mode, and also to enable a person skilled in the art to make and use the invention. The patentable scope of the invention may include other examples. Additionally, the methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by the device processing subsystem. The software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform the methods and operations described herein. Other implementations may also be used, however, such as firmware or even appropriately designed hardware configured to carry out the methods and systems described herein.
The systems' and methods' data (e.g., associations, mappings, data input, data output, intermediate data results, final data results, etc.) may be stored and implemented in one or more different types of computer-implemented data stores, such as different types of storage devices and programming constructs (e.g., RAM, ROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, etc.). It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
The computer components, software modules, functions, data stores and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code. The software components and/or functionality may be located on a single computer or distributed across multiple computers depending upon the situation at hand.
It should be understood that as used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise. Further, as used in the description herein and throughout the claims that follow, the meaning of “each” does not require “each and every” unless the context clearly dictates otherwise. Finally, as used in the description herein and throughout the claims that follow, the meanings of “and” and “or” include both the conjunctive and disjunctive and may be used interchangeably unless the context expressly dictates otherwise; the phrase “exclusive of” may be used to indicate situations where only the disjunctive meaning may apply.
This disclosure claims priority to U.S. Provisional Patent Application No. 61/608,336, filed on Mar. 8, 2012, and to U.S. Provisional Patent Application No. 61/702,490, filed on Sep. 18, 2012, both of which are incorporated herein by reference in their entireties.
Number | Name | Date | Kind |
---|---|---|---|
7071995 | Horlander | Jul 2006 | B1 |
8205239 | Satish | Jun 2012 | B1 |
20010038744 | Yamada et al. | Nov 2001 | A1 |
20020046328 | Okada | Apr 2002 | A1 |
20020052849 | McCutchen et al. | May 2002 | A1 |
20030140090 | Rezvani et al. | Jul 2003 | A1 |
20040010719 | Daenen | Jan 2004 | A1 |
20040015586 | Hegli et al. | Jan 2004 | A1 |
20040193606 | Arai et al. | Sep 2004 | A1 |
20050125807 | Brady et al. | Jun 2005 | A1 |
20060037083 | Kortum et al. | Feb 2006 | A1 |
20060149727 | Viitaharju | Jul 2006 | A1 |
20070056019 | Allen et al. | Mar 2007 | A1 |
20070073673 | McVeigh et al. | Mar 2007 | A1 |
20070073694 | Picault et al. | Mar 2007 | A1 |
20070253676 | Roh | Nov 2007 | A1 |
20080059645 | Gregotski et al. | Mar 2008 | A1 |
20080143875 | Scott et al. | Jun 2008 | A1 |
20110004899 | Medford | Jan 2011 | A1 |
20110019971 | Yamane | Jan 2011 | A1 |
20110102670 | Tanji et al. | May 2011 | A1 |
20110157470 | Tsuruga et al. | Jun 2011 | A1 |
20110211087 | Mate et al. | Sep 2011 | A1 |
20120109997 | Sparks et al. | May 2012 | A1 |
20120167167 | Kruger et al. | Jun 2012 | A1 |
20120289147 | Raleigh et al. | Nov 2012 | A1 |
20120291087 | Agrawal | Nov 2012 | A1 |
20130081101 | Baer et al. | Mar 2013 | A1 |
Number | Date | Country |
---|---|---|
102009026137 | Jan 2011 | DE |
1130915 | Sep 2001 | EP |
1335599 | Aug 2003 | EP |
1901293 | Mar 2008 | EP |
Entry |
---|
International Search Report and Written Opinion dated Aug. 21, 2013 from related/corresponding PCT International Patent Appl. No. PCT/US13/26078 (PCT/IB13/000667) filed Feb. 14, 2013 (9 pages). |
Number | Date | Country | |
---|---|---|---|
20130291054 A1 | Oct 2013 | US |
Number | Date | Country | |
---|---|---|---|
61702490 | Sep 2012 | US | |
61608336 | Mar 2012 | US |