Generally the present disclosure relates to protecting video data, and more particularly the present disclosure relates to protecting video data using encryption keys.
Data protection methods such as encryption and scrambling methods are commonly implemented in devices and systems to protect data from illicit access and/or tampering. For example, many providers of motion pictures experts group (MPEG) encoded multimedia content, also referred to as video content or data herein, use encryption and scrambling to prevent unauthorized accessing of the MPEG content before it is decoded. One type of data protection known in the communication industry includes the use of encryption keys to protect data, such as video data, from unauthorized access. For example, in the video industry, systems that need to transmit video content over publicly accessible medium are generally required by the video content owners to protect the video content through the use of one or more protection methods. One such method uses scrambling to protect video content by using control words that in turn are used to generate encryption keys that are used by a client device to regenerate the control words, thereby allowing subsequent descrambling of the video content. Such a protection requires considerable computing bandwidth and/or the management system required to generate the encryption keys, and/or the control words used to generate the encryption keys, as well as to perform the scrambling of the video.
Therefore, a method and or system that reduces the computing bandwidth to perform some or all of these functions would be beneficial.
Various advantages, features and characteristics of the present disclosure, as well as methods, operation and functions of related elements of structure, and the combination of parts and economies of manufacture, will become apparent upon consideration of the following description and claims with reference to the accompanying drawings, all of which form a part of this specification.
In accordance with the present disclosure, a system is described that receives an encryption key to unprotect key protected video data. The video data is then modified in some manner and re-scrambled based on the received encryption key data. The modified video data is then retransmitted to a client along with the original encryption key. The client receiving the original encryption keys can de-scramble the newly generated video by using the retransmitted key, which is the same as the original key. Processing time and bandwidth associated with determining the keys is eliminated by re-transmitting the original encryption keys to the clients for reuse. This is an advantage over known methods in that the saved bandwidth is available for other tasks, or alternatively, a processing device requiring less bandwidth can be used and allows the original service provider to extend entitlement control to the client even after the video has been altered. Specific embodiments of implementing the present invention are discussed with reference herein to
In the following discussion, the terms “protection”, “encryption” and “scrambling”, and their counterparts, i.e. “decryption” and “descrambling”, are used to describe operations to render data unintelligible to an unauthorized entity. The term “protection”, and its variations, is used broadly herein to reference any method used to render data unintelligible. The term “scrambling” generally refers to using relatively efficient algorithms that use orthogonal functions such as data shifts and/or XOR operations on large amounts of data. For example, data encryption standard (DES) scrambling is often used on video data. On the other hand, the term “encryption” generally refers to using relatively computationally intensive algorithms that use keys to render relatively small amounts of data unintelligible. One example of an encryption algorithm is the Rivest-Shamir-Adleman (RSA) algorithm. The techniques disclosed herein are applicable to various types of data, however, the specific embodiment described herein will be discussed primarily with reference to video data (video content).
The encryption key in
Referring back to the method of
Processing time and/or hardware costs for the gateway are reduced by reusing the receive encryption key information. By reusing some or all of the received EMMs and ECMs, which include the encryption keys and an authorization to use them, additional services can be provided by the gateway 30 with the saved bandwidth, or reduced performance hardware can be used to implement the gateway 30. There is also the added benefit of allowing service providers to extend their entitlement control and management down to the client device.
In one embodiment the functionality of gateway of
The gateway embodiment illustrated in
Information receiver 102 is coupled to storage location 114 to provide encryption key information, and to the key protection removal portion 104 to provide key protected video data. The storage location 114 is coupled to the key manager 116 and to the information provider 110. The key manager 116 is coupled to a decryptor interface connector 117 to provide encryption key information to a decryptor 118, which is coupled to the decryptor interface connector 117. The decryptor interface connector 117 is further coupled to the key protection removal portion 104 and to data protector 108 to provide control word information based upon the encryption key information. The key protection removal portion 104 is coupled to the video stream modifier 106 to provide the unprotected video data (SERVICE). The video stream modifier 106 is coupled to the data protector 108 to provide a modified unprotected video data (P(SERVICE)). The data protector 108 is coupled to the information provider 110 to provide a key protected modified service. The information provider 110 provides the key protected modified service and encryption key information to one or more clients over a connection 35. Operation of the gateway 30 illustrated in
The information receiver 102 provides the key protected video data to the key protection removal portion 104, and the encryption key information to the storage portion 114. It will be appreciated that the information receiver 102 can provide the key protected video data to the key protection removal portion 104 directly in streaming manner, or it can store the key protected video data in a memory location to support a subsequent access that will provide the key protection portion 104 as needed. Likewise, the information receiver 102 the can store the encryption key information directly into the storage location 114, or buffer the encryption key information for subsequent access.
The encryption key information storage location 114, which in one embodiment includes storage of ECM and EMM information, is coupled to the key manager 114 and to the information provider 110. Storing the EMM/ECM information allows for the their subsequent use as part of the data stream provided over connection 35 to clients 41 through 43 as illustrated in
Once the key protected video data is received at step 211, the flow of the method of
Referring to step 221 of
At step 222, the control information is applied to perform a desired protect or unprotect function. With respect to step 212 of
At step 213 (
At step 214 (
At step 215, the key protected modified video data and the original encryption key are provided to clients. Alternatively, at step 216, both the key protected modified video data and the received key protected video data are provided to clients. With reference to
For example, assuming the gateway 30 supports real time operation, with respect to processing the P(SERVICE) to obtain P(M(SERVICE)), the gateway 30 can provide newly received ECM information directly to the clients 41–43. This can be accomplished by transmitting the received ECM packet, without modification, to the clients 41–43 as soon as transport stream bandwidth is available. Even though the new encryption key has been sent, as part of the ECM packet, it will not be used by the clients to unprotect data until the gateway 30 transmits a transport stream that includes a scramble control flag that indicates to the clients 41–43 that the new encryption key is to be used. The switched scramble control flag is sent over the transport stream immediately prior to key protected modified video data that was protected using the new key is sent.
It is possible to reuse the received ECM and EMM packets, thereby eliminating the amount of overhead needed by the gateway 30 to generate and maintain encryption key information. Generally, the EMM and ECMs will be presented to clients in the same order in which they are received. However, it is possible to mix the order, as long as the key manager 116 and information provider 110 operate to assure the encryption key information used to protect data is available at the client before the protected data using that encryption key is sent. Also, it is possible for other information associated with received EMMs and ECMs to be modified before providing them to the clients, however it is generally advantageous to reuse the receive EMMs and ECMs without change. However, where a common protocol is being maintained, it will generally be advantageous to maintain the original EMM and ECM packet information.
In another embodiment of the present invention, a different data stream protocol can be used at the input of gateway 30 than at the output of gateway 30. In order to support such protocol conversion the various components, such as the key manager 116 and information provider 110, will need to operate in a coordinated manner that supports the conversion. For example, the encryption key portion of the ECM information may need to be extracted and transported to a client using a different protocol.
The preceding detailed description of the figures, reference has been made to the accompanying drawings which form a part thereof, and to which show by way of illustration specific embodiments in which the invention may be practiced. It will be appreciated that many other varied embodiments that incorporate the teachings herein may be easily constructed by those skilled in the art. For example, when a specific component is said to provide data to another component it will be understood that the function of providing the data need not be actively initiated by the device described as providing the data, but may instead be initiated by another component which retrieves, or otherwise accesses the data, to accomplish the data access. Accordingly, the present disclosure is not intended to be limited to the specific form set forth herein, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents, as can be reasonably included within the spirit and scope of the invention. The preceding detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present disclosure is defined only by the appended claims.
Number | Name | Date | Kind |
---|---|---|---|
4866395 | Hosteller | Sep 1989 | A |
5027203 | Samad et al. | Jun 1991 | A |
5093847 | Cheng | Mar 1992 | A |
5115812 | Sano et al. | May 1992 | A |
5253056 | Puri | Oct 1993 | A |
5475434 | Kim | Dec 1995 | A |
5563950 | Easter et al. | Oct 1996 | A |
5602589 | Vishwanath et al. | Feb 1997 | A |
5635985 | Boyce et al. | Jun 1997 | A |
5644361 | Ran et al. | Jul 1997 | A |
5652749 | Davenport et al. | Jul 1997 | A |
5732391 | Fiocca | Mar 1998 | A |
5737020 | Hall et al. | Apr 1998 | A |
5740028 | Sugiyama et al. | Apr 1998 | A |
5844545 | Suzuki et al. | Dec 1998 | A |
5850443 | Van Oorschot et al. | Dec 1998 | A |
5937067 | Thatcher et al. | Aug 1999 | A |
5940130 | Nilsson et al. | Aug 1999 | A |
5996029 | Sugiyama et al. | Nov 1999 | A |
6005623 | Takahashi et al. | Dec 1999 | A |
6005624 | Vainsencher | Dec 1999 | A |
6014694 | Aharoni et al. | Jan 2000 | A |
6040863 | Kato | Mar 2000 | A |
6081295 | Adolph et al. | Jun 2000 | A |
6141693 | Perlman et al. | Oct 2000 | A |
6144402 | Norsworthy et al. | Nov 2000 | A |
6167084 | Wang et al. | Dec 2000 | A |
6182203 | Simar, Jr. et al. | Jan 2001 | B1 |
6195368 | Gratacap | Feb 2001 | B1 |
6215821 | Chen | Apr 2001 | B1 |
6219358 | Pinder et al. | Apr 2001 | B1 |
6222886 | Yogeshwar | Apr 2001 | B1 |
6236683 | Mougeat et al. | May 2001 | B1 |
6259741 | Chen et al. | Jul 2001 | B1 |
6263022 | Chen et al. | Jul 2001 | B1 |
6300973 | Feder et al. | Oct 2001 | B1 |
6307939 | Vigarie | Oct 2001 | B1 |
6314138 | Lemaguet | Nov 2001 | B1 |
6323904 | Knee | Nov 2001 | B1 |
6366614 | Pian et al. | Apr 2002 | B1 |
6385248 | Pearlstein et al. | May 2002 | B1 |
6438168 | Arye | Aug 2002 | B1 |
6480541 | Girod et al. | Nov 2002 | B1 |
6526099 | Chistopoulos et al. | Feb 2003 | B1 |
6549561 | Crawford | Apr 2003 | B1 |
6584509 | Putzolu | Jun 2003 | B1 |
6714202 | Dorrell | Mar 2004 | B1 |
6724726 | Coudreuse | Apr 2004 | B1 |
6748020 | Eifrig et al. | Jun 2004 | B1 |
6771657 | Elstermann | Aug 2004 | B1 |
20010026591 | Keren et al. | Oct 2001 | A1 |
20020106022 | Takahashi et al. | Aug 2002 | A1 |
20020110193 | Kyoon et al. | Aug 2002 | A1 |
20020138259 | Kawahara | Sep 2002 | A1 |
20020145931 | Pitts | Oct 2002 | A1 |
20020163911 | Wee et al. | Nov 2002 | A1 |
20020196851 | Arnaud | Dec 2002 | A1 |
20030093661 | Loh et al. | May 2003 | A1 |
20030152148 | Laksono | Aug 2003 | A1 |
Number | Date | Country |
---|---|---|
0661826 | Jul 1995 | EP |
0739138 | Oct 1996 | EP |
0805599 | Nov 1997 | EP |
0855805 | Jul 1998 | EP |
0896300 | Feb 1999 | EP |
0901285 | Feb 1999 | EP |
0955607 | Nov 1999 | EP |
1032214 | Aug 2000 | EP |
07-210670 | Aug 1995 | JP |
WO 0195633 | Dec 2001 | WO |
WO 02080518 | Oct 2002 | WO |
Number | Date | Country | |
---|---|---|---|
20030206636 A1 | Nov 2003 | US |