The present invention claims priority of Korean Patent Application No. 10-2010-0132078, filed on Dec. 22, 2010, which is incorporated herein by reference.
The present invention relates generally to Digital Rights Management (DRM) technology for multimedia data and, more particularly, to a system and method for providing layered access control for scalable media that is encoded using a Scalable Video Coding (SVC).
As is well known to those skilled in the art, scalable media is media that has been encoded using a Scalable Video Coding (SVC). The scalable media are characterized by a hierarchical coding in which all codecs are configured for individual layers, only the required layers are extracted to enable a media service corresponding to the desired level to be provided. The layers of SVC are composed of a single base layer, and one or more enhancement layers that can be continuously stacked on the base layer. Each enhancement layer can represent the maximum bit rate, frame rate and spatial resolution that are given to the enhancement layer on the basis of information about a lower layer. In SVC, as a larger number of enhancement layers are continuously layered, various bit rates, frame rates and resolutions can be supported.
In the present specification, a base layer is represented by a layer 1, and enhancement layers are represented by layers 2, 3, 4, etc. for the sake of description. Taking the resolution as an example, a layer 1 configures a low-resolution codec, a combination of layers 1 and 2 configure a medium-resolution codec, and a combination of layers 1, 2, and 3 configure a high-resolution codec.
An SVC encoder 101 generates scalable media of bit streams. In
An extractor 102 that received the scalable media functions to extract only a required bit stream suitable for the characteristics of a target device and transmit the bit stream to the target device. In
All of layers 1, 2 and 3 are transmitted to the high-resolution HDTV 103, layers 1 and 2 are transmitted to the medium-resolution PC 104, and layer 3 is truncated. Only layer 1 is transmitted to the low-resolution PDA 105 and layers 2 and 3 are truncated.
Such a scalable media-based service is advantageous in that it supports One Source Multi Use (OSMU) enabling the service to be provided to user's devices under different conditions such as different network bandwidths, device performances, and displays using only a video which has been encoded once.
Meanwhile, DRM, which is a technology for managing the copyrights of digital works, not only allows just a user having a right to use the digital works to have access thereto, but also enables usage methods, the number of uses, a usage period, etc. to be limited depending on permission information, condition information, etc.
The structures of DRM and the names of respective objects slightly differ amongst themselves depending on various DRM standards and commercial products, but the basic structures and operating methods thereof are almost identical to one another. From a conceptual standpoint, an introduction to DRM is as follows.
A content issuer 201 functions to encrypt and distribute contents, and is configured to create a protected content 204 and distribute the protected content 204 to a first user terminal 207 on which a first DRM agent 203 is mounted.
The first user terminal 207 may transfer the protected content 204 to a second user terminal 208 on which a second DRM agent 206 is mounted.
A rights issuer 202 functions to generate a right object 205 including permission information, condition information, and a content decryption key, which are related to the protected content, and sell the right object 205 to the users of the first and second terminal 207 and 208.
Sensitive information within the right object 205 is encrypted.
The first and second DRM agents 203 and 206 are client modules which accesses the rights issuer 202 to acquire the right object 205 so as to use the protected content 204. The first and second DRM agents 203 and 206 use the protected content in conformity with given conditions on the basis of the right object 205. Generally, the acquisition of the right object 205 is performed by a procedure of purchasing the protected content. In this connection, since a method of performing authentication between the DRM agents 203 and 206 (or the user terminals 207 and 208) and the rights issuer 202 does not directly pertain to the present invention, a detailed description thereof is omitted.
The protected content 204 may be copied or moved between user terminals, but a user terminal that received the protected content 204 can use the content only when purchasing the right object 205.
Identifier 301 includes the identification (ID) of the content.
Metadata 302 includes an encryption scheme, the Uniform Resource Locator (URL) of a rights issuer, information about a content provider, etc.
Encrypted content 303 denotes encrypted data.
Digital signature 304 denotes a signature made using the private key of a content provider, and is used to verify the content provider and integrity.
A key 401 presents a key used for the encryption of content, and generally includes the following keys although there may be a difference between DRM products.
Master key: a master key may be configured using different schemes in accordance with the application of DRM, and is used to encrypt a Right Encryption Key (REK).
Right encryption key: this key is used to encrypt Content Encryption Key (CEK).
Content encryption key: this key is used to encrypt contents.
ID 402 includes the ID of a rights issuer, the ID of the contents, etc.
Permission 403 is information required to limit the methods of using content, and contains permission information such as information about playing, viewing, printing, copying, moving, editing, extracting, and embedding contents.
Condition 404 is information used to define the conditions of the use of contents, and includes a usage period of content, a content usage count of content (the number of uses of the content), a trace of content (the monitoring of usage details of a content user), a domain of content (the limitation of the use of content to a specific user, a specific group or a specific region), etc.
However, the conventional DRM service is problematic in that layered access control for scalable media cannot be supported.
In view of the above, the present invention provides a system and method for providing layered access control for scalable media.
In accordance with a first aspect of the present invention, there is provided an encryption method for providing layered access control for scalable media for use in a service provider that encrypts the scalable media, the encryption method including:
encrypting the scalable media using different encryption keys for respective layers of the scalable media to create a protected content;
providing the protected content to a first user terminal;
selectively inserting part or all of the encryption keys into a key area of a right object based on the grade of the first user terminal to generate a first right object; and
providing the first right object to the first user terminal.
In accordance with a second aspect of the present invention, there is provided a decryption method for providing layered access control for scalable media for use in user terminals that decrypt the scalable media, the decryption method including:
receiving, at a first user terminal, a protected content which is created by encrypting a scalable media using different encryption keys for respective layers of the scalable media;
receiving, at the first user terminal, a first right object which is generated by selectively inserting part or all of the encryption keys of the protected content into a key area of a right object based on the grade of the first user terminal; and
decrypting, at the first user terminal, some layers of the protected content using encryption keys included in a key area of the first right object.
In accordance with a third aspect of the present invention, there is provided an encryption method for providing layered access control for scalable media for use in a service provider that encrypts the scalable media, the encryption method including:
encrypting the scalable media using an identical encryption key without a distinction between layers of the scalable media to create a protected content;
providing the protected content to a first user terminal;
inserting information about some of accessible layers of the layers of the scalable media into a layer field of a condition area of the right object based on the grade of the first user terminal to generate a first right object; and
providing the first right object to the first user terminal.
In accordance with a fourth aspect of the present invention, there is provided a decryption method for providing layered access control for scalable media for use in user terminals that decrypt the scalable media, the decryption method comprising:
receiving, at the first user terminal, a protected content which is created by encrypting the scalable media using an identical key without a distinction between layers of the scalable media;
receiving, at the first user terminal, a first right object which is generated by inserting information about some of accessible layers of the layers of scalable media into a layer field of a condition area of a right object based on the grade of the first user terminal;
acquiring, at the first user terminal, an encryption key included in a key area of the first right object to check the information about some of the accessible layers stored in the layer field of the condition area; and
decrypting, at the first user terminal, some layers of the protected content while filtering out remaining layers depending on the information about some of the accessible layers.
The above and other objects and features of the present invention will become apparent from the following description of preferred embodiments given in conjunction with the accompanying drawings, in which:
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that they can be readily implemented by those skilled in the art.
Before explaining the embodiments of the present invention, may be considered that a content issuer, a rights issuer, and a Digital Rights Management (DRM) agent described in the overall specification of the present invention denote server devices, user terminals, or application programs, which provide relevant functions or services. Further, a content issuer and a rights issuer may be commonly designated as a service provider, which can also denote a server device, a terminal device or an application program that provides a content provision service.
The embodiment of
First, a content issuer 501 encrypts, e.g., a video of scalable media using different keys for respective layers of the scalable media to create a protected content 504. Further, the content issuer 501 registers a set of keys, Content Encryption Keys (CEKs), used to encrypt the content in a rights issuer 502. In
The content issuer 501 transfers the protected content 504 to a first DRM agent 503 mounted on a first user terminal 513.
In order to use the content, the first DRM agent 503 accesses the rights issuer 502 and then acquires a first right object 505. For example, the first DRM agent 503 may be issued with the right object 505 after paying for content.
The rights issuer 502 generates the first right object 505 by inserting a content encryption key into the key area of the first right object in accordance with the grade of the user, and transfers the first right object 505 to the first DRM agent 503. For example, the grade of the user may be determined based on, e.g., an amount of fees paid by the user.
The first DRM agent 503 that received the first right object 505 acquires the content encryption keys CEK1 and CEK2 included in the key area, and decrypts up to layers 1 and 2 of the encrypted content for the protected content 504 based on the content encryption keys CEK1 and CEK2. Thereafter, the DRM agent 503 combines the decrypted layers 1 and 2 with each other, decodes the combined results, and transfers the decoded results to the first user terminal 513 having a content player.
Meanwhile, the protected content 504 may be copied or moved from the first user terminal 513 on which the first DRM agent 503 is mounted to another user terminal.
With reference to
In order to move the protected content 504, the second DRM agent 507 in the second user terminal 517 accesses the rights issuer 502 and then acquires a second right object 506.
The rights issuer 502 generates the second right object 506 by inserting a content encryption key into the key area of the right object in accordance with the grade determined based on, for example, an amount of fees paid by a user of the second terminal 517, and transfers the second right object 506 to the second DRM agent 507. In
For example, if it is assumed that the layers 1 and 2 are videos encoded to enable SD-level playing and the layers 1 to 3 are videos encoded to enable HD-level playing, the first DRM agent 503 and the second DRM agent 507 that received the same protected content can play SD-level videos and HD-level videos, respectively, depending on the grades of the users who own the first and the second terminals 513 and 517.
Meanwhile, in order for the first DRM agent 503 to view an upper level of high-quality videos combined up to layer 3, the first DRM agent 503 may request an additional right to layer 3 from the rights issuer 502. This embodiment is separately shown in
Referring to
The rights issuer 502 checks the grade of a user who owns the terminal 513 so as to provide an additional right to the layer 3. After that, the rights issuer 502 inserts an additional content encryption key CEK3 for the requested layer into the key area of the first right object 505 to generate a second right object 515, and transfers the right object 515 to the DRM agent 503. For example, the grade of the user may be determined based on an amount of fees paid by the user.
The DRM agent 503 that received the right object 515 acquires the content encryption key CEK3 included in the key area of the second right object 515, decrypts up to the layers 1 to 3 of the encrypted content for the protected content 504 using the CEK3, and CEK1 and CEK2 which have been previously acquired from the first right object 505. Thereafter, the DRM agent 503 combines the decrypted results, decodes the combined results, and transfers the decoded results to the user terminal 513.
The embodiment of
First, a content issuer 601 encrypts the video of scalable media using the same key without a distinction between layers of the video to generate a protected content 604. Further, the content issuer 601 registers the key used for encryption of the content in a rights issuer 602. The key used for encryption is indicated by “CEK” in
In order to use the content, the first DRM agent 603 accesses the rights issuer 602 and then acquires a first right object 605. For example, the first DRM agent 603 may be issued with the right object 605 after paying for the content.
The rights issuer 602 inserts information about an uppermost accessible layer(s) to which the DRM agent is uppermost accessible into the layer field of condition area of a right object in accordance with the grade of the user terminal (customer) to complete a first right object 605, and provides the first right object 605 to the first DRM agent 603. For example, the grade of the user may be determined based on fees paid by the user who owns the first terminal 613. In the embodiment of
The first DRM agent 603 that received the first right object 605 acquires the content encryption key CEK included in the key area, and then checks the information stored in the layer field of the condition area. In the embodiment of
The first DRM agent 603 then transfers the filtered and decrypted content to a player such as the content player of the user terminal 613, and can play the video decoded using only the layer 1 in the embodiment of
Meanwhile, the protected content 604 may be copied or moved from the first user terminal 613 on which the first DRM agent 603 is mounted to another user terminal.
With reference to
In order to move the protected content 504, the first DRM agent 603 transfers the protected content 604, which it received, to the second DRM agent 607 mounted on another user terminal 617.
The second DRM agent 607 accesses the rights issuer 602 and then acquires a right object.
The rights issuer 602 inserts information about an accessible uppermost layer(s) into the layer field of the condition area of a right object in accordance with the grade of the user to complete a second right object 606, and transfers the second right object 606 to the second DRM agent 607. For example, the grade of the user may be determined based on fees paid by the user. In the embodiment of
The second DRM agent 607 that received the second right object 606 acquires a content encryption key CEK included in the key area of the received right object, and then checks information stored in the layer field of the condition area. In the embodiment of
The second DRM agent 607 then transfers the filtered and decrypted content to a player such as a content player. In the embodiment of
Meanwhile, in order for the first DRM agent 603 to view upper level of high-quality videos combined up to layer 2, the first DRM agent 603 may request an additional right to layer 2 from the rights issuer 602. This embodiment is separately shown in
Referring to
The rights issuer 602 checks the grade of a user who owns the terminal 613 so as to provide an additional right to layer 2. After that, the right issuers 602 inserts information about an accessible uppermost layer(s) into the layer field of the condition area of the right object 605 to complete a second right object 606. For example, the grade of the user may be determined based on fees paid by the user. In the embodiment of
The rights issuer 602 then transfers the second right object 606 to the DRM agent 603.
The DRM agent 603 that received the second right object 606 acquires a content encryption key CEK included in the key area, and then checks the information stored in the layer field of the condition area. In the embodiment of
The DRM agent 603 then transfers the filtered and decrypted content to a player such as the content player. In the embodiment of
As described above, since layered access control can be performed depending on right objects acquired by respective users even if protected scalable media content is equally distributed in accordance with an embodiment of the present invention, the OSMU of DRM can be supported. For example, the same encrypted content is distributed to various users, and video quality can be controlled in such a way that SD level or HD level videos can be viewed depending on right objects acquired by the respective users. Further, it is possible to view HD-level videos by paying an additional fee and acquiring an additional right object while viewing SD-level videos. Furthermore, the present invention can provide the same content to customers depending on the grades of the customers and can also provide different services to those customers.
While the invention has been shown and described with respect to the preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.
Number | Date | Country | Kind |
---|---|---|---|
10-2010-0132078 | Dec 2010 | KR | national |