Patent Grant
8627482
The present invention generally relates to content distribution and, more particularly, to a method, apparatus and system for securely communicating content such as audiovisual content.
Content such as audiovisual content, securely stored within a content device, such as a Set-top Box (STB), is often transferred over an unsecured channel (e.g., a home network), to a software player running on, for example, a personal computer (PC). The STB uses a sophisticated conditional access (CA) mechanism to prevent the unauthorized use of the content, however, pirating can easily take place along the unsecured channel.
As such, what is needed is a method, apparatus and system for the secure distribution of audiovisual content.
Embodiments of the present invention address these and other deficiencies of the prior art by providing a method, apparatus and system for the secure distribution of content, such as audiovisual content.
In one embodiment of the present invention, a method for the secure distribution of content includes encrypting the content using a first key, encrypting the first key using a second key, and distributing the encrypted content and the encrypted first key. In such an embodiment of the present invention, the distributed content is decrypted by decrypting the first key using a locally stored copy of the second key and decrypting the content using the decrypted first key. The method can further include the inclusion of identification information intended to identify the original intended user of misappropriated content. That is, the method can further include marking the decrypted content for identification purposes, and re-encrypting the marked content. In addition, the method can further include encrypting the content using a third key, the third key being acquired via a secure channel and communicating the content encrypted using the third key to a source of the third key, wherein the content encrypted using the third key is decrypted using a local copy of the third key.
In an alternate embodiment of the present invention, an apparatus for the secure distribution of content includes a secure processing module for encrypting and decrypting the content and a smart card for locally storing and decrypting encryption keys. In the apparatus, upon receiving content encrypted with a first key and upon receiving the first key encrypted with a second key, the smart card of the apparatus decrypts the first key using a locally stored copy of the second key, and the secure processing module decrypts the received encrypted content using the decrypted first key. The apparatus of the present invention can further include a marking module for marking the decrypted content.
In an alternate embodiment of the present invention, a system for the secure distribution of content includes a content source for distributing content, an electronic counter-measure device for encrypting the distributed content using a first key and for encrypting the first key using a second key, an apparatus for receiving the content encrypted with a first key and the first key encrypted with a second key and a storage device for storing the received encrypted content and the first key. The apparatus of the system can include a secure processing module for encrypting and decrypting content and a smart card for locally storing and decrypting encryption keys. In the system of the present invention, upon receiving content encrypted with the first key and upon receiving the first key encrypted with the second key, the smart card of the apparatus decrypts the first key using a locally stored copy of the second key, and the secure processing decrypts the received encrypted content using the decrypted first key. The apparatus of the system of the present invention can further include a marking module for marking the decrypted content. In addition, the system of the present invention can further include a content player for communicating a third key to the apparatus via a secure channel, wherein the apparatus encrypts the decrypted content using the third key and communicates the content encrypted using the third key to the content player and the content player decrypts the content encrypted via the third key using a locally stored copy of the third key.
The teachings of the present invention can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
It should be understood that the drawings are for purposes of illustrating the concepts of the invention and are not necessarily the only possible configuration for illustrating the invention. To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
The present invention advantageously provides a method, apparatus and system for securely communicating content such as audiovisual content in, for example, a home network environment. Although the present invention will be described primarily within the context of audiovisual content in a home network environment including a software player, the specific embodiments of the present invention should not be treated as limiting the scope of the invention. It will be appreciated by those skilled in the art and informed by the teachings of the present invention that the concepts of the present invention can be advantageously applied in substantially any network for the secure transfer of any content (e.g., video, audio, audiovisual, etc.) to be played on substantially any content player.
In the system 100 of
As previously described, the ECM message is stored along with the encrypted audiovisual content in for example the content and key storage device 130. Upon playback of the audiovisual content, the ECM is recalled from storage 150 and the encrypted work key is communicated to the smart card 140. The smart card 140 uses a local copy of ksc to decrypt and return kw to the secure processing module 150 of the STB 120. As such, the STB 120 obtains the necessary key to decrypt the stored audiovisual content. Such decryption can be accomplished in the secure processing module 150. Although in the embodiment of the system of
More specifically, in one embodiment of the present invention, stored audiovisual content is communicated directly from STB storage to the PC 210. As such, the key, kw, needs to be communicated to the PC 210 along with the audiovisual content. In the system of
To maintain the security of kw, a link encryption is implemented. More specifically, the PC 210 and the STB 120 use a public key cipher to establish a secure communications channel, (e.g., a TLS). Public key ciphers, however, are computationally expensive and thus are not often used for large data payloads. Instead, this TLS channel is used to establish and exchange a session key, ks, for a symmetric key cipher. The STB will then decrypt the audiovisual content using the work key, kw, and then immediately encrypt it using the session key, ks. This re-encrypted audiovisual content can then be securely communicated through an unsecured channel, for example a home network, to the PC 210 and decrypted there for display.
For example,
In order to use a public key cipher, the STB 120 and the software running on the PC 210 must each have a public/private key pair. In one embodiment of the present invention, the private key of the STB 120, kstbpv, is embedded in the secure processing module 150 during manufacture and the public key, ksbpu, is stored in a secure database for subsequent distribution. The software player 210 can comprise a proprietary player distributed by a STB owner/operator to its customers upon request. Each copy of the software player 210 will contain a unique private/public key pair, (kpcpv,kpcpu). A customer request for audiovisual content will include the unique identification of an STB from which the connection is requested. The public key of that STB will be embedded into a respective software player ensuring that the software player can only work with that STB. This also gives an STB operator a record of which STBs have been enabled to communicate with which PCs.
As such and in accordance with the present invention, the STB 120 has a private key and the software player 210 will have the corresponding public key as well as its own private/public key pair. The software player 210 initiates a connection with the STB 120 over an unsecured channel, for example a home network, and can communicate to the STB 120 information regarding its public key. In such a manner, the STB 120 and the software player 210 are able to establish a secure channel through which they can establish and exchange a symmetric cipher session key as described above with reference to
Many protocols for establishing a secure channel require that all communication devices have signed digital certificates from a trusted source. Given the proprietary nature of the proposed architecture, these certificates can be generated by, for example, the STB operator (the trusted source) and provided to both the STB 120 and the software player 210. This ensures that the STB 120 will only establish a secure link with an STB-operator authorized software player. The concepts of the present invention as described above will assist in protecting distributed audiovisual content from being pirated. In various embodiments of the present invention, advanced software security techniques are implemented to protect the software private key and derived session key from being discovered. Unfortunately however, knowledgeable pirates most likely will be successful in discovering these keys. Once discovered, the session key can be used to decrypt the audiovisual content. However, in accordance with an embodiment of the present invention, different audiovisual content will be encrypted with a different session key. As such, while a discovered key is valuable for decrypting corresponding protected audiovisual content on a corresponding STB, the discovered key will not be valuable to anyone else having a different STB nor would it be useful for decrypting other distributed audiovisual content. To do so, another session key would need to be discovered.
Even further, a software private key can be discovered and used to observe a TLS session, thus learning each session key as the session is established. For example, there can be two groups of individuals who might pursue such unauthorized copying: customers who which to make copies for themselves and their friends and professional thieves. One difference between these two groups is that the misbehaving customers obtain primary value from the content delivery service and only secondary value from the copying. Professional thieves take advantage of the content delivery service for the purpose of generating pirate content.
Digital watermarking is a technique for modifying digital imagery in order to attach certain identifiable metadata to audiovisual content. The metadata is recoverable from a copy of the watermarked content, even if that content has been re-compressed or has been converted to analog format. The digital watermark in content is also intended to survive the decryption, decoding, and digital-to-analog conversion of content that can be performed in a single secure silicon chip so that the only capturable, clear text content is analog. Such a process is commonly referred to as the “Analog Hole”.
In various embodiments of the present invention, watermarking can be optionally applied to audiovisual content secured in accordance with the present invention. For example, in a first approach, received audiovisual content is not directly stored in a Set-top Box (STB). Instead, the content is decrypted, watermarked, and re-encrypted prior to storage. The watermark contains information that uniquely identifies the STB and the associated smart card and includes a timestamp indicating a receiving and recording time.
In the system 400 of
As such, in an alternate embodiment of the present invention, the content is not watermarked during storage, but instead, watermarked as they are transferred to the software player. For example,
In one embodiment of the present invention, the watermark is added directly into an MPEG-2 bitstream. The marking process can be real-time for the first watermarking embodiment described with respect to
Both above described watermarking approaches embed customer identifying information into content that are intended to be viewed and not distributed. If a user obtains piracy software that discovers software player keys and if that user uses that piracy software to make unauthorized copies of works stored on the STB, those copies will contain watermarks with identifying information to identify the location of origin of the pirated content. If any of those copies are distributed (i.e., on a P2P network or on a web site for example), each and every unauthorized copy will contain the necessary forensic information (e.g., watermark and identification information) to identify the original intended recipient of that content. After such discovery, an STB operator can take any remedial action deemed appropriate including but not limited to sending a warning letter, to cancellation of service, to the pursuit of legal remedies and the like.
In accordance with various embodiments of the present invention, an STB includes a private/public key pair. The private key is embedded in the STB and the public key is stored in a secure database by the STB operator. The STB can also include a digital certificate supplied by the STB operator. Subsequently, a customer can contact the STB operator and requests a software player for viewing desired content. The request is accompanied by an STB identifier (this request could be facilitated through the STB). The STB operator recovers the STB public key from the database, creates a digital certificate for the software player, and communicates such information to the customer. Additionally, and as described above, the software player has its own private/public key pair.
As described above, in a first approach, content to be stored locally at the STB is first decrypted, watermarked, and then re-encrypted. The software player initiates a session with the STB and provides its public key. The software player and the STB negotiate a secure channel using their digital certificates, and establish a session key. In the first approach, stored watermarked content is decrypted on the STB and re-encrypted with the session key before being transferred to the software player.
In the second approach, stored content is decrypted on the STB, watermarked, and then re-encrypted with the session key before being communicated to the software player. The software player decrypts the content with the session key and plays the content.
Having described various embodiments for a method, apparatus and system for the secure distribution of content (which are intended to be illustrative and not limiting), it is noted that modifications and variations can be made by persons skilled in the art in light of the above teachings. It is therefore to be understood that changes may be made in the particular embodiments of the invention disclosed which are within the scope and spirit of the invention as outlined by the appended claims. While the forgoing is directed to various embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof.
This application claims the benefit, under 35 U.S.C. §365 of International Application PCT/US2006/476348, filed on Dec. 13, 2006, which was published in accordance with PCT Article 21(2) on Jan. 31, 2008, in English and which claims the benefit of U.S. provisional patent application No. 60/832,830, filed on Jul. 24, 2006.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US2006/047634 | 12/13/2006 | WO | 00 | 1/23/2009 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2008/013562 | 1/31/2008 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 6118873 | Lotspiech et al. | Sep 2000 | A |
| 6789188 | Epstein et al. | Sep 2004 | B1 |
| 6993137 | Fransdonk | Jan 2006 | B2 |
| 7062658 | Cheriton et al. | Jun 2006 | B1 |
| 7107462 | Fransdonk | Sep 2006 | B2 |
| 7181620 | Hur | Feb 2007 | B1 |
| 7242766 | Lyle | Jul 2007 | B1 |
| 7529375 | Durand | May 2009 | B2 |
| 7584361 | Tapson | Sep 2009 | B2 |
| 20010051996 | Cooper et al. | Dec 2001 | A1 |
| 20020176572 | Ananth | Nov 2002 | A1 |
| 20030108206 | Diehl et al. | Jun 2003 | A1 |
| 20050013437 | Ikonen et al. | Jan 2005 | A1 |
| 20050195980 | Lotspiech et al. | Sep 2005 | A1 |
| 20050198529 | Kitani | Sep 2005 | A1 |
| 20060107045 | Le Buhan et al. | May 2006 | A1 |
| 20060136718 | Moreillon | Jun 2006 | A1 |
| 20060193474 | Fransdonk | Aug 2006 | A1 |
| 20070022469 | Cooper et al. | Jan 2007 | A1 |
| Number | Date | Country |
|---|---|---|
| 2003-8566 | Jan 2003 | JP |
| 2005-513835 | May 2005 | JP |
| 2005-522902 | Jul 2005 | JP |
| 2005-210687 | Aug 2005 | JP |
| 03052598 | Jun 2003 | WO |
| WO03058618 | Jul 2003 | WO |
| WO2006062635 | Jun 2006 | WO |
| Entry |
|---|
| Andreaux, et al., “Copy Protection System for Digital Home Networks”, IEEE Signal Processing Magazine, 1053-5888/04, Mar. 2004, p. 100-108. |
| EBU Project Group B/CA, “Functional model of a conditional access system,” EBU Technical Review, European Broadcasting Union, Brussels. BE, No. 266, Dec. 21, 1995, pp. 64-77, XP000559450. |
| Guillou et al., Encipherment and Conditional Access, SMPTE Journal, SMPTE Inc., Scarsdale, NY, US, vol. 103, No. 6, Jun. 1, 1994, pp. 398-406, XP000457575. |
| Judge et al., WHIM: watermarking multicast video with a hierarchy of intermediaries, Computer Networks, Elsevier Science Publishers B.V., Amsterdam, NL, vol. 39, No. 6, Aug. 21, 2002, pp. 699-712. XP004371479. |
| International Search Report, dated Jun. 29, 2007. |
| Number | Date | Country | |
|---|---|---|---|
| 20090290711 A1 | Nov 2009 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60832830 | Jul 2006 | US |
