1 2382160
MECHANISM FOR STORING, TRANSFERRING, ENCRYPTING AND
LOCKING MULTI-MEDIA FILES
The present invention relates to a method and 5 apparatus for storing and transferring multi-media files in an encrypted form whereby the content is retained in a form that provides protection against unwanted copying and distribution.
Where it is desired to provide users with content in 10 the form of files written in a machine-readable format it is common that such files easily lend themselves to being copied, duplicated and distributed Whilst this is of significant benefit to the content provider during the initial provision of the content to the original customer 15 it can become a liability where the content provider seeks to ensure that copyright is not violated.
The present invention describes apparatus and a method for enabling this content to be stored and distributed electronically, for example over a network, 20 whilst ensuring that it remains in a form that protects against unauthorized copying, distribution and usage.
Where the multi-media data is decrypted and returned to a format that can be directly replayed it is passed immediately for playback and never stored in that format.
25 It is therefore significantly more difficult for the user to locate a file that exists in a format that may be copied and distributed without copyright control.
The system utilizes a technique of breaking the original file down into much smaller blocks. Just as a 30 jigsaw puzzle is only complete when all the pieces have been located and re-assembled in the correct order, the multi-media file is only complete when all the individual blocks have been re-assembled. In addition, it is possible to break down each block into sub-blocks and 35 similarly re-order the blocks.
Using this technique it is possible to unscramble the order of the various blocks and sub-blocks according to a pre-arranged scheme and an appropriate key and to
achieve this during the playback process thus avoiding the need to store the file in a decrypted format.
The technique is particularly useful where the information processing power of the playback machine is 5 limited. It is also possible to add various standard mathematical encryption techniques to a very small segment of the content, for instance it would be possible to encrypt one single sub-block within each block.
The innovation delivers a number of benefits to the 10 content provider by providing an inherently high level of security throughout the storage and delivery process and by integrating easily with existing techniques to significantly increase the level of security offered.
An example would be where it is desired to supply 15 high quality video to the user of a personal computing device. It may be envisaged that decrypting such a file during the playback may present the computer with an excessive load and cause playback to falter. It may also be envisaged that the re-ordering of the various blocks 20 and sub-blocks may be arranged to present a much lighter loading. The introduction of further mathematical
encryption on only a small selection of sub-blocks may increase the level of security offered whilst maintaining an acceptable level of performance.
25 This breaking down into blocks and sub-blocks also provides benefits to the supplier in that additional security may be provided at the point where the master copies are stored. As an example it is possible to distribute the various blocks and sub-blocks to different 30 locations, for instance on different servers distributed to different locations around a network or around the Internet Thus a single security violation at a server would only give the intruder access to a random selection of blocks from the file, the greater the number of 35 locations the higher the level of security. An intruder determined to steal an original copy of the file would need access to all the servers holding blocks for the
multi-media file and to all keys required to re-assemble and decrypt the data.
In accordance with the present invention, we provide apparatus for splitting the multi-media file into 5 numerous blocks and re-arranging, storing, transmitting and then re-assembling these blocks according to an algorithm and an associated key, as follows: a. generating a first key using a mathematical or random scheme; 10 b. splitting the multi-media file into numerous blocks according to an algorithm and the first key; c, generating a second key using a mathematical or random scheme; 15 d, encrypting the individual blocks and sub blocks according to the second key; e, generating a third key using a mathematical or random scheme; f. storing the numerous blocks and sub-blocks 20 in several places according to an algorithm and the third key; g. storing the various keys in different locations remote from the numerous blocks and sub-blocks of data; 25 h. providing the various keys to the authorised users at the appropriate time; i. downloading the numerous blocks and sub blocks to the user as indicated by third key; j, storing the numerous blocks and sub-blocks 30 on the target machine until required; k, obtaining any further authorization or keys from the content supplier as may be required; 1. retrieving the numerous blocks and sub 35 blocks in order as determined by the first key; m. decrypting the blocks and sub-blocks according to the second key; and
n. passing the multi-media data directly to the playback device.
Also, in accordance with the present invention, we provide a method for splitting the multi-media file into 5 numerous blocks and sub-blocks and re-arranging, storing, transmitting and then re-assembling these blocks and sub-
blocks according to an algorithm and an associated key, as follows: a. generating a first key using a 10 mathematical or random schemes b. splitting the multi-media file into numerous blocks and sub-blocks according to an algorithm and the first key; c. generating a second key using a 15 mathematical or random scheme; d. encrypting the individual blocks according to the second key; e. generating a third key using a mathematical or random scheme; 20 f. storing the numerous blocks and subblocks in several places according to an algorithm and the third key; g. storing the various keys in different locations remote from the numerous blocks and 25 sub-blocks of data; h. providing the various keys to the authorised users at the appropriate time; i. downloading the numerous blocks and sub blocks to the user as indicated by third key; 30 j. storing the numerous blocks and sub-blocks on the target machine until required; k. requesting the playback of the multi-media file from the Decryption Object; 1. obtaining any further authorization or 35 keys from the content supplier as may be required; m. retrieving the numerous blocks and sub blocks in order as determined by the first key;
n. decrypting the blocks and sub-blocks according to the second key; and o. passing the multi-media data directly to the playback device.
Examples of the present invention will now be described with reference to the accompanying drawings, in which: Figure 1 is a diagram of apparatus in a standard arrangement configured to replay multi-media files lo showing the flow of data; and Figure 2 is a diagram of apparatus operating in accordance with the present invention to replay multi-
media files showing the flow of data; and Figure 3 is a diagram representing a single file of 15 multi-media data in a standard arrangement; and Figure 4 is a diagram representing a multi-media file split into numerous blocks; and Figure 5 is a diagram representing a multi-media file split into numerous blocks and the order of the 20 blocks then re-arranged according to a scheme; and Figure 6 is a diagram representing a multi-media file split into numerous blocks and rearranged and showing as an example a single block split into sub-
blocks and re-arranged, all according to a scheme.
The apparatus Figure 1 is a diagram of apparatus operating conventionally to replay multi-media files. Multi-media 30 files may include various content for example video, audio, presentations, images, animations, games, software or more simple files such as text documents.
The multi-media file would normally be stored as a disk file 4 in the original multi-media format 5 which 3s can be played by an appropriate media player 2 and any associated codec (coder-decoder). The output to the user would be passed through an appropriate replay apparatus for example a screen, games console, loudspeakers etc.
It can be easily seen that anyone with the appropriate media player can copy the disk file and make unrestricted use of the same content. Thus a file may be copied and distributed extensively outside of the control 5 of the content provider.
Figure 2 is a diagram of apparatus operating in accordance with the current invention. The Decryption Object 6 receives a request from the Media Player 2 to provide the multi-media data. In turn, the Decryption 10 Object accesses the file in the encrypted format ll and decrypts this data according to the keys passed by the Key Manager 7. The keys from the key manager may be provided from various sources and linked to other factors as additional security, for example they may be linked to 15 hardware serial numbers 8, operating system serial numbers 9 or authorized from external sources lo such as the Internet.
The multi-media file is then passed on a continuous basis, such as streaming or in a similar manner, in the 20 native multi-media format 5.
It can be seen that the apparatus may be provided entirely as software to be loaded on to an information-
processing device or as hardware to be incorporated in or attached to such a device or as a combination of both.
25 Examples of such devices would include computers, personal computers, portable computers of various sizes and other devices incorporating such computing facilities such as Personal Digital Assistants, Personal Organisers and Schedulers, mobile telephone instruments etc. The method Figure 3 is a diagram representing a single multi-
media file with a start 20 and an end 21. The native format of the file is determined by the type of content 35 and will vary from file to file. This may include for example MPEG, WAV, MP3, AVI and MOV amongst others. This file is usually read by the file system from the disk store as required. It is commonly possible to copy such a
multi-media file and transfer it to another similar machine without regard to copyright restrictions.
Figure 4 shows a similar multi-media file split into blocks, with the letters identifying the correct order of 5 the blocks A to H. Figure 5 shows a similar multi-media file with the blocks rearranged according to some scheme. The blocks may be of uniform size or may vary in size from block to block. The key to identify the scheme being used and 10 therefore to unscramble the file may be included within the file or provided separately and may be suitably encrypted. Figure 6 shows the same multi-media file and illustrates the use of sub-blocks and a similar re 15 ordering process applied to these. Additional encryption may added to all blocks and sub-blocks or alternatively to a sub-set only. This has the advantage that the decryption process can be tailored to suit the power of the playback machine whilst still offering an adequate 20 level of protection to prevent the unauthorized playback of various formats of multi-media content.
The user will gain the following benefits from the system: the ability to access various material for 25 playback where the availability may be otherwise restricted due to copyright concerns; and an appropriate level of playback performance on computing machines that have 30 relatively restricted computing power.
The supplier of the product, service or information will gain the following benefits from the system: convenient distribution of material without 3s significant loss of copyright control; easily varied levels of security by varying block sizes;
optionally increased security by additional mathematical encryption to a variable number of block and sub-blocks; and increased market penetration due to 5 increased compatibility with existing lower power computing devices.
Appendix A Each of the major components will now be described in brief.
Replay device l The replay device l is used to physically present the multi-media content to the user and is likely to be part of the existing playback instrument, for instance a 10 screen or loudspeakers attached to computing device.
Multi-media player 2 The multi-media player 2 takes the data file presented to it in the native format 5 and replays it in 15 a form that can be presented to the replay device for presentation to the user. Conversion from the native format is achieved by use of an appropriate coder-decoder (codec) 3 to match the native format.
20 Codec 3 The coder-decoder (codec) 3 enables the decoding of the multimedia file's own native format. Various codecs may be utilised by the multi-media player to match the various native formats being played. Additional codecs 25 may be installed to suit new native formats as these become common.
Disk file 4 The disk file 4 is the bulk storage method most 30 commonly used with computing devices for long-term storage. In this example it is a data file located on a physical disk drive although this can be equally well applied to CD drives or memory arrays or other similar devices. Native format 5 The native file format 5 is any file format commonly used for multi-media files and this format may be used at
various points within the system. Examples of commonly used formats would include MPEG, AVI, MOV, MP3 and WAV.
Decryption object 6 5 The decryption object 6 is responsible for applying the various algorithms and schemes to the encrypted format ll in order to translate it back into the original native format 5. This is achieved with the help of various keys provided for the purpose. The encrypted 10 format file ll is read from the disk file 4 as required.
The translated multi-media file is provided to the multi media player on a continuous basis as it is required and is not stored as a complete file at any time thus there never exists a complete unencrypted file that may be 15 copied. The decryption object may exist as software or hardware or a combination of the two.
Key manager 7 The key manager 7 provides the keys from various 20 sources as required by the decryption object. The source of the various keys may vary with the application: Harware key 8 The hardware key 8 may be a number or identifier 25 related to the machine being used for playback. For example this might be a processor serial number or network board address or similar. In this way the playback of the multi-media can be locked to a specific playback device.
Software key 9 The software key 9 may be number or identifier related to a specific piece of software or data. For example this might be the operating system registration 35 number or similar.
External key lo The external key lo is any key or keys that may be supplied externally. For instance this may be the keys 5 supplied with the encrypted data file, keys subsequently provided in return for payment or various other keys entered manually or supplied automatically from a remote source such as a network or the Internet.
10 Encrypted format It The encrypted format.ll is that format supplied to the user. The encryption scheme will include the re-
arranged blocks and sub-blocks and may also include other mathematical encryption within a number of these blocks 15 and sub-blocks. The encrypted format file may also include various additional control and key information related to the decryption process and this additional data may itself be encrypted.