US20090276619A1

Movatterモバイル変換

Info

Publication number: US20090276619A1
Application number: US12/494,185
Authority: US
Inventors: Daniel A. Collens; Stephen Watson; Michael A. Malcolm
Original assignee: Kaleidescape Inc
Current assignee: Kaleidescape Inc
Priority date: 2002-07-09
Filing date: 2009-06-29
Publication date: 2009-11-05
Also published as: WO2004006494A1; EP1522165A1; JP2010259057A; EP1522165A4; AU2003248884A1; JP2005532594A; JP4500677B2; US20040010694A1; US20070106901A1; US7568105B2; US7111171B2

Abstract

Distributing information, including the steps of watermarking the digital content, distributing the digital content using a multi-source system, and partially fingerprinting digital content at each stage of moving information from a point of origin to the viewer. “Adaptation” of the digital content to the recipient includes maintaining the digital content in encrypted form at each such intermediate device, including decrypting the digital content with a key unique to both the device and the specific movie, selecting a portion of the watermark locations into which to embed information, embedding fingerprinting information into those locations sufficient to identify the recipient, and encrypting the fingerprinted digital content with a new such key.

Description

CROSS REFERENCE TO RELATED APPLICATIONS

BACKGROUND

1. Field of the Invention

The invention relates to distribution of digital content.

One known solution is to mark digital content with a “fingerprint,” so that an unauthorized distributor of the content can be determined, thus hopefully deterring potential unauthorized distributors. However, fingerprinting of digital content is subject to several problems.

First, fingerprinting can require substantial computation and memory resources. If the fingerprint were to be embedded at a single point of origin, that point of origin would have to be scaled up in size and power commensurate with the number of movies and the number of end viewers requesting those movies.

Second, fingerprinting can require substantial amount of time to perform. If a media stream were to be distributed to end viewers starting at a selected release time, as is sometimes common for first-release movies, there would be a substantial delay in distribution at about the release time due to queuing of more requests for the media stream than could be handled in real-time.

Because of the relatively large amounts of data needed to be sent, it would be advantageous to distribute digital content for media streams in a tiered or cached system, that is, one in which the digital content is moved outward from a point of origin to devices that are closer to end viewers in terms of (1) cost for communication, (2) latency for sending and receiving messages, and other factors. However, conventional fingerprinting is substantially inconsistent with a system in which digital content is substantially distributed before the end viewer is known.

SUMMARY

A method of distributing information, such as digital content for media streams, includes (1) watermarking the digital content, such as for example using a technique described in a related application for selecting watermarking locations and embedding fingerprinting information therein, “WATERMARKING AND FINGERPRINTING DIGITAL CONTENT USING ALTERNATIVE BLOCKS TO EMBED INFORMATION”, (2) distributing the digital content using a multi-source system, such as one with a tiered or cached structure, and (3) partially fingerprinting digital content at each stage of moving information from a point of origin to the viewer, thus generating partially-fingerprinted digital content for maintenance at each intermediate device.

An aspect of the method includes maintaining the digital content in encrypted form at each such intermediate device. To send digital content to any receiving device, (1) the sending device decrypts the digital content with a key unique to both the sending device and the specific content, (2) the sending device selects a portion of the watermark locations into which to embed information and embeds fingerprinting information into those locations sufficient to identify the recipient, and (3) the sending device encrypts the fingerprinted digital content with a new key, unique to both the receiving device and the specific content, and preferably unique to the particular transaction of sending the digital content. This process of decryption->partial fingerprinting->re-encryption is herein sometimes called “adaptation” of the digital content to the recipient.

In a preferred embodiment, a network of caching devices maintains the digital content for distribution to end viewers. Adaptation is performed whenever the digital content is transferred from any sender to any recipient within the network, including transfers between caches at the same or similar distances from the point of origin. Although it is possible as a consequence for the viewer to receive digital content that has been partially fingerprinted for multiple recipients, the preferred method of fingerprinting, provides for detecting individual recipients anyway.

In a preferred embodiment, the number of watermark locations to be actually embedded with fingerprinting information is selected in response to both the perceived security of the recipient and resources available for embedding fingerprinting information. In a first example, a point of origin might select about 10.sup.2 such locations when sending digital content to each one of a collection of L1 (first level) caches, the L1 caches might select about 10.sup.4 such locations when sending digital content to each one of about 10.sup.3 L2 caches, the L2 caches might select about 10.sup.6 such locations when sending digital content to each one of about 10.sup.5 L3 caches, and the L3 caches might select about 10.sup.8 such locations when sending digital content to each one of about 10.sup.6 end viewers.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a block diagram of a system for distribution of digital content, including parallel distribution and fingerprinting of digital content.

FIG. 2 shows a block diagram of a system for distribution and adaptation of digital content, including key management for parallel distribution and fingerprinting of digital content.

FIG. 3 shows a process flow diagram of a method for distribution of digital content, including parallel distribution and fingerprinting of digital content.

DETAILED DESCRIPTION

In the following description, a preferred embodiment of the invention is described with regard to preferred process steps and data structures. Those skilled in the art would recognize after perusal of this application that embodiment of the invention can be implemented using one or more general-purpose processors or special-purpose processors or other circuits adapted to particular process steps and data structures described herein, and that implementation of particular process steps and data structures would not require undue experimentation or further invention.

Lexicography

The following terms refer or relate to aspects of the invention as described below. The descriptions of general meanings of these terms are not intended to be limiting, only illustrative.

The phrase “media stream” describes information intended for presentation in a sequence, such as motion pictures including a sequence of frames or fields, or such as audio including a sequence of sounds. As used herein, the phrase “media stream” has a broader meaning than the standard meaning for “streaming media,” (of sound and pictures that are transmitted continuously using packets and that start to play before all of the content arrives). Rather, as described herein, there is no particular requirement that “media streams” must be delivered continuously. Also as described herein, media streams can refer to other information for presentation, such as for example animation or sound, as well as to still media, such as for example pictures or illustrations, and also to databases and other collections of information.

The phrase “digital content” describes data in a digital format, intended to represent media streams or other information for presentation to an end viewer. “Digital content” is distinguished from packaging information, such as for example message header information. For the two phrases “digital content” and “media stream,” the former describes a selected encoding of the latter, while the latter describes a result of presenting any encoding thereof.

The phrase “embedding information in media streams” describes generating a set of digital content for that media stream, for which the digital content both represents the media stream and also includes the embedded information in a form capable of later detection.

The term “watermark” describes a schema for digital content by which information can be embedded into that digital content. As described herein, an attacker cannot easily remove the watermark provided by the invention. However, the concept of a watermark as described herein is sufficiently general to include watermarks that are not so resistant to attack. As described herein, the watermark provided by the invention includes, within the media stream, both a set of locations at which to embed information and possible alterations to make at those locations by which information is embedded. However, the concept of a watermark as described herein is sufficiently general to include watermarks using other techniques for embedding information.

The term “fingerprint” describes a specific set of information sufficient to identify at least one designated recipient of digital content. As described herein, multiple attackers colluding together cannot easily remove the fingerprint provided by the invention, or prevent at least one of them from being detected as unauthorized distributor of the digital content. However, the concept of the fingerprint as described herein is sufficiently general to include fingerprints that are not so resistant to removal, or do not provide such capability for detecting unauthorized distributors of the digital content. As described herein, the fingerprint provided by the invention includes, within the media stream, a specific set of alterations to make at the locations identified by the watermark. However, the concept of the fingerprint as described herein is sufficiently general to include fingerprints using other techniques for embedding information, detecting the embedded information, and detecting unauthorized distributors of the digital content.

The term “adaptation” describes a process in which a sender delivers digital content to a recipient. As described herein, the sender decrypts its copy of the digital content, embeds information in the media stream represented by that digital content (thus partially fingerprinting that digital content), and re-encrypts that partially fingerprinted digital content. The sender delivers the adapted digital content to the recipient.

The phrase “end viewer” describes a recipient of the media stream for whom decoding of the digital content for the media stream, and presentation of the media stream, is contemplated.

The term “end viewer premises” describes premises where presentation of media streams to an end viewer is contemplated.

The term “decoding” describes generating data in a form for presentation of the media stream, in response to the digital content for the media stream in an encoded format. As described herein, the encoded format might include an industry standard encoded format such as MPEG-2. However, the concept of decoding as described herein is sufficiently general to include other encoding formats for media stream.

The term “presentation” describes generating information in a form for viewing of the media stream, such as for example audio and visual information for viewing a movie. As described herein, presentation of a movie might include visual display of the frames or fields of motion picture, as well as audio presentation of a soundtrack associated with that motion picture. However, the concept of presentation as described herein is sufficiently general to include a wide variety of other forms of generating information for reception by end viewers, including audio, visual, or otherwise.

The phrases “original movie” and “alt-movie” describe alternative versions of the same media stream, such as one being an original version of that media streams introduced into a system using aspects of the invention, and another being an alternative version of that same media streams generated in response to the original movie. Similarly, the phrases “original block” and “alt-block” describe alternative versions of the same individual block or macroblock within the original movie or alt-movie. As described herein, a difference between the original movie and the alt-movie is historical, in that the alt-movie can be substituted for the original movie in nearly every respect. Similarly, a difference between any one original block and its associated alt-block is historical, in that the alt-block can be substituted for the original block in nearly every respect.

Other and further applications of the invention, including extensions of these terms and concepts, would be clear to those of ordinary skill in the art after purchasing this application. These other and further applications are part of the scope and spirit of the invention, and would be clear to those of ordinary skill in the art without further invention or undue experimentation.

System Elements

Asystem100 includes avideo distribution network110, thevideo distribution network110 including at least oneinjection origin120 and thevideo distribution network110 including a plurality ofend viewer premises130.

1. Distribution from the Injection Origin to the End Viewer Premises.

Theinjection origin120 receivesdigital content121 for media streams from sources outside thevideo distribution network110. In a preferred embodiment, these sources might include content producers or content aggregators, such as for example movie production studios, television studios, or radio or television network syndicators. If necessary, theinjection origin120 formats thedigital content121, watermarks it, and encrypts it for storage at theinjection origin120. In a preferred embodiment, theinjection origin120 uses a method of watermarking such as for example described in related applications for watermarking digital content (“WATERMARKING AND FINGERPRINTING DIGITAL CONTENT USING ALTERNATIVE BLOCKS TO EMBED INFORMATION”).

Thevideo distribution network110 includes a network ofcaching devices111, each capable of acting individually or in concert, to receive, store, and distribute thedigital content121 from theinjection origin120 to endviewer premises130 for presentation to one or more end viewers. In a preferred embodiment, requests from end viewers prompt thevideo distribution network110 to distribute thedigital content121 to endviewer premises130, thus using a “pull” model for distribution. However, in alternative embodiments, theinjection origin120 or another device may prompt thevideo distribution network110 to distribute thedigital content121 to endviewer premises130, thus alternatively using a “push” model or another model for distribution.

In a preferred embodiment, thecaching devices111 are disposed in a tiered distribution system, including primary caches112,intermediate caches113, and leaf caches114. The primary caches112 receive thedigital content121 directly from theinjection origin120. Theintermediate caches113 receive thedigital content121 from primary caches112, or from otherintermediate caches113 closer by the network topology to theinjection origin120. The leaf caches114 receive thedigital content121 fromintermediate caches113, or possibly directly from primary caches112, and distribute thedigital content121 directly to endviewer premises130.

In a preferred embodiment, thevideo distribution network110 includes a redundant communication network, such as the Internet or a secure subset thereof. However, in the context of the invention there is no particular requirement for thevideo distribution network110 to use any particular communication technique. In alternative embodiments, any communication technique capable of delivering copies of thedigital content121 from theinjection origin120, through thevideo distribution network110, and ultimately to endviewer premises130, would also be suitable.

In a preferred embodiment, distribution ofdigital content121 using thevideo distribution network110 provides that copies of thedigital content121 might be recorded and maintained atmultiple caching devices111, and might be delivered using more than one pathway from theinjection origin120 to theend viewer premises130.

For a first example, copies of thedigital content121 might be delivered from theinjection origin120 to two different intermediate caches113 (A and B), and from those intermediate caches113 (A and B) to multipleend viewer premises130. In the event that one of those intermediate caches113 (A) later discards its copy of thedigital content121, it can receive another copy from the other intermediate cache113 (B) for further delivery to endviewer premises130.

For a second example, different portions of thedigital content121 might be delivered from theinjection origin120 to different intermediate caches113 (A and B), and from those intermediate caches113 (A and B) to the sameend viewer premises130. This might occur if the act of sending thedigital content121 from theinjection origin120 to theend viewer premises130 was interrupted, such as for example by a communication link failure within thevideo distribution network110 or alternatively by user action, and was later resumed and completed.

2. Distribution to Each Recipient Using the Video Distribution Network.

Whenever any sender deliversdigital content121 to any recipient within thevideo distribution network110, the sender performs adaptation of thedigital content121 for that recipient. In a preferred embodiment, adaptation is performed every time digital content is sent, including every time a sender delivers digital content to either a new recipient for that content or a recipient who may have already received that content. In alternative embodiments, adaptation might be performed at a subset of these times.

Adaptation preferably is performed for all recipients, including both cachingdevices111 andend viewer premises130. This would include transfers among cachingdevices111, even those the same or similar distance from theinjection origin120. However, in the context of the invention there is no particular requirement for adaptation to be performed for all possible recipients, so that in alternative embodiments, some portion of thevideo distribution network110 might transmit thedigital content121 through without decrypting, fingerprinting or re-encrypting it.

More generally, at points in thevideo distribution network110, thesystem100 might perform one or more of the functions of decrypting, fingerprinting and re-encrypting thedigital content121, including all possible cases in which (a) decryption is performed first if it is performed at all, (b) encryption is performed last if it is performed at all, and (c) fingerprinting is performed at least once. However, it is possible that not all such combinations are necessarily useful. In the following description, those cases where fingerprinting is performed more than once are considered equivalent to cases where fingerprinting is performed exactly once. For example, not intended to be limiting in any way, in alternative embodiments the following might be performed at some point in the video distribution network110:

- decryption, fingerprinting, and re-encryption, with the effect that thedigital content121 is adapted from a first point to a second point in thevideo distribution network110 with both a fingerprint and a new key;
- decryption and re-encryption (without fingerprinting), with the effect that thedigital content121 is adapted from a first point to a second point in thevideo distribution network110 with a new key but no fingerprint;
- fingerprinting and new encryption, with the effect that thedigital content121 is imported from an unencrypted form and introduced into thevideo distribution network110 with an encryption key; or alternatively, with the effect that thedigital content121 is fingerprinted and has a new encryption key layered onto it;
- new encryption (without fingerprinting), with the effect that thedigital content121 is imported from an unencrypted form and introduced into thevideo distribution network110 with an encryption key but no fingerprint; or alternatively, with the effect that thedigital content121 has a new encryption key layered onto it;
- decryption and fingerprinting, with the effect that thedigital content121 is made capable of presentation, such as to an end viewer, but the presentable copy is fingerprinted for each such presentation;
- decryption (without fingerprinting), with the effect that thedigital content121 is made capable of presentation, such as to an end viewer, but without fingerprinting;
- no action, with the effect that thedigital content121 is sent from a first point to a second point in thevideo distribution network110 without change.

As described above, it is therefore possible as a consequence for individualend viewer premises130 to receivedigital content121 that has been partially fingerprinted for multiple recipients. However, in a preferred embodiment, the method of fingerprinting (such as for example using a technique described in related applications for detecting collusion among multiple recipients of fingerprinted digital content) provides for detecting individual recipients anyway.

When an individualend viewer premises130 receives the encrypted, fingerprinteddigital content121, it records thatdigital content121 in alocal video library131. Thelocal video library131 maintains thedigital content121 in its encrypted, fingerprinted form for later distribution to one ormore playback elements132. In response to a request by an end viewer, thelocal video library131 distributes thedigital content121 to one ormore playback elements132, at which thedigital content121 is substantially simultaneously decrypted and presented to end viewers for viewing.

Distribution and Adaptation

As described herein, theinjection origin120 receivesdigital content121 for media streams, such as a movie, and watermarks it, producing a watermarked version of thedigital content121, labeled M in the figure.

Upon receiving thedigital content121, theinjection origin120 contacts akey server201 using a key exchange protocol. In a preferred embodiment, the key exchange protocol uses the SSL technique for secure communication, or a similar technique.

Thekey server201 generates a content encryption key202 E_Munique to thedigital content121 M. In a preferred embodiment, thekey server201 generates a content encryption key202 E_Mfor use with the AES-128 encryption technique, or a similar technique. Theinjection origin120 uses the content encryption key202 E_Mto encrypt thedigital content121, producing an encrypted and watermarked version E_M(M) of thedigital content121.

In response to a request from an end viewer or to any desire to distribute the content to a cache or end viewer, for example in anticipation of requests that have not yet come, theinjection origin120 adapts its encrypted and watermarked version E_M(M) of thedigital content121 for delivery to a recipient in thevideo distribution network110.

Key Exchange and Adaptation of the Digital Content.

Each time thedigital content121 is adapted for delivery to a recipient, a key exchange occurs between a sendingdevice203 of thedigital content121 and thekey server201. In this key exchange, the sendingdevice203 requests the previous content encryption key202 (now effectively a content decryption key D_M) and a new content encryption key202 E_Mfrom thekey server201. Thekey server201 generates a new content encryption key202 E_Mthat is unique to both thedigital content121 and the sendingdevice203. Preferably, the new content encryption key202 E_Mis also unique to the particular transaction of sending the content; if that content is sent by the same sending device on another occasion to another, or even the same, node or end viewer, the content encryption key202 E_Mis preferably different.

Thekey server201 packages that new content encryption key E_Min an adaptation certificate message204 K_V(D_M; E_M) encrypted using a secure key K_Vthat is restricted to asecure portion205 of the sendingdevice203. In a preferred embodiment, thekey server201 generates the new content encryption key202 E_Mfor use with the AES-128 encryption technique or a similar technique. The secure key K_Vpreferably is adapted for use with the AES-256 encryption technique or with a similar technique.

In a preferred embodiment, thesecure portion205 of sendingdevice203 includes a hardware element having a secure key K_Vthat is restricted to thatsecure portion205, and is not generally available to the rest of the sendingdevice203.

Thekey server201 generates theadaptation certificate message204 that includes the decrypting key D_M(that is, the old content encryption key202) that was used for encrypting thedigital content121 for delivery to the sendingdevice203 and the encrypting key E_M(that is, the new content encryption key202) to be used for encrypting thedigital content121 for delivery to a receiving device. In the preferred embodiment, this message also includes data to be used in fingerprinting, a message-type value and a SHA-1 message digest for added security. In alternative embodiments, other message digests besides SHA-1 might be used, such as for example other values computed in response to the content of the message and not easily reversed to retrieve the content of the message. Moreover, in alternative embodiments, other and further additional data may be included with the message, such as for example a date-stamp or time-stamp, a serial number, or other information not easily available to an attacker.

The adaptation certificate preferably is encrypted using a secure key K_Vthat is restricted to thesecure portion205 of the sendingdevice203, resulting in the adaptation certificate message204 K_V(D_M; E_M). As a result, only thesecure portion205 of the sendingdevice203 should be able to obtain either the decrypting key D_Mor the encrypting key E_M, and the rest of the sendingdevice203 generally should not have access to any of these keys.

More specifically, the adaptation certificate message204 K_V(D_M; E_M) includes at least the following:

- A 4-byte message-type value, indicating that themessage204 is in fact anadaptation certificate message204. In one embodiment, the message-type value might take on one of six possible values, indicating that the message includes (1) an original content encryption key202 D_Mfor content from aninjection point120, (2) an adaptation content encryption key202 D_Mfor content from a sendingdevice203 other than aninjection point120, (3) a content decryption key202 K_Vfor decrypting aplayback certificate206, (4) a content decryption key202 K_Vfor adapting content M, (5) anadaptation certificate message204, or (6) aplayback certificate message206. The message type helps prevent encrypted messages from being recorded by an attacker in one context and replayed in a different context.
- The 16-byte oldcontent encryption key202 D_M. [0074] The 16-byte new content encryption key202 E_M.
- A 16-byte permutation key, including a cryptographically secure indicator for a permutation of fingerprinting information.
- A 16-byte fingerprinting key, including a cryptographically secure indicator for a set of fingerprinting data.
- A 20-byte SHA-1 message digest of the adaptation certificate message204 (so far).
- An 8-byte pad of zero-bits to bring the length of theadaptation certificate message204 to 96 bytes.

Thesecure portion205 of the sendingdevice203 responds to the adaptation certificate message204 K_V(D_M; E_M) from thekey server201, which was encrypted using the secure key K_Vand including both the decrypting key D_Mand the encrypting key E_M. Thesecure portion205 decrypts the encrypted and watermarked version D_M(M) of thedigital content121 using the decrypting key D_M, thus generating an unencrypted copy M of thedigital content121. Thesecure portion205 partially fingerprints the unencrypted copy M of thedigital content121, thus generating an unencrypted partially fingerprinted copy M+ of thedigital content121.

Thesecure portion205 re-encrypts the partially fingerprinted copy M+ of thedigital content121 using the encrypting key, thus generating a re-encrypted partially fingerprinted copy E_M(M+) of thedigital content121. This re-encrypted partially fingerprinted copy E_M(M+) of thedigital content121 is herein sometimes referred to as the adapted copy M* of thedigital content121.

A sendingdevice203 can send the adapted copy M* to another sending device for re-adaptation. This is shown inFIG. 2 by the arrow looping around thetop sending device203. In each iteration, a new decrypting key D_M, new encrypting key E_M, and new secure key K_Vpreferably are used. Furthermore, fingerprinting information preferably is added at each level. Different amounts of fingerprinting information can be embedded in the content at different levels, depending on security considerations.

For example, in the video distribution network illustrated inFIG. 1, sending devices in the form of caches at different levels send the digital content to other caches before the content reachesend viewer premises130. Theinjection point120 might select about 10.sup.2 fingerprint locations when sending digital content to each one of a collection of L1 (first level) caches, the L1 caches might select about 10⁴such locations when sending digital content to each one of about 10³L2 caches, the L2 caches might select about 10⁶such locations when sending digital content to each one of about 10⁵L3 caches, and the L3 caches might select about 10⁸such locations when sending digital content to each one of about 10⁶end viewers. Fewer or more levels can be utilized when distributing the content, and fewer or more locations can be selected at each level.

Eventually, the digital content is sent to a sending device that in turn sends the content to endviewer premises130. Such a sending device is shown as thebottom sending device203 inFIG. 2.

2. Delivery and Playback at End Viewer Premises.

In a preferred embodiment, the adapted copy M* of thedigital content121 that is generated for theend viewer premises130 is no longer partially fingerprinted, but is fully fingerprinted. However, in the context of the invention there is no particular requirement that the adapted copy M* of thedigital content121 that is generated for theend viewer premises130 must be fully fingerprinted. In alternative embodiments, some of the watermarked locations at which information might be embedded in thedigital content121 may be left un-fingerprinted.

For a first example, theend viewer premises130 might include a trusted local distributor, such as a business entity operating to rent or sell copies of thedigital content121 to retail customers. In this first example, theend viewer premises130 would also provide for further adapting thedigital content121 when renting or selling copies of thedigital content121 to retail customers.

For a second example, theend viewer premises130 might include asecure portion205. In this second example, theend viewer premises130 would also provide for further adapting thedigital content121 according to business rules embedded in, or securely downloaded to, thesecure portion205. In this second example, one such business rule would provide for further adapting thedigital content121 each time a playback certificate (as described below) was issued for thedigital content121.

Each time thedigital content121 is delivered to endviewer premises130, a playback certificate exchange occurs between thelocal video library131 and thekey server201. In this playback certificate exchange, thelocal video library131 requests aplayback certificate206 from thekey server201. Thekey server201 reviews business rules applicable to playback of the media stream represented by thedigital content121, and determines if playback of the media stream is allowed. If so, thekey server201 generates aplayback certificate206 for the media stream.

The playback certificate206 K_P(D_M) includes a decrypting key D_M, which was used as the encrypting key E_Mby the leaf cache114 when re-encrypting the partially fingerprinted copy M+ of thedigital content121 to generate the adapted copy M* of thedigital content121. In the preferred embodiment, the playback certificate206 K_P(D_M) also includes a message-type value and a SHA-1 message digest. In alternative embodiments, other message digests besides SHA-1 might be used, such as for example other values computed in response to the content of the message and not easily reversed to retrieve the content of the message. Moreover, in alternative embodiments, other and further additional data may be included with the message, such as for example a date-stamp or time-stamp, a serial number, or other information not easily available to an attacker. The playback certificate206 K_P(D_M) is itself encrypted using a secure playback key K_Pspecific to theplayback element132 for which theplayback certificate206 is issued. In a preferred embodiment, the secure playback key K_Pis adapted for use with the AES-256 encryption technique, or a similar technique.

More specifically, the playback certificate message206 K_P(D_M) includes at least the following:

- A 4-byte message-type value, indicating that themessage204 is in fact anplayback certificate message206.
- The 16-byte old content encryption key202 D_M.
- An 16-byte output format word, indicating whether the content is low resolution (640.times.480, 704.times.480, or NTSC), medium resolution (1280.times.720), or high resolution (1920.times.1080), and indicating whether the content is in an output mode that is analog (without copy protection), analog (with “Macrovision” copy protection), DVI (without copy protection), or DVI (with “HDCP” copy protection).
- A 20-byte SHA-1 message digest of the playback certificate message206 (so far).
- An 8-byte pad of zero-bits to bring the length of theplayback certificate message206 to 64 bytes.

When thelocal video library131 at the individualend viewer premises130 has obtained both the playback certificate206 K_P(D_M), and the adapted copy M* of thedigital content121, equal to the re-encrypted fingerprinted copy D_M(M+) of thedigital content121, it is able to deliver those data to theplayback element132 having the secure playback key K_P, which is able to decrypt and decode the adapted copy M* of thedigital content121, and present the unencrypted fingerprinted copy M+ of thedigital content121 to end viewers.

Method of Operation

InFIG. 3, the preferred location for performing each step is indicated by the labels “Injection Origin,” “Sending Device(s),” and “End Viewer Premises,” along with the accompanying dashed-line boxes. While this division is preferred, the invention encompasses embodiments in which the steps are performed at other locations than those shown.

Furthermore, although described serially, the flow points and method steps of themethod300 can be performed by separate elements in conjunction or in parallel, whether asynchronously or synchronously, in a pipelined manner, or otherwise. In the context of the invention, there is no particular requirement that the method must be performed in the same order in which this description lists flow points or method steps, except where explicitly so stated.

Receiving Digital Content.

At aflow point310, theinjection origin120 is ready to receivedigital content121 for media streams.

At astep311, theinjection origin120 formats thedigital content121.

At astep312, theinjection origin120 watermarks thedigital content121, as described in a related application, “WATERMARKING AND FINGERPRINTING DIGITAL CONTENT USING ALTERNATIVE BLOCKS TO EMBED INFORMATION”.

At astep313, theinjection origin120 encrypts thedigital content121 for storage. To perform the step, theinjection origin120 conducts a key exchange with thekey server201. This key exchange includes the following sub-steps:

- (A) Theinjection origin120 requests a new content encryption key202 D_Mfrom thekey server201. An SSL message exchange governs the request for a new content encryption key202 D_M, and the response providing the new content encryption key202 D_M.
- (B) Thekey server201 generates the new content encryption key202 D_M, specific to the particulardigital content121. In a preferred embodiment, thekey server201 generates the new content encryption key202 D_Mfor use with the AES-128 encryption technique, or a similar technique.
- (C) Thekey server201 sends the new content encryption key202 D_Mto theinjection origin120.
- (D) Theinjection origin120 uses the content encryption key202 D_Mto encrypt thedigital content121, producing an encrypted and watermarked version D_M(M) of thedigital content121.

2. Adapting and Sending Digital Content.

At aflow point320, a sendingdevice203 in thevideo distribution network110 is ready to adapt and send thedigital content121 to areceiving device203.

At astep321, the sendingdevice203 conducts a key exchange with thekey server201. This key exchange includes the following sub-steps:

- (A) The sendingdevice203 requests a newcontent encryption key202 from thekey server201.
- (B) Thekey server201 generates a new content encryption key202 E_Mthat is unique to both thedigital content121 and the sendingdevice203, and preferably also unique to the particular transaction of sending the digital content.
- (C) Thekey server201 packages the new content encryption key202 E_Min the adaptation certificate message204 K_V(D_M; E_M) encrypted using a secure key K_Vthat is restricted to asecure portion205 of the sendingdevice203.
- (D) Thekey server201 sends the adaptation certificate message204 K_V(D_M; E_M) to the sendingdevice203.
- (E) The sendingdevice203 delivers the adaptation certificate message204 K_V(D_M; E_M) to asecure portion205 at the sendingdevice203.

At astep322, the sendingdevice203 adapts thedigital content121 for delivery to the receiving device. This adaptation includes the following sub-steps:

- (A) Thesecure portion205 at the sendingdevice203 retrieves its secure key K_V, and decrypts the adaptation certificate message204 K_V(D_M; E_M).
- (B) Thesecure portion205 uses the old content encryption key202 D_Mto decrypt the digital content121 M
- (C) Thesecure portion205 partially fingerprints the digital content121 M, thus generating partially fingerprinteddigital content121 M+.
- (D) Thesecure portion205 re-encrypts the partially fingerprinteddigital content121 M+ using the new content encryption key202 E_M, thus generating the adapted digital content121 M*.

At astep323, the sendingdevice203 sends the adapted digital content121 M* to the receivingdevice203.

Digital content can be sent from one sending device to another sending device, for example from one cache to another cache in a video distribution network. Thus, flow can proceed fromstep323 back to step320 for re-adaptation, as indicated by the arrow between these two steps inFIG. 3. Different keys and locations for embedding fingerprint information preferably are used at each sending device. At some point, the digital content preferably is sent to an end viewer premises for presentation, as indicated by the arrow fromstep323 to step330.

3. Decoding and Presenting Digital Content.

At aflow point330, the individualend viewer premises130 requestsdigital content121 for presenting media streams represented by thatdigital content121 to one or more end viewers. This step can be performed responsive to a request for content by an end viewer at the end viewer premises, in anticipation of demand by an end viewer, or for some other reason.

At astep331, the request fordigital content121 is received by at least one caching device111 (preferably a leaf cache114) in thevideo distribution network110.

At astep332, thelocal video library131 conducts a playback certificate exchange with thekey server201. The playback certificate exchange includes the following sub-steps:

- (A) Thelocal video library131 requests aplayback certificate206 from thekey server201
- (B) Thekey server201 reviews business rules applicable to playback of the media streams represented by thedigital content121, and determines if playback of the media streams is allowed. If so, themethod300 continues with the substep (C).
- (C) Thekey server201 generates aplayback certificate206 for thedigital content121 representing the media stream.
- (D) Thekey server201 sends theplayback certificate206 to thelocal video library131.

At astep333, thelocal video library131 at individualend viewer premises130 sends thedigital content121 in its encrypted, fingerprinted form to one ormore playback elements132.

At astep334, thelocal video library131 sends theplayback certificate206 to thoseplayback elements132.

At astep335, playback elements132 (if able to use the playback certificate206) decrypt and decode thedigital content121, and concurrently present the media streams represented by thatdigital content121.

GENERALITY OF THE INVENTION

The invention is useful for, and has sufficient generality for, applications other than distribution of media streams. For example, the invention can be applied to software, data streams generated in real-time such as virtual reality simulations, digitized analog content, and to other content. In addition, the invention is not limited to distribution of content, but rather is also applicable to other settings. For example, the invention is also generally useful for applications in which security of datasets or identifying recipients of those datasets is desired.

Furthermore, the invention is described herein using symmetric encryption, in which a same key is used for encryption and decryption. However, the invention can be implemented using asymmetric encryption (such as for example, public key encryption) without undue experimentation or further invention. Therefore, any single key described in this disclosure (including the claims) as both encrypting and decrypting content should be read to encompass the respective keys of a asymmetric key pair (such as for example, a public key/private key pair).

Although preferred embodiments are disclosed herein, many variations are possible which remain within the concept, scope, and spirit of the invention. These variations would become clear to those skilled in the art after perusal of this application.

Those skilled in the art will recognize, after perusal of this application, that these alternative embodiments are illustrative and in no way limiting.