CA2369118C - Selective and renewable encryption for secure distribution of video on-demand - Google Patents
Selective and renewable encryption for secure distribution of video on-demand Download PDFInfo
- Publication number
- CA2369118C CA2369118C CA002369118A CA2369118A CA2369118C CA 2369118 C CA2369118 C CA 2369118C CA 002369118 A CA002369118 A CA 002369118A CA 2369118 A CA2369118 A CA 2369118A CA 2369118 C CA2369118 C CA 2369118C
- Authority
- CA
- Canada
- Prior art keywords
- payload
- predetermined criterion
- packet
- encryption
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
- H04N21/23473—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption by pre-encrypting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
- H04N21/23476—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption by partially encrypting, e.g. encrypting the ending portion of a movie
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
- H04N21/26609—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM] using retrofitting techniques, e.g. by re-encrypting the control words used for pre-encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
Abstract
Selective encryption is provided in a process which includes: determining whether a predetermined criterion is satisfied;
setting a selective encryption status field (1402) if the predetermined criterion is satisfied; and encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload (1406), if the predetermined criterion is satisfied. The predetermined criterion may be one of several criteria, each of which reduce the required amount of encryption and decryption while maintaining a high level of security. Renewable encryption is provided in a process which includes: copying a first encrypted digital video program from a remote server to a video source; decrypting the first encrypted digital video program using a first key to generate an unencrypted digital video program; encrypting the unencrypted digital video program using a second key to generate a second encrypted digital video program; transmitting the second encrypted digital video program from the video source to the remote server; and deleting the first encrypted digital video program from the remote server.
setting a selective encryption status field (1402) if the predetermined criterion is satisfied; and encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload (1406), if the predetermined criterion is satisfied. The predetermined criterion may be one of several criteria, each of which reduce the required amount of encryption and decryption while maintaining a high level of security. Renewable encryption is provided in a process which includes: copying a first encrypted digital video program from a remote server to a video source; decrypting the first encrypted digital video program using a first key to generate an unencrypted digital video program; encrypting the unencrypted digital video program using a second key to generate a second encrypted digital video program; transmitting the second encrypted digital video program from the video source to the remote server; and deleting the first encrypted digital video program from the remote server.
Description
SELECTIVE AND RENEWABLE ENCRYPTION FOR
SECURE DISTRIBUTION OF VIDEO ON-DEMAND
BACKGROUND OF THE INVENTION
1. Field of the invention This invention relates generally to the field of video distribution networks. In particular, this invention relates to secure video distribution networks.
SECURE DISTRIBUTION OF VIDEO ON-DEMAND
BACKGROUND OF THE INVENTION
1. Field of the invention This invention relates generally to the field of video distribution networks. In particular, this invention relates to secure video distribution networks.
2. Description of the Background Art Security is an important issue for video distribution networks. Issues of security are particularly important with regards to the distribution of digital video.
Distribution of digital cable television channels currently follows a broadcast model in that the digital cable television channels are broadcast from the broadcast source to many subscriber stations at once. Security for the distribution of digital cable television channels also follows a broadcast model. A digital cable television channel is fully encrypted in real-time at the time of the broadcast from the broadcast source. Authorization keys allow subscribing users to decrypt and view the broadcast content. Such authorization keys must somehow, at sometime, be delivered to the subscribing users. It is not practical to deliver authorization keys at the same time that encrypted content is broadcast because verification of the delivery is difficult to do immediately and interactively using current cable television networks. Hence, delivery of the authorization keys occurs periodically on a time-based schedule, where the periodicity of the delivery is known as a time quantum or time epoch. The time epoch is typically related to the billing cycle (for example, monthly) for the cable television service.
Unlike distribution of digital cable television channels, distribution of digital video on-demand (VOD) follows a pointcast model in that the content is transmitted from a video server to each individual viewer. Due to the nature of pointcasting, a security scheme for digital VOD which is based on the model provided by security for cable television broadcasts would be impractical and expensive.
First, fully encrypting the digital VOD in real-time every time the digital video is transmitted from the server to an individual viewer is quite expensive in both cost and space usage for encryption equipment. Second, having a time epoch correlated to the billing cycle of the digital VOD service (for example, monthly) is a scheduling scheme that may create security risks which inhibits optimal protection of the content.
SUMMARY OF THE INVENTION
The present invention solves the problems discussed above by selective and renewable encryption for secure distribution of digital video on-demand.
Selective encryption is provided in a process which includes: determining whether a predetermined criterion is satisfied; setting a selective encryption status field if the predetermined criterion is satisfied; and encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied. The predetermined criterion may be one of several criteria, each of which reduce the required amount of encryption and decryption while maintaining a high level of security. Renewable encryption is provided in a process which includes: copying a first encrypted digital video program from a remote server to a video source; decrypting the first encrypted digital video program using a first key to generate an unencrypted digital video program; encrypting the unencrypted digital video program using a second key to generate a second encrypted digital video program; transmitting the second encrypted digital video program from the video source to the remote server; and deleting the first encrypted digital video program from the remote server.
Accordingly in one aspect, the present invention provides a secure method for providing digital video programming, the method comprising: determining whether a predetermined criterion for encryption is satisfied; setting a selective encryption status field if the predetermined criterion is satisfied; encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied; resetting the selective encryption status field if the predetermined criterion is unsatisfied; constructing the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and transmitting the packet.
In a further aspect, the present invention provides an apparatus for securely providing digital video programming, the apparatus comprising: a determining device configured to determine whether a predetermined criterion for encryption is satisfied; a setting device configured to set a selective encryption status field if the predetemlined criterion is satisfied; an encrypting device configured to encrypt an unencrypted payload to generate an encrypted payload, and a first constructing device configured to construct a packet with the encrypted payload, if the predetermined criterion is satisfied; a resetting device configured to reset the selective encryption status field if the predetermined criterion is unsatisfied; a second constructing device configured to construct the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and a transmitting device configured to transmit the packet.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a schematic diagram of a conventional cable distribution network (100.).
Fig. 2 is a flow chart depicting a conventional insecure process (200) for distributing video content via a conventional cable distribution network (100).
Fig. 3A is a flow chart depicting a conventional secure process (300) for distributing premium video content via a conventional cable distribution network (100).
3a Fig. 3B is a flow chart depicting a conventional secure process (350) for distributing digital television broadcasts via a conventional cable distribution network (100).
Fig. 4 is a schematic diagram of a cable distribution network (400) including a video on-demand source (402) in accordance with a preferred embodiment of the present invention.
Fig. 5A is a flow chart depicting a secure process (500) for distributing video on-demand content via a cable distribution network (400) in accordance with a first aspect of the present invention.
Fig. 5B is a flow chart depicting a secure process (550) for distributing video on-demand content via a cable distribution network (400) in accordance with a second aspect of the present invention.
Fig. 6 is a flow chart depicting a secure process (600) for distributing video on-demand content via a cable distribution network (400) in accordance with a third aspect of the present invention.
Fig. 7 is a flow chart depicting a secure process (700) for distributing video on-demand content via a cable distribution network (400) in accordance with a fourth aspect of the present invention.
Fig. 8 is a schematic diagram showing interconnected components relating to encryption within the VOD source (402) in accordance with the fourth aspect of the present invention.
Fig. 9 is a flow chart depicting an initial process (900) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with a preferred embodiment of the present invention.
Distribution of digital cable television channels currently follows a broadcast model in that the digital cable television channels are broadcast from the broadcast source to many subscriber stations at once. Security for the distribution of digital cable television channels also follows a broadcast model. A digital cable television channel is fully encrypted in real-time at the time of the broadcast from the broadcast source. Authorization keys allow subscribing users to decrypt and view the broadcast content. Such authorization keys must somehow, at sometime, be delivered to the subscribing users. It is not practical to deliver authorization keys at the same time that encrypted content is broadcast because verification of the delivery is difficult to do immediately and interactively using current cable television networks. Hence, delivery of the authorization keys occurs periodically on a time-based schedule, where the periodicity of the delivery is known as a time quantum or time epoch. The time epoch is typically related to the billing cycle (for example, monthly) for the cable television service.
Unlike distribution of digital cable television channels, distribution of digital video on-demand (VOD) follows a pointcast model in that the content is transmitted from a video server to each individual viewer. Due to the nature of pointcasting, a security scheme for digital VOD which is based on the model provided by security for cable television broadcasts would be impractical and expensive.
First, fully encrypting the digital VOD in real-time every time the digital video is transmitted from the server to an individual viewer is quite expensive in both cost and space usage for encryption equipment. Second, having a time epoch correlated to the billing cycle of the digital VOD service (for example, monthly) is a scheduling scheme that may create security risks which inhibits optimal protection of the content.
SUMMARY OF THE INVENTION
The present invention solves the problems discussed above by selective and renewable encryption for secure distribution of digital video on-demand.
Selective encryption is provided in a process which includes: determining whether a predetermined criterion is satisfied; setting a selective encryption status field if the predetermined criterion is satisfied; and encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied. The predetermined criterion may be one of several criteria, each of which reduce the required amount of encryption and decryption while maintaining a high level of security. Renewable encryption is provided in a process which includes: copying a first encrypted digital video program from a remote server to a video source; decrypting the first encrypted digital video program using a first key to generate an unencrypted digital video program; encrypting the unencrypted digital video program using a second key to generate a second encrypted digital video program; transmitting the second encrypted digital video program from the video source to the remote server; and deleting the first encrypted digital video program from the remote server.
Accordingly in one aspect, the present invention provides a secure method for providing digital video programming, the method comprising: determining whether a predetermined criterion for encryption is satisfied; setting a selective encryption status field if the predetermined criterion is satisfied; encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied; resetting the selective encryption status field if the predetermined criterion is unsatisfied; constructing the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and transmitting the packet.
In a further aspect, the present invention provides an apparatus for securely providing digital video programming, the apparatus comprising: a determining device configured to determine whether a predetermined criterion for encryption is satisfied; a setting device configured to set a selective encryption status field if the predetemlined criterion is satisfied; an encrypting device configured to encrypt an unencrypted payload to generate an encrypted payload, and a first constructing device configured to construct a packet with the encrypted payload, if the predetermined criterion is satisfied; a resetting device configured to reset the selective encryption status field if the predetermined criterion is unsatisfied; a second constructing device configured to construct the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and a transmitting device configured to transmit the packet.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a schematic diagram of a conventional cable distribution network (100.).
Fig. 2 is a flow chart depicting a conventional insecure process (200) for distributing video content via a conventional cable distribution network (100).
Fig. 3A is a flow chart depicting a conventional secure process (300) for distributing premium video content via a conventional cable distribution network (100).
3a Fig. 3B is a flow chart depicting a conventional secure process (350) for distributing digital television broadcasts via a conventional cable distribution network (100).
Fig. 4 is a schematic diagram of a cable distribution network (400) including a video on-demand source (402) in accordance with a preferred embodiment of the present invention.
Fig. 5A is a flow chart depicting a secure process (500) for distributing video on-demand content via a cable distribution network (400) in accordance with a first aspect of the present invention.
Fig. 5B is a flow chart depicting a secure process (550) for distributing video on-demand content via a cable distribution network (400) in accordance with a second aspect of the present invention.
Fig. 6 is a flow chart depicting a secure process (600) for distributing video on-demand content via a cable distribution network (400) in accordance with a third aspect of the present invention.
Fig. 7 is a flow chart depicting a secure process (700) for distributing video on-demand content via a cable distribution network (400) in accordance with a fourth aspect of the present invention.
Fig. 8 is a schematic diagram showing interconnected components relating to encryption within the VOD source (402) in accordance with the fourth aspect of the present invention.
Fig. 9 is a flow chart depicting an initial process (900) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with a preferred embodiment of the present invention.
Fig. 10 is a flow chart depicting a renewal process (1000) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with a preferred embodiment of the present invention.
Fig. 11 A is a schematic diagram showing a conventional MPEG-2 transport stream (TS) packet (1100).
Fig. 11B is a schematic diagram showing a conventional MPEG-2 Packetized Elementary Stream (PES) packet (1150).
Fig. 12A is a flow chart depicting a process for selective encryption (1200) utilizing a payload unit start indicator (SI) in accordance with a first embodiment of the present invention.
Fig. 12B is a flow chart depicting a process for selective decryption (1250) utilizing the payload unit start indicator(SI) in accordance with the first embodiment of the present invention.
Fig. 13 is a schematic diagram showing a TS packet (1100) including a selective encryption status field (1302) in accordance with a second embodiment of the present invention.
Fig. 14A is a flow chart depicting a first process for encryption (1400) in accordance with the second embodiment of the present invention.
Fig. 14B is a flow chart depicting a second process for encryption (1410) in accordance with the second embodiment of the present invention.
Fig. 14C is a flow chart depicting a third process for encryption (1430) in accordance with the second embodiment of the present invention.
Fig. 14D is a flow chart depicting a fourth process for encryption (1440) in accordance with the second embodiment of the present invention.
Fig. 11 A is a schematic diagram showing a conventional MPEG-2 transport stream (TS) packet (1100).
Fig. 11B is a schematic diagram showing a conventional MPEG-2 Packetized Elementary Stream (PES) packet (1150).
Fig. 12A is a flow chart depicting a process for selective encryption (1200) utilizing a payload unit start indicator (SI) in accordance with a first embodiment of the present invention.
Fig. 12B is a flow chart depicting a process for selective decryption (1250) utilizing the payload unit start indicator(SI) in accordance with the first embodiment of the present invention.
Fig. 13 is a schematic diagram showing a TS packet (1100) including a selective encryption status field (1302) in accordance with a second embodiment of the present invention.
Fig. 14A is a flow chart depicting a first process for encryption (1400) in accordance with the second embodiment of the present invention.
Fig. 14B is a flow chart depicting a second process for encryption (1410) in accordance with the second embodiment of the present invention.
Fig. 14C is a flow chart depicting a third process for encryption (1430) in accordance with the second embodiment of the present invention.
Fig. 14D is a flow chart depicting a fourth process for encryption (1440) in accordance with the second embodiment of the present invention.
Fig. 14E is a flow chart depicting a fifth process for encryption (1450) in accordance with the second embodiment of the present invention.
Fig. 14F is a flow chart depicting a sixth process for encryption (1460) in accordance with the second embodiment of the present invention.
Fig. 15 is a flow chart depicting a process for decryption (1500) in accordance with the second embodiment of the present invention.
DETAILED DESCRIPTION OF THE SPECIFIC EMBODIMENTS
Fig. 1 is a schematic diagram of a conventional cable distribution network (100). The conventional cable distribution network (100) typically includes one or more broadcast sources (102), one or more premium broadcast sources (104), one or more distribution centers (106), one or more secondary distribution networks (108), and a plurality of subscriber stations (110).
The broadcast source (102) may be, for example, a local television station.
For instance, an affiliate station of a major network such as ABC, NBC, CBS, FOX, or UPN. The premium broadcast source (104) may be, for example, a premium channel such as HBO, Showtime, Cinemax, and so on. The sources (102) and (104) may be coupled via a primary distribution network to the distribution center (106).
The distribution center (106) may be, for example, a cable head-end. The distribution center (106) may be coupled via a secondary distribution network (108) to the subscriber stations (110). The secondary distribution network (108) comprises may include, for example, various amplifiers, bridges, taps, and drop cables. Finally, the subscriber stations (110) may be, for example, set-top boxes and associated television equipment for viewing the video content by end users.
Fig. 2 is a flow chart depicting a conventional insecure process (200) for distributing video content via a conventional cable distribution network.
First, a non-premium video signal is transported (202) from the broadcast source (102) to the distribution center (106). At the distribution center (106), the video signal is multiplexed (204) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (206) from the distribution center (106) via the secondary distribution network (108) to the subscriber stations (110). At the subscriber stations (110), the multiplexed signal is demultiplexed (208) to isolate the video signal, and then the video signal is displayed 210, typically, on a television monitor.
Fig. 3A is a flow chart depicting a conventional secure process (300) for distributing video content via a conventional cable distribution network.
First, a premium video signal is encrypted (302) to generate an encrypted signal. The encrypted signal is transported (304) from the premium broadcast source (104) to the distribution center (106).
At the distribution center (106), the video signal is decrypted (306) to regenerate the premium video signal. The premium video signal is then scrambled (308) - re-encrypted with a different key and multiplexed (310) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (312) from the distribution center (106) via the secondary distribution network (108) to the subscriber stations (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (314) to isolate the scrambled video signal, the scrambled video signal is unscrambled (316), and then the video signal is displayed (318), typically, on a television monitor connected to a set-top box. The process in Fig. 3 is a typical conventional process for delivering premium video using scrambling. Other conventional processes also exist.
Fig. 14F is a flow chart depicting a sixth process for encryption (1460) in accordance with the second embodiment of the present invention.
Fig. 15 is a flow chart depicting a process for decryption (1500) in accordance with the second embodiment of the present invention.
DETAILED DESCRIPTION OF THE SPECIFIC EMBODIMENTS
Fig. 1 is a schematic diagram of a conventional cable distribution network (100). The conventional cable distribution network (100) typically includes one or more broadcast sources (102), one or more premium broadcast sources (104), one or more distribution centers (106), one or more secondary distribution networks (108), and a plurality of subscriber stations (110).
The broadcast source (102) may be, for example, a local television station.
For instance, an affiliate station of a major network such as ABC, NBC, CBS, FOX, or UPN. The premium broadcast source (104) may be, for example, a premium channel such as HBO, Showtime, Cinemax, and so on. The sources (102) and (104) may be coupled via a primary distribution network to the distribution center (106).
The distribution center (106) may be, for example, a cable head-end. The distribution center (106) may be coupled via a secondary distribution network (108) to the subscriber stations (110). The secondary distribution network (108) comprises may include, for example, various amplifiers, bridges, taps, and drop cables. Finally, the subscriber stations (110) may be, for example, set-top boxes and associated television equipment for viewing the video content by end users.
Fig. 2 is a flow chart depicting a conventional insecure process (200) for distributing video content via a conventional cable distribution network.
First, a non-premium video signal is transported (202) from the broadcast source (102) to the distribution center (106). At the distribution center (106), the video signal is multiplexed (204) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (206) from the distribution center (106) via the secondary distribution network (108) to the subscriber stations (110). At the subscriber stations (110), the multiplexed signal is demultiplexed (208) to isolate the video signal, and then the video signal is displayed 210, typically, on a television monitor.
Fig. 3A is a flow chart depicting a conventional secure process (300) for distributing video content via a conventional cable distribution network.
First, a premium video signal is encrypted (302) to generate an encrypted signal. The encrypted signal is transported (304) from the premium broadcast source (104) to the distribution center (106).
At the distribution center (106), the video signal is decrypted (306) to regenerate the premium video signal. The premium video signal is then scrambled (308) - re-encrypted with a different key and multiplexed (310) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (312) from the distribution center (106) via the secondary distribution network (108) to the subscriber stations (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (314) to isolate the scrambled video signal, the scrambled video signal is unscrambled (316), and then the video signal is displayed (318), typically, on a television monitor connected to a set-top box. The process in Fig. 3 is a typical conventional process for delivering premium video using scrambling. Other conventional processes also exist.
Fig. 3B is a flow chart depicting a conventional secure process (350) for distributing premium digital television broadcasts via a conventional cable distribution network (100). The process (350) begins in a first step (351) when a new billing cycle starts. In a second step (352), new authorizations are distributed from the premium broadcast source (104) to subscriber stations (110) via the conventional cable distribution network (100). Of course, the new authorizations are distributed to only subscriber stations (110) that are subscribing to the premium digital TV for the new billing cycle.
In a third step (354), the encryption system in the premium broadcast source (104) changes to a new encryption key for use in encrypting the premium digital TV broadcast. The new encryption key corrresponds to the new billing cycle. In a fourth step (356), the encryption system in the premium broadcast source (104) fully encrypts the premium digital TV in real-time using the new encryption key. In a fifth step (358), the encrypted premium digital TV is broadcast to the subscriber stations (110) via the conventional cable distribution network (100). In a sixth step (360), the subscriber stations (110) receive and fully decrypt the encrypted premium digital TV
using the new authorizations. Of course, only subscriber stations (110) which are subscribing to the premium digital TV broadcast for the new billing cycle have the new authorizations and so only they are able to fully decrypt the encrypted broadcast.
In a seventh step (362), a determination is made as to whether an end of the new billing cycle is being reached. If the end is not being reached, then the process (350) loops back to the fourth step (356) where the premium digital TV
continues to be encrypted in real-time and then broadcast. Otherwise, if the end is being reached, then the process (350) goes on back to the first step (351) where a new billing cycle starts.
Fig. 4 is a schematic diagram of a cable distribution network (400) including a video on-demand source (402) in accordance with a preferred embodiment of the present invention. In addition to the components of the conventional cable distribution network (100) shown in Fig. 1, the cable distribution network (400) shown in Fig. 4 includes a video on-demand source (402) and a remote server (404). The video on-demand source (402) may house, for example, a collection of video programs such as, for example, movies. As shown in Fig. 4, the remote server (404) may be located within the distribution center (106). The remote server (404) may include, for example, a parallel processing computer configured to be a video server, a disk drive array to store video data, and a video session manager to provide session control of the video data flowing to and from the video server.
Fig. 5A is a flow chart depicting a secure process (500) for distributing video on-demand content via a cable distribution network (400) in accordance with a first aspect of the present invention. The process depicted in Fig. 5A may be called a store, decrypt, and re-encrypt process.
First, a video program is encrypted (502) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (504) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). The encrypted program is then stored (506) in the remote server (404).
Subsequently, when the remote server (404) receives (508) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by first decrypting (510) the video program from the first encrypted form.
A first key is may be used to accomplish such decryption (510), and such key may have been received from the video on-demand source (402) via a communication channel that is separate from the one used to transmit the video program. After the video program is decrypted (510), the remote server (404) re-encrypts (512) the video program into a second encrypted form using a second key.
The second key may be a public key of a public key encryption system.
Such a public key encryption system uses two different key: a public key to encrypt data and a private key to decrypt data. In that case, decryption would be accomplished using a corresponding private key of the public key encryption system. Examples of such a public key encryption system is encryption under the PGP (Pretty Good Privacy) system or under the RSA (Rivest, Shamir, and Adleman) system. Alternatively, the second key may be a private key of a private key encryption system. Such a private key encryption system uses a single private key to encrypt and decrypt data. Examples of such a private key encryption system is encryption under the Data Encryption Standard (DES) or under triple-DES which involves applying DES three times to enhance security. The private key(s) itself may be transmitted from the remote server (404) to the subscriber station (110) while encrypted in a third encrypted form.
After the video program is re-encrypted (512), the re-encrypted program in the second encrypted form (and the second key if necessary) is multiplexed (514) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (516) via the secondary distribution network (108) to the subscriber stations (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (518) to isolate the re-encrypted program in the second encrypted form (and the second key if necessary), the re-encrypted program is decrypted (520) from the second encrypted form to generate the unencrypted video program, and then the video program is displayed (522), typically, on a television monitor connected to set-top box.
Fig. 5B is a flow chart depicting a secure process (550) for distributing video on-demand content via a cable distribution network (400) in accordance with a second aspect of the present invention. The process (550) depicted in Fig. 5B
may be called a decrypt, re-encrypt, and store process. In comparison with the process (500) in Fig. 5A, the process (550) in Fig. 5B decrypts (510) and re-encrypts (512) the video program before the video program is stored (506) in the remote server (404).
First, a video program is encrypted (502) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (504) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). At this point, the remote server (510) decrypts (510) the video program from the first encrypted form. A
first key is may be used to accomplish such decryption (510), and such key may have been received from the video on-demand source (402) via a communication channel that is separate from the one used to transmit the video program. After the video program is decrypted (510), the remote server (404) re-encrypts (512) the video program into a second encrypted form using a second key. After the decryption (510) and re-encryption (510), the re-encrypted program is then stored (506) in the remote server (404).
Note that step (506) in Fig. 5B differs from step (506) in Fig. 5A in that step (506) in Fig. 5B involves storing the video program in the second encrypted form while step (506) in Fig. 5A involves storing the video program in the first encrypted form.
Subsequently, when the remote server (404) receives (508) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by multiplexing (514) the re-encrypted program in the second encrypted form (and the second key if necessary) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (516) via the secondary distribution network (108) to the requesting subscriber station (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (518) to isolate the re-encrypted program in the second encrypted form (and the second key if necessary), the re-encrypted program is decrypted (520) from the second encrypted form to generate the unencrypted video program, and then the video program is displayed (522), typically, on a television monitor connected to set-top box.
Fig. 6 is a flow chart depicting a secure process (600) for distributing video on-demand content via a cable distribution network (400) in accordance with a third aspect of the present invention. The process (600) depicted in Fig. 6 may be called a pass-through process.
First, a video program is encrypted (602) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (604) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). A key to decrypt the encrypted program may also be transported from the source (402) to the server (404).
The encrypted program is then stored (606) in the remote server (404).
The key may be a public key of a public key encryption system. Such a public key encryption system uses two different key: a public key to encrypt data and a private key to decrypt data. In that case, decryption would be accomplished using a corresponding private key of the public key encryption system. Examples of such a public key encryption system is encryption under the PGP (Pretty Good Privacy) system or under the RSA (Rivest, Shamir, and Adleman) system. Alternatively, the key may be a private key of a private key encryption system. Such a private key encryption system uses a single private key to encrypt and decrypt data. Examples of such a private key encryption system is encryption under the Data Encryption Standard (DES) or under triple-DES which involves applying DES three times to enhance security. The private key(s) itself may be transmitted from the source (402) to the server (404) while encrypted in a second encrypted form. Alternatively, the private key(s) may be transported from the source (402) to the server (404) via a communication channel which is separate from the communication channel used to transport the video program from the source (402) to the server (404).
Subsequently, when the remote server (404) receives (608) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by multiplexing (610) the encrypted program in the first encrypted form (and the key if necessary) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (612) via the secondary distribution network (108) to the requesting subscriber station (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (614) to isolate the encrypted program in the first encrypted form (and the key if necessary), the encrypted program is decrypted (616) from the first encrypted form to generate the unencrypted video program, and then the video program is displayed (618), typically, on a television monitor connected to set-top box.
Fig. 7 is a flow chart depicting a secure process (700) for distributing video on-demand content via a cable distribution network (400) in accordance with a fourth aspect of the present invention. The process (700) depicted in Fig. 7 may be called a multiple-layer encryption process. In comparison with the process (600) in Fig. 6, the process (700) in Fig. 7 "pre-encrypts" (702) the video program at the source (402), completes encryption (704) of the video program at the remote server (404), and fully decrypts (706) the video program at the subscriber station (110).
The pre-encryption step (702) may be implemented by applying a single DES encryption or a double DES encryption. If the pre-encryption step (702) uses a single DES encryption, then the completion of encryption step (704) may be implemented by applying a double DES encryption to achieve triple-DES encryption.
Similarly, if the pre-encryption step (702) uses a double DES encryption, then the completion of encryption step (704) may be implemented by applying a single DES encryption to achieve triple-DES encryption. In either case, the video program is transported from the remote server (404) to the subscriber station (110) while under triple-DES
encryption. As long as the subscriber station has the three keys required, it will be able to fully decrypt (706) the triple-DES encryption to obtain the unencrypted video program.
Fig. 8 is a schematic diagram showing interconnected components relating to encryption within the VOD source (402) in accordance with the fourth aspect of the present invention. The interconnected components include: a content source (802), a encryption coordinator (804), a content manager (806), a encryptor (808), and a encryptor controller (810). The operation of these components is discussed below in relation to Figs. 9 and 10.
Fig. 9 is a flow chart depicting an initial process (900) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with the present invention.
This initial process (900) occurs when the particular digital video content is introduced for the first time from the VOD source (402) to the remote server (404).
In a first step (902), the digital video content is loaded from the content source (802) to the encryption coordinator (804). In a second step (904), the encryption coordinator (804) receives the content and schedules the content for encryption. The scheduling of the encryption is performed by the encryption coordinator (804) under control of the content manager (806). The content manager holds the schedule information regarding times when a particular content, e.g. a movie, is scheduled to be encrypted (identified for which one of the encryption mechanisms described here) and distributed to a set of Remote Video Servers. The scheduling depends upon the other content already scheduled for encryption and upon the throughput of the encryptor. The schedule will be assigned and adjusted as necessary to accommodate the priorities and timing requirements of the various content to be encrypted.
In a third step (906), at the scheduled time for encryption, the content is loaded by the encryptor (808). In a fourth step (908), the encryptor (808) uses a particular key corresponding to the appropriate time epoch to encrypt the content. The encryption of the content is performed by the encryptor (808) under control of the encryptor controller (810). The encryptor controller is the first component of the end to end key management system. Since the encryption process may be single or multi-level encryption, e.g. DVB-Superscrambling or Triple DES, the encryption keys may change many times, periodically or aperiodically, during the encryption of a single content, i.e.
every 5 minutes of a movie. These keys with index references to where the key change occurred in the content (markers), are delivered to the Remote Video Servers in a secure mechanism, e.g. RSA. In a fifth step (910), the encrypted content is passed back to the encryption coordinator (804). The encrypted content is then introduced (604) from the VOD source (402) to the remote server (404).
Fig. 10 is a flow chart depicting a renewal process (1000) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with the present invention. This renewal process (1000) occurs whenever encryption is to be renewed for particular digital video content stored on the remote server (404).
Prior to renewal process (1000), the digital video is stored on the remote server (404) in a encrypted form under a key of a "first" (not necessarily initial) time epoch. The first step (1002) of the renewal process (1000) relates to the nearing of the end of the first time epoch. In accordance with a preferred embodiment of the present invention, a time epoch does not need to correspond to a billing cycle.
Rather, time epochs may be selected in order to afford proper protection for the content during the lifetime of the content on the remote server (404).
In a second step (1004), once the end of the first time epoch nears, the digital video content is copied from the remote server (404) back to the encryption coordinator (804) in the VOD source (402). In a third step (1006), the encryption coordinator (804) receives the content and schedules the content for encryption. The scheduling of the encryption is performed by the encryption coordinator (804) under control of the content manager (806).
In a fourth step (1008), at the scheduled time for encryption, the content is loaded by the encryptor (808). In a fifth step (1010), the encryptor (808) uses the particular key corresponding to the first time epoch to decrypt the content.
Subsequently, in a sixth step (1012), the encryptor (808) uses a particular key corresponding to a "second" time epoch to re-encrypt the content. The decryption and re-encryption of the content is performed by the encryptor (808) under control of the encryptor controller (810). In a seventh step (1014), the re-encrypted content is passed back to the encryption coordinator (804). In an eighth step (1016), the re-encrypted content is then sent from the VOD source (402) to the remote server (404).
In a ninth step (1018), the first time epoch ends and the second time epoch begins. Finally, in a tenth step (1020), once the second time epoch begins, the remote server begins serving the version of the encrypted content which relates to the second time epoch and deletes the version which relates to the first time epoch.
Fig. 11A is a schematic diagram showing a conventional MPEG-2 transport stream (TS) packet (1100). The TS packet (1100) comprises a TS
header (1102) and a TS payload (1104). The general contents of the TS header (1102) and TS
payload (1104) are described below. Further details are given in various publications, including the MPEG-2 standard itself, formally referred to as ISO 13818.
As shown in Fig. 1 lA, the transport header (1102) may include a sync_byte, a transport_error indicator (TEI), a payload_unit_start indicator (SI), a transport_priority (TP), a packet ID (PID), a transport_scrambling_control (SC), an adaptation_field_control (AFC), a continuity_counter (CC), and an (optional) adaptation_field (AF). The sync_byte is used for synchronization purposes and generally has a fixed value of 0x47. The TEI is used to indicate an uncorrectable bit error exists in the current TS packet. The SI is used to indicate the presence in the transport payload (1104) of a new PES (packetized elementary stream) packet or a new TS-PSI
(transport stream-program specific information) section. The TP is used to indicate a higher priority for the current TS packet. The PID is used to distinguish between elementary streams and so is used by a subscriber station (110) to find, identify, and reconstruct programs from the transport stream. The SC is used to indicate the scrambling mode of the transport payload (1104). The AFC is used to indicate the presence of an adaptation field. The CC
increments with each nonrepeated TS packet having the corresponding PID.
Finally, the AF may contains flags and indicators, a program clock reference, plus other data.
The TS payload (1104) includes PES packets which are described further below.
Fig. 11B is a schematic diagram showing a conventional MPEG-2 Packetized Elementary Stream (PES) packet (1150). The PES packet (1150) comprises a PES header (1152) and a PES payload (1154). The general contents of the PES
header (1152) and PES payload (1104) are described below. Further details are given in various publications, including the MPEG-2 standard itself, formally referred to as ISO 13818.
As shown in Fig. 11B, the PES header (1152) includes a start_code_prefix, a stream_id, a PES_packet_length, optional fields, and padding_bytes. The start code_prefix is a string of 23 or more binary Os, followed by a binary 1.
the start code_prefix is followed by the stream_id. The stream_id comprises 8 bits which are used to label the PES, as well as to specify the type of PES. The PES_packet_length is used to indicate the number of bytes in the PES packet. Optional fields may include various fields. For PES packets carrying video, optional fields of particular significance include a presentation time stamp (PTS) and a decoding time stamp (DTS). The PTS tells the decoder when to display a video frame. The DTS tells the decoder when to decode a video frame. Finally, padding_bytes comprise fixed 8-bit values equal to OxFF
which are to be discarded by the decoder.
The PES payload (1154) includes PES packet data bytes which are contiguous bytes of data from the elementary stream. The elementary stream may consist of compressed data from a video source, or an audio source, or a data source.
Fig. 12A is a flow chart depicting a process for selective encryption (1200) utilizing the payload unit start indicator (SI) in accordance with a first embodiment of the present invention. This process (1200) may be utilized to reduce the amount of encryption required while maintaining a high level of security. This process (1200) is performed during the construction of the TS packet (1100).
In a first step (1202), a determination is made as to whether the TS
payload (1104) will contain a new PES packet or a new TS-PSI section. If the TS
payload (1104) will not contain a new PES packet or a new TS-PSI section, then in a second step (1204) the TS packet (1100) is constructed with the SI flag is reset to zero, and in a third step (1206) the TS packet (1100) is constructed with an unencrypted TS
payload (1104). In alternate embbdiments (not shown), the third step (1206) may occur before or in parallel with the second step (1204).
Otherwise, if the TS payload (1104) will contain a new PES packet or a new TS-PSI section, then in a fourth step (1208) the TS packet (1100) is constructed with the SI flag set to one, in a fifth step (1210) the TS payload (1104) is encrypted, and in a sixth step (1212) the TS packet (1100) is constructed with the encrypted TS
payload (1104). In alternate embodiments (not shown), the fifth and sixth steps (1210 and 1212) may occur before or in parallel with the fourth step (1208). In this way, the amount of encryption required is advantageously reduced since only TS payloads (1104) containing a new PES packet or a new TS-PSI section will require encryption.
Nevertheless, a high level of security is maintained because the beginning portion of each PES
packet and TS-PSI section will be encrypted.
Fig. 12B is a flow chart depicting a process for selective decryption (1250) using a payload unit start indicator in accordance with the first embodiment of the present invention. This process (1250) is utilized in conjunction with the process of Fig. 12A
(1200) to reduce the amount of decryption required while maintaining a high level of security. This process (1250) is performed when the transport payload (1104) is decrypted (510, 616, or 706) either at the remote server (404) or at the subscriber station (110).
In a first step (1252), the payload unit start indicator (SI) flag is scanned.
In a second step (1254), a determination is made as to whether the SI flag is set. If the SI
flag is set, then in a third step (1256) the TS payload (1104) is decrypted to undo the encryption (1210). If the SI flag is not set, then in a fourth step (1258) the TS payload (1104) is not decrypted to undo the encryption (1210).
In this way, the amount of decryption required is advantageously reduced since only TS payloads (1104) containing a new PES packet or a new TS-PSI
section will require decryption to undo the encryption (1210). Nevertheless, a high level of security is maintained because the beginning portion of each PES packet and TS-PSI section will require decryption to undo the encryption (1210).
Fig. 13 is a schematic diagram showing a TS packet (1100) including a selective encryption status field (1302) in accordance with a second embodiment of the present invention. As shown in Fig. 13, the selective encryption status field (1302) is pre-appended before the TS header (1102) in the structure of the TS packet (1100).
Selective encryption status field is either prepended or the transport Scrambling Control (SC) flags are used to mark the selected encryption.
Fig. 14A is a flow chart depicting a first process for encryption (1400) in accordance with the second embodiment of the present invention. The first process (1400) corresponds to a highest level of security, where the TS payload (1104) is encrypted for each and every TS packet (1100).
In accordance with this first process, in a first step (1402), the selective encryption status field (1302) is set. This first step (1402) is done for all TS packets (1100). In a second step (1404), the TS payload (1104) is encrypted. Since the selective encryption status field (1302) is set for all TS packets (1100), the TS
payload (1104) is encrypted for all TS packets (1100). In a third step (1406), the TS packet (1100) is constructed using the encrypted TS payload for all TS packets (1100).
Fig. 14B is a flow chart depicting a second process for encryption (1410) in accordance with the second embodiment of the present invention. The second process (1410) corresponds to an intermediate level of security, where the TS payload (1104) is encrypted only if it includes video data for a MPEG-2 I-frame (Intra frame).
An I-frame contains full picture frames and are the least compressed type of frame.
In a first step (1412), all PES headers (1152) to be sent are parsed. In a second step (1414), a determination is made from the result of the parsing as to whether the current TS payload (1104) includes video data for an I-frame. On selective encryption, one of three modes are used to determine the selection of what TS
packet to encrypt. Usually, the reference display information that is necessary to decoding is selected, i.e. I-Frame in a Group Of Pictures (GOP). Without the I-Frames, B-Frames and P-Frames cannot be used. First method is through the use of a marker that is prepended to the start of selected TS packets, before the sync byte. Second is through the use of information provided or added in the adaptation field of the PES
headers. Third is through overloading existing fields in the header. An example of this is to use the Scrambling Control (SC) flags to tell the encryptor which TS packets to encrypt.
If I-frame data is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload.
Otherwise, if no I-frame data is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14C is a flow chart depicting a third process for encryption (1430) in accordance with the second embodiment of the present invention. The third process (1430) is similar to the second process (1410), except that in the third process (1430) the TS payload (1104) is encrypted if it includes video data for either a MPEG-2 I-frame or a MPEG-2 P-frame(Predicted frame). This third process (1430) would provide a level of security somewhere in between the levels provided by the first and the second process (1400 and 1410).
P-frames are predicted from past I or P frames. A third type of MPEG-2 frame is a B-frame (Bidirectional predicted frame). B-frames are predicted from past and future I and P frames. B frames offer the greatest compression of the three frame types.
Step-wise, the third process (1430) has a different second step (1432) compared with the second step (1414) of the second process (1410). In the second step (1432) of the third process (1430). a determination is made from the result of the parsing as to whether the current TS payload (1104) includes video data for an I or a P frame.
If I or P frame data is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload.
Otherwise, if neither I nor P frame data is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS
packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14D is a flow chart depicting a fourth process for encryption (1440) in accordance with the second embodiment of the present invention. The fourth process (1440) is similar to the second process (1410), except that in the fourth process (1430) the TS payload (1104) is encrypted if it includes a decode time stamp (DTS) and/or a presentation time stamp (PTS).
The DTS and PTS are included in PES headers (1152) in order to indicate to the decoder when to decode and present, respectively, a video frame.
Without the DTS
and PTS, a decoder cannot properly decode and present the video data.
Step-wise, the fourth process (1440) has a different second step (1442) compared with the second step (1414) of the second process (1410). In the second step (1442) of the fourth process (1440). a determination is made from the result of the parsing as to whether the current TS payload (1104) includes a DTS and/or PTS.
If a DTS and/or PTS is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (I 100) is constructed with the encrypted TS payload.
Otherwise, if neither DTS nor PTS is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS
packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14E is a flow chart depicting a fifth process for encryption (1450) in accordance with the second embodiment of the present invention. The fifth process (1450) is similar to the second process (1410), except that in the fifth process (1450) the TS payload (1104) is encrypted if it is selected by a counter.
Step-wise, the fifth process (1450) has different first and second steps than the second process (1410). In the first step (1452), a counter is incremented.
In the second step (1454), a determination is made as to whether the counter has been incremented to a next periodic subset of counts (for example, to a next subset of ten counts).
If the counter has been incremented to a next periodic subset of counts, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload. Otherwise, if the counter is still within a same periodic subset of counts, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14F is a flow chart depicting a sixth process for encryption (1460) in accordance with the second embodiment of the present invention. The sixth process (1460) is similar to the second process (1410), except that in the sixth process (1450) the TS payload (1104) is encrypted if it is selected by a random selection.
Step-wise, the sixth process (1460) has different first and second steps than the second process (1410). In the first step (1462), a random number is generated. In the second step (1454), a determination is made as to whether the random number selected is within a predetermined subset of a set of possible random numbers (for example, within a subset from 0 to 9 of a set from 0 to 99).
If the random number selected is within the predetermined subset, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS
payload. Otherwise, if the random number selected is outside of the predetermined subset, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 15 is a flow chart depicting a process for decryption (1500) in accordance with the second embodiment of the present invention. The decryption process (1500) in Fig. 15 is utilized in conjunction with one of the six encryption processes (1400, 1410, 1430, 1440, 1450, and 1460) shown in Figs. 14A-F. This decryption process (1500) is performed when the transport payload (1104) is decrypted (510, or 616, or 706) either at the remote server (404) or at the subscriber station (110).
In a first step (1502), the selective encryption status field (1302) is scanned. In a second step (1504), a determination is made as to whether the status field (1302) is set. If the status field (1302) is set, then in a third step (1506) the TS payload (1104) is decrypted to undo the encryption (1418). If the status field (1302) is not set, then in a fourth step (1508) the TS payload (1104) is not decrypted to undo the encryption (1418).
In this way, the amount of decryption required is advantageously reduced since only select TS payloads (1104) will require decryption to undo the encryption (1418). Nevertheless, a substantial level of security is maintained because select TS
payloads (1104) will require decryption to undo the encryption (1418).
It is to be understood that the specific mechanisms and techniques which have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to video on-demand, it also has some application in broadcast video. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.
In the above description as well as in the following claims, a field or flag may be configured such that it is set to indicate a first state and reset to indicate a second state. Nevertheless, it is well understood in the art that the field or flag may be equivalently configured such that it is reset to indicate the first state and set to indicate the second state.
In a third step (354), the encryption system in the premium broadcast source (104) changes to a new encryption key for use in encrypting the premium digital TV broadcast. The new encryption key corrresponds to the new billing cycle. In a fourth step (356), the encryption system in the premium broadcast source (104) fully encrypts the premium digital TV in real-time using the new encryption key. In a fifth step (358), the encrypted premium digital TV is broadcast to the subscriber stations (110) via the conventional cable distribution network (100). In a sixth step (360), the subscriber stations (110) receive and fully decrypt the encrypted premium digital TV
using the new authorizations. Of course, only subscriber stations (110) which are subscribing to the premium digital TV broadcast for the new billing cycle have the new authorizations and so only they are able to fully decrypt the encrypted broadcast.
In a seventh step (362), a determination is made as to whether an end of the new billing cycle is being reached. If the end is not being reached, then the process (350) loops back to the fourth step (356) where the premium digital TV
continues to be encrypted in real-time and then broadcast. Otherwise, if the end is being reached, then the process (350) goes on back to the first step (351) where a new billing cycle starts.
Fig. 4 is a schematic diagram of a cable distribution network (400) including a video on-demand source (402) in accordance with a preferred embodiment of the present invention. In addition to the components of the conventional cable distribution network (100) shown in Fig. 1, the cable distribution network (400) shown in Fig. 4 includes a video on-demand source (402) and a remote server (404). The video on-demand source (402) may house, for example, a collection of video programs such as, for example, movies. As shown in Fig. 4, the remote server (404) may be located within the distribution center (106). The remote server (404) may include, for example, a parallel processing computer configured to be a video server, a disk drive array to store video data, and a video session manager to provide session control of the video data flowing to and from the video server.
Fig. 5A is a flow chart depicting a secure process (500) for distributing video on-demand content via a cable distribution network (400) in accordance with a first aspect of the present invention. The process depicted in Fig. 5A may be called a store, decrypt, and re-encrypt process.
First, a video program is encrypted (502) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (504) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). The encrypted program is then stored (506) in the remote server (404).
Subsequently, when the remote server (404) receives (508) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by first decrypting (510) the video program from the first encrypted form.
A first key is may be used to accomplish such decryption (510), and such key may have been received from the video on-demand source (402) via a communication channel that is separate from the one used to transmit the video program. After the video program is decrypted (510), the remote server (404) re-encrypts (512) the video program into a second encrypted form using a second key.
The second key may be a public key of a public key encryption system.
Such a public key encryption system uses two different key: a public key to encrypt data and a private key to decrypt data. In that case, decryption would be accomplished using a corresponding private key of the public key encryption system. Examples of such a public key encryption system is encryption under the PGP (Pretty Good Privacy) system or under the RSA (Rivest, Shamir, and Adleman) system. Alternatively, the second key may be a private key of a private key encryption system. Such a private key encryption system uses a single private key to encrypt and decrypt data. Examples of such a private key encryption system is encryption under the Data Encryption Standard (DES) or under triple-DES which involves applying DES three times to enhance security. The private key(s) itself may be transmitted from the remote server (404) to the subscriber station (110) while encrypted in a third encrypted form.
After the video program is re-encrypted (512), the re-encrypted program in the second encrypted form (and the second key if necessary) is multiplexed (514) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (516) via the secondary distribution network (108) to the subscriber stations (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (518) to isolate the re-encrypted program in the second encrypted form (and the second key if necessary), the re-encrypted program is decrypted (520) from the second encrypted form to generate the unencrypted video program, and then the video program is displayed (522), typically, on a television monitor connected to set-top box.
Fig. 5B is a flow chart depicting a secure process (550) for distributing video on-demand content via a cable distribution network (400) in accordance with a second aspect of the present invention. The process (550) depicted in Fig. 5B
may be called a decrypt, re-encrypt, and store process. In comparison with the process (500) in Fig. 5A, the process (550) in Fig. 5B decrypts (510) and re-encrypts (512) the video program before the video program is stored (506) in the remote server (404).
First, a video program is encrypted (502) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (504) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). At this point, the remote server (510) decrypts (510) the video program from the first encrypted form. A
first key is may be used to accomplish such decryption (510), and such key may have been received from the video on-demand source (402) via a communication channel that is separate from the one used to transmit the video program. After the video program is decrypted (510), the remote server (404) re-encrypts (512) the video program into a second encrypted form using a second key. After the decryption (510) and re-encryption (510), the re-encrypted program is then stored (506) in the remote server (404).
Note that step (506) in Fig. 5B differs from step (506) in Fig. 5A in that step (506) in Fig. 5B involves storing the video program in the second encrypted form while step (506) in Fig. 5A involves storing the video program in the first encrypted form.
Subsequently, when the remote server (404) receives (508) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by multiplexing (514) the re-encrypted program in the second encrypted form (and the second key if necessary) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (516) via the secondary distribution network (108) to the requesting subscriber station (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (518) to isolate the re-encrypted program in the second encrypted form (and the second key if necessary), the re-encrypted program is decrypted (520) from the second encrypted form to generate the unencrypted video program, and then the video program is displayed (522), typically, on a television monitor connected to set-top box.
Fig. 6 is a flow chart depicting a secure process (600) for distributing video on-demand content via a cable distribution network (400) in accordance with a third aspect of the present invention. The process (600) depicted in Fig. 6 may be called a pass-through process.
First, a video program is encrypted (602) by a video on-demand source (402) to generate an encrypted program in a first encrypted form. The encrypted program is transported (604) via a primary distribution network from the video on-demand source (402) to a remote server (404) within a distribution center (106). A key to decrypt the encrypted program may also be transported from the source (402) to the server (404).
The encrypted program is then stored (606) in the remote server (404).
The key may be a public key of a public key encryption system. Such a public key encryption system uses two different key: a public key to encrypt data and a private key to decrypt data. In that case, decryption would be accomplished using a corresponding private key of the public key encryption system. Examples of such a public key encryption system is encryption under the PGP (Pretty Good Privacy) system or under the RSA (Rivest, Shamir, and Adleman) system. Alternatively, the key may be a private key of a private key encryption system. Such a private key encryption system uses a single private key to encrypt and decrypt data. Examples of such a private key encryption system is encryption under the Data Encryption Standard (DES) or under triple-DES which involves applying DES three times to enhance security. The private key(s) itself may be transmitted from the source (402) to the server (404) while encrypted in a second encrypted form. Alternatively, the private key(s) may be transported from the source (402) to the server (404) via a communication channel which is separate from the communication channel used to transport the video program from the source (402) to the server (404).
Subsequently, when the remote server (404) receives (608) a request for transmission of the video program from a subscriber station (110), the remote server (404) responds by multiplexing (610) the encrypted program in the first encrypted form (and the key if necessary) with other signals to generate a multiplexed signal. The multiplexed signal is then distributed (612) via the secondary distribution network (108) to the requesting subscriber station (110).
At the subscriber stations (110), the multiplexed signal is demultiplexed (614) to isolate the encrypted program in the first encrypted form (and the key if necessary), the encrypted program is decrypted (616) from the first encrypted form to generate the unencrypted video program, and then the video program is displayed (618), typically, on a television monitor connected to set-top box.
Fig. 7 is a flow chart depicting a secure process (700) for distributing video on-demand content via a cable distribution network (400) in accordance with a fourth aspect of the present invention. The process (700) depicted in Fig. 7 may be called a multiple-layer encryption process. In comparison with the process (600) in Fig. 6, the process (700) in Fig. 7 "pre-encrypts" (702) the video program at the source (402), completes encryption (704) of the video program at the remote server (404), and fully decrypts (706) the video program at the subscriber station (110).
The pre-encryption step (702) may be implemented by applying a single DES encryption or a double DES encryption. If the pre-encryption step (702) uses a single DES encryption, then the completion of encryption step (704) may be implemented by applying a double DES encryption to achieve triple-DES encryption.
Similarly, if the pre-encryption step (702) uses a double DES encryption, then the completion of encryption step (704) may be implemented by applying a single DES encryption to achieve triple-DES encryption. In either case, the video program is transported from the remote server (404) to the subscriber station (110) while under triple-DES
encryption. As long as the subscriber station has the three keys required, it will be able to fully decrypt (706) the triple-DES encryption to obtain the unencrypted video program.
Fig. 8 is a schematic diagram showing interconnected components relating to encryption within the VOD source (402) in accordance with the fourth aspect of the present invention. The interconnected components include: a content source (802), a encryption coordinator (804), a content manager (806), a encryptor (808), and a encryptor controller (810). The operation of these components is discussed below in relation to Figs. 9 and 10.
Fig. 9 is a flow chart depicting an initial process (900) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with the present invention.
This initial process (900) occurs when the particular digital video content is introduced for the first time from the VOD source (402) to the remote server (404).
In a first step (902), the digital video content is loaded from the content source (802) to the encryption coordinator (804). In a second step (904), the encryption coordinator (804) receives the content and schedules the content for encryption. The scheduling of the encryption is performed by the encryption coordinator (804) under control of the content manager (806). The content manager holds the schedule information regarding times when a particular content, e.g. a movie, is scheduled to be encrypted (identified for which one of the encryption mechanisms described here) and distributed to a set of Remote Video Servers. The scheduling depends upon the other content already scheduled for encryption and upon the throughput of the encryptor. The schedule will be assigned and adjusted as necessary to accommodate the priorities and timing requirements of the various content to be encrypted.
In a third step (906), at the scheduled time for encryption, the content is loaded by the encryptor (808). In a fourth step (908), the encryptor (808) uses a particular key corresponding to the appropriate time epoch to encrypt the content. The encryption of the content is performed by the encryptor (808) under control of the encryptor controller (810). The encryptor controller is the first component of the end to end key management system. Since the encryption process may be single or multi-level encryption, e.g. DVB-Superscrambling or Triple DES, the encryption keys may change many times, periodically or aperiodically, during the encryption of a single content, i.e.
every 5 minutes of a movie. These keys with index references to where the key change occurred in the content (markers), are delivered to the Remote Video Servers in a secure mechanism, e.g. RSA. In a fifth step (910), the encrypted content is passed back to the encryption coordinator (804). The encrypted content is then introduced (604) from the VOD source (402) to the remote server (404).
Fig. 10 is a flow chart depicting a renewal process (1000) for encrypting (502, 602, or 702) content at a VOD source (402) in accordance with the present invention. This renewal process (1000) occurs whenever encryption is to be renewed for particular digital video content stored on the remote server (404).
Prior to renewal process (1000), the digital video is stored on the remote server (404) in a encrypted form under a key of a "first" (not necessarily initial) time epoch. The first step (1002) of the renewal process (1000) relates to the nearing of the end of the first time epoch. In accordance with a preferred embodiment of the present invention, a time epoch does not need to correspond to a billing cycle.
Rather, time epochs may be selected in order to afford proper protection for the content during the lifetime of the content on the remote server (404).
In a second step (1004), once the end of the first time epoch nears, the digital video content is copied from the remote server (404) back to the encryption coordinator (804) in the VOD source (402). In a third step (1006), the encryption coordinator (804) receives the content and schedules the content for encryption. The scheduling of the encryption is performed by the encryption coordinator (804) under control of the content manager (806).
In a fourth step (1008), at the scheduled time for encryption, the content is loaded by the encryptor (808). In a fifth step (1010), the encryptor (808) uses the particular key corresponding to the first time epoch to decrypt the content.
Subsequently, in a sixth step (1012), the encryptor (808) uses a particular key corresponding to a "second" time epoch to re-encrypt the content. The decryption and re-encryption of the content is performed by the encryptor (808) under control of the encryptor controller (810). In a seventh step (1014), the re-encrypted content is passed back to the encryption coordinator (804). In an eighth step (1016), the re-encrypted content is then sent from the VOD source (402) to the remote server (404).
In a ninth step (1018), the first time epoch ends and the second time epoch begins. Finally, in a tenth step (1020), once the second time epoch begins, the remote server begins serving the version of the encrypted content which relates to the second time epoch and deletes the version which relates to the first time epoch.
Fig. 11A is a schematic diagram showing a conventional MPEG-2 transport stream (TS) packet (1100). The TS packet (1100) comprises a TS
header (1102) and a TS payload (1104). The general contents of the TS header (1102) and TS
payload (1104) are described below. Further details are given in various publications, including the MPEG-2 standard itself, formally referred to as ISO 13818.
As shown in Fig. 1 lA, the transport header (1102) may include a sync_byte, a transport_error indicator (TEI), a payload_unit_start indicator (SI), a transport_priority (TP), a packet ID (PID), a transport_scrambling_control (SC), an adaptation_field_control (AFC), a continuity_counter (CC), and an (optional) adaptation_field (AF). The sync_byte is used for synchronization purposes and generally has a fixed value of 0x47. The TEI is used to indicate an uncorrectable bit error exists in the current TS packet. The SI is used to indicate the presence in the transport payload (1104) of a new PES (packetized elementary stream) packet or a new TS-PSI
(transport stream-program specific information) section. The TP is used to indicate a higher priority for the current TS packet. The PID is used to distinguish between elementary streams and so is used by a subscriber station (110) to find, identify, and reconstruct programs from the transport stream. The SC is used to indicate the scrambling mode of the transport payload (1104). The AFC is used to indicate the presence of an adaptation field. The CC
increments with each nonrepeated TS packet having the corresponding PID.
Finally, the AF may contains flags and indicators, a program clock reference, plus other data.
The TS payload (1104) includes PES packets which are described further below.
Fig. 11B is a schematic diagram showing a conventional MPEG-2 Packetized Elementary Stream (PES) packet (1150). The PES packet (1150) comprises a PES header (1152) and a PES payload (1154). The general contents of the PES
header (1152) and PES payload (1104) are described below. Further details are given in various publications, including the MPEG-2 standard itself, formally referred to as ISO 13818.
As shown in Fig. 11B, the PES header (1152) includes a start_code_prefix, a stream_id, a PES_packet_length, optional fields, and padding_bytes. The start code_prefix is a string of 23 or more binary Os, followed by a binary 1.
the start code_prefix is followed by the stream_id. The stream_id comprises 8 bits which are used to label the PES, as well as to specify the type of PES. The PES_packet_length is used to indicate the number of bytes in the PES packet. Optional fields may include various fields. For PES packets carrying video, optional fields of particular significance include a presentation time stamp (PTS) and a decoding time stamp (DTS). The PTS tells the decoder when to display a video frame. The DTS tells the decoder when to decode a video frame. Finally, padding_bytes comprise fixed 8-bit values equal to OxFF
which are to be discarded by the decoder.
The PES payload (1154) includes PES packet data bytes which are contiguous bytes of data from the elementary stream. The elementary stream may consist of compressed data from a video source, or an audio source, or a data source.
Fig. 12A is a flow chart depicting a process for selective encryption (1200) utilizing the payload unit start indicator (SI) in accordance with a first embodiment of the present invention. This process (1200) may be utilized to reduce the amount of encryption required while maintaining a high level of security. This process (1200) is performed during the construction of the TS packet (1100).
In a first step (1202), a determination is made as to whether the TS
payload (1104) will contain a new PES packet or a new TS-PSI section. If the TS
payload (1104) will not contain a new PES packet or a new TS-PSI section, then in a second step (1204) the TS packet (1100) is constructed with the SI flag is reset to zero, and in a third step (1206) the TS packet (1100) is constructed with an unencrypted TS
payload (1104). In alternate embbdiments (not shown), the third step (1206) may occur before or in parallel with the second step (1204).
Otherwise, if the TS payload (1104) will contain a new PES packet or a new TS-PSI section, then in a fourth step (1208) the TS packet (1100) is constructed with the SI flag set to one, in a fifth step (1210) the TS payload (1104) is encrypted, and in a sixth step (1212) the TS packet (1100) is constructed with the encrypted TS
payload (1104). In alternate embodiments (not shown), the fifth and sixth steps (1210 and 1212) may occur before or in parallel with the fourth step (1208). In this way, the amount of encryption required is advantageously reduced since only TS payloads (1104) containing a new PES packet or a new TS-PSI section will require encryption.
Nevertheless, a high level of security is maintained because the beginning portion of each PES
packet and TS-PSI section will be encrypted.
Fig. 12B is a flow chart depicting a process for selective decryption (1250) using a payload unit start indicator in accordance with the first embodiment of the present invention. This process (1250) is utilized in conjunction with the process of Fig. 12A
(1200) to reduce the amount of decryption required while maintaining a high level of security. This process (1250) is performed when the transport payload (1104) is decrypted (510, 616, or 706) either at the remote server (404) or at the subscriber station (110).
In a first step (1252), the payload unit start indicator (SI) flag is scanned.
In a second step (1254), a determination is made as to whether the SI flag is set. If the SI
flag is set, then in a third step (1256) the TS payload (1104) is decrypted to undo the encryption (1210). If the SI flag is not set, then in a fourth step (1258) the TS payload (1104) is not decrypted to undo the encryption (1210).
In this way, the amount of decryption required is advantageously reduced since only TS payloads (1104) containing a new PES packet or a new TS-PSI
section will require decryption to undo the encryption (1210). Nevertheless, a high level of security is maintained because the beginning portion of each PES packet and TS-PSI section will require decryption to undo the encryption (1210).
Fig. 13 is a schematic diagram showing a TS packet (1100) including a selective encryption status field (1302) in accordance with a second embodiment of the present invention. As shown in Fig. 13, the selective encryption status field (1302) is pre-appended before the TS header (1102) in the structure of the TS packet (1100).
Selective encryption status field is either prepended or the transport Scrambling Control (SC) flags are used to mark the selected encryption.
Fig. 14A is a flow chart depicting a first process for encryption (1400) in accordance with the second embodiment of the present invention. The first process (1400) corresponds to a highest level of security, where the TS payload (1104) is encrypted for each and every TS packet (1100).
In accordance with this first process, in a first step (1402), the selective encryption status field (1302) is set. This first step (1402) is done for all TS packets (1100). In a second step (1404), the TS payload (1104) is encrypted. Since the selective encryption status field (1302) is set for all TS packets (1100), the TS
payload (1104) is encrypted for all TS packets (1100). In a third step (1406), the TS packet (1100) is constructed using the encrypted TS payload for all TS packets (1100).
Fig. 14B is a flow chart depicting a second process for encryption (1410) in accordance with the second embodiment of the present invention. The second process (1410) corresponds to an intermediate level of security, where the TS payload (1104) is encrypted only if it includes video data for a MPEG-2 I-frame (Intra frame).
An I-frame contains full picture frames and are the least compressed type of frame.
In a first step (1412), all PES headers (1152) to be sent are parsed. In a second step (1414), a determination is made from the result of the parsing as to whether the current TS payload (1104) includes video data for an I-frame. On selective encryption, one of three modes are used to determine the selection of what TS
packet to encrypt. Usually, the reference display information that is necessary to decoding is selected, i.e. I-Frame in a Group Of Pictures (GOP). Without the I-Frames, B-Frames and P-Frames cannot be used. First method is through the use of a marker that is prepended to the start of selected TS packets, before the sync byte. Second is through the use of information provided or added in the adaptation field of the PES
headers. Third is through overloading existing fields in the header. An example of this is to use the Scrambling Control (SC) flags to tell the encryptor which TS packets to encrypt.
If I-frame data is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload.
Otherwise, if no I-frame data is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14C is a flow chart depicting a third process for encryption (1430) in accordance with the second embodiment of the present invention. The third process (1430) is similar to the second process (1410), except that in the third process (1430) the TS payload (1104) is encrypted if it includes video data for either a MPEG-2 I-frame or a MPEG-2 P-frame(Predicted frame). This third process (1430) would provide a level of security somewhere in between the levels provided by the first and the second process (1400 and 1410).
P-frames are predicted from past I or P frames. A third type of MPEG-2 frame is a B-frame (Bidirectional predicted frame). B-frames are predicted from past and future I and P frames. B frames offer the greatest compression of the three frame types.
Step-wise, the third process (1430) has a different second step (1432) compared with the second step (1414) of the second process (1410). In the second step (1432) of the third process (1430). a determination is made from the result of the parsing as to whether the current TS payload (1104) includes video data for an I or a P frame.
If I or P frame data is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload.
Otherwise, if neither I nor P frame data is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS
packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14D is a flow chart depicting a fourth process for encryption (1440) in accordance with the second embodiment of the present invention. The fourth process (1440) is similar to the second process (1410), except that in the fourth process (1430) the TS payload (1104) is encrypted if it includes a decode time stamp (DTS) and/or a presentation time stamp (PTS).
The DTS and PTS are included in PES headers (1152) in order to indicate to the decoder when to decode and present, respectively, a video frame.
Without the DTS
and PTS, a decoder cannot properly decode and present the video data.
Step-wise, the fourth process (1440) has a different second step (1442) compared with the second step (1414) of the second process (1410). In the second step (1442) of the fourth process (1440). a determination is made from the result of the parsing as to whether the current TS payload (1104) includes a DTS and/or PTS.
If a DTS and/or PTS is indicated, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (I 100) is constructed with the encrypted TS payload.
Otherwise, if neither DTS nor PTS is indicated, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS
packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14E is a flow chart depicting a fifth process for encryption (1450) in accordance with the second embodiment of the present invention. The fifth process (1450) is similar to the second process (1410), except that in the fifth process (1450) the TS payload (1104) is encrypted if it is selected by a counter.
Step-wise, the fifth process (1450) has different first and second steps than the second process (1410). In the first step (1452), a counter is incremented.
In the second step (1454), a determination is made as to whether the counter has been incremented to a next periodic subset of counts (for example, to a next subset of ten counts).
If the counter has been incremented to a next periodic subset of counts, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS payload. Otherwise, if the counter is still within a same periodic subset of counts, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 14F is a flow chart depicting a sixth process for encryption (1460) in accordance with the second embodiment of the present invention. The sixth process (1460) is similar to the second process (1410), except that in the sixth process (1450) the TS payload (1104) is encrypted if it is selected by a random selection.
Step-wise, the sixth process (1460) has different first and second steps than the second process (1410). In the first step (1462), a random number is generated. In the second step (1454), a determination is made as to whether the random number selected is within a predetermined subset of a set of possible random numbers (for example, within a subset from 0 to 9 of a set from 0 to 99).
If the random number selected is within the predetermined subset, then in a third step (1416) the selective encryption status field (1302) is set to one for the current TS packet (1100), in a fourth step (1418) the current TS payload (1104) is encrypted, and in a fifth step (1419) the current TS packet (1100) is constructed with the encrypted TS
payload. Otherwise, if the random number selected is outside of the predetermined subset, then in a sixth step (1420) the selective encryption status field (1302) is reset to zero, and in a seventh step (1422) the TS packet (1100) is constructed with an unencrypted TS payload (1104).
Fig. 15 is a flow chart depicting a process for decryption (1500) in accordance with the second embodiment of the present invention. The decryption process (1500) in Fig. 15 is utilized in conjunction with one of the six encryption processes (1400, 1410, 1430, 1440, 1450, and 1460) shown in Figs. 14A-F. This decryption process (1500) is performed when the transport payload (1104) is decrypted (510, or 616, or 706) either at the remote server (404) or at the subscriber station (110).
In a first step (1502), the selective encryption status field (1302) is scanned. In a second step (1504), a determination is made as to whether the status field (1302) is set. If the status field (1302) is set, then in a third step (1506) the TS payload (1104) is decrypted to undo the encryption (1418). If the status field (1302) is not set, then in a fourth step (1508) the TS payload (1104) is not decrypted to undo the encryption (1418).
In this way, the amount of decryption required is advantageously reduced since only select TS payloads (1104) will require decryption to undo the encryption (1418). Nevertheless, a substantial level of security is maintained because select TS
payloads (1104) will require decryption to undo the encryption (1418).
It is to be understood that the specific mechanisms and techniques which have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to video on-demand, it also has some application in broadcast video. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.
In the above description as well as in the following claims, a field or flag may be configured such that it is set to indicate a first state and reset to indicate a second state. Nevertheless, it is well understood in the art that the field or flag may be equivalently configured such that it is reset to indicate the first state and set to indicate the second state.
Claims (15)
1. A secure method for providing digital video programming, the method comprising:
determining whether a predetermined criterion for encryption is satisfied;
setting a selective encryption status field if the predetermined criterion is satisfied;
encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied;
resetting the selective encryption status field if the predetermined criterion is unsatisfied;
constructing the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and transmitting the packet.
determining whether a predetermined criterion for encryption is satisfied;
setting a selective encryption status field if the predetermined criterion is satisfied;
encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload, if the predetermined criterion is satisfied;
resetting the selective encryption status field if the predetermined criterion is unsatisfied;
constructing the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and transmitting the packet.
2. The method of claim 1, wherein the predetermined criterion comprises an indication that intra frame data is contained in the unencrypted payload.
3. The method of claim 1, wherein the predetermined criterion comprises an indication that the payload includes data from a group of data including intra frame data and predicted frame data.
4 The method of claim 1, wherein the predetermined criterion comprises an indication that the payload includes a time stamp.
5. The method of claim 1, wherein the predetermined criterion comprises a counter being incremented to a next periodic subset of counts.
6. The method of claim 1, wherein the predetermined criterion comprises a random number being selected within a predetermined subset of a set of possible random numbers.
7. The method of claim 1, wherein the predetermined criterion is always satisfied.
8. The method of claim 1, wherein the predetermined criterion comprises an indication that the unencrypted payload includes a new packetized elementary stream packet, and the selective encryption status field comprises a payload unit start indicator flag.
9. The method of claim 1, wherein the predetermined criterion comprises an indication that the unencrypted payload includes a new program specific information section, and the selective encryption status field comprises a payload unit start indicator flag.
10. The method of claim 1, further comprising:
receiving the packet;
scanning the selective encryption status field;
determining whether the selective encryption status field is set; and decrypting the encrypted payload if the selective encryption status field is set.
receiving the packet;
scanning the selective encryption status field;
determining whether the selective encryption status field is set; and decrypting the encrypted payload if the selective encryption status field is set.
11. The method of claim 1, wherein the payload comprises a transport stream payload, and the packet comprises a transport stream packet.
12. The method of claim 1, wherein the selective encryption status field is preappended to the transport stream packet.
13. The method of claim 1, wherein the digital video programming comprises video on-demand.
14. The method of claim 1, wherein the digital video programming comprises broadcast video.
15. An apparatus for securely providing digital video programming, the apparatus comprising:
a determining device configured to determine whether a predetermined criterion for encryption is satisfied;
a setting device configured to set a selective encryption status field if the predetermined criterion is satisfied;
an encrypting device configured to encrypt an unencrypted payload to generate an encrypted payload, and a first constructing device configured to construct a packet with the encrypted payload, if the predetermined criterion is satisfied;
a resetting device configured to reset the selective encryption status field if the predetermined criterion is unsatisfied;
a second constructing device configured to construct the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and a transmitting device configured to transmit the packet.
a determining device configured to determine whether a predetermined criterion for encryption is satisfied;
a setting device configured to set a selective encryption status field if the predetermined criterion is satisfied;
an encrypting device configured to encrypt an unencrypted payload to generate an encrypted payload, and a first constructing device configured to construct a packet with the encrypted payload, if the predetermined criterion is satisfied;
a resetting device configured to reset the selective encryption status field if the predetermined criterion is unsatisfied;
a second constructing device configured to construct the packet with the unencrypted payload, if the predetermined criterion is unsatisfied; and a transmitting device configured to transmit the packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2674148A CA2674148C (en) | 1999-04-07 | 2000-04-05 | Selective and renewable encryption for secure distribution of video on-demand |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12822499P | 1999-04-07 | 1999-04-07 | |
US60/128,224 | 1999-04-07 | ||
US13116299P | 1999-04-26 | 1999-04-26 | |
US60/131,162 | 1999-04-26 | ||
US09/528,580 US6415031B1 (en) | 1999-03-12 | 2000-03-20 | Selective and renewable encryption for secure distribution of video on-demand |
US09/528,580 | 2000-03-20 | ||
PCT/US2000/009045 WO2000060846A2 (en) | 1999-04-07 | 2000-04-05 | Selective and renewable encryption for secure distribution of video on-demand |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2674148A Division CA2674148C (en) | 1999-04-07 | 2000-04-05 | Selective and renewable encryption for secure distribution of video on-demand |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2369118A1 CA2369118A1 (en) | 2000-10-12 |
CA2369118C true CA2369118C (en) | 2009-10-20 |
Family
ID=27383690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002369118A Expired - Lifetime CA2369118C (en) | 1999-04-07 | 2000-04-05 | Selective and renewable encryption for secure distribution of video on-demand |
Country Status (5)
Country | Link |
---|---|
US (1) | US6415031B1 (en) |
AU (1) | AU4330400A (en) |
CA (1) | CA2369118C (en) |
GB (1) | GB2363278B (en) |
WO (1) | WO2000060846A2 (en) |
Families Citing this family (273)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6020189A (en) * | 1996-08-30 | 2000-02-01 | The Johns Hopkins University School Of Medicine | Fibroblast growth factor homologous factors (FHFs) and methods of use |
JP4763866B2 (en) * | 1998-10-15 | 2011-08-31 | インターシア ソフトウェア エルエルシー | Method and apparatus for protecting digital data by double re-encryption |
US7730300B2 (en) | 1999-03-30 | 2010-06-01 | Sony Corporation | Method and apparatus for protecting the transfer of data |
US6697489B1 (en) | 1999-03-30 | 2004-02-24 | Sony Corporation | Method and apparatus for securing control words |
US7039614B1 (en) | 1999-11-09 | 2006-05-02 | Sony Corporation | Method for simulcrypting scrambled data to a plurality of conditional access devices |
US8055894B2 (en) * | 1999-11-09 | 2011-11-08 | Google Inc. | Process and streaming server for encrypting a data stream with bandwidth based variation |
US6449719B1 (en) | 1999-11-09 | 2002-09-10 | Widevine Technologies, Inc. | Process and streaming server for encrypting a data stream |
US6701528B1 (en) | 2000-01-26 | 2004-03-02 | Hughes Electronics Corporation | Virtual video on demand using multiple encrypted video segments |
US7593529B1 (en) * | 2000-01-27 | 2009-09-22 | Agere Systems Inc. | Scramble methods and apparatus for packetized digital video signal in conditional access system |
US6898285B1 (en) * | 2000-06-02 | 2005-05-24 | General Instrument Corporation | System to deliver encrypted access control information to support interoperability between digital information processing/control equipment |
US8082572B1 (en) | 2000-06-08 | 2011-12-20 | The Directv Group, Inc. | Method and apparatus for transmitting, receiving, and utilizing audio/visual signals and other information |
US20030206631A1 (en) * | 2000-06-22 | 2003-11-06 | Candelore Brant L. | Method and apparatus for scrambling program data for furture viewing |
US7203311B1 (en) * | 2000-07-21 | 2007-04-10 | The Directv Group, Inc. | Super encrypted storage and retrieval of media programs in a hard-paired receiver and storage device |
US7457414B1 (en) * | 2000-07-21 | 2008-11-25 | The Directv Group, Inc. | Super encrypted storage and retrieval of media programs with smartcard generated keys |
US8140859B1 (en) | 2000-07-21 | 2012-03-20 | The Directv Group, Inc. | Secure storage and replay of media programs using a hard-paired receiver and storage device |
US7165175B1 (en) * | 2000-09-06 | 2007-01-16 | Widevine Technologies, Inc. | Apparatus, system and method for selectively encrypting different portions of data sent over a network |
US20020083438A1 (en) * | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
US7080397B2 (en) * | 2000-10-26 | 2006-07-18 | General Instrument Corporation | Communication protocol for content on demand system with callback time |
US7257227B2 (en) * | 2000-10-26 | 2007-08-14 | General Instrument Corporation | System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems |
CA2428946C (en) | 2000-11-14 | 2010-06-22 | Scientific-Atlanta, Inc. | Networked subscriber television distribution |
US8127326B2 (en) | 2000-11-14 | 2012-02-28 | Claussen Paul J | Proximity detection using wireless connectivity in a communications system |
US7150045B2 (en) * | 2000-12-14 | 2006-12-12 | Widevine Technologies, Inc. | Method and apparatus for protection of electronic media |
EP1215905B2 (en) * | 2000-12-15 | 2010-04-21 | Panasonic Corporation | Reception apparatus having a storage unit for recording a scrambled broadcast signal and broadcast apparatus for scrambling a signal to be broadcast, and associated methods |
JP4752113B2 (en) * | 2001-01-16 | 2011-08-17 | ソニー株式会社 | Electronic device and signal transmission method |
US7353380B2 (en) * | 2001-02-12 | 2008-04-01 | Aventail, Llc, A Subsidiary Of Sonicwall, Inc. | Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols |
US7360075B2 (en) * | 2001-02-12 | 2008-04-15 | Aventail Corporation, A Wholly Owned Subsidiary Of Sonicwall, Inc. | Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols |
US7383329B2 (en) | 2001-02-13 | 2008-06-03 | Aventail, Llc | Distributed cache for state transfer operations |
US20020114360A1 (en) * | 2001-02-20 | 2002-08-22 | Perlman Stephen G. | System and method for processing multiple broadcast multimedia streams |
US20020129243A1 (en) * | 2001-03-08 | 2002-09-12 | Viswanath Nanjundiah | System for selective encryption of data packets |
US7386129B2 (en) * | 2001-05-30 | 2008-06-10 | Digeo, Inc. | System and method for multimedia content simulcast |
US7093277B2 (en) * | 2001-05-30 | 2006-08-15 | Digeo, Inc. | System and method for improved multi-stream multimedia transmission and processing |
US7747853B2 (en) | 2001-06-06 | 2010-06-29 | Sony Corporation | IP delivery of secure digital content |
US7124303B2 (en) | 2001-06-06 | 2006-10-17 | Sony Corporation | Elementary stream partial encryption |
US7895616B2 (en) | 2001-06-06 | 2011-02-22 | Sony Corporation | Reconstitution of program streams split across multiple packet identifiers |
US20060159264A1 (en) * | 2001-07-03 | 2006-07-20 | Chen Annie O | System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems |
GB0116713D0 (en) * | 2001-07-09 | 2001-08-29 | Amino Holdings Ltd | Variable security encryption method and apparatus |
US7463737B2 (en) * | 2001-08-15 | 2008-12-09 | Digeo, Inc. | System and method for conditional access key encryption |
US7039955B2 (en) | 2001-09-14 | 2006-05-02 | The Directv Group, Inc. | Embedded blacklisting for digital broadcast system security |
JP4659357B2 (en) | 2001-09-21 | 2011-03-30 | ザ・ディレクティービー・グループ・インコーポレイテッド | Method and apparatus for controlling paired operation of conditional access module and integrated receiver and decoder |
FR2831363A3 (en) * | 2001-10-22 | 2003-04-25 | Bahia 21 Corp | Method and system for secure transmission of video documents to associated electronic personnel assistants |
MXPA04006249A (en) * | 2002-01-02 | 2004-09-27 | Sony Electronics Inc | Critical packet partial encryption. |
US7039938B2 (en) * | 2002-01-02 | 2006-05-02 | Sony Corporation | Selective encryption for video on demand |
US7765567B2 (en) | 2002-01-02 | 2010-07-27 | Sony Corporation | Content replacement by PID mapping |
US8051443B2 (en) | 2002-01-02 | 2011-11-01 | Sony Corporation | Content replacement by PID mapping |
US7292690B2 (en) | 2002-01-02 | 2007-11-06 | Sony Corporation | Video scene change detection |
US7823174B2 (en) | 2002-01-02 | 2010-10-26 | Sony Corporation | Macro-block based content replacement by PID mapping |
US7292691B2 (en) * | 2002-01-02 | 2007-11-06 | Sony Corporation | Progressive video refresh slice detection |
US7233669B2 (en) * | 2002-01-02 | 2007-06-19 | Sony Corporation | Selective encryption to enable multiple decryption keys |
EP1466261B1 (en) | 2002-01-08 | 2018-03-07 | Seven Networks, LLC | Connection architecture for a mobile network |
US7328345B2 (en) * | 2002-01-29 | 2008-02-05 | Widevine Technologies, Inc. | Method and system for end to end securing of content for video on demand |
JP3925218B2 (en) | 2002-01-30 | 2007-06-06 | ソニー株式会社 | Streaming system and streaming method, streaming server and data distribution method, client terminal and data decoding method, program and recording medium |
FR2835387B1 (en) * | 2002-01-30 | 2006-08-11 | Lecomte Daniel | SECURE DEVICE FOR DISSEMINATION, ACCESS, COPYING, REGISTRATION, ON-DEMAND VISUALIZATION AND MANAGEMENT OF THE RIGHTS OF HIGH-QUALITY AUDIOVISUAL WORKS |
US7895643B2 (en) * | 2002-03-16 | 2011-02-22 | Trustedflow Systems, Inc. | Secure logic interlocking |
DE10212656A1 (en) * | 2002-03-21 | 2003-10-02 | Scm Microsystems Gmbh | Selective encryption of multimedia data |
US7299292B2 (en) * | 2002-03-29 | 2007-11-20 | Widevine Technologies, Inc. | Process and streaming server for encrypting a data stream to a virtual smart card client system |
JP4366102B2 (en) * | 2002-05-01 | 2009-11-18 | キヤノン株式会社 | Media data processing apparatus and method |
EP1503537A1 (en) * | 2002-05-09 | 2005-02-02 | Niigata Seimitsu Co., Ltd. | Centralized encryption management system |
US7239880B2 (en) * | 2002-06-12 | 2007-07-03 | Interdigital Technology Corporation | Method and apparatus for delivering multimedia multicast services over wireless communication systems |
US7516470B2 (en) | 2002-08-02 | 2009-04-07 | Cisco Technology, Inc. | Locally-updated interactive program guide |
US7167560B2 (en) * | 2002-08-08 | 2007-01-23 | Matsushita Electric Industrial Co., Ltd. | Partial encryption of stream-formatted media |
CA2498346C (en) * | 2002-09-09 | 2011-11-22 | Sony Electronics Inc. | Selective encryption for video on demand |
US8818896B2 (en) | 2002-09-09 | 2014-08-26 | Sony Corporation | Selective encryption with coverage encryption |
US7594271B2 (en) * | 2002-09-20 | 2009-09-22 | Widevine Technologies, Inc. | Method and system for real-time tamper evidence gathering for software |
US7908625B2 (en) | 2002-10-02 | 2011-03-15 | Robertson Neil C | Networked multimedia system |
US8046806B2 (en) | 2002-10-04 | 2011-10-25 | Wall William E | Multiroom point of deployment module |
US7360235B2 (en) | 2002-10-04 | 2008-04-15 | Scientific-Atlanta, Inc. | Systems and methods for operating a peripheral record/playback device in a networked multimedia system |
US7545935B2 (en) * | 2002-10-04 | 2009-06-09 | Scientific-Atlanta, Inc. | Networked multimedia overlay system |
US20040083360A1 (en) * | 2002-10-28 | 2004-04-29 | Rod Walsh | System and method for partially-encrypted data transmission and reception |
US7724907B2 (en) | 2002-11-05 | 2010-05-25 | Sony Corporation | Mechanism for protecting the transfer of digital content |
US8572408B2 (en) | 2002-11-05 | 2013-10-29 | Sony Corporation | Digital rights management of a digital device |
US7000241B2 (en) * | 2002-11-21 | 2006-02-14 | The Directv Group, Inc. | Method and apparatus for minimizing conditional access information overhead while ensuring conditional access information reception in multi-tuner receivers |
US7225458B2 (en) * | 2002-11-21 | 2007-05-29 | The Directv Group, Inc. | Method and apparatus for ensuring reception of conditional access information in multi-tuner receivers |
US8645988B2 (en) | 2002-12-13 | 2014-02-04 | Sony Corporation | Content personalization for digital content |
US8667525B2 (en) | 2002-12-13 | 2014-03-04 | Sony Corporation | Targeted advertisement selection from a digital stream |
US20060165232A1 (en) * | 2002-12-16 | 2006-07-27 | Dzevdet Burazerovic | Method and apparatus to encrypt video data streams |
US8468126B2 (en) | 2005-08-01 | 2013-06-18 | Seven Networks, Inc. | Publishing data in an information community |
US7917468B2 (en) | 2005-08-01 | 2011-03-29 | Seven Networks, Inc. | Linking of personal information management data |
US7853563B2 (en) | 2005-08-01 | 2010-12-14 | Seven Networks, Inc. | Universal data aggregation |
US7487532B2 (en) | 2003-01-15 | 2009-02-03 | Cisco Technology, Inc. | Optimization of a full duplex wideband communications system |
US8094640B2 (en) | 2003-01-15 | 2012-01-10 | Robertson Neil C | Full duplex wideband communications system for a local coaxial network |
FR2850826B1 (en) * | 2003-02-04 | 2005-04-01 | Medialive | PROTECTIVE METHOD AND DEVICE FOR SECURE DIFFUSION OF AUDIOVISUAL WORKS |
FR2851112B1 (en) * | 2003-02-07 | 2005-06-03 | Medialive | SECURE DEVICE FOR DIFFUSION, RECORDING AND VISUALIZATION ON DEMAND OF AUDIOVISUAL WORKS IN THE MPEG-2TS TYPE |
US7320069B1 (en) * | 2003-02-14 | 2008-01-15 | Novell, Inc. | Selective encryption of media data |
KR20050117526A (en) * | 2003-02-28 | 2005-12-14 | 마쯔시다덴기산교 가부시키가이샤 | Content history log collecting system |
US7356143B2 (en) | 2003-03-18 | 2008-04-08 | Widevine Technologies, Inc | System, method, and apparatus for securely providing content viewable on a secure device |
US7007170B2 (en) * | 2003-03-18 | 2006-02-28 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US20040193871A1 (en) * | 2003-03-28 | 2004-09-30 | Broadcom Corporation | System and method for transmitting data using selective partial encryption |
US7660352B2 (en) * | 2003-04-04 | 2010-02-09 | Sony Corporation | Apparatus and method of parallel processing an MPEG-4 data stream |
US20040199771A1 (en) * | 2003-04-04 | 2004-10-07 | Widevine Technologies, Inc. | Method for tracing a security breach in highly distributed content |
FR2854530B1 (en) | 2003-05-02 | 2005-07-22 | Medialive | METHOD AND DEVICE FOR SECURING THE TRANSMISSION, RECORDING AND VISUALIZATION OF DIGITAL AUDIOVISUAL EMPTY STREAMS |
WO2005008419A2 (en) * | 2003-07-10 | 2005-01-27 | Comcast Cable Holdings, Llc | Distributed and scalable architecture for on demand session and resource management |
US8213769B2 (en) * | 2003-08-06 | 2012-07-03 | Broadcom Corporation | Frame indexing technique to improve personal video recording functionality and security of transmitted video |
FR2858899B1 (en) * | 2003-08-11 | 2005-12-02 | Medialive | SECURE DISTRIBUTED METHOD AND SYSTEM FOR AUDIOVISUAL FLOW PROTECTION AND DISTRIBUTION |
US20050060420A1 (en) * | 2003-09-11 | 2005-03-17 | Kovacevic Branko D. | System for decoding multimedia data and method thereof |
US7286667B1 (en) * | 2003-09-15 | 2007-10-23 | Sony Corporation | Decryption system |
US7343013B2 (en) | 2003-12-16 | 2008-03-11 | Sony Corporation | Composite session-based encryption of video on demand content |
US7346163B2 (en) * | 2003-10-31 | 2008-03-18 | Sony Corporation | Dynamic composition of pre-encrypted video on demand content |
US7853980B2 (en) | 2003-10-31 | 2010-12-14 | Sony Corporation | Bi-directional indices for trick mode video-on-demand |
US7263187B2 (en) | 2003-10-31 | 2007-08-28 | Sony Corporation | Batch mode session-based encryption of video on demand content |
US8472792B2 (en) | 2003-12-08 | 2013-06-25 | Divx, Llc | Multimedia distribution system |
US7519274B2 (en) | 2003-12-08 | 2009-04-14 | Divx, Inc. | File format for multiple track digital data |
US20050193205A1 (en) * | 2004-01-09 | 2005-09-01 | Widevine Technologies, Inc. | Method and system for session based watermarking of encrypted content |
US7548624B2 (en) * | 2004-01-16 | 2009-06-16 | The Directv Group, Inc. | Distribution of broadcast content for remote decryption and viewing |
US7599494B2 (en) * | 2004-01-16 | 2009-10-06 | The Directv Group, Inc. | Distribution of video content using a trusted network key for sharing content |
US7580523B2 (en) * | 2004-01-16 | 2009-08-25 | The Directv Group, Inc. | Distribution of video content using client to host pairing of integrated receivers/decoders |
US20050163483A1 (en) * | 2004-01-22 | 2005-07-28 | Widevine Technologies, Inc. | Piracy prevention system |
EP1715692A4 (en) * | 2004-01-28 | 2008-11-05 | Nec Corp | Content encoding, distribution, and reception method, device, and system, and program |
US20050175184A1 (en) * | 2004-02-11 | 2005-08-11 | Phonex Broadband Corporation | Method and apparatus for a per-packet encryption system |
US7801303B2 (en) | 2004-03-01 | 2010-09-21 | The Directv Group, Inc. | Video on demand in a broadcast network |
US20050216941A1 (en) * | 2004-03-26 | 2005-09-29 | Primedia Workplace Learning, Lp | System and method for controlling video-on-demand content |
US7590243B2 (en) * | 2004-05-04 | 2009-09-15 | The Directv Group, Inc. | Digital media conditional access system for handling digital media content |
US20060021037A1 (en) * | 2004-06-24 | 2006-01-26 | Widevine Technologies, Inc. | Apparatus, system, and method for protecting content using fingerprinting and real-time evidence gathering |
US20060013554A1 (en) * | 2004-07-01 | 2006-01-19 | Thomas Poslinski | Commercial storage and retrieval |
US20060013557A1 (en) * | 2004-07-01 | 2006-01-19 | Thomas Poslinski | Suppression of trick modes in commercial playback |
US20060013555A1 (en) * | 2004-07-01 | 2006-01-19 | Thomas Poslinski | Commercial progress bar |
US20060013556A1 (en) * | 2004-07-01 | 2006-01-19 | Thomas Poslinski | Commercial information and guide |
JP2007513539A (en) * | 2004-07-26 | 2007-05-24 | イルデト・アクセス・ベー・フェー | How to partially scramble a data stream |
US7543317B2 (en) * | 2004-08-17 | 2009-06-02 | The Directv Group, Inc. | Service activation of set-top box functionality using broadcast conditional access system |
US9609279B2 (en) | 2004-09-24 | 2017-03-28 | Google Inc. | Method and system for providing secure CODECS |
WO2006045102A2 (en) | 2004-10-20 | 2006-04-27 | Seven Networks, Inc. | Method and apparatus for intercepting events in a communication system |
US8010082B2 (en) | 2004-10-20 | 2011-08-30 | Seven Networks, Inc. | Flexible billing architecture |
US7706781B2 (en) | 2004-11-22 | 2010-04-27 | Seven Networks International Oy | Data security in a mobile e-mail service |
FI117152B (en) | 2004-12-03 | 2006-06-30 | Seven Networks Internat Oy | E-mail service provisioning method for mobile terminal, involves using domain part and further parameters to generate new parameter set in list of setting parameter sets, if provisioning of e-mail service is successful |
US7895617B2 (en) | 2004-12-15 | 2011-02-22 | Sony Corporation | Content substitution editor |
US8041190B2 (en) | 2004-12-15 | 2011-10-18 | Sony Corporation | System and method for the creation, synchronization and delivery of alternate content |
US20080015999A1 (en) * | 2005-02-04 | 2008-01-17 | Widevine Technologies, Inc. | Securely ingesting encrypted content into content servers |
US20060225083A1 (en) * | 2005-03-01 | 2006-10-05 | Widevine Technologies, Inc. | System and method for motion picture print forensics |
US7752633B1 (en) | 2005-03-14 | 2010-07-06 | Seven Networks, Inc. | Cross-platform event engine |
US7349886B2 (en) * | 2005-03-25 | 2008-03-25 | Widevine Technologies, Inc. | Securely relaying content using key chains |
US7796742B1 (en) | 2005-04-21 | 2010-09-14 | Seven Networks, Inc. | Systems and methods for simplified provisioning |
US8438633B1 (en) | 2005-04-21 | 2013-05-07 | Seven Networks, Inc. | Flexible real-time inbox access |
WO2006126191A2 (en) * | 2005-05-23 | 2006-11-30 | Discretix Technologies Ltd. | Method, device, and system of encrypting/decrypting data |
WO2006136660A1 (en) | 2005-06-21 | 2006-12-28 | Seven Networks International Oy | Maintaining an ip connection in a mobile network |
US8069166B2 (en) | 2005-08-01 | 2011-11-29 | Seven Networks, Inc. | Managing user-to-user contact with inferred presence information |
US20070033408A1 (en) * | 2005-08-08 | 2007-02-08 | Widevine Technologies, Inc. | Preventing illegal distribution of copy protected content |
US9325944B2 (en) | 2005-08-11 | 2016-04-26 | The Directv Group, Inc. | Secure delivery of program content via a removable storage medium |
US20070067643A1 (en) * | 2005-09-21 | 2007-03-22 | Widevine Technologies, Inc. | System and method for software tamper detection |
WO2007038245A2 (en) | 2005-09-23 | 2007-04-05 | Widevine Technologies, Inc. | Method for evolving detectors to detect malign behavior in an artificial immune system |
US7817608B2 (en) * | 2005-09-23 | 2010-10-19 | Widevine Technologies, Inc. | Transitioning to secure IP communications for encoding, encapsulating, and encrypting data |
US8065733B2 (en) * | 2005-09-23 | 2011-11-22 | Google, Inc. | Method for evolving detectors to detect malign behavior in an artificial immune system |
US7876998B2 (en) | 2005-10-05 | 2011-01-25 | Wall William E | DVD playback over multi-room by copying to HDD |
US8689016B2 (en) | 2005-12-02 | 2014-04-01 | Google Inc. | Tamper prevention and detection for video provided over a network to a client |
US8526612B2 (en) | 2006-01-06 | 2013-09-03 | Google Inc. | Selective and persistent application level encryption for video provided to a client |
US7769395B2 (en) | 2006-06-20 | 2010-08-03 | Seven Networks, Inc. | Location-based operations and messaging |
US8185921B2 (en) | 2006-02-28 | 2012-05-22 | Sony Corporation | Parental control of displayed content using closed captioning |
US7555464B2 (en) | 2006-03-01 | 2009-06-30 | Sony Corporation | Multiple DRM management |
JP5200204B2 (en) | 2006-03-14 | 2013-06-05 | ディブエックス リミテッド ライアビリティー カンパニー | A federated digital rights management mechanism including a trusted system |
US8683601B2 (en) | 2006-04-14 | 2014-03-25 | Google Inc. | Audio/video identification watermarking |
US8325920B2 (en) * | 2006-04-20 | 2012-12-04 | Google Inc. | Enabling transferable entitlements between networked devices |
US7992175B2 (en) | 2006-05-15 | 2011-08-02 | The Directv Group, Inc. | Methods and apparatus to provide content on demand in content broadcast systems |
US8001565B2 (en) | 2006-05-15 | 2011-08-16 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at receivers in pay delivery systems |
US8996421B2 (en) | 2006-05-15 | 2015-03-31 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at broadcast headends in pay delivery systems |
US8095466B2 (en) | 2006-05-15 | 2012-01-10 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at content servers in pay delivery systems |
US8775319B2 (en) | 2006-05-15 | 2014-07-08 | The Directv Group, Inc. | Secure content transfer systems and methods to operate the same |
US20070286420A1 (en) * | 2006-06-08 | 2007-12-13 | Widevine Technologies, Inc. | Encryption of video content to vod services and networked personal video recorders using unique key placements |
CN101094057A (en) * | 2006-06-20 | 2007-12-26 | 国际商业机器公司 | Content dividing method, device and system |
US9225761B2 (en) | 2006-08-04 | 2015-12-29 | The Directv Group, Inc. | Distributed media-aggregation systems and methods to operate the same |
US9178693B2 (en) | 2006-08-04 | 2015-11-03 | The Directv Group, Inc. | Distributed media-protection systems and methods to operate the same |
US8321677B2 (en) * | 2006-09-21 | 2012-11-27 | Google Inc. | Pre-binding and tight binding of an on-line identity to a digital signature |
US20080154775A1 (en) * | 2006-12-22 | 2008-06-26 | Nortel Networks Limited | Re-encrypting encrypted content on a video-on-demand system |
ES2709208T3 (en) | 2007-01-05 | 2019-04-15 | Sonic Ip Inc | Video distribution system that includes progressive playback |
US9355681B2 (en) | 2007-01-12 | 2016-05-31 | Activevideo Networks, Inc. | MPEG objects and systems and methods for using MPEG objects |
US9826197B2 (en) | 2007-01-12 | 2017-11-21 | Activevideo Networks, Inc. | Providing television broadcasts over a managed network and interactive content over an unmanaged network to a client device |
US20080201736A1 (en) * | 2007-01-12 | 2008-08-21 | Ictv, Inc. | Using Triggers with Video for Interactive Content Identification |
EP1972994A1 (en) * | 2007-03-20 | 2008-09-24 | Seiko Epson Corporation | Projector |
US8621093B2 (en) * | 2007-05-21 | 2013-12-31 | Google Inc. | Non-blocking of head end initiated revocation and delivery of entitlements non-addressable digital media network |
US8693494B2 (en) | 2007-06-01 | 2014-04-08 | Seven Networks, Inc. | Polling |
US8805425B2 (en) | 2007-06-01 | 2014-08-12 | Seven Networks, Inc. | Integrated messaging |
US8243924B2 (en) * | 2007-06-29 | 2012-08-14 | Google Inc. | Progressive download or streaming of digital media securely through a localized container and communication protocol proxy |
KR20090002939A (en) * | 2007-07-05 | 2009-01-09 | 삼성전자주식회사 | A method of transmitting and receiving video data in a digital broadcasting service and an apparatus thereof |
US8233768B2 (en) | 2007-11-16 | 2012-07-31 | Divx, Llc | Hierarchical and reduced index structures for multimedia files |
US20090132804A1 (en) * | 2007-11-21 | 2009-05-21 | Prabir Paul | Secured live software migration |
US8364181B2 (en) | 2007-12-10 | 2013-01-29 | Seven Networks, Inc. | Electronic-mail filtering for mobile devices |
US8793305B2 (en) | 2007-12-13 | 2014-07-29 | Seven Networks, Inc. | Content delivery to a mobile device from a content service |
US9002828B2 (en) | 2007-12-13 | 2015-04-07 | Seven Networks, Inc. | Predictive content delivery |
JP5050842B2 (en) * | 2007-12-26 | 2012-10-17 | 沖電気工業株式会社 | ENCRYPTION DEVICE, ENCRYPTION PROGRAM, DATA PROVIDING DEVICE, AND DATA PROVIDING SYSTEM |
US8107921B2 (en) | 2008-01-11 | 2012-01-31 | Seven Networks, Inc. | Mobile virtual network operator |
US8862657B2 (en) | 2008-01-25 | 2014-10-14 | Seven Networks, Inc. | Policy based content service |
US20090193338A1 (en) | 2008-01-28 | 2009-07-30 | Trevor Fiatal | Reducing network and battery consumption during content delivery and playback |
US8868464B2 (en) | 2008-02-07 | 2014-10-21 | Google Inc. | Preventing unauthorized modification or skipping of viewing of advertisements within content |
US8787947B2 (en) | 2008-06-18 | 2014-07-22 | Seven Networks, Inc. | Application discovery on mobile devices |
JP2011526134A (en) * | 2008-06-25 | 2011-09-29 | アクティブビデオ ネットワークス, インコーポレイテッド | Provision of interactive content to client devices via TV broadcast via unmanaged network and unmanaged network |
US8078158B2 (en) | 2008-06-26 | 2011-12-13 | Seven Networks, Inc. | Provisioning applications for a mobile device |
WO2010003152A1 (en) | 2008-07-03 | 2010-01-07 | Verimatrix, Inc. | Efficient watermarking approaches of compressed media |
US20100061709A1 (en) * | 2008-09-05 | 2010-03-11 | Davender Agnihotri | Ad Menu for skipped advertisements |
US8909759B2 (en) | 2008-10-10 | 2014-12-09 | Seven Networks, Inc. | Bandwidth measurement |
KR100992448B1 (en) * | 2008-12-29 | 2010-11-05 | 주식회사 엑스크립트 | Pcmcia scrambler, and sender and receiver for broadcasting using thereof |
US8401188B1 (en) * | 2009-10-30 | 2013-03-19 | Adobe Systems Incorporated | System and method for partial encryption of frame-based electronic content |
WO2011068668A1 (en) | 2009-12-04 | 2011-06-09 | Divx, Llc | Elementary bitstream cryptographic material transport systems and methods |
TW201209697A (en) | 2010-03-30 | 2012-03-01 | Michael Luna | 3D mobile user interface with configurable workspace management |
GB2495877B (en) | 2010-07-26 | 2013-10-02 | Seven Networks Inc | Distributed implementation of dynamic wireless traffic policy |
GB2495066B (en) | 2010-07-26 | 2013-12-18 | Seven Networks Inc | Mobile application traffic optimization |
US8838783B2 (en) | 2010-07-26 | 2014-09-16 | Seven Networks, Inc. | Distributed caching for resource and mobile network traffic management |
PL3407673T3 (en) | 2010-07-26 | 2020-05-18 | Seven Networks, Llc | Mobile network traffic coordination across multiple applications |
JP5866125B2 (en) | 2010-10-14 | 2016-02-17 | アクティブビデオ ネットワークス, インコーポレイテッド | Digital video streaming between video devices using a cable TV system |
US9060032B2 (en) | 2010-11-01 | 2015-06-16 | Seven Networks, Inc. | Selective data compression by a distributed traffic management system to reduce mobile data traffic and signaling traffic |
US8166164B1 (en) | 2010-11-01 | 2012-04-24 | Seven Networks, Inc. | Application and network-based long poll request detection and cacheability assessment therefor |
US8843153B2 (en) | 2010-11-01 | 2014-09-23 | Seven Networks, Inc. | Mobile traffic categorization and policy for network use optimization while preserving user experience |
US9330196B2 (en) | 2010-11-01 | 2016-05-03 | Seven Networks, Llc | Wireless traffic management system cache optimization using http headers |
US8326985B2 (en) | 2010-11-01 | 2012-12-04 | Seven Networks, Inc. | Distributed management of keep-alive message signaling for mobile network resource conservation and optimization |
US8484314B2 (en) | 2010-11-01 | 2013-07-09 | Seven Networks, Inc. | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
WO2012060995A2 (en) | 2010-11-01 | 2012-05-10 | Michael Luna | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
CN103620576B (en) | 2010-11-01 | 2016-11-09 | 七网络公司 | It is applicable to the caching of mobile applications behavior and network condition |
US8190701B2 (en) | 2010-11-01 | 2012-05-29 | Seven Networks, Inc. | Cache defeat detection and caching of content addressed by identifiers intended to defeat cache |
CN103404193B (en) | 2010-11-22 | 2018-06-05 | 七网络有限责任公司 | The connection that adjustment data transmission is established with the transmission being optimized for through wireless network |
EP3422775A1 (en) | 2010-11-22 | 2019-01-02 | Seven Networks, LLC | Optimization of resource polling intervals to satisfy mobile device requests |
US9247312B2 (en) | 2011-01-05 | 2016-01-26 | Sonic Ip, Inc. | Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol |
WO2012094675A2 (en) | 2011-01-07 | 2012-07-12 | Seven Networks, Inc. | System and method for reduction of mobile network traffic used for domain name system (dns) queries |
WO2012138660A2 (en) | 2011-04-07 | 2012-10-11 | Activevideo Networks, Inc. | Reduction of latency in video distribution networks using adaptive bit rates |
EP2700019B1 (en) | 2011-04-19 | 2019-03-27 | Seven Networks, LLC | Social caching for device resource sharing and management |
US8621075B2 (en) | 2011-04-27 | 2013-12-31 | Seven Metworks, Inc. | Detecting and preserving state for satisfying application requests in a distributed proxy and cache system |
GB2496537B (en) | 2011-04-27 | 2014-10-15 | Seven Networks Inc | System and method for making requests on behalf of a mobile device based on atmoic processes for mobile network traffic relief |
US8812662B2 (en) | 2011-06-29 | 2014-08-19 | Sonic Ip, Inc. | Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content |
EP2737742A4 (en) | 2011-07-27 | 2015-01-28 | Seven Networks Inc | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
KR101928910B1 (en) | 2011-08-30 | 2018-12-14 | 쏘닉 아이피, 아이엔씨. | Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels |
US9467708B2 (en) | 2011-08-30 | 2016-10-11 | Sonic Ip, Inc. | Selection of resolutions for seamless resolution switching of multimedia content |
US8799647B2 (en) | 2011-08-31 | 2014-08-05 | Sonic Ip, Inc. | Systems and methods for application identification |
US8806188B2 (en) | 2011-08-31 | 2014-08-12 | Sonic Ip, Inc. | Systems and methods for performing adaptive bitrate streaming using automatically generated top level index files |
US8964977B2 (en) | 2011-09-01 | 2015-02-24 | Sonic Ip, Inc. | Systems and methods for saving encoded media streamed using adaptive bitrate streaming |
US8909922B2 (en) | 2011-09-01 | 2014-12-09 | Sonic Ip, Inc. | Systems and methods for playing back alternative streams of protected content protected using common cryptographic information |
WO2013049699A1 (en) | 2011-09-28 | 2013-04-04 | Pelican Imaging Corporation | Systems and methods for encoding and decoding light field image files |
WO2013086214A1 (en) | 2011-12-06 | 2013-06-13 | Seven Networks, Inc. | A system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation |
US8934414B2 (en) | 2011-12-06 | 2015-01-13 | Seven Networks, Inc. | Cellular or WiFi mobile traffic optimization based on public or private network destination |
WO2013086447A1 (en) | 2011-12-07 | 2013-06-13 | Seven Networks, Inc. | Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol |
US9208123B2 (en) | 2011-12-07 | 2015-12-08 | Seven Networks, Llc | Mobile device having content caching mechanisms integrated with a network operator for traffic alleviation in a wireless network and methods therefor |
US8751800B1 (en) | 2011-12-12 | 2014-06-10 | Google Inc. | DRM provider interoperability |
WO2013090821A1 (en) | 2011-12-14 | 2013-06-20 | Seven Networks, Inc. | Hierarchies and categories for management and deployment of policies for distributed wireless traffic optimization |
WO2013090834A1 (en) | 2011-12-14 | 2013-06-20 | Seven Networks, Inc. | Operation modes for mobile traffic optimization and concurrent management of optimized and non-optimized traffic |
EP2792188B1 (en) | 2011-12-14 | 2019-03-20 | Seven Networks, LLC | Mobile network reporting and usage analytics system and method using aggregation of data in a distributed traffic optimization system |
WO2013103988A1 (en) | 2012-01-05 | 2013-07-11 | Seven Networks, Inc. | Detection and management of user interactions with foreground applications on a mobile device in distributed caching |
US8918908B2 (en) | 2012-01-06 | 2014-12-23 | Sonic Ip, Inc. | Systems and methods for accessing digital content using electronic tickets and ticket tokens |
WO2013106390A1 (en) | 2012-01-09 | 2013-07-18 | Activevideo Networks, Inc. | Rendering of an interactive lean-backward user interface on a television |
US9203864B2 (en) | 2012-02-02 | 2015-12-01 | Seven Networks, Llc | Dynamic categorization of applications for network access in a mobile network |
US9326189B2 (en) | 2012-02-03 | 2016-04-26 | Seven Networks, Llc | User as an end point for profiling and optimizing the delivery of content and data in a wireless network |
US8812695B2 (en) | 2012-04-09 | 2014-08-19 | Seven Networks, Inc. | Method and system for management of a virtual network connection without heartbeat messages |
WO2013155208A1 (en) | 2012-04-10 | 2013-10-17 | Seven Networks, Inc. | Intelligent customer service/call center services enhanced using real-time and historical mobile application and traffic-related statistics collected by a distributed caching system in a mobile network |
US9123084B2 (en) | 2012-04-12 | 2015-09-01 | Activevideo Networks, Inc. | Graphical application integration with MPEG objects |
US8775631B2 (en) | 2012-07-13 | 2014-07-08 | Seven Networks, Inc. | Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications |
US9936267B2 (en) | 2012-08-31 | 2018-04-03 | Divx Cf Holdings Llc | System and method for decreasing an initial buffering period of an adaptive streaming system |
US9161258B2 (en) | 2012-10-24 | 2015-10-13 | Seven Networks, Llc | Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion |
US20140177497A1 (en) | 2012-12-20 | 2014-06-26 | Seven Networks, Inc. | Management of mobile device radio state promotion and demotion |
US9191457B2 (en) | 2012-12-31 | 2015-11-17 | Sonic Ip, Inc. | Systems, methods, and media for controlling delivery of content |
US9313510B2 (en) | 2012-12-31 | 2016-04-12 | Sonic Ip, Inc. | Use of objective quality measures of streamed content to reduce streaming bandwidth |
US9271238B2 (en) | 2013-01-23 | 2016-02-23 | Seven Networks, Llc | Application or context aware fast dormancy |
US8874761B2 (en) | 2013-01-25 | 2014-10-28 | Seven Networks, Inc. | Signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
US8750123B1 (en) | 2013-03-11 | 2014-06-10 | Seven Networks, Inc. | Mobile device equipped with mobile network congestion recognition to make intelligent decisions regarding connecting to an operator network |
US10275128B2 (en) | 2013-03-15 | 2019-04-30 | Activevideo Networks, Inc. | Multiple-mode system and method for providing user selectable video content |
US9906785B2 (en) | 2013-03-15 | 2018-02-27 | Sonic Ip, Inc. | Systems, methods, and media for transcoding video data according to encoding parameters indicated by received metadata |
US10397292B2 (en) | 2013-03-15 | 2019-08-27 | Divx, Llc | Systems, methods, and media for delivery of content |
US9094737B2 (en) | 2013-05-30 | 2015-07-28 | Sonic Ip, Inc. | Network video streaming with trick play based on separate trick play files |
US9380099B2 (en) | 2013-05-31 | 2016-06-28 | Sonic Ip, Inc. | Synchronizing multiple over the top streaming clients |
US9100687B2 (en) | 2013-05-31 | 2015-08-04 | Sonic Ip, Inc. | Playback synchronization across playback devices |
US9294785B2 (en) | 2013-06-06 | 2016-03-22 | Activevideo Networks, Inc. | System and method for exploiting scene graph information in construction of an encoded video sequence |
US9219922B2 (en) | 2013-06-06 | 2015-12-22 | Activevideo Networks, Inc. | System and method for exploiting scene graph information in construction of an encoded video sequence |
WO2014197879A1 (en) | 2013-06-06 | 2014-12-11 | Activevideo Networks, Inc. | Overlay rendering of user interface onto source video |
US9065765B2 (en) | 2013-07-22 | 2015-06-23 | Seven Networks, Inc. | Proxy server associated with a mobile carrier for enhancing mobile traffic management in a mobile network |
US9386067B2 (en) | 2013-12-30 | 2016-07-05 | Sonic Ip, Inc. | Systems and methods for playing adaptive bitrate streaming content by multicast |
US10032479B2 (en) * | 2014-01-31 | 2018-07-24 | Nbcuniversal Media, Llc | Fingerprint-defined segment-based content delivery |
US9866878B2 (en) | 2014-04-05 | 2018-01-09 | Sonic Ip, Inc. | Systems and methods for encoding and playing back video at different frame rates using enhancement layers |
KR102597985B1 (en) | 2014-08-07 | 2023-11-06 | 디빅스, 엘엘씨 | Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles |
US9697630B2 (en) | 2014-10-01 | 2017-07-04 | Sony Corporation | Sign language window using picture-in-picture |
KR102012682B1 (en) | 2015-01-06 | 2019-08-22 | 디브이엑스, 엘엘씨 | Systems and Methods for Encoding and Sharing Content Between Devices |
KR101897959B1 (en) | 2015-02-27 | 2018-09-12 | 쏘닉 아이피, 아이엔씨. | System and method for frame replication and frame extension in live video encoding and streaming |
US10075292B2 (en) | 2016-03-30 | 2018-09-11 | Divx, Llc | Systems and methods for quick start-up of playback |
US10231001B2 (en) | 2016-05-24 | 2019-03-12 | Divx, Llc | Systems and methods for providing audio content during trick-play playback |
US10129574B2 (en) | 2016-05-24 | 2018-11-13 | Divx, Llc | Systems and methods for providing variable speeds in a trick-play mode |
US10148989B2 (en) | 2016-06-15 | 2018-12-04 | Divx, Llc | Systems and methods for encoding video content |
US10469379B2 (en) * | 2017-02-17 | 2019-11-05 | Cisco Technology, Inc. | System and method to facilitate content delivery to multiple recipients in a network environment |
US10498795B2 (en) | 2017-02-17 | 2019-12-03 | Divx, Llc | Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming |
US10404592B2 (en) | 2017-03-24 | 2019-09-03 | Cisco Technology, Inc. | System and method to facilitate content forwarding using bit index explicit replication (BIER) in an information-centric networking (ICN) environment |
WO2018208997A1 (en) | 2017-05-09 | 2018-11-15 | Verimatrix, Inc. | Systems and methods of preparing multiple video streams for assembly with digital watermarking |
BR112021018802A2 (en) | 2019-03-21 | 2021-11-23 | Divx Llc | Systems and methods for multimedia swarms |
US11778251B2 (en) * | 2020-06-11 | 2023-10-03 | Arris Enterprises Llc | Selective MPEG packet encryption and decryption based upon data and security priorities |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5420866A (en) | 1994-03-29 | 1995-05-30 | Scientific-Atlanta, Inc. | Methods for providing conditional access information to decoders in a packet-based multiplexed communications system |
JP3729529B2 (en) | 1994-10-28 | 2005-12-21 | ソニー株式会社 | Digital signal transmission / reception system |
US5666487A (en) | 1995-06-28 | 1997-09-09 | Bell Atlantic Network Services, Inc. | Network providing signals of different formats to a user by multplexing compressed broadband data with data of a different format into MPEG encoded data stream |
-
2000
- 2000-03-20 US US09/528,580 patent/US6415031B1/en not_active Expired - Lifetime
- 2000-04-05 CA CA002369118A patent/CA2369118C/en not_active Expired - Lifetime
- 2000-04-05 GB GB0123375A patent/GB2363278B/en not_active Expired - Lifetime
- 2000-04-05 WO PCT/US2000/009045 patent/WO2000060846A2/en active Application Filing
- 2000-04-05 AU AU43304/00A patent/AU4330400A/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
CA2369118A1 (en) | 2000-10-12 |
GB2363278B (en) | 2003-08-06 |
GB2363278A (en) | 2001-12-12 |
WO2000060846A3 (en) | 2001-04-19 |
AU4330400A (en) | 2000-10-23 |
GB0123375D0 (en) | 2001-11-21 |
WO2000060846A2 (en) | 2000-10-12 |
US6415031B1 (en) | 2002-07-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2369118C (en) | Selective and renewable encryption for secure distribution of video on-demand | |
US7609836B2 (en) | Seamless switching between multiple pre-encrypted video files | |
US7113523B1 (en) | Data multiplexing device, program distribution system, program transmission system, pay broadcast system, program transmission method, conditional access system, and data reception device | |
US7072471B2 (en) | Data multiplexing device, program distribution system, program transmission system, pay broadcast system, program transmission method, conditional access system, and data reception device | |
US20040083177A1 (en) | Method and apparatus for pre-encrypting VOD material with a changing cryptographic key | |
US7082197B2 (en) | Data multiplexing device, program distribution system, program transmission system, pay broadcast system, program transmission method, conditional access system, and data reception device | |
KR100610523B1 (en) | Program distribution system, program transmission method and conditional access system | |
US7773750B2 (en) | System and method for partially encrypted multimedia stream | |
US7242773B2 (en) | Multiple partial encryption using retuning | |
EP1176826B1 (en) | Super encrypted storage and retrieval of media programs in a hard-paired receiver and storage device | |
CA2408232C (en) | Method and apparatus for enabling random access to individual pictures in an encrypted video stream | |
US7804958B2 (en) | Super encrypted storage and retrieval of media programs with smartcard generated keys | |
US20090225983A1 (en) | System and method for improved processing and decoding of an encrypted digital video signal | |
US20080310630A1 (en) | Selective encryption to enable trick play with enhanced security | |
CA2674148C (en) | Selective and renewable encryption for secure distribution of video on-demand | |
US7254236B1 (en) | Method and system for handling two CA systems in a same receiver | |
AU2004224936A1 (en) | Encryption of MPEG Bitstreams |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20200405 |
|
MKEX | Expiry |
Effective date: 20200405 |