Key rotation scheme for DRM system in dash-based media service
First Claim
1. A method for managing secure distribution of media content in a system for a Dynamic Adaptive Streaming over Hypertext transfer protocol (DASH)-based media service, comprising:
- generating, by a DASH encoder, pairs of key identifiers(KID) and media decryption keys and providing, by the DASH encoder, a key list including the generated pairs to a Content Protection (CP) manager, wherein each of the media decryption keys corresponds to each of the key identifiers (KID);
delivering, by the CP manager, the key list received from the DASH encoder to a license server;
creating, by the license server, multiple Entitlement Control Licenses (ECLs) based on the key list, and delivering, by the license server, an ECL list including the created ECLs to the CP manager, wherein each of the ECLs in the ECL list includes an encrypted media decryption key and an encrypted KID;
generating, by the CP manager, a Protection System Specific Header (pssh) box in which the ECL list is inserted into a data field, and delivering, by the CP manager, the generated pssh box to the DASH encoder;
delivering, by the DASH encoder, the pssh box to a client device, with the pssh box being included in a DASH Media Presentation Description (MPD) or a media segment;
delivering, by a DASH decoder, the pssh box to a DRM client by parsing a DASH stream, wherein the DASH decoder and the DRM client are included in the client device; and
decrypting, by the DRM client, the encrypted media decryption key and the encrypted KID from the ECL list included in the pssh box.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein is a key rotation scheme for a DRM system in a DASH-based media content service. A DASH encoder generates media decryption keys and provides a key list including the media decryption keys to a CP manager. Each media decryption key is identified by a key identifier (KID). The CP manager delivers the key list to a license server. The license server creates ECLs based on the key list, and delivers an ECL list including ECLs to the CP manager. Each ECL is identified by KID and includes an encrypted media decryption key and an encrypted KID. The CP manager generates a pssh box in which the ECL list is inserted into a data field, and delivers the pssh box to the DASH encoder. The DASH encoder delivers the pssh box to a client device, with the pssh box being included in a DASH MPD or media segment.
-
Citations
5 Claims
-
1. A method for managing secure distribution of media content in a system for a Dynamic Adaptive Streaming over Hypertext transfer protocol (DASH)-based media service, comprising:
-
generating, by a DASH encoder, pairs of key identifiers(KID) and media decryption keys and providing, by the DASH encoder, a key list including the generated pairs to a Content Protection (CP) manager, wherein each of the media decryption keys corresponds to each of the key identifiers (KID); delivering, by the CP manager, the key list received from the DASH encoder to a license server; creating, by the license server, multiple Entitlement Control Licenses (ECLs) based on the key list, and delivering, by the license server, an ECL list including the created ECLs to the CP manager, wherein each of the ECLs in the ECL list includes an encrypted media decryption key and an encrypted KID; generating, by the CP manager, a Protection System Specific Header (pssh) box in which the ECL list is inserted into a data field, and delivering, by the CP manager, the generated pssh box to the DASH encoder; delivering, by the DASH encoder, the pssh box to a client device, with the pssh box being included in a DASH Media Presentation Description (MPD) or a media segment; delivering, by a DASH decoder, the pssh box to a DRM client by parsing a DASH stream, wherein the DASH decoder and the DRM client are included in the client device; and decrypting, by the DRM client, the encrypted media decryption key and the encrypted KID from the ECL list included in the pssh box. - View Dependent Claims (2)
-
-
3. A method for managing secure distribution of media content in a system for a Dynamic Adaptive Streaming over Hypertext transfer protocol (DASH)-based media service, comprising:
-
generating, by a DASH encoder, pairs of key identifiers(KID) and media decryption keys and providing, by the DASH encoder, a key list including the generated pairs to a Content Protection (CP) manager, wherein each of the media decryption keys corresponds to each of the key identifier (KID); delivering, by the CP manager, the key list received from the DASH encoder to a license server; creating, by the license server, multiple Entitlement Control Licenses (ECLs) based on the key list, and delivering, by the license server, an ECL list including the created ECLs to the CP manager, wherein each of the ECLs includes an encrypted media decryption key and an encrypted KID; generating, by the CP manager, a pssh box in which the ECL list is inserted into a data field, and delivering, by the CP manager, the generated pssh box to the DASH encoder; delivering, by the DASH encoder, the pssh box to a client device, with the pssh box being included in a DASH MPD or a media segment; and decrypting, by the client device, the encrypted media decryption key and the encrypted KID, from the ECL list included in the pssh box.
-
-
4. A computerized device functioning as a Content Protection (CP) manager for managing secure distribution of media content in a system for a Dynamic Adaptive Streaming over Hypertext transfer protocol (DASH)-based media service, comprising:
-
memory for storing computer program instructions; one or more processors; an input/output interface circuit; and one or more data buses for mutually connecting the memory, the processors, and the input/output interface circuit, wherein each of the processors executes the computer program instructions and then allows the computerized device to perform a method comprising; delivering a key list including pairs of key identifiers(KID) and media decryption keys from a DASH encoder to a license server, wherein each of the media decryption keys corresponds to each of the key identifier (KID); receiving an ECL list from the license server, wherein the ECL list including the created ECLs to the CP manager wherein each of the ECLs includes an encrypted media decryption key and an encrypted KID; generating a pssh box in which the ECL list is inserted into a data field, and delivering the generated pssh box to the DASH encoder, wherein the pssh box is delivered by the DASH encoder to a client device, with the pssh box being included in a DASH MPD or a media segment; and decrypting, by the client device, the encrypted media decryption key and the encrypted KID, from the ECL list included in the pssh box.
-
-
5. A system for a (Dynmaic Adaptive Streaming over Hypertext transfer Protocol) DASH-based media service, comprising:
-
one or more server computers connected to a client device over a content delivery network, the server computers each including a DASH encoder, a Content Protection (CP) manager, and a license server, wherein the DASH encoder generates a key list including pairs of key identifiers(KID) and media decryption keys, and delivers a pssh box received from the license server to the client device, with the pssh box being included in a DASH MPD or a media segment, wherein the license server creates multiple Entitlement Control Licenses (ECLs) based on the key list and delivers an ECL list including the created ECLs to the CP manager, wherein each of the ECLs includes an encrypted media decryption key and an encrypted KID that correspond to each other, and wherein the CP manager receives the key list from the DASH encoder, delivers the key list to the license server, generates a pssh box in which the ECL list received from the license server is inserted, and delivers the generated pssh box to the DASH encoder, wherein KID/ECL pairs are included in a data field of the pssh box, where the client device decrypts the encrypted media decryption key and the encrypted KID, from the ECL list included in the pssh box.
-
Specification