METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY
First Claim
1. A method for managing secure distribution of content, comprising:
- generating a series of content encryption keys and providing them serially to a packaging server for encrypting a content item, each content encryption key provided upon expiration of a period of use of a serially preceding content encryption key, the packaging server generating packaged content for delivery to client devices via a content delivery network, the packaged content including or accompanied by key expiration information usable by the client devices to identify transitions between sections of the packaged content encrypted by different ones of the content encryption keys; and
providing the content encryption keys to a license server for delivery to the client devices for use in decrypting the content item, the license server being operative to establish that a requesting client device is authorized to access the content item, the license server being further operative to securely deliver the content encryption keys to a requesting client device whose authorization to access the content item has been established.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.
-
Citations
37 Claims
-
1. A method for managing secure distribution of content, comprising:
-
generating a series of content encryption keys and providing them serially to a packaging server for encrypting a content item, each content encryption key provided upon expiration of a period of use of a serially preceding content encryption key, the packaging server generating packaged content for delivery to client devices via a content delivery network, the packaged content including or accompanied by key expiration information usable by the client devices to identify transitions between sections of the packaged content encrypted by different ones of the content encryption keys; and providing the content encryption keys to a license server for delivery to the client devices for use in decrypting the content item, the license server being operative to establish that a requesting client device is authorized to access the content item, the license server being further operative to securely deliver the content encryption keys to a requesting client device whose authorization to access the content item has been established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computerized device operable as a workflow manager for managing secure distribution of content, comprising:
-
memory operative to store computer program instructions; one or more processors; input/output interface circuitry; and interconnect circuitry coupling the memory, processors and input/output interface circuitry together, wherein the processors are operative to execute the computer program instructions from the memory to cause the computerized device to; generate a series of content encryption keys and providing them serially to a packaging server for encrypting a content item, each content encryption key provided upon expiration of a period of use of a serially preceding content encryption key, the packaging server generating packaged content for delivery to client devices via a content delivery network, the packaged content including or accompanied by key expiration information usable by the client devices to identify transitions between sections of the packaged content encrypted by different ones of the content encryption keys; and provide the content encryption keys to a license server for delivery to the client devices for use in decrypting the content item, the license server being operative to establish that a requesting client device is authorized to access the content item, the license server being further operative to securely deliver the content encryption keys to a requesting client device whose authorization to access the content item has been established.
-
-
26. A method for packaging content for secure distribution, comprising:
-
receiving a series of content encryption keys and using them to encrypt a content item, each content encryption key provided upon expiration of a period of use of a serially preceding content encryption key, the content encryption keys being provided separately to a license server for delivery to client devices for use in decrypting the content item, the license server being operative to establish that a requesting client device is authorized to access the content item, the license server being further operative to securely deliver the content encryption keys to a requesting client device whose authorization to access the content item has been established; and generating packaged content and providing it to a content delivery network for delivery to the client devices, the packaged content including the content item as encrypted and being accompanied by key expiration information usable by the client devices to identify transitions between sections of the packaged content encrypted by different ones of the content encryption keys. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computerized device operable as a packaging server for packaging content for secure distribution, comprising:
-
memory operative to store computer program instructions; one or more processors; input/output interface circuitry; and interconnect circuitry coupling the memory, processors and input/output interface circuitry together, wherein the processors are operative to execute the computer program instructions from the memory to cause the computerized device to; receive a series of content encryption keys and using them to encrypt a content item, each content encryption key provided upon expiration of a period of use of a serially preceding content encryption key, the content encryption keys being provided separately to a license server for delivery to client devices for use in decrypting the content item, the license server being operative to establish that a requesting client device is authorized to access the content item, the license server being further operative to securely deliver the content encryption keys to a requesting client device whose authorization to access the content item has been established; and generate packaged content and providing it to a content delivery network for delivery to the client devices, the packaged content including the content item as encrypted and being accompanied by key expiration information usable by the client devices to identify transitions between sections of the packaged content encrypted by different ones of the content encryption keys.
-
Specification