Method and apparatus for networked information dissemination through secure transcoding

US 6,963,972 B1
Filed: 09/26/2000
Issued: 11/08/2005
Est. Priority Date: 09/26/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for securely transcoding data from a content provider for use by a client device, comprising the steps of:

generating a plurality of data components at the content provider, the components being a decomposition of the data;

encrypting each of the data components;

transmitting the encrypted data components from the content provider to a transcoding proxy;

transcoding, at the proxy, the encrypted data components;

selectively manipulating the transcoded encrypted data components; and

transmitting the manipulated transcoded data components generated by the transcoding proxy to the client device;

wherein the steps of transcoding and manipulating the encrypted data components are performed without a need for first decrypting the encrypted data components.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system enables network intermediaries such as proxies to transcode multimedia data without violating end-to-end security guarantees. In one embodiment, a content provider decomposes a data stream into a plurality of components, each of which are independently encrypted. In a preferred embodiment, an intermediary or proxy performs transcoding of the components by prioritizing and dropping predetermined components, in accordance with unencrypted clear-text metadata associated with each component, without the need for decrypting the components. Clear-text metadata preferably provides a semantic understanding of the absolute or relative importance/priority of the components with respect to each other, thereby facilitating the transcoding process. The destination/client device can subsequently decrypt the components transmitted by the transcoding proxy and reassemble them into a representation of the original data content.

123 Citations

28 Claims

1. A method for securely transcoding data from a content provider for use by a client device, comprising the steps of:
- generating a plurality of data components at the content provider, the components being a decomposition of the data;
  
  encrypting each of the data components;
  
  transmitting the encrypted data components from the content provider to a transcoding proxy;
  
  transcoding, at the proxy, the encrypted data components;
  
  selectively manipulating the transcoded encrypted data components; and
  
  transmitting the manipulated transcoded data components generated by the transcoding proxy to the client device;
  
  wherein the steps of transcoding and manipulating the encrypted data components are performed without a need for first decrypting the encrypted data components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein the data is a multimedia object.
  - 3. The method of claim 2, wherein the multimedia object is selected from the group consisting of a text page, an image, audio, video, relational data, an XML document, and a hybrid object, the hybrid object being a combination of multimedia objects.
  - 4. The method of claim 1, wherein the step of transmitting the encrypted data components to the transcoding proxy further comprises the steps of:
    - assembling, at the content provider, at least one message, the message including at least one encrypted component portion; and
      
      transmitting the at least one message to the transcoding proxy.
  - 5. The method of claim 4, further comprising the step of extracting, at the transcoding proxy, the at least one encrypted component portion from the at least one message received by the transcoding proxy.
  - 6. The method of claim 1, wherein the step of selectively manipulating the transcoded data components at the proxy further comprises the step of filtering the transcoded components by dropping at least one of the encrypted data components.
  - 7. The method of claim 1, wherein the step of selectively manipulating the transcoded data components at the proxy further comprises the step of filtering the transcoded components by substituting alternative data for at least one of the encrypted data components.
  - 8. The method of claim 1, wherein the step of transmitting the manipulated transcoded data components to the client device further comprises the steps of:
    - assembling, at the transcoding proxy, at least one message including at least one manipulated component portion; and
      
      transmitting the at least one message to the client device.
  - 9. The method of claim 8, further comprising the steps of:
    - extracting, at the client device, the at least one manipulated component portion from the at least one message received by the client device;
      
      decrypting the at least one manipulated component portion; and
      
      reassembling a transcoded representation of the data from the at least one decrypted component portion.
  - 10. The method of claim 1, further comprising the step of annotating at least one of the data components with metadata, the metadata providing a semantic understanding of the data components.
  - 11. The method of claim 10, wherein the annotating step comprises creating a non-encrypted clear-text metadata header.
  - 12. The method of claim 11, wherein the clear-text metadata header includes at least one label that uniquely identifies a data component.
  - 13. The method of claim 11, wherein the clear-text metadata header includes information describing a priority associated with at least one data component.
  - 14. The method of claim 11, further comprising the steps of:
    - assembling at least one message combining the clear-text metadata header and at least one encrypted data component; and
      
      transmitting the at least one assembled message to the transcoding proxy.
  - 15. The method of claim 14, further comprising the steps of:
    - disassembling, at the transcoding proxy, the at least one assembled message to extract the clear-text metadata header and the at least one encrypted data component from the message; and
      
      selectively manipulating the at least one encrypted data component in accordance with metadata information obtained from the at least one clear-text metadata header.
  - 16. The method of claim 15, further comprising the steps of:
    - assembling, at the transcoding proxy, at least one transcoded message combining the clear-text metadata header and the at least one manipulated encrypted data component; and
      
      transmitting the at least one transcoded message to the client device.
  - 17. The method of claim 16, further comprising the steps of:
    - disassembling the at least one transcoded message received by the client device to extract the clear-text metadata header and the at least one manipulated encrypted data component;
      
      decrypting the at least one manipulated data component; and
      
      reassembling a transcoded representation of the data from the at least one decrypted manipulated data component.
  - 18. The method of claim 11, further comprising the steps of:
    - creating a second version of the clear-text metadata header; and
      
      encrypting the second version of the clear-text metadata header.
  - 19. The method of claim 18, further comprising the steps of:
    - assembling at least one message comprising the clear-text metadata header, the encrypted second version of the clear-text metadata header and at least one encrypted data component; and
      
      transmitting the at least one assembled message to the transcoding proxy.
  - 20. The method of claim 19, further comprising the steps of:
    - disassembling the at least one assembled message received by the client device to extract the clear-text metadata header, the encrypted second version of the clear-text metadata header and at least one manipulated encrypted data component;
      
      decrypting the encrypted second version of the clear-text metadata header;
      
      decrypting the at least one manipulated encrypted data component; and
      
      reassembling a transcoded representation of the data from the at least one decrypted manipulated data component.
  - 21. The method of claim 20, further comprising the step of comparing the decrypted second version of the clear-text metadata header received by the client device to the clear-text metadata header to detect tampering with the clear-text metadata header.
  - 22. The method of claim 20, further comprising the step of comparing information included in the decrypted second version of the clear-text metadata header to the at least one manipulated decrypted data component to detect tampering with the at least one manipulated decrypted data component.
  - 23. The method of claim 1, further comprising the step of compressing at least one data component prior to encryption of the component.
  - 24. The method of claim 23, further comprising the step of decompressing, at the client device, the at least one data component subsequent to decryption of the component.
  - 25. The method of claim 1, wherein the step of generating the data components comprises decomposing the data into a plurality of mutually exclusive components corresponding to a non-overlapping partitioning of the data.

26. A system for securely transcoding multimedia data comprising:
- at least one content provider, the content provider generating a plurality of components from said multimedia data and encrypting each of the plurality of components;
  
  at least one transcoding proxy operatively connected to the at least one content provider, the transcoding proxy receiving at least one encrypted component from said content provider and selectively manipulating the at least one encrypted component; and
  
  at least one client device operatively connected to the at least one transcoding proxy, the at least one client device receiving and decrypting the at least one manipulated encrypted component, and reassembling a transcoded version of the multimedia data from the at least one manipulated decrypted component;
  
  wherein the at least one transcoding proxy is operative to selectively manipulate the at least one encrypted component without a need for first decrypting the at least one encrypted component.
- View Dependent Claims (27)
- - 27. The system of claim 26, whereby the transcoding proxy selectively manipulates the at least one encrypted component in accordance with priority information associated with each of the components, the priority information describing at least one of an absolute importance of a corresponding component and a relative importance of a corresponding component with respect to another component.

28. An apparatus for securely transcoding multimedia data for use by a client device, the apparatus comprising:
- at least one transcoding proxy connecting to at least one content provider, the content provider generating a plurality of components from the multimedia data and encrypting each of the plurality of components, the at least one transcoding proxy receiving at least one encrypted component from the content provider and being operative;
  
  (i) to transcode the at least one encrypted component; and
  
  (ii) to selectively manipulate the at least one transcoded encrypted component, the transcoding and manipulating of the at least one encrypted component being performed without a need for first decrypting the at least one encrypted component;
  
  wherein the at least one transcoding proxy is operative to transmit the at least one manipulated transcoded component to the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Zitiao Network Technology Company Limited (ByteDance Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Han, Richard Yeh-whei, Chang, Yuan-Chi, Smith, John R., Li, Chung-Sheng
Primary Examiner(s)
Zand, Kambiz

Application Number

US09/670,295
Time in Patent Office

1,869 Days
Field of Search

713/153, 713/151, 713/152, 713/200, 713/201
US Class Current

713/153
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/12   Applying verification of th...

H04L 65/103   in the network

H04L 65/104   in the network

H04L 65/1101   Session protocols

H04N 19/40   using video transcoding, i....

H04N 21/222   Secondary servers, e.g. pro...

H04N 21/234309   by transcoding between form...

H04N 21/2347   involving video stream encr...

H04N 21/2351   involving encryption of add...

H04N 21/84   Generation or processing of...

H04N 7/1675   Providing digital key or au...

Method and apparatus for networked information dissemination through secure transcoding

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for networked information dissemination through secure transcoding

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links