Selective and persistent application level encryption for video provided to a client
First Claim
1. A server device for managing content encryption, comprising:
- a transceiver for receiving and sending information between another computing device;
a processor in communication with the transceiver; and
a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of operations, including;
receiving an unencrypted content stream;
buffering a plurality of packets of the unencrypted content stream;
determining for selective encryption at least a portion of the unencrypted content stream based on the plurality of buffered packets;
encrypting the plurality of buffered packets;
encrypting at least the portion of the unencrypted content stream, while leaving at least another portion of the unencrypted content stream unencrypted based on a selection rule that leaves at least trick play data comprising a Program Association Table in the content stream unencrypted;
if a Program Map Table header is determined to be present in a portion of the unencrypted content stream, modifying at least that portion of the unencrypted content stream by at least inserting further information into the Program Map Table; and
inserting an Entitlement Control Message (ECM) within the encrypted content stream, and wherein the ECM includes at least two encryption keys, wherein at least one encryption key is associated with a first cryptoperiod and at least a second encryption key is associated with a second cryptoperiod.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, and method are directed towards allowing ingestion of encrypted content into such as a VOD server, or PVR, or the like by selectively encrypting portions of a content stream based on various selection rules. In one embodiment, the selection rules include leaving selected portions of the content stream unencrypted, including packets that include a PES header; or video packets that include various trick play data such as picture start, GOP start, sequence start, sequence end data; PIDs associated with a PAT, PMT, or the like; while other portions of the content stream may be encrypted, including video and/or audio PIDs, or other video and/or audio portions. In still another embodiment, Entitlement Control Messages (ECMs) may be inserted that employ an encryption/decryption key rotation scheme, such as odd and/or even scrambling control bit structures, which may also be rotated based on a variety of conditions.
-
Citations
22 Claims
-
1. A server device for managing content encryption, comprising:
-
a transceiver for receiving and sending information between another computing device; a processor in communication with the transceiver; and a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of operations, including; receiving an unencrypted content stream; buffering a plurality of packets of the unencrypted content stream; determining for selective encryption at least a portion of the unencrypted content stream based on the plurality of buffered packets; encrypting the plurality of buffered packets; encrypting at least the portion of the unencrypted content stream, while leaving at least another portion of the unencrypted content stream unencrypted based on a selection rule that leaves at least trick play data comprising a Program Association Table in the content stream unencrypted; if a Program Map Table header is determined to be present in a portion of the unencrypted content stream, modifying at least that portion of the unencrypted content stream by at least inserting further information into the Program Map Table; and inserting an Entitlement Control Message (ECM) within the encrypted content stream, and wherein the ECM includes at least two encryption keys, wherein at least one encryption key is associated with a first cryptoperiod and at least a second encryption key is associated with a second cryptoperiod. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for managing content encryption over a network, comprising:
-
a content server that is configured to provide unencrypted content over the network; an encryption server that is configured to receive unencrypted content from the content server, and to perform actions, including; buffering a plurality of packets of the unencrypted content stream; determining for selective encryption at least a portion of the unencrypted content stream based on the plurality of buffered packets; encrypting the plurality of buffered packets; encrypting at least the portion of the unencrypted content, wherein at least another portion of the unencrypted content having trick play data comprising a Program Association Table remains unencrypted; if a Program Map Table header is determined to be present in a portion of the unencrypted content stream, modifying at least that portion of the unencrypted content stream by at least inserting further information into the Program Map Table; and inserting an Entitlement Control Message (ECM) within the encrypted content stream, wherein the ECM includes at least two encryption keys associated with the encrypted portion of the content, and wherein at least one encryption key is associated with a first cryptoperiod and at least a second encryption key is associated with a second cryptoperiod. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of protecting a media content stream over a network, comprising:
-
receiving unencrypted media content stream; buffering a plurality of packets of the unencrypted content stream; determining for selective encryption at least a portion of the unencrypted content stream based on the plurality of buffered packets; encrypting the plurality of buffered packets; encrypting at least the portion of the unencrypted media content stream, while leaving unencrypted each portion of the media content stream having media trick play data comprising a Program Map Table in the media content stream; if a Program Map Table header is determined to be present in a portion of the unencrypted content stream, modifying at least that portion of the unencrypted content stream by at least inserting further information into the Program Map Table; inserting an Entitlement Control Message (ECM) within the encrypted content stream, and wherein the ECM includes at least two encryption keys, wherein at least one encryption key is associated with a first cryptoperiod and at least a second encryption key is associated with a second cryptoperiod; and sending the encrypted media content stream over the network to at least one client device. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium having computer-executable instructions stored thereon for managing content securely, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
-
receiving unencrypted content stream; buffering a plurality of packets of the unencrypted content stream; determining for selective encryption at least a portion of the unencrypted content stream based on the plurality of buffered packets; encrypting the plurality of buffered packets; encrypting at least the portion of the unencrypted content stream, while leaving unencrypted each portion of the content stream having media trick play data comprising a Program Map Table in the media content stream; if a Program Map Table header is determined to be present in a portion of the unencrypted content stream, modifying at least that portion of the unencrypted content stream by at least inserting further information into the Program Map Table; inserting an Entitlement Control Message (ECM) within the encrypted content stream, and wherein the ECM includes at least two encryption keys, wherein at least one encryption key is associated with a first cryptoperiod and at least a second encryption key is associated with a second cryptoperiod; and storing the encrypted content stream. - View Dependent Claims (20, 21, 22)
-
Specification