Methods and apparatus for key delivery in HTTP live streaming

US 8,983,076 B2
Filed: 12/22/2011
Issued: 03/17/2015
Est. Priority Date: 12/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

performing, by an application implemented on a device configured according to an operating system (OS) platform;

obtaining a manifest file that;

indicates content to be streamed to the device from a content server according to a live streaming protocol supported by the OS platform,includes a Uniform Resource Locator (URL) for a sessionless service, andincludes a parameter in the URL having an encrypted key for the indicated content; and

providing the manifest file to an OS platform module on the device to initiate operations by the OS platform module to;

communicate with the sessionless service using the URL including providing the encrypted key to the sessionless service via the parameter in the URL having the encrypted key to cause the sessionless service to perform operations including decrypting the encrypted key and returning the decrypted key to the OS platform module;

obtain the decrypted key that is returned from the sessionless service; and

decrypt encrypted content streamed to the device from the content server according to the decrypted key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key delivery mechanism that delivers keys to an OS platform (e.g., iOS platform) devices for decrypting encrypted HTTP live streaming data. An HTTPS URL for a stateless HTTPS service is included in the manifest for an encrypted HTTP live stream obtained by an application (e.g., a browser) on an OS platform device. The URL includes an encrypted key, for example as a query parameter value. The application passes the manifest to the OS. The OS contacts the HTTPS service to obtain the key using the URL indicated in the manifest. Since the encrypted key is a parameter of the URL, the encrypted key is provided to the HTTPS service along with information identifying the content. The HTTPS service decrypts the encrypted key and returns the decrypted key to the OS over HTTPS, thus eliminating the need for a database lookup at the HTTPS service.

20 Citations

View as Search Results

21 Claims

1. A method, comprising:
- performing, by an application implemented on a device configured according to an operating system (OS) platform;
  
  obtaining a manifest file that;
  
  indicates content to be streamed to the device from a content server according to a live streaming protocol supported by the OS platform,includes a Uniform Resource Locator (URL) for a sessionless service, andincludes a parameter in the URL having an encrypted key for the indicated content; and
  
  providing the manifest file to an OS platform module on the device to initiate operations by the OS platform module to;
  
  communicate with the sessionless service using the URL including providing the encrypted key to the sessionless service via the parameter in the URL having the encrypted key to cause the sessionless service to perform operations including decrypting the encrypted key and returning the decrypted key to the OS platform module;
  
  obtain the decrypted key that is returned from the sessionless service; and
  
  decrypt encrypted content streamed to the device from the content server according to the decrypted key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein the live streaming protocol is HLS (HTTP (Hypertext Transfer Protocol) live streaming) protocol.
  - 3. The method as recited in claim 1, wherein the sessionless service is a remote HTTPS (Hypertext Transfer Protocol Secure) service.
  - 4. The method as recited in claim 3, wherein the remote HTTPS service is a stateless remote HTTPS service.
  - 5. The method as recited in claim 1, wherein the sessionless service returns the decrypted key to the OS platform module according to HTTPS (Hypertext Transfer Protocol Secure).
  - 6. The method as recited in claim 1, wherein the manifest file is obtained from the content server, wherein the content server encrypts the key, includes the encrypted key in the URL for the sessionless service, and includes the URL for the sessionless service in the manifest file.
  - 7. The method as recited in claim 1, wherein the encrypted key is decrypted according to a private key of the sessionless service or according to a shared symmetric key.
  - 8. The method as recited in claim 1, wherein the OS platform module is a media player module.

9. A device, comprising:
- at least one processor; and
  
  a memory comprising program instructions, wherein the program instructions are executable by the at least one processor to implement an operating system (OS) platform module and an application to perform operations including;
  
  obtaining a manifest file that;
  
  indicates content to be streamed to the device from a content server according to a live streaming protocol supported by the OS platform module,includes a Uniform Resource Locator (URL) for a sessionless service that does not perform key look-ups, andincludes a parameter in the URL having an encrypted key for the indicated content; and
  
  providing the manifest file to the OS platform module on the device to cause the OS platform module to;
  
  contact the sessionless service using the URL including providing the encrypted key to the sessionless service via the parameter in the URL having the encrypted key, wherein, responsive to the contact, the sessionless service decrypts the encrypted key in lieu of performing a look-up for the encrypted key and returns the decrypted key to the OS platform module; and
  
  decrypt encrypted content streamed to the device from the content server according to the decrypted key obtained from the sessionless service.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The device as recited in claim 9, wherein the live streaming protocol is HLS (HTTP (Hypertext Transfer Protocol) live streaming) protocol.
  - 11. The device as recited in claim 9, wherein the sessionless service is a remote HTTPS (Hypertext Transfer Protocol Secure) service that does not maintain a database of keys for key delivery.
  - 12. The device as recited in claim 9, wherein the sessionless service returns the decrypted key to the OS platform module according to HTTPS (Hypertext Transfer Protocol Secure).
  - 13. The device as recited in claim 9, wherein the application is further implemented to perform operations to obtain the manifest file from the content server, wherein the content server encrypts the key, includes the encrypted key in the URL for the sessionless service, and includes the URL for the sessionless service in the manifest file.
  - 14. The device as recited in claim 9, wherein the encrypted key is decrypted according to a private key of the sessionless service or according to a shared symmetric key.

15. A computer-readable storage medium which is not a signal per se, storing program instructions, wherein the program instructions are computer-executable to implement an application on a device configured according to an operating system (OS) platform, wherein the application is operable to:
- obtain a manifest file that;
  
  indicates content to be streamed to the device from a content server according to a live streaming protocol supported by the OS platform,includes a Uniform Resource Locator (URL) for a sessionless service, andincludes a parameter in the URL having an encrypted key for the indicated content; and
  
  provide the manifest file for receipt by an OS platform module on the device;
  
  wherein;
  
  responsive to receipt of the manifest file, the OS platform module contacts the sessionless service using the URL including providing the encrypted key to the sessionless service via the parameter in the URL having the encrypted key;
  
  responsive to being contacted by the OS platform module, the sessionless service decrypts the encrypted key and returns the decrypted key to the OS platform module; and
  
  responsive to receiving the decrypted key returned by the sessionless service, the OS platform module decrypts encrypted content streamed to the device from the content server according to the decrypted key.
- View Dependent Claims (16, 17)
- - 16. The computer-readable storage medium as recited in claim 15, wherein the live streaming protocol is HLS (HTTP (Hypertext Transfer Protocol) live streaming) protocol.
  - 17. The computer-readable storage medium as recited in claim 15, wherein the sessionless service is a stateless remote HTTPS (Hypertext Transfer Protocol Secure) service.

18. A computer-readable storage medium, which is not a signal per se, storing program instructions, wherein the program instructions are computer-executable to implement a sessionless service on a server device to perform operations comprising:
- publishing a Uniform Resource Locator (URL) for the sessionless service;
  
  receiving a contact from an operating system (OS) platform module on a client device using the URL including a parameter in the URL having an encrypted key for content to be streamed to the client device from a content server according to a live streaming protocol;
  
  without performing a look-up for the encrypted key from storage associated with the sessionless service, extracting the encrypted key that is included in the parameter in the URL and decrypting the encrypted key; and
  
  returning the decrypted key to the OS platform module on the client device.
- View Dependent Claims (19, 20, 21)
- - 19. The computer-readable storage medium as recited in claim 18, wherein the live streaming protocol is HLS (HTTP (Hypertext Transfer Protocol) live streaming) protocol.
  - 20. The computer-readable storage medium as recited in claim 18, wherein the sessionless service is a stateless remote HTTPS (Hypertext Transfer Protocol Secure) service.
  - 21. The computer-readable storage medium as recited in claim 18, wherein the encrypted key is decrypted according to a private key of the sessionless service or according to a shared symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Swaminathan, Viswanathan, Kishore, Kelly Yoshikazu, Manapragada, Srinivas R
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US13/335,675
Publication Number

US 20130163758A1
Time in Patent Office

1,181 Days
Field of Search

380/259, 380/277, 380/278, 713/150, 713/168, 713/171, 726/2, 726/3, 726/26, 726/27, 709/217, 709/227
US Class Current

380/278
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/168   above the transport layer

H04L 9/08   Key distribution or managem...

H04L 9/0819   Key transport or distributi...

Methods and apparatus for key delivery in HTTP live streaming

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for key delivery in HTTP live streaming

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links