Method and system for unified mobile content protection

US 9,858,396 B2
Filed: 12/08/2014
Issued: 01/02/2018
Est. Priority Date: 08/14/2009
Status: Active Grant

First Claim

Patent Images

1. A method for secure over-the-top delivery of content to client devices, comprising:

ingesting content in the form of media item files containing respective distinct user-selected media items, each user-selected media item being a media title specifically requested for playback by requesting users of respective client devices, the ingesting including receiving the media item files from a content publisher and performing media preparation for each media item file, including;

(i) transcoding the user-selected media item contained in the media item file to a plurality of transcoded media items of respective distinct media encoding formats,(ii) segmenting each transcoded media item into a respective plurality of fixed-size segments for segment-based delivery of the transcoded media item to the client devices;

(iii) obtaining a media-item-specific media encryption key for the specifically requested user-selected media item from a digital rights management server and encrypting each segment of each of the transcoded media items using the media encryption key and a respective encryption cipher for the specifically requested user-selected media item, the encrypting producing respective encrypted segments, and(iv) publishing a plurality of distinct transcoded media item files to a content delivery network from which the client devices retrieve the transcoded media item files, each transcoded media item file including the encrypted segments for the respective transcoded media item; and

in response to respective requests for playback of a user-selected media item by the requesting users of the client devices, delivering respective client-device-specific rights objects to the client devices wherein a client-device-specific rights object is formed responsive to a device identifier, a media identifier of the user-selected media item and a user identifier of the requesting user, each rights object containing the media-item-specific media encryption key for the user-selected media item and an identification of the encryption cipher for the user-selected media item, each rights object being securely delivered to the respective requesting client device in a respective client-device-specific manner to be usable by only the respective requesting client device in decrypting a respective transcoded media item file retrieved from the content delivery network,and further wherein each requesting client device engages in a respective device registration process including sending device and user identification information encrypted with a respective secret domain key built-in to the client device and establishing a device-specific secure channel as well as a device-specific rights encryption key, the device-specific rights encryption key being shared with the client device and generated using the device information and the respective domain key, each requesting client device sending a media rights request that is encrypted with the respective domain key and generated relative to requesting playback of the user-selected media item.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control.

Citations

20 Claims

1. A method for secure over-the-top delivery of content to client devices, comprising:
- ingesting content in the form of media item files containing respective distinct user-selected media items, each user-selected media item being a media title specifically requested for playback by requesting users of respective client devices, the ingesting including receiving the media item files from a content publisher and performing media preparation for each media item file, including;
  
  (i) transcoding the user-selected media item contained in the media item file to a plurality of transcoded media items of respective distinct media encoding formats,(ii) segmenting each transcoded media item into a respective plurality of fixed-size segments for segment-based delivery of the transcoded media item to the client devices;
  
  (iii) obtaining a media-item-specific media encryption key for the specifically requested user-selected media item from a digital rights management server and encrypting each segment of each of the transcoded media items using the media encryption key and a respective encryption cipher for the specifically requested user-selected media item, the encrypting producing respective encrypted segments, and(iv) publishing a plurality of distinct transcoded media item files to a content delivery network from which the client devices retrieve the transcoded media item files, each transcoded media item file including the encrypted segments for the respective transcoded media item; and
  
  in response to respective requests for playback of a user-selected media item by the requesting users of the client devices, delivering respective client-device-specific rights objects to the client devices wherein a client-device-specific rights object is formed responsive to a device identifier, a media identifier of the user-selected media item and a user identifier of the requesting user, each rights object containing the media-item-specific media encryption key for the user-selected media item and an identification of the encryption cipher for the user-selected media item, each rights object being securely delivered to the respective requesting client device in a respective client-device-specific manner to be usable by only the respective requesting client device in decrypting a respective transcoded media item file retrieved from the content delivery network,and further wherein each requesting client device engages in a respective device registration process including sending device and user identification information encrypted with a respective secret domain key built-in to the client device and establishing a device-specific secure channel as well as a device-specific rights encryption key, the device-specific rights encryption key being shared with the client device and generated using the device information and the respective domain key, each requesting client device sending a media rights request that is encrypted with the respective domain key and generated relative to requesting playback of the user-selected media item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the user-selected media items are respective distinct complete movies.
  - 3. The method according to claim 1, wherein the encryption cipher is one of a plurality of distinct encryption ciphers, and wherein encrypting each segment of a user-selected media item includes identifying the one encryption cipher as distinct from others of the encryption ciphers for use in encrypting the segments of the respective user-selected media item.
  - 4. The method according to claim 3, further including maintaining respective distinct media preparation profiles for the user-selected media items, the media preparation profiles including respective media-item-specific identifications of respective ones of the encryption ciphers to be used in encrypting the segments of the respective user-selected media items.
  - 5. The method according to claim 4, wherein the encryption ciphers include one or more stream ciphers for which a key length is also per-media-item configurable, and wherein the media preparation profiles include respective distinct key length values for different key lengths to be used in the encrypting of the respective user-selected media items.
  - 6. The method according to claim 1, wherein each rights object is securely delivered to the respective requesting client device by encrypting the rights object with a respective client-device-specific rights encryption key.
  - 7. The method according to claim 1, wherein encrypting the segments includes performing an encryption operation using a key of a certain length combined with data of protected content, the encryption operation including:
    - randomly generating the media encryption keys on a per-media-item basis at the time of the ingesting of the respective media item files;
      
      establishing distinct initialization vectors for the segments as respective sequence numbers of the segments; and
      
      performing an encryption algorithm on each segment using the respective initialization vector, the encryption algorithm including cipher block chaining within each segment and not spanning multiple segments.
  - 8. The method according to claim 1, wherein the ingesting of the media item files includes receiving the media item files from the content publisher using a secure file transfer method.
  - 9. The method according to claim 1, wherein the requests are media rights requests each including an identifier of a respective requesting client device, an identifier of a respective user-selected media item being requested, and a respective current play count maintained at the requesting client device for the user-selected media item being requested.
  - 10. The method according to claim 1, wherein each delivered rights object is accompanied by a (i) pointer to a respective transcoded media file in the content delivery network, and (ii) an identifier of the encryption cipher used to encrypt the transcoded media file.

11. A computer system including one or more computers coupled together and executing respective computer program instructions causing the computers to co-operatively provide secure over-the-top delivery of content to client devices by:
- ingesting content in the form of media item files containing respective distinct user-selected media items, each user-selected media item being a media title specifically requested for playback by requesting users of respective client devices, the ingesting including receiving the media item files from a content publisher and performing media preparation for each media item file, including;
  
  (i) transcoding the user-selected media item contained in the media item file to a plurality of transcoded media items of respective distinct media encoding formats,(ii) segmenting each transcoded media item into a respective plurality of fixed-size segments for segment-based delivery of the transcoded media item to the client devices;
  
  (iii) obtaining a media-item-specific media encryption key for the specifically requested user-selected media item from a digital rights management server and encrypting each segment of each of the transcoded media items using the media encryption key and a respective encryption cipher for the specifically requested user-selected media item, the encrypting producing respective encrypted segments, and(iv) publishing a plurality of distinct transcoded media item files to a content delivery network from which the client devices retrieve the transcoded media item files, each transcoded media item file including the encrypted segments for the respective transcoded media item; and
  
  in response to respective requests for playback of a user-selected media item by the requesting users of the client devices, delivering respective client-device-specific rights objects to the client devices wherein a client-device-specific rights object is formed responsive to a device identifier, a media identifier of the user-selected media item and a user identifier of the requesting user, each rights object containing the media-item-specific media encryption key for the user-selected media item and an identification of the encryption cipher for the user-selected media item, each rights object being securely delivered to the respective requesting client device in a respective client-device-specific manner to be usable by only the respective requesting client device in decrypting a respective transcoded media item file retrieved from the content delivery network,and further wherein each requesting client device engages in a respective device registration process including sending device and user identification information encrypted with a respective secret domain key built-in to the client device and establishing a device-specific secure channel as well as a device-specific rights encryption key, the device-specific rights encryption key being shared with the client device and generated using the device information and the respective domain key, each requesting client device sending a media rights request that is encrypted with the respective domain key and generated relative to requesting playback of the user-selected media item.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system according to claim 11, wherein the user-selected media items are respective distinct complete movies.
  - 13. The computer system according to claim 11, wherein the encryption cipher is one of a plurality of distinct encryption ciphers, and wherein encrypting each segment of a user-selected media item includes identifying the one encryption cipher as distinct from others of the encryption ciphers for use in encrypting the segments of the respective user-selected media item.
  - 14. The computer system according to claim 13, wherein the secure delivery of content further includes maintaining respective distinct media preparation profiles for the user-selected media items, the media preparation profiles including respective media-item-specific identifications of respective ones of the encryption ciphers to be used in encrypting the segments of the respective user-selected media items.
  - 15. The computer system according to claim 14, wherein the encryption ciphers include one or more stream ciphers for which a key length is also per-media-item configurable, and wherein the media preparation profiles include respective distinct key length values for different key lengths to be used in the encrypting of the respective user-selected media items.
  - 16. The computer system according to claim 11, wherein each rights object is securely delivered to the respective requesting client device by encrypting the rights object with a respective client-device-specific rights encryption key.
  - 17. The computer system according to claim 11, wherein encrypting the segments includes performing an encryption operation using a key of a certain length combined with data of protected content, the encryption operation including:
    - randomly generating the media encryption keys on a per-media-item basis at the time of the ingesting of the respective media item files;
      
      establishing distinct initialization vectors for the segments as respective sequence numbers of the segments; and
      
      performing an encryption algorithm on each segment using the respective initialization vector, the encryption algorithm including cipher block chaining within each segment and not spanning multiple segments.
  - 18. The computer system according to claim 11, wherein the ingesting of the media item files includes receiving the media item files from the content publisher using a secure file transfer method.
  - 19. The computer system according to claim 11, wherein the requests are media rights requests each including an identifier of a respective requesting client device, an identifier of a respective user-selected media item being requested, and a respective current play count maintained at the requesting client device for the user-selected media item being requested.
  - 20. The computer system according to claim 11, wherein each delivered rights object is accompanied by a (i) pointer to a respective transcoded media file in the content delivery network, and (ii) an identifier of the encryption cipher used to encrypt the transcoded media file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson AB (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericsson AB (Telefonaktiebolaget LM Ericsson)
Inventors
Nair, Raj, Mikhailov, Mikhail
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US14/563,642
Publication Number

US 20150095646A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2107   File encryption

G06Q 50/184   Intellectual property manag...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 65/612   for unicast

H04L 67/10   in which an application is ...

H04L 9/0631   Substitution permutation ne...

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0866   involving user or device id...

H04L 9/30   Public key, i.e. encryption...

H04N 21/2347   involving video stream encr...

H04N 21/2351   involving encryption of add...

H04N 21/25816   involving client authentica...

H04N 21/26613   for generating or managing ...

H04N 21/41407   embedded in a portable devi...

H04N 21/42684   Client identification by a ...

H04N 21/4353   involving decryption of add...

H04N 21/4405 : involving video stream decr...

H04N 21/4627 : Rights management associate...

H04N 21/6125 : involving transmission via ...

H04N 21/63345 : by transmitting keys key di...

H04N 21/6582 : Data stored in the client, ...

H04N 21/835 : Generation of protective da...

H04N 21/8456 : by decomposing the content ...

H04N 7/1675 : Providing digital key or au...

H04N 7/17318 : Direct or substantially dir...

View All

Method and system for unified mobile content protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for unified mobile content protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links