METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY

US 20140237243A1
Filed: 04/30/2014
Published: 08/21/2014
Est. Priority Date: 06/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method for handling secure distribution of content comprising:

initiating a media playback request and receiving a playback request response;

parsing content information from the playback request response, the content information including content encryption keys, content encryption key identifiers, and content encryption key expiration times;

retrieving content and manifest files from a content delivery server;

detecting content encryption key rotation boundaries between periods of use of different content encryption keys in decrypting retrieved content;

issuing requests to a license server ahead of a key rotation boundary to retrieve a second content encryption key to be used after a content encryption key rotation boundary is reached; and

applying the second key for content decryption after the key rotation boundary is reached.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

41 Citations

View as Search Results

20 Claims

1. A method for handling secure distribution of content comprising:
- initiating a media playback request and receiving a playback request response;
  
  parsing content information from the playback request response, the content information including content encryption keys, content encryption key identifiers, and content encryption key expiration times;
  
  retrieving content and manifest files from a content delivery server;
  
  detecting content encryption key rotation boundaries between periods of use of different content encryption keys in decrypting retrieved content;
  
  issuing requests to a license server ahead of a key rotation boundary to retrieve a second content encryption key to be used after a content encryption key rotation boundary is reached; and
  
  applying the second key for content decryption after the key rotation boundary is reached.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the content encryption keys and content encryption key identifiers returned in the playback request response include the content encryption key and associated identifier currently being applied as well as a future content encryption key and associated identifier yet to be applied.
  - 3. The method of claim 1, wherein the content encryption key expiration returned in the playback request response is expressed as an expected minimum interval between periodic key rotation.
  - 4. The method of claim 3, further comprising:
    - timing the prefetching of a next un-retrieved content encryption key based on an expected expiration of the content encryption key currently being used.
  - 5. The method of claim 4, further comprising:
    - prefetching a next un-retrieved key a fixed duration before the expected expiration of the content encryption key currently being used.
  - 6. The method of claim 4, further comprising:
    - prefetching a next un-retrieved key within a period of time after the expected expiration of the content encryption key currently being applied, the period of time beginning at the expected expiration of the content encryption key currently being used, and ending at a duration calculated as a fixed percentage of a fixed periodic content encryption key expiration interval.
  - 7. The method of claim 1, wherein subsequent content encryption key identifiers are predictable based on a predetermined known progression.
  - 8. The method of claim 7, further comprising:
    - the identifier being calculated as monotonically increasing sequential integer values based on the number of segments or video frames generated during a fixed periodic content encryption key expiration interval.
  - 9. The method of claim 7, further comprising:
    - the identifier being calculated as an expected wall clock time for applying the next content encryption key based on a fixed periodic content encryption key expiration interval.
  - 10. The method of claim 1, wherein license server communications are secured and authenticated using a selected one of Secure Sockets Layer and a token-based technique using a token encrypted with a symmetric key.
  - 11. The method of claim 10, wherein the token-based technique employs white box encryption to encrypt the token.
  - 12. The method of claim 1, wherein actual content encryption key rotation boundaries are detected based on real-time in-band notifications.
  - 13. The method of claim 12, wherein content encryption key rotation boundaries are detected based on notifications in an unencrypted header portion of the encrypted content files.
  - 14. The method of claim 12, wherein content encryption key rotation boundaries are detected based on notifications present in the content manifest file, the content manifest file being selected from an m3u8 file, an IIS Smooth Streaming manifest file, a DASH MPD file and a proprietary manifest file.
  - 15. The method of claim 12, wherein content encryption key rotation boundaries are detected based on a notification embedded in the file name of the encrypted content file.

16. A computerized device operable as a client for handling secure distribution of content, comprising:
- memory operative to store computer program instructions;
  
  one or more processors;
  
  input/output interface circuitry; and
  
  interconnect circuitry coupling the memory, processors and input/output interface circuitry together,wherein the processors are operative to execute the computer program instructions from the memory to cause the computerized device to;
  
  initiate a media playback request and receive a playback request response;
  
  parse content information from the playback request response, the content information including content encryption keys, content encryption key identifiers, and content encryption key expiration times;
  
  retrieve content and manifest files from a content delivery server;
  
  detect content encryption key rotation boundaries between periods of use of different content encryption keys in decrypting retrieved content;
  
  issue requests to a license server ahead of a key rotation boundary to retrieve a second content encryption key to be used after a content encryption key rotation boundary is reached; and
  
  apply the second key for content decryption after the key rotation boundary is reached.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computerized device of claim 16, wherein the content encryption keys and content encryption key identifiers returned in the playback request response include the content encryption key and associated identifier currently being applied as well as a future content encryption key and associated identifier yet to be applied.
  - 18. The computerized device of claim 17, wherein the computer program instructions further cause the computerized device to time the prefetching of a next un-retrieved content encryption key based on an expected expiration of the content encryption key currently being used.
  - 19. The computerized device of claim 16, wherein subsequent content encryption key identifiers are predictable based on a predetermined known progression.
  - 20. The computerized device of claim 16, wherein actual content encryption key rotation boundaries are detected based on real-time in-band notifications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson AB (Telefonaktiebolaget LM Ericsson)
Original Assignee
Azuki Systems, Inc (Telefonaktiebolaget LM Ericsson)
Inventors
Ma, Kevin J., Hickey, Robert, Tweedale, Paul

Granted Patent

US 9,313,178 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G11B 27/10   Indexing; Addressing; Timin...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 9/0819   Key transport or distributi...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04N 21/2347   involving video stream encr...

H04N 21/2387   Stream processing in respon...

H04N 21/2393   involving handling client r...

H04N 21/2541   Rights Management protectin...

H04N 21/42623   involving specific decrypti...

H04N 21/4627   Rights management associate...

H04N 21/63345   by transmitting keys key di...

H04N 21/8456   by decomposing the content ...

METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links