METHOD AND APPARATUS FOR ENCRYPTING MEDIA STREAM PACKETS EITHER DYNAMICALLY OR STATICALLY BY A PROXY AND A PRE¬ PROCESSOR
The present invention relates to a method defined in the preamble of claim 1.
5 The present invention also relates to an apparatus defined in the preamble of claim 5.
In order to send a media stream, such as video or audio, from a server over a network to a client, it is necessary for the content owner to protect the content from being accessed, re-distributed, manipulated or illegally copied.
10
A commonly used encryption scheme for conditional access in digital satellite and terrestrial broadcasting is Digital Video Broadcasting (DVB-CA). DVB is designed to work in simplex networks. Scrambled media stream content is multiplexed with a key distribution stream. The access decision is distributed to clients connected in the
15 network. Frequent attacks of the system based on reverse engineering and information leaks from insiders have forced the content distributors to refine their protection in steps. The drawback is the difficulties in handling backward comparability when upgrading systems that has been compromised. The relative complexity of distribution content keys in a simplex network and the access processing taking place at the
20 client makes the system very resource (CPU) demanding. The decryption uses a separate processing unit on a smart card, which makes the decryption expensive.
There is, therefore, a need for an improved method and apparatus, which encrypts a media stream sent over a network. 25
One object of the present invention is to provide such an improved method and apparatus, which has configurable requirements on CPU utilisation on both the client and the server, and which is built on open standards.
30 In accordance with the preferred embodiment of the present invention, this object is accomplished by providing a method and apparatus as defined in the characterising parts of the independent claims 1 and 5.
The details of the preferred embodiment of the invention are set forth in the accom- 35 panying drawings and the description below. Other features and advantages of the invention will become apparent from the description, the drawings and the claims.
In the drawings:
Fig 1 is a block diagram of an encryption system
Fig 2 is a flowchart showing the steps performed when the media stream is encrypted.
In a preferred embodiment of the present invention, the media stream is a Moving Picture Experts Group Transport Stream (MPEG-2 TS), which refers to the family of digital video compression standards and file formats developed by this group.
MPEG-2 TS achieves high compression rate by for most of the frames storing only the changes from one frame to another instead of each entire frame. The person skilled in the art understands, however, that the invention is applicable on other media streams as well, such as MPEG-1 Audio Layer-3 (MP3) and MPEG-2 Packet Stream (MPEG-2 PS).
In fig 1 a content protection pre-processor is represented by 1. The pre-processor 1 is connected to a database 6 from which it gets the MPEG-2 TS to process. A server 2 connected to an encryption proxy 3 gets the pre-processed MPEG-2 TS from the database 6. The pre-processor 1 and the encryption proxy 3 are both connected to an encryption scheme 5, from which they get information concerning the encryption. A client 4 communicates with the encryption proxy 3 over a network 1, e.g. Internet. Fig 1 illustrates one example of the architecture of the encryption system. The person skilled in the art understands, however, that any other constellation of the parts in the system is possible.
In order to accomplish a method that has small requirements on CPU utilisation on both the client 4 and the server 2, some TS packets are statically, e.g. on disk, encrypted and some are dynamically, real time, encrypted.
The static encryption can e.g. be done by the content owner before delivering the content to operators, which reduces the risk of "in-house theft" at the operator site.
The pre-processor 1 analyses the MPEG-2 TS and selects the TS packets which are to be statically encrypted, encrypts these and marks at the same time the TS packets which are to be dynamically encrypted. This processing is performed only once per title, e.g. once per film when the media stream is a video stream and once per audio track when the media stream is an audio stream. The encryption proxy 3 encrypts the TS packages marked by the pre-processor 1 for dynamic encryption. The dynamic
encryption is, however, performed once per session. This means that even if the static encryption is cracked, watching e.g. a movie is made impossible by the dynamic encryption.
"Which packets that are to be statically encrypted and which are to be dynamically encrypted is specified in the encryption scheme 5. The encryption scheme 5 contains all necessary information the pre-processor 1 and the encryption proxy 3 need in order to perform the encryption of the media stream. The content owner supplies the information stored in the encryption scheme 5. Typical information in the encryption scheme 5 is what and when to encrypt and what algorithm to use.
The combination of the pre-processor 1 and the encryption proxy 3 makes the inventive system flexible, with full control over what to encrypt and when (static or dynamic). The system can e.g. be optimised for a low CPU usage, high security or low cost etc. The flexibility of the system lead to that different kinds of encryption algorithms may be used, in which all packets, some packets or no packets at all can be encrypted.
Since the pre-processor 1 marks the packets (a sub set of the total number of packets) to encrypt dynamically meaning that not all encryption need to be done in real time, there are small requirements on CPU utilisation on the host running the encryption proxy 3. The requirements on CPU are configurable through the encryption scheme 5.
The server 2 stores the pre-processed MPEG-2 TS and creates indices. In the preferred embodiment of the invention the server 2 is a Video-on-Demand (VoD) server. NoD gives a user the possibility to order a movie or other program content for immediate viewing on e.g. the TN. The client 4, e.g. a Set-Top-Box (STB) client, comprises a web browser allowing the user to choose e.g. a movie. The client 4 then orders the chosen movie from the NoD server 2 via the encryption proxy 3. Since the encryption proxy 3 handles all communication with the client, the inventive system is independent of the server.
The preferred embodiment of the inventive method is based on the MPEG-2 standard for scrambling encryption of TS packet content. The type of encryption used is fully configurable and a matter of agreement between the client 4 and the encryption proxy 3. The client 4 and the encryption proxy 3 negotiate about a set of encryption algorithms to use among multiple encryption algorithms. A two-bit bit field "transport scrambling control" in the TS header is used to indicate which kind of
encryption that is used within the set of encryption algorithms according to the agreement between the client 4 and the encryption proxy 3. Multiple sets of mappings between transport scrambling control values and encryption algorithms may be supported. The client 4 gets the information of which set to use from the (URL) accessed or from the ticket received when ordering the NoD.
The inventive method is applicable on all kinds of decryption key distributions. The client 4 may negotiate with the encryption proxy 3 about what key distribution to use and how many packets which are to be dynamically encrypted by the encryption proxy 3. The client 4 may e.g. request encryption of only a subset of the packets marked for dynamic encryption due to small CPU resources. The encryption proxy 3 can, however, deny such a request for less encryption. The negotiation between the client 4 and the encryption proxy 3 may be encrypted in order to obtain a high security level. Another alternative is to use an encryption algorithm in the encryption scheme 5 that is adapted to certain kinds of clients, e.g. encrypt as few packets as possible (usually around 1/10) in order to reduce the CPU load of the client.
A preferred embodiment of the present invention is shown in fig 2 and the procedure for encrypting an MPEG-2 transport stream is as follows:
1. The pre-processor 1 analyses the MPEG-2 TS 6 and selects the TS packets for static and dynamic encryption according to the information in the encryption scheme 5 (step 21). The packets selected for static encryption are encrypted at once, while the packets selected for dynamic encryption only are marked by the pre-processor 1 ;
2. The server 2 stores the pre-processed TS on its format (step 22). Upon request from the client 4, the stored, partly encrypted, TS is streamed to the encryption proxy 3 (step 23). The request is initiated by e.g. a user choosing a movie from a web page. The client 4 and the encryption proxy 3 negotiate about which encryption set to use, before the TS is streamed to the encryption proxy 3;
3. The encryption proxy 3 encrypts the TS packets marked for dynamic encryption by the pre-processor 1, which, however, may be modified according to the negotiation between the client 4 and the encryption proxy 3 (step 24). The encryption proxy 3 then streams the encrypted TS on to the client 4 over the network 7 (step 25);
4. The client 4 decrypts all encrypted packets (step 26).