WO2006051043A1 - Method for securely binding content protection information to a content and method for verifying this binding - Google Patents

Method for securely binding content protection information to a content and method for verifying this binding Download PDF

Info

Publication number
WO2006051043A1
WO2006051043A1 PCT/EP2005/055613 EP2005055613W WO2006051043A1 WO 2006051043 A1 WO2006051043 A1 WO 2006051043A1 EP 2005055613 W EP2005055613 W EP 2005055613W WO 2006051043 A1 WO2006051043 A1 WO 2006051043A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
cpi
watermark value
key
verifying
Prior art date
Application number
PCT/EP2005/055613
Other languages
French (fr)
Inventor
Alain Durand
Yan-Mei Tang-Talpin
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Publication of WO2006051043A1 publication Critical patent/WO2006051043A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present invention relates to the field of content protection and more particularly to a method for securely binding content protection information to a content to which this information relates and a method for verifying this binding.
  • the usage rules indicate the usage permission (e.g. accessing, copying, rendering the content), the authorized users (e.g. a device, a person, a group of persons), and other information like the usage constraints (e.g. N hours, N times), etc.
  • Enforcement of these usage rules relies on content scrambling.
  • a given content may be protected by scrambling (also known as encryption or ciphering).
  • the content can be descrambled only after usage rules associated to the content have been verified and only authorized parties have the relevant keys to descramble the content.
  • Content Protection Information encompass usage rules related to the content as well as data (e.g. keys) used to protect the content (e.g. by scrambling).
  • the usage rules are bound to a content using cryptographic operation.
  • the content is for example scrambled with a key (K) unique to this content.
  • the Content Protection Information (CPI) is the key K together with the usage rules encrypted with another key (LK).
  • This key LK is shared between the content provider and authorized users.
  • the scrambled content E K (Content) and the CPI E LK (Usage Rules, K) are provided to users. Only the users who have the key LK can retrieve the key K from the CPI to descramble the content.
  • DRM DRM systems
  • DRM Digital Rights Management
  • CA Content Protection Information
  • EMM Entitlement Management Message
  • ECM Entitlement Control Message
  • Pre-recorded media such as DVD (standing for "Digital Versatile Discs"), also contain encrypted content and usage rules.
  • DVD CSS DVD Content Scrambling System
  • the content is scrambled using a Title Key, which is itself encrypted by a Disk Key.
  • the CPI is called the Secured Disk Key Set that contains the Disk Key encrypted by a set of Player Keys. Compliant players which have the Player Keys can retrieve the Disc Key and finally descramble the content.
  • New content protection systems for prerecorded or recordable media for example AACS (Advanced Access Content System), CPPM (Content Protection for Prerecorded Media) or CPRM (Content Protection for Recordable Media) use a revocation mechanism based on broadcast encryption.
  • the mechanism of "broadcast encryption” has been described in "A. Fiat and M. Naor, Broadcast Encryption, Advances in Cryptology, CRYPTO '93, Lecture Notes in Computer Science 773, Springer, 1994, pp. 480 — 491".
  • each compliant device is given a set of keys ⁇ DeviceKi ⁇ among which some are shared by many devices and at least one is known by only this device.
  • the content is scrambled with a Title Key, which itself can be built based on a Media Key (MK) and this Media Key is transported in a Media Key Block (MKB) that contains the encryption of MK using different device keys DeviceKi.
  • MKB Media Key Block
  • the Media Key Block MKB is built in such a way that only non-revoked players can retrieve the Media Key with their device keys.
  • MKB represents the Content Protection Information and it is stored on the media (a disc for example) with the scrambled content.
  • the default usage permission is "playback” or "record” and the usage rules are implicit: either a device is not revoked and has the right device keys to retrieve MK from MKB (the device is therefore authorized to playback or record the content) or a device is revoked and its device keys DeviceKi do not allow to retrieve MK from MKB (the device is therefore not authorized to playback or record the content).
  • Free-to-air content is an exception since the content is not scrambled. There are however some requirements to bind usages rules to free-to-air content. For example the U.S. Federal Communications Commission (FCC) has required that a "Broadcast Flag" be used to prevent unauthorized, indiscriminate Internet redistribution of digital broadcast content. If usage rules (such as the "Broadcast Flag") are transported in the clear in the broadcast stream, the security is only based on the trust that receivers will obey some compliance rules. For this kind of content, the CPI corresponds to the usage rules.
  • FCC Federal Communications Commission
  • the binding between the Content Protection Information and the content may be broken if the keys (e.g. device keys in systems using broadcast encryption) are compromised.
  • the keys e.g. device keys in systems using broadcast encryption
  • the keys e.g. device keys in systems using broadcast encryption
  • an attacker who obtains the device keys DeviceKi of his device to retrieve the key MK from the MKB included in one disc. Using this key MK, the attacker can get the clear content of the disc. Then, using an old MKB' (e.g.
  • the invention introduces a solution to ensure the secure binding between Content Protection Information associated to a content and this content, using authentication mechanism.
  • the content source embeds a watermark value in the content, this value being different for each piece of content.
  • a piece of content may be a film, a TV program, a song, a software application, a picture, etc.
  • the watermark value may be a random number (or more precisely, a pseudo-random number) or a content identifier uniquely identifying the piece of content.
  • the watermark value used for one piece of content should have a low probability of being identical to another watermark value used for a different piece of content. For example the probability to have two identical values watermarked in two different pieces of content should be bellow 10%. This probability is defined by the content source and is a compromised between costs and security.
  • the content source authenticates the watermark value together with the Content Protection Information (the CPI being for example the MKB in systems using broadcast encryption or the usage rules in free-to-air systems) by computing a signature or a MAC (Message Authentication Code) on both CPI and watermark value.
  • the CPI being for example the MKB in systems using broadcast encryption or the usage rules in free-to-air systems
  • a signature or a MAC Message Authentication Code
  • signature the latter is computed using a private key of the content source and the signature may be verified with a corresponding public key of the content source thanks to standard PKI (Public Key Infrastructure) techniques.
  • PKI Public Key Infrastructure
  • MAC computation a symmetric key shared by the content source and the compliant devices able to receive the content is used to compute the MAC and to verify the MAC.
  • the content source can broadcast the watermarked content, the CPI and the authentication item (MAC or signature).
  • the content source may be a single entity but it may also comprise several different entities, each having a specific function, for example a first entity generating the content, a second entity embedding the watermark in the content, a third entity computing the authentication item (signature or MAC) and still another entity broadcasting the content.
  • a content source may also comprise only two or three entities, each entity carrying out one or more of the above-cited functions.
  • a compliant device When a compliant device receives the content, it first retrieves the clear content using the CPI (e.g. MKB in broadcast encryption systems) in case the content is scrambled. Then it extracts the watermark value from the content and then, it checks the validity of the authentication item. If the check fails (meaning the content has been tampered), the device refuses the content, otherwise the content is consumed according to the usage rules indicated in the CPI. The validity of the authentication item ensures that the CPI (e.g. the usage rules) associated to the content are indeed issued by the content source. This prevents the attack described in the background art.
  • the CPI e.g. MKB in broadcast encryption systems
  • a first aspect of the invention is a method for securely binding Content Protection Information (CPI) to a content to which this CPI relates comprising the steps of: embedding at a content source a watermark value in the content, the watermark value being unique for each content or having a low probability of being common to another content; generating at the content source an authentication item from the CPI and the watermark value; and transmitting the watermarked content together with the CPI and the authentication item from the content source to at least one receiving device.
  • CPI Content Protection Information
  • the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of the content source;
  • the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of a key management authority in charge of generating the CPI for the content source; - the step of generating an authentication item comprises computing a
  • the invention relates, according to a second aspect to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a receiving device from a content source comprising the steps of: detecting a watermark value in the received content; verifying the validity of an authentication item attached to the content using the detected watermark value and the CPI; and rendering the content in case of successful verification.
  • CPI Content Protection Information
  • the watermark value is furthermore contained in the CPI received with the content and the step of verifying the validity of the authentication item is performed using the CPI and the watermark value contained in the CPI, the method further comprising, before the step of rendering the content, a step of verifying that the watermark value detected in the received content matches the watermark value contained in the CPI.
  • the authentication item is a signature and the step of verifying the signature is performed using a public key of the content source;
  • the authentication item is a Message Authentication code (MAC) and the step of verifying the MAC is performed using a key shared between the content source and any compliant receiving device.
  • the receiving device is an acquisition device in a given domain whose devices share a common network key and the method further comprises, instead of rendering the content, the steps of: computing a Message Authentication code (MAC) on the CPI and the watermark value using the network key; and replacing the authentication item by the computed MAC or appending the MAC to the authentication item before broadcasting the content within the domain.
  • MAC Message Authentication code
  • the invention further relates, according to a third aspect, to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a presentation device belonging to a given domain whose devices share a common network key, comprising the steps of: detecting a watermark value in the received content; verifying the validity of Message Authentication code (MAC) attached to the content using the detected watermark value, the CPI and the network key; and rendering the content in case of successful verification.
  • CPI Content Protection Information
  • Fig. 1 illustrates a first embodiment of the invention for a free-to-air content
  • Fig. 2 illustrates a second embodiment of the invention for a content protected by broadcast encryption mechanism
  • Fig. 3 shows a third exemplary embodiment of the invention for a content protected by a CA or a DRM system.
  • watermarking techniques can be used. It should only be noted that the watermarking technique chosen should allow the insertion of a payload.
  • the watermark value can only be inserted by the content source and it may only be extracted or detected by compliant devices.
  • Fig. 1 illustrates a first embodiment of the invention where free-to-air contents, such as TV programs, from a content provider 10, are broadcast by a broadcaster 14 and are received by at least one receiver 16 (such as a television set or a set-top box connected to a display device).
  • free-to-air contents such as TV programs, from a content provider 10
  • at least one receiver 16 such as a television set or a set-top box connected to a display device.
  • functional entities which may be implemented by hardware devices (such as servers, computers ...), hardware modules, software modules (e.g. applications running on servers) or by any combination of these elements as is well known to the ones skilled in the art.
  • the content source comprises two entities: the content provider 10 and the broadcaster 14.
  • the content provider or the broadcaster may define particular usages rules associated to a given piece of content. For example, the presence of a Broadcast Flag in the content means that this content should be protected before any transmission; another example of usage rule is "View N hours" authorizing the rendering of the content during a specified time period.
  • a watermark inserter 12 which is a secure module linked to the content provider or inserted within the content provider, embeds a watermark value R within the content.
  • This watermark value R may be a number generated by a pseudo-random generator (included in the content provider 10 or in the watermark inserter 12) or may be a unique content identifier associated with the content.
  • the watermark value should be unique for each content.
  • the content provider 10 or the broadcaster 14 defines the acceptable probability to have two identical watermark values for two different contents depending on the level of security required. Of course, the lower the probability is, the highest the security level is.
  • the watermarked content is passed to the broadcaster 14 which signs the content usage rules together with the embedded watermark value R in order to constitute a license.
  • This license will be necessary for a legacy device to consume the content.
  • This license guarantees the integrity and the origin of the usage rules. It is unique to that piece of content since every content will embed a different watermark value R.
  • the signature is computed in a cryptographic module of the broadcaster 14 for example by applying a signature scheme based on RSA PKCS#1 v2.1 public key cryptography standard.
  • the broadcaster uses a private key KPRI to calculate the signature.
  • This private key KPRI is provided by a Key Management Authority 15 which is a trusted third party generating pairs of private/public keys in a Public Key Infrastructure (PKI) according to known techniques.
  • PKI Public Key Infrastructure
  • the broadcaster 14 then broadcasts data as follows: R)
  • the signature of both usage rules and watermark value may be calculated by the content provider and transmitted, with the watermarked content, to the broadcaster.
  • the content provider obtains the key KPRI from the Key Management Authority 15.
  • the watermark inserter 12' may be linked or be part of the broadcaster 14.
  • the content is passed "as is” from the content provider to the broadcaster (i.e. without watermark value and signature) and the broadcaster, using the watermark inserter 12', inserts the watermark value R within the content and signs the watermark value together with the usage rules to generate a license Sign ⁇ p R i(t/sagef?w/es, R).
  • the watermark value R is broadcast with the usage rules, the license and the watermarked content.
  • the latter When the broadcast content is received by a legacy device 16, the latter first extracts the watermark value R from the content using a watermark detector 18, which is linked to the receiver or is part of the latter. Then it verifies the signature using a public key KPUB corresponding to the private key KPRI and provided by the Key Management Authority (for example in the form of a certificate prestored in the receiver 16).
  • the signature may be verified using a function:
  • VerifSign ⁇ puB (Sign ⁇ pRi(C/sagef?u/es, R), UsageRules, R) which returns a Boolean value indicating whether the signature is valid or not valid.
  • the compliant receiver device 16 refuses to play or to render the content or to transmit it to another device (e.g. a display). Otherwise, when the signature is found valid, the content is played normally. It should be noted that in case the watermark value R is broadcast with the usage rules, the license and the watermarked content, the verification of the signature can be made in parallel, or even before, the detection of the watermark value in the content. In case the signature is found valid, it is further checked that the watermark value detected in the content actually matches the watermark value broadcast with the watermarked content.
  • Fig. 2 shows an implementation of the invention for content protected with broadcast encryption mechanism.
  • the content source comprises the following entities:
  • This watermark insertion module 22 is similar to the watermark inserter 12 of Fig. 1 described previously;
  • an Authoring Facility 21 which is in charge of editing the content.
  • this entity adds subtitles, different language versions of the sound, etc.
  • the insertion of the watermark value R in the content is made at the Authoring Facility thanks to a watermark inserter 22' linked to (or included in) the Authoring Facility 21 ;
  • This Mastering Facility is able to communicate securely with a Key Management Authority 24 as will be explained bellow.
  • Fig. 2 the functional entities that are shown on Fig. 2 may be implemented by hardware devices / modules or software modules or by any combination of these elements.
  • the original content is first watermarked with a value R (random, pseudo-random or unique content identifier number) at the content provider 20 or at the Authoring Facility 21.
  • R random, pseudo-random or unique content identifier number
  • the value R should have a low probability of being common for two different contents, this probability being defined by the content provider.
  • the watermarked content together with the watermark value R are transmitted by the Authoring Facility 21 to the Mastering Facility 23. Then, the Mastering Facility 23 sends R to the Key Management Authority 24 and receives from the Key Management Authority the Media Key Block MKB representing the Content Protection Information relating to the content and a signature of MKB and R.
  • the MKB contains a Media Key MK encrypted using different device keys DeviceKi of devices which have not been revoked at the time the MKB is generated.
  • the Key Management Authority 24 generates first the key MK and then encrypts this key MK with a number of DeviceKi according to the known "broadcast encryption" technique to build a MKS. Then the Key Management Authority calculates a signature on both the MKB and the value R: Sign (MKB, R). This signature is calculated in the same way as the one calculated on Usage rules and R in the embodiment of Fig. 1.
  • the Key Management Authority 24 is then able to send the key MK, the MKB and the signature Sign (MKB, R) to the Mastering Facility 23.
  • the Mastering Facility contains a scrambling unit (not represented) which is able, thanks to these data received from the Key Management Authority, to scramble the watermarked content (with a Unit Key wich can be built from the key MK).
  • the Mastering Facility further contains a replicator (not shown) in charge of writing onto the discs 25 the MKB, the signature of MKB and R and the watermarked content. When a legacy player 26 receives this disc 25, it first extracts the key
  • the MK from the MKB using its Device Key and then, thanks to the key MK, it retrieves the clear content. But, before playing the content, it extracts the watermark value R thanks to a watermark detector 27 which is preferably included in the player 26 and it verifies the validity of the signature Sign (MKB, R) contained in the disc in order to authenticate the origin of the MKB.
  • the verification of the signature is similar as the one described in the first embodiment of Fig. 1. It should be noted that in the embodiment of Fig. 2, the signature Sign (MKB, R) is computed using a private key of the Key Management Authority and the corresponding public key is provided to the compliant/legacy player in order to verify the signature in the content read from the discs. If the verification of the signature fails, then the player stops the process and the content is not rendered to the user.
  • the Key Management Authority 24 further inserts the watermark value R in the MKB before transmitting the latter to the Mastering Facility 23. This allows verifying the signature Sign (MKB, R) in parallel with the detection of the watermark value in the content at the Player 26. Of course, in case the signature is found valid, it is further checked that the value R found in the MKB (and used to verify the signature) actually matches the watermark value detected in the content.
  • FIG. 3 A further embodiment of the invention is now described with reference to Fig. 3.
  • the content is preferably protected using a DRM or a CA system.
  • the entities involved in this embodiment are similar to those of Fig. 1 : a content provider 30 with a watermark inserter 32, a broadcaster 31 (which can be linked to a watermark inserter 32' in an alternative embodiment) and a Key Management Authority 33 which provides a private key KPRI to the entity 30 or 31 in charge of computing the signature and a public key KPUB to the verifying device (here an Acquisition devices 35).
  • the broadcaster comprises means (cryptographic modules) to protect the content before broadcasting it.
  • a content is broadcast in the form as follows:
  • Ecwi(WM(Content, R)) representes the content watermarked with a value R and further scrambled by control words CWi (preferably contained in the License).
  • the value R is, as in the previous embodiments, either generated by a random or pseudo-random generator or is a unique content identifier. R should have a low probability of being common for two different contents, this probability being defined by the content provider or the broadcaster.
  • This kind of content can be received by a standalone device or by a device 35 usually called an acquisition device (or an access device) belonging to a domain 40 (i.e. a group of devices forming a home network of a given user).
  • the acquisition device 35 receives the content from the outside of the domain to transmit this content, for example via a digital bus 38, to other devices of the domain which are able to render the content and are called presentation devices 36, 37 (or presentation points).
  • presentation devices 36, 37 or presentation points.
  • the belonging to a given domain is usually defined by the knowledge of a common network key K N .
  • the acquisition device 35 of the domain 40 when the acquisition device 35 of the domain 40 receives a content as shown above, it extracts the watermark value from the content (using its internal watermark detector) and verifies the validity of the signature (as explained previously) thanks to the public key KPUB of the content provider (or of the broadcaster).
  • the watermark detector is optional in the acquisition device because, in an alternative embodiment, the watermark value R is initially inserted in the license broadcast with the content and the signature verification can be done using this watermark value.
  • the acquisition device 35 replaces the signature by a MAC computed on both the License and the value R using the network key K N .
  • the modified content is then broadcast on the user's domain 40 in the following form:
  • K N on the License and the watermark value can be inserted in the content broadcast within the domain, in addition to the original signature Sign KPR i(License,R).
  • a presentation device 36 or 37 When a presentation device 36 or 37 receives a content broadcast on the domain 40, it first recovers the control words CWi using known CA or DRM techniques. Then, it can descramble the content and extract from it the watermark value R using a preferably internal watermark detector. Knowing the value R, it is then able to verify the validity of the MAC thanks to the key KN. If the MAC is not recognized valid, then the presentation device stops and does not render the content to the user.

Abstract

The invention introduces a solution to ensure the secure binding between Content Protection Information associated to a content and this content, using authentication mechanism. The content source (20, 21 , 23, 24) embeds a watermark value in the content, this value being different for each piece of content. Then, the content source authenticates the watermark value together with the Content Protection Information by computing a signature or a MAC (Message Authentication Code) on both CPI and watermark value. Next, the content source can broadcast the watermarked content, the CPI and the authentication item (MAC or signature). When a compliant device receives the content, it extracts the watermark value from the content and checks the validity of the authentication item. If the check fails (meaning the content has been tampered), the device refuses the content; otherwise the content is consumed according to the usage rules indicated in the CPI.

Description

Method for securely binding content protection information to a content and method for verifying this binding
Field of the invention The present invention relates to the field of content protection and more particularly to a method for securely binding content protection information to a content to which this information relates and a method for verifying this binding.
Background art Content protection aims at enforcing usage rules associated to a given piece of content. The usage rules indicate the usage permission (e.g. accessing, copying, rendering the content), the authorized users (e.g. a device, a person, a group of persons), and other information like the usage constraints (e.g. N hours, N times), etc. Enforcement of these usage rules relies on content scrambling. For example, a given content may be protected by scrambling (also known as encryption or ciphering). In this case, the content can be descrambled only after usage rules associated to the content have been verified and only authorized parties have the relevant keys to descramble the content.
The terms Content Protection Information (CPI) as used in the present description encompass usage rules related to the content as well as data (e.g. keys) used to protect the content (e.g. by scrambling).
In most systems, the usage rules are bound to a content using cryptographic operation. The content is for example scrambled with a key (K) unique to this content. The Content Protection Information (CPI) is the key K together with the usage rules encrypted with another key (LK). This key LK is shared between the content provider and authorized users. Then, the scrambled content EK(Content) and the CPI = ELK(Usage Rules, K) are provided to users. Only the users who have the key LK can retrieve the key K from the CPI to descramble the content. In DRM systems ("DRM" standing for "Digital Rights Management"), the
Content Protection Information corresponds for example to the License. In CA systems ("CA" standing for "Conditional Access"), the CPI corresponds for example to the Entitlement Management Message (EMM) and the Entitlement Control Message (ECM). In these systems, only users who have acquired the corresponding license or EMM/ECM, can consume the content.
Pre-recorded media, such as DVD (standing for "Digital Versatile Discs"), also contain encrypted content and usage rules. DVD CSS (DVD Content Scrambling System) specifications define for example the content protection system for DVD-ROMs. In this system, the content is scrambled using a Title Key, which is itself encrypted by a Disk Key. Here, the CPI is called the Secured Disk Key Set that contains the Disk Key encrypted by a set of Player Keys. Compliant players which have the Player Keys can retrieve the Disc Key and finally descramble the content.
New content protection systems for prerecorded or recordable media, for example AACS (Advanced Access Content System), CPPM (Content Protection for Prerecorded Media) or CPRM (Content Protection for Recordable Media) use a revocation mechanism based on broadcast encryption. The mechanism of "broadcast encryption" has been described in "A. Fiat and M. Naor, Broadcast Encryption, Advances in Cryptology, CRYPTO '93, Lecture Notes in Computer Science 773, Springer, 1994, pp. 480 — 491". In this kind of system, each compliant device is given a set of keys {DeviceKi} among which some are shared by many devices and at least one is known by only this device. The content is scrambled with a Title Key, which itself can be built based on a Media Key (MK) and this Media Key is transported in a Media Key Block (MKB) that contains the encryption of MK using different device keys DeviceKi. The Media Key Block MKB is built in such a way that only non-revoked players can retrieve the Media Key with their device keys. Here, MKB represents the Content Protection Information and it is stored on the media (a disc for example) with the scrambled content. In this case, the default usage permission is "playback" or "record" and the usage rules are implicit: either a device is not revoked and has the right device keys to retrieve MK from MKB (the device is therefore authorized to playback or record the content) or a device is revoked and its device keys DeviceKi do not allow to retrieve MK from MKB (the device is therefore not authorized to playback or record the content).
Free-to-air content is an exception since the content is not scrambled. There are however some requirements to bind usages rules to free-to-air content. For example the U.S. Federal Communications Commission (FCC) has required that a "Broadcast Flag" be used to prevent unauthorized, indiscriminate Internet redistribution of digital broadcast content. If usage rules (such as the "Broadcast Flag") are transported in the clear in the broadcast stream, the security is only based on the trust that receivers will obey some compliance rules. For this kind of content, the CPI corresponds to the usage rules.
In the systems previously disclosed, the binding between the Content Protection Information and the content may be broken if the keys (e.g. device keys in systems using broadcast encryption) are compromised. For example, once one or several sets (depending on the used broadcast encryption scheme) of device keys has (have) been published, it is easy to build a fake MKB that every legacy device (revoked or not) will be able to process. It is also possible for an attacker who obtains the device keys DeviceKi of his device to retrieve the key MK from the MKB included in one disc. Using this key MK, the attacker can get the clear content of the disc. Then, using an old MKB' (e.g. a Media Key Block created when no device was revoked) and its corresponding key MK', he can build an illegal disc with the same content protected thanks to the MK' and containing the MKB'. This illegal disc can be played back by any compliant device, even the ones currently revoked, which are not able to play the original disc containing the MKB
This opens security holes because a professional attacker may be able to build an illegal distribution channel. Similar attacks can be conducted on DVD CSS, DRM or CA systems.
For free-to-air content, some systems require the usage rules to be protected in integrity. A basic solution would be that free-to-air broadcasters sign the usage rules. However, this is not satisfactory since the signed usage rules could be associated with any content. A second solution would be to sign together the usage rules and the content. This would be very inefficient since video files may be huge and generating or verifying the signature would be very long. Furthermore, this would not be adapted to streamed content since one should first have the entire content before being able to verify the signature.
Solutions exist were the signature of a file is checked step-by-step (as described for example in patent application WO 03/017213) but they are still not adapted to free-to-air content. Actually, in order to use these solutions, one should have the file from the beginning in order be able to check its signature. This kind of solutions is not adapted because it would not allow a random access to the content.
Summary of the invention The invention introduces a solution to ensure the secure binding between Content Protection Information associated to a content and this content, using authentication mechanism.
The content source embeds a watermark value in the content, this value being different for each piece of content. A piece of content may be a film, a TV program, a song, a software application, a picture, etc. The watermark value may be a random number (or more precisely, a pseudo-random number) or a content identifier uniquely identifying the piece of content. Practically, the watermark value used for one piece of content should have a low probability of being identical to another watermark value used for a different piece of content. For example the probability to have two identical values watermarked in two different pieces of content should be bellow 10%. This probability is defined by the content source and is a compromised between costs and security.
Then, the content source authenticates the watermark value together with the Content Protection Information (the CPI being for example the MKB in systems using broadcast encryption or the usage rules in free-to-air systems) by computing a signature or a MAC (Message Authentication Code) on both CPI and watermark value. In case of signature, the latter is computed using a private key of the content source and the signature may be verified with a corresponding public key of the content source thanks to standard PKI (Public Key Infrastructure) techniques. In case of MAC computation, a symmetric key shared by the content source and the compliant devices able to receive the content is used to compute the MAC and to verify the MAC.
After that, the content source can broadcast the watermarked content, the CPI and the authentication item (MAC or signature).
It should be noted that the content source may be a single entity but it may also comprise several different entities, each having a specific function, for example a first entity generating the content, a second entity embedding the watermark in the content, a third entity computing the authentication item (signature or MAC) and still another entity broadcasting the content. Of course, a content source may also comprise only two or three entities, each entity carrying out one or more of the above-cited functions.
When a compliant device receives the content, it first retrieves the clear content using the CPI (e.g. MKB in broadcast encryption systems) in case the content is scrambled. Then it extracts the watermark value from the content and then, it checks the validity of the authentication item. If the check fails (meaning the content has been tampered), the device refuses the content, otherwise the content is consumed according to the usage rules indicated in the CPI. The validity of the authentication item ensures that the CPI (e.g. the usage rules) associated to the content are indeed issued by the content source. This prevents the attack described in the background art.
More precisely, a first aspect of the invention is a method for securely binding Content Protection Information (CPI) to a content to which this CPI relates comprising the steps of: embedding at a content source a watermark value in the content, the watermark value being unique for each content or having a low probability of being common to another content; generating at the content source an authentication item from the CPI and the watermark value; and transmitting the watermarked content together with the CPI and the authentication item from the content source to at least one receiving device. According to specific characteristics of this method:
- the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of the content source;
- the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of a key management authority in charge of generating the CPI for the content source; - the step of generating an authentication item comprises computing a
Message Authentication Code on the CPI and the watermark value using a key shared between the content source and any compliant receiving device;
- the watermark value is transmitted together with the CPI or within the CPI during the step of transmitting the watermarked content. The invention relates, according to a second aspect to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a receiving device from a content source comprising the steps of: detecting a watermark value in the received content; verifying the validity of an authentication item attached to the content using the detected watermark value and the CPI; and rendering the content in case of successful verification. In a preferred embodiment, the watermark value is furthermore contained in the CPI received with the content and the step of verifying the validity of the authentication item is performed using the CPI and the watermark value contained in the CPI, the method further comprising, before the step of rendering the content, a step of verifying that the watermark value detected in the received content matches the watermark value contained in the CPI.
According to particular characteristics of this method: - the authentication item is a signature and the step of verifying the signature is performed using a public key of the content source;
- the authentication item is a Message Authentication code (MAC) and the step of verifying the MAC is performed using a key shared between the content source and any compliant receiving device. In another particular embodiment, the receiving device is an acquisition device in a given domain whose devices share a common network key and the method further comprises, instead of rendering the content, the steps of: computing a Message Authentication code (MAC) on the CPI and the watermark value using the network key; and replacing the authentication item by the computed MAC or appending the MAC to the authentication item before broadcasting the content within the domain.
The invention further relates, according to a third aspect, to a method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a presentation device belonging to a given domain whose devices share a common network key, comprising the steps of: detecting a watermark value in the received content; verifying the validity of Message Authentication code (MAC) attached to the content using the detected watermark value, the CPI and the network key; and rendering the content in case of successful verification.
Brief description of the drawings
The various features of the present invention and its preferred embodiments will now be better understood by referring to the following description and the accompanying drawings in which:
Fig. 1 illustrates a first embodiment of the invention for a free-to-air content;
Fig. 2 illustrates a second embodiment of the invention for a content protected by broadcast encryption mechanism;
Fig. 3 shows a third exemplary embodiment of the invention for a content protected by a CA or a DRM system.
The following description and the drawings are set forth as example only and should not be understood to represent limitations upon the scope of the present invention.
Description of the preferred embodiments of the invention
In order to embed a watermark value in the content, known watermarking techniques can be used. It should only be noted that the watermarking technique chosen should allow the insertion of a payload.
The watermark value can only be inserted by the content source and it may only be extracted or detected by compliant devices.
In case a symmetric watermarking technique is used, this means that the content source and the compliant devices share a secret which allow to insert and to detect the watermark value. Of course, this secret is embedded within a secure memory of the compliant devices. Fig. 1 illustrates a first embodiment of the invention where free-to-air contents, such as TV programs, from a content provider 10, are broadcast by a broadcaster 14 and are received by at least one receiver 16 (such as a television set or a set-top box connected to a display device). In Fig. 1 , we have represented functional entities which may be implemented by hardware devices (such as servers, computers ...), hardware modules, software modules (e.g. applications running on servers) or by any combination of these elements as is well known to the ones skilled in the art. In this embodiment, the content source comprises two entities: the content provider 10 and the broadcaster 14. As explained previously, in some cases, the content provider or the broadcaster may define particular usages rules associated to a given piece of content. For example, the presence of a Broadcast Flag in the content means that this content should be protected before any transmission; another example of usage rule is "View N hours" authorizing the rendering of the content during a specified time period.
These usage rules, which are one possible category of Content Protection Information, are securely bound to the content to which they refer thanks to the invention.
To this end, a watermark inserter 12, which is a secure module linked to the content provider or inserted within the content provider, embeds a watermark value R within the content. This watermark value R may be a number generated by a pseudo-random generator (included in the content provider 10 or in the watermark inserter 12) or may be a unique content identifier associated with the content. The watermark value should be unique for each content. In practice, the content provider 10 or the broadcaster 14 defines the acceptable probability to have two identical watermark values for two different contents depending on the level of security required. Of course, the lower the probability is, the highest the security level is.
Then the watermarked content is passed to the broadcaster 14 which signs the content usage rules together with the embedded watermark value R in order to constitute a license. This license will be necessary for a legacy device to consume the content. This license guarantees the integrity and the origin of the usage rules. It is unique to that piece of content since every content will embed a different watermark value R. The signature is computed in a cryptographic module of the broadcaster 14 for example by applying a signature scheme based on RSA PKCS#1 v2.1 public key cryptography standard. The broadcaster uses a private key KPRI to calculate the signature. This private key KPRI is provided by a Key Management Authority 15 which is a trusted third party generating pairs of private/public keys in a Public Key Infrastructure (PKI) according to known techniques.
The broadcaster 14 then broadcasts data as follows:
Figure imgf000009_0001
R) | WM(Content, R) | UsageRules
were "SignKpRi" represents a signature calculated with a private key KPRI, R is the watermark value and "WM(Content, R)" represents the content watermarked with the value R.
In an alternative embodiment, the signature of both usage rules and watermark value may be calculated by the content provider and transmitted, with the watermarked content, to the broadcaster. In this case, the content provider obtains the key KPRI from the Key Management Authority 15.
In another alternative embodiment, the watermark inserter 12' may be linked or be part of the broadcaster 14. In this case, the content is passed "as is" from the content provider to the broadcaster (i.e. without watermark value and signature) and the broadcaster, using the watermark inserter 12', inserts the watermark value R within the content and signs the watermark value together with the usage rules to generate a license SignκpRi(t/sagef?w/es, R).
In still another alternative embodiment, the watermark value R is broadcast with the usage rules, the license and the watermarked content.
When the broadcast content is received by a legacy device 16, the latter first extracts the watermark value R from the content using a watermark detector 18, which is linked to the receiver or is part of the latter. Then it verifies the signature using a public key KPUB corresponding to the private key KPRI and provided by the Key Management Authority (for example in the form of a certificate prestored in the receiver 16).
The signature may be verified using a function:
VerifSignκpuB (SignκpRi(C/sagef?u/es, R), UsageRules, R) which returns a Boolean value indicating whether the signature is valid or not valid.
In case the signature is found invalid, which means that the usage rules have been altered for example, the compliant receiver device 16 refuses to play or to render the content or to transmit it to another device (e.g. a display). Otherwise, when the signature is found valid, the content is played normally. It should be noted that in case the watermark value R is broadcast with the usage rules, the license and the watermarked content, the verification of the signature can be made in parallel, or even before, the detection of the watermark value in the content. In case the signature is found valid, it is further checked that the watermark value detected in the content actually matches the watermark value broadcast with the watermarked content.
Fig. 2 shows an implementation of the invention for content protected with broadcast encryption mechanism.
In the example shown on Fig. 2, the content source comprises the following entities:
- a content provider 20 which generates the content or supplies the original content; - a watermark inserter 22, being linked to the content provider 20 (or being part of it) which watermarks the content with a watermark value R. This watermark insertion module 22 is similar to the watermark inserter 12 of Fig. 1 described previously;
- an Authoring Facility 21 which is in charge of editing the content. For example, in case the content is a film, this entity adds subtitles, different language versions of the sound, etc. In an alternative embodiment, the insertion of the watermark value R in the content is made at the Authoring Facility thanks to a watermark inserter 22' linked to (or included in) the Authoring Facility 21 ;
- a Mastering Facility 23 which stamps discs 25 with the content received from the Authoring Facility 21.. This Mastering Facility is able to communicate securely with a Key Management Authority 24 as will be explained bellow.
As mentioned previously for Fig. 1 , the functional entities that are shown on Fig. 2 may be implemented by hardware devices / modules or software modules or by any combination of these elements.
In the embodiment shown on Fig. 2, the original content is first watermarked with a value R (random, pseudo-random or unique content identifier number) at the content provider 20 or at the Authoring Facility 21. As previously discussed in the first embodiment, the value R should have a low probability of being common for two different contents, this probability being defined by the content provider.
The watermarked content together with the watermark value R are transmitted by the Authoring Facility 21 to the Mastering Facility 23. Then, the Mastering Facility 23 sends R to the Key Management Authority 24 and receives from the Key Management Authority the Media Key Block MKB representing the Content Protection Information relating to the content and a signature of MKB and R.
As mentioned previously in the background art, the MKB contains a Media Key MK encrypted using different device keys DeviceKi of devices which have not been revoked at the time the MKB is generated. The Key Management Authority 24 generates first the key MK and then encrypts this key MK with a number of DeviceKi according to the known "broadcast encryption" technique to build a MKS. Then the Key Management Authority calculates a signature on both the MKB and the value R: Sign (MKB, R). This signature is calculated in the same way as the one calculated on Usage rules and R in the embodiment of Fig. 1. The Key Management Authority 24 is then able to send the key MK, the MKB and the signature Sign (MKB, R) to the Mastering Facility 23.
The Mastering Facility contains a scrambling unit (not represented) which is able, thanks to these data received from the Key Management Authority, to scramble the watermarked content (with a Unit Key wich can be built from the key MK). The Mastering Facility further contains a replicator (not shown) in charge of writing onto the discs 25 the MKB, the signature of MKB and R and the watermarked content. When a legacy player 26 receives this disc 25, it first extracts the key
MK from the MKB using its Device Key and then, thanks to the key MK, it retrieves the clear content. But, before playing the content, it extracts the watermark value R thanks to a watermark detector 27 which is preferably included in the player 26 and it verifies the validity of the signature Sign (MKB, R) contained in the disc in order to authenticate the origin of the MKB. The verification of the signature is similar as the one described in the first embodiment of Fig. 1. It should be noted that in the embodiment of Fig. 2, the signature Sign (MKB, R) is computed using a private key of the Key Management Authority and the corresponding public key is provided to the compliant/legacy player in order to verify the signature in the content read from the discs. If the verification of the signature fails, then the player stops the process and the content is not rendered to the user.
In an alternative embodiment, the Key Management Authority 24 further inserts the watermark value R in the MKB before transmitting the latter to the Mastering Facility 23. This allows verifying the signature Sign (MKB, R) in parallel with the detection of the watermark value in the content at the Player 26. Of course, in case the signature is found valid, it is further checked that the value R found in the MKB (and used to verify the signature) actually matches the watermark value detected in the content.
A further embodiment of the invention is now described with reference to Fig. 3. In this embodiment, the content is preferably protected using a DRM or a CA system. The entities involved in this embodiment are similar to those of Fig. 1 : a content provider 30 with a watermark inserter 32, a broadcaster 31 (which can be linked to a watermark inserter 32' in an alternative embodiment) and a Key Management Authority 33 which provides a private key KPRI to the entity 30 or 31 in charge of computing the signature and a public key KPUB to the verifying device (here an Acquisition devices 35).
In contrast with the embodiment of Fig.1 , here the broadcaster comprises means (cryptographic modules) to protect the content before broadcasting it. In the present embodiment, a content is broadcast in the form as follows:
License | SignKpRi(License, R) | ECwi(WM(Content, R)) were the "License", representing the Content Protection Information, contains the usage rules defined by the content provider 30 or the broadcaster 31 , and optionally the watermark value R (which can be a content identifier); "SignKpRi (License, R)" is the signature, with a private key KPRI of the content provider or the broadcaster, of the license and the value R; and
"Ecwi(WM(Content, R))" representes the content watermarked with a value R and further scrambled by control words CWi (preferably contained in the License). The value R is, as in the previous embodiments, either generated by a random or pseudo-random generator or is a unique content identifier. R should have a low probability of being common for two different contents, this probability being defined by the content provider or the broadcaster.
This kind of content can be received by a standalone device or by a device 35 usually called an acquisition device (or an access device) belonging to a domain 40 (i.e. a group of devices forming a home network of a given user). In the later case, the acquisition device 35 receives the content from the outside of the domain to transmit this content, for example via a digital bus 38, to other devices of the domain which are able to render the content and are called presentation devices 36, 37 (or presentation points). The belonging to a given domain is usually defined by the knowledge of a common network key KN.
In Fig. 3, when the acquisition device 35 of the domain 40 receives a content as shown above, it extracts the watermark value from the content (using its internal watermark detector) and verifies the validity of the signature (as explained previously) thanks to the public key KPUB of the content provider (or of the broadcaster). It should be noted that the watermark detector is optional in the acquisition device because, in an alternative embodiment, the watermark value R is initially inserted in the license broadcast with the content and the signature verification can be done using this watermark value.
If the verification of the signature succeeds, the acquisition device 35 replaces the signature by a MAC computed on both the License and the value R using the network key KN. The modified content is then broadcast on the user's domain 40 in the following form:
License | MACκN(License, R) | ECwi(WM(Content, R)) and all presentation devices 36, 37 are able to verify the validity of the MAC thanks to the network key KN that they possess. In an alternative embodiment, the MAC computed with the network key
KN on the License and the watermark value can be inserted in the content broadcast within the domain, in addition to the original signature SignKPRi(License,R).
When a presentation device 36 or 37 receives a content broadcast on the domain 40, it first recovers the control words CWi using known CA or DRM techniques. Then, it can descramble the content and extract from it the watermark value R using a preferably internal watermark detector. Knowing the value R, it is then able to verify the validity of the MAC thanks to the key KN. If the MAC is not recognized valid, then the presentation device stops and does not render the content to the user.
As in the previous embodiments of Fig. 1 and Fig. 2, it is possible to verify the signature in parallel with the watermark detection in the content in case the watermark value R is initially inserted in the license broadcast with the content. A further check is performed at the end to verify the matching between the watermark value detected in the content and the value (used included in the license.
It should be noted that in the above-described embodiments, the use of signatures or Message Authentication Codes is given as preferred example but MAC could be used instead of signatures or signatures could be used instead of MAC without departing from the scope of the invention.
Some advantages of the invention are as follows:
- It is an effective solution to securely bind usage rules to clear-to-air content;
- It is an efficient countermeasure against professional attacks in systems using broadcast encryption.

Claims

1. Method for securely binding Content Protection Information (CPI) to a content to which this CPI relates comprising the steps of: embedding at a content source (10, 14, 20, 21 , 30, 31 ) a watermark value in the content, the watermark value being unique for each content or having a low probability of being common to another content; generating at the content source an authentication item from the CPI and the watermark value; and transmitting the watermarked content together with the CPI and the authentication item from the content source to at least one receiving device (16, 26, 35).
2. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key (KPRI) of the content source (10, 14, 30, 31 ).
3. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a signature on the CPI and the watermark value using a private key of a key management authority (24) in charge of generating the CPI for the content source.
4. Method according to claim 1 , wherein the step of generating an authentication item comprises computing a Message Authentication Code on the CPI and the watermark value using a key shared between the content source and any compliant receiving device.
5. Method according to one of claims 1 to 4, wherein the watermark value is transmitted together with the CPI or within the CPI during the step of transmitting the watermarked content.
6. Method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a receiving device (16, 26) from a content source (10, 14, 20, 21 , 23) comprising the steps of: detecting a watermark value in the received content; verifying the validity of an authentication item attached to the content using the detected watermark value and the CPI; and rendering the content in case of successful verification.
7. Method according to claim 7, wherein the watermark value is furthermore contained in the CPI received with the content and wherein the step of verifying the validity of the authentication item is performed using the CPI and the watermark value contained in the CPI, the method further comprising, before the step of rendering the content, a step of: verifying that the watermark value detected in the received content matches the watermark value contained in the CPI.
8. Method according to one of claims 6 or 7, wherein the authentication item is a signature and the step of verifying the signature is performed using a public key (KPUB) of the content source (10, 14, 20, 21 , 23, 24, 33).
9. Method according to one of claims 6 or 7, wherein the authentication item is a Message Authentication code (MAC) and the step of verifying the MAC is performed using a key shared between the content source and any compliant receiving device.
10. Method according to one of claims 6 or 7, wherein the receiving device (35) is an acquisition device in a given domain (40) whose devices (35, 36,
37) share a common network key, the method further comprising, instead of rendering the content, the steps of: computing a Message Authentication code (MAC) on the CPI and the watermark value using the network key; and replacing the authentication item by the computed MAC or appending the MAC to the authentication item before broadcasting the content within the domain (40).
11. Method for verifying the validity of a content received, with Content Protection Information (CPI) related to the content, in a presentation device (36,
37) belonging to a given domain (40) whose devices (35, 36, 37) share a common network key, comprising the steps of: detecting a watermark value in the received content; verifying the validity of Message Authentication code (MAC) attached to the content using the detected watermark value, the CPI and the network key; and rendering the content in case of successful verification.
PCT/EP2005/055613 2004-11-10 2005-10-27 Method for securely binding content protection information to a content and method for verifying this binding WO2006051043A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04292677.4 2004-11-10
EP04292677 2004-11-10

Publications (1)

Publication Number Publication Date
WO2006051043A1 true WO2006051043A1 (en) 2006-05-18

Family

ID=35695918

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/055613 WO2006051043A1 (en) 2004-11-10 2005-10-27 Method for securely binding content protection information to a content and method for verifying this binding

Country Status (2)

Country Link
TW (1) TW200617712A (en)
WO (1) WO2006051043A1 (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008027774A1 (en) * 2006-09-01 2008-03-06 Nbc Universal, Inc. Content validation for digital network
WO2009124715A1 (en) * 2008-04-07 2009-10-15 Thomson Licensing Method for preventing laundering and repackaging of multimedia content in content distribution systems
WO2012037422A2 (en) * 2010-09-16 2012-03-22 Verance Corporation Improvements in watermark extraction efficiency
US8340348B2 (en) 2005-04-26 2012-12-25 Verance Corporation Methods and apparatus for thwarting watermark detection circumvention
US8346567B2 (en) 2008-06-24 2013-01-01 Verance Corporation Efficient and secure forensic marking in compressed domain
US8451086B2 (en) 2000-02-16 2013-05-28 Verance Corporation Remote control signaling using audio watermarks
US8516251B2 (en) 2007-12-20 2013-08-20 Koninklijke Philips N.V. Device and method for digital right management
US8533481B2 (en) 2011-11-03 2013-09-10 Verance Corporation Extraction of embedded watermarks from a host content based on extrapolation techniques
US8549307B2 (en) 2005-07-01 2013-10-01 Verance Corporation Forensic marking using a common customization function
US8615104B2 (en) 2011-11-03 2013-12-24 Verance Corporation Watermark extraction based on tentative watermarks
US8682026B2 (en) 2011-11-03 2014-03-25 Verance Corporation Efficient extraction of embedded watermarks in the presence of host content distortions
US8726304B2 (en) 2012-09-13 2014-05-13 Verance Corporation Time varying evaluation of multimedia content
US8745403B2 (en) 2011-11-23 2014-06-03 Verance Corporation Enhanced content management based on watermark extraction records
US8745404B2 (en) 1998-05-28 2014-06-03 Verance Corporation Pre-processed information embedding system
US8781967B2 (en) 2005-07-07 2014-07-15 Verance Corporation Watermarking in an encrypted domain
US8806517B2 (en) 2002-10-15 2014-08-12 Verance Corporation Media monitoring, management and information system
US8869222B2 (en) 2012-09-13 2014-10-21 Verance Corporation Second screen content
US8923548B2 (en) 2011-11-03 2014-12-30 Verance Corporation Extraction of embedded watermarks from a host content using a plurality of tentative watermarks
US9106964B2 (en) 2012-09-13 2015-08-11 Verance Corporation Enhanced content distribution using advertisements
US9208334B2 (en) 2013-10-25 2015-12-08 Verance Corporation Content management using multiple abstraction layers
US9251549B2 (en) 2013-07-23 2016-02-02 Verance Corporation Watermark extractor enhancements based on payload ranking
US9251322B2 (en) 2003-10-08 2016-02-02 Verance Corporation Signal continuity assessment using embedded watermarks
US9262793B2 (en) 2013-03-14 2016-02-16 Verance Corporation Transactional video marking system
US9323902B2 (en) 2011-12-13 2016-04-26 Verance Corporation Conditional access using embedded watermarks
US9485089B2 (en) 2013-06-20 2016-11-01 Verance Corporation Stego key management
US9547753B2 (en) 2011-12-13 2017-01-17 Verance Corporation Coordinated watermarking
US9571606B2 (en) 2012-08-31 2017-02-14 Verance Corporation Social media viewing system
US9596521B2 (en) 2014-03-13 2017-03-14 Verance Corporation Interactive content acquisition using embedded codes
US9602891B2 (en) 2014-12-18 2017-03-21 Verance Corporation Service signaling recovery for multimedia content using embedded watermarks
US9639911B2 (en) 2014-08-20 2017-05-02 Verance Corporation Watermark detection using a multiplicity of predicted patterns
US9769543B2 (en) 2014-11-25 2017-09-19 Verance Corporation Enhanced metadata and content delivery using watermarks
US9942602B2 (en) 2014-11-25 2018-04-10 Verance Corporation Watermark detection and metadata delivery associated with a primary content
US10257567B2 (en) 2015-04-30 2019-04-09 Verance Corporation Watermark based content recognition improvements
US10477285B2 (en) 2015-07-20 2019-11-12 Verance Corporation Watermark-based data recovery for content with multiple alternative components
US10504200B2 (en) 2014-03-13 2019-12-10 Verance Corporation Metadata acquisition using embedded watermarks
US11297398B2 (en) 2017-06-21 2022-04-05 Verance Corporation Watermark-based metadata acquisition and processing
US11368766B2 (en) 2016-04-18 2022-06-21 Verance Corporation System and method for signaling security and database population
US11468149B2 (en) 2018-04-17 2022-10-11 Verance Corporation Device authentication in collaborative content screening
US11722741B2 (en) 2021-02-08 2023-08-08 Verance Corporation System and method for tracking content timeline in the presence of playback rate changes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030076955A1 (en) * 2001-10-18 2003-04-24 Jukka Alve System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
WO2003039155A2 (en) * 2001-10-29 2003-05-08 Matsushita Electric Industrial Co., Ltd. Apparatus of a baseline dvb-cpcm
WO2003098931A1 (en) * 2002-05-22 2003-11-27 Koninklijke Philips Electronics N.V. Digital rights management method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030076955A1 (en) * 2001-10-18 2003-04-24 Jukka Alve System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
WO2003039155A2 (en) * 2001-10-29 2003-05-08 Matsushita Electric Industrial Co., Ltd. Apparatus of a baseline dvb-cpcm
WO2003098931A1 (en) * 2002-05-22 2003-11-27 Koninklijke Philips Electronics N.V. Digital rights management method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
FIAT A ET AL INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH: "BROADCAST ENCRYPTION", ADVANCES IN CRYPTOLOGY (CRYPTO). SANTA BARBARA, AUG. 22 - 26, 1993, PROCEEDINGS OF THE ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE (CRYPTO), BERLIN, SPRINGER, DE, vol. CONF. 13, 22 August 1993 (1993-08-22), pages 480 - 491, XP000502372, ISBN: 3-540-57766-1 *

Cited By (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745404B2 (en) 1998-05-28 2014-06-03 Verance Corporation Pre-processed information embedding system
US9117270B2 (en) 1998-05-28 2015-08-25 Verance Corporation Pre-processed information embedding system
US8451086B2 (en) 2000-02-16 2013-05-28 Verance Corporation Remote control signaling using audio watermarks
US8791789B2 (en) 2000-02-16 2014-07-29 Verance Corporation Remote control signaling using audio watermarks
US9189955B2 (en) 2000-02-16 2015-11-17 Verance Corporation Remote control signaling using audio watermarks
US9648282B2 (en) 2002-10-15 2017-05-09 Verance Corporation Media monitoring, management and information system
US8806517B2 (en) 2002-10-15 2014-08-12 Verance Corporation Media monitoring, management and information system
US9558526B2 (en) 2003-10-08 2017-01-31 Verance Corporation Signal continuity assessment using embedded watermarks
US9704211B2 (en) 2003-10-08 2017-07-11 Verance Corporation Signal continuity assessment using embedded watermarks
US9251322B2 (en) 2003-10-08 2016-02-02 Verance Corporation Signal continuity assessment using embedded watermarks
US9990688B2 (en) 2003-10-08 2018-06-05 Verance Corporation Signal continuity assessment using embedded watermarks
US8340348B2 (en) 2005-04-26 2012-12-25 Verance Corporation Methods and apparatus for thwarting watermark detection circumvention
US9153006B2 (en) 2005-04-26 2015-10-06 Verance Corporation Circumvention of watermark analysis in a host content
US8538066B2 (en) 2005-04-26 2013-09-17 Verance Corporation Asymmetric watermark embedding/extraction
US8811655B2 (en) 2005-04-26 2014-08-19 Verance Corporation Circumvention of watermark analysis in a host content
US8549307B2 (en) 2005-07-01 2013-10-01 Verance Corporation Forensic marking using a common customization function
US9009482B2 (en) 2005-07-01 2015-04-14 Verance Corporation Forensic marking using a common customization function
US8781967B2 (en) 2005-07-07 2014-07-15 Verance Corporation Watermarking in an encrypted domain
WO2008027774A1 (en) * 2006-09-01 2008-03-06 Nbc Universal, Inc. Content validation for digital network
US7836179B2 (en) 2006-09-01 2010-11-16 Nbc Universal, Inc. Content validation for digital network
US8516251B2 (en) 2007-12-20 2013-08-20 Koninklijke Philips N.V. Device and method for digital right management
US9252957B2 (en) 2008-04-07 2016-02-02 Thomson Licensing Method for preventing laundering and repackaging of multimedia content in content distribution systems
WO2009124715A1 (en) * 2008-04-07 2009-10-15 Thomson Licensing Method for preventing laundering and repackaging of multimedia content in content distribution systems
US8681978B2 (en) 2008-06-24 2014-03-25 Verance Corporation Efficient and secure forensic marking in compressed domain
US8346567B2 (en) 2008-06-24 2013-01-01 Verance Corporation Efficient and secure forensic marking in compressed domain
CN103189872A (en) * 2010-09-16 2013-07-03 凡瑞斯公司 Secure and efficient content screening in a networked environment
US8838978B2 (en) 2010-09-16 2014-09-16 Verance Corporation Content access management using extracted watermark information
US8838977B2 (en) 2010-09-16 2014-09-16 Verance Corporation Watermark extraction and content screening in a networked environment
CN103189873A (en) * 2010-09-16 2013-07-03 凡瑞斯公司 Improvements in watermark extraction efficiency
US9607131B2 (en) 2010-09-16 2017-03-28 Verance Corporation Secure and efficient content screening in a networked environment
WO2012037422A3 (en) * 2010-09-16 2012-06-14 Verance Corporation Improvements in watermark extraction efficiency
WO2012037422A2 (en) * 2010-09-16 2012-03-22 Verance Corporation Improvements in watermark extraction efficiency
US8923548B2 (en) 2011-11-03 2014-12-30 Verance Corporation Extraction of embedded watermarks from a host content using a plurality of tentative watermarks
US8682026B2 (en) 2011-11-03 2014-03-25 Verance Corporation Efficient extraction of embedded watermarks in the presence of host content distortions
US8615104B2 (en) 2011-11-03 2013-12-24 Verance Corporation Watermark extraction based on tentative watermarks
US8533481B2 (en) 2011-11-03 2013-09-10 Verance Corporation Extraction of embedded watermarks from a host content based on extrapolation techniques
US8745403B2 (en) 2011-11-23 2014-06-03 Verance Corporation Enhanced content management based on watermark extraction records
US9298891B2 (en) 2011-11-23 2016-03-29 Verance Corporation Enhanced content management based on watermark extraction records
US9547753B2 (en) 2011-12-13 2017-01-17 Verance Corporation Coordinated watermarking
US9323902B2 (en) 2011-12-13 2016-04-26 Verance Corporation Conditional access using embedded watermarks
US9571606B2 (en) 2012-08-31 2017-02-14 Verance Corporation Social media viewing system
US9706235B2 (en) 2012-09-13 2017-07-11 Verance Corporation Time varying evaluation of multimedia content
US8869222B2 (en) 2012-09-13 2014-10-21 Verance Corporation Second screen content
US8726304B2 (en) 2012-09-13 2014-05-13 Verance Corporation Time varying evaluation of multimedia content
US9106964B2 (en) 2012-09-13 2015-08-11 Verance Corporation Enhanced content distribution using advertisements
US9262794B2 (en) 2013-03-14 2016-02-16 Verance Corporation Transactional video marking system
US9262793B2 (en) 2013-03-14 2016-02-16 Verance Corporation Transactional video marking system
US9485089B2 (en) 2013-06-20 2016-11-01 Verance Corporation Stego key management
US9251549B2 (en) 2013-07-23 2016-02-02 Verance Corporation Watermark extractor enhancements based on payload ranking
US9208334B2 (en) 2013-10-25 2015-12-08 Verance Corporation Content management using multiple abstraction layers
US9596521B2 (en) 2014-03-13 2017-03-14 Verance Corporation Interactive content acquisition using embedded codes
US9681203B2 (en) 2014-03-13 2017-06-13 Verance Corporation Interactive content acquisition using embedded codes
US10499120B2 (en) 2014-03-13 2019-12-03 Verance Corporation Interactive content acquisition using embedded codes
US10504200B2 (en) 2014-03-13 2019-12-10 Verance Corporation Metadata acquisition using embedded watermarks
US10110971B2 (en) 2014-03-13 2018-10-23 Verance Corporation Interactive content acquisition using embedded codes
US9854332B2 (en) 2014-03-13 2017-12-26 Verance Corporation Interactive content acquisition using embedded codes
US9854331B2 (en) 2014-03-13 2017-12-26 Verance Corporation Interactive content acquisition using embedded codes
US10445848B2 (en) 2014-08-20 2019-10-15 Verance Corporation Content management based on dither-like watermark embedding
US9805434B2 (en) 2014-08-20 2017-10-31 Verance Corporation Content management based on dither-like watermark embedding
US9639911B2 (en) 2014-08-20 2017-05-02 Verance Corporation Watermark detection using a multiplicity of predicted patterns
US10354354B2 (en) 2014-08-20 2019-07-16 Verance Corporation Content synchronization using watermark timecodes
US9769543B2 (en) 2014-11-25 2017-09-19 Verance Corporation Enhanced metadata and content delivery using watermarks
US10178443B2 (en) 2014-11-25 2019-01-08 Verance Corporation Enhanced metadata and content delivery using watermarks
US9942602B2 (en) 2014-11-25 2018-04-10 Verance Corporation Watermark detection and metadata delivery associated with a primary content
US9602891B2 (en) 2014-12-18 2017-03-21 Verance Corporation Service signaling recovery for multimedia content using embedded watermarks
US10277959B2 (en) 2014-12-18 2019-04-30 Verance Corporation Service signaling recovery for multimedia content using embedded watermarks
US10257567B2 (en) 2015-04-30 2019-04-09 Verance Corporation Watermark based content recognition improvements
US10848821B2 (en) 2015-04-30 2020-11-24 Verance Corporation Watermark based content recognition improvements
US10477285B2 (en) 2015-07-20 2019-11-12 Verance Corporation Watermark-based data recovery for content with multiple alternative components
US11368766B2 (en) 2016-04-18 2022-06-21 Verance Corporation System and method for signaling security and database population
US11297398B2 (en) 2017-06-21 2022-04-05 Verance Corporation Watermark-based metadata acquisition and processing
US11468149B2 (en) 2018-04-17 2022-10-11 Verance Corporation Device authentication in collaborative content screening
US11722741B2 (en) 2021-02-08 2023-08-08 Verance Corporation System and method for tracking content timeline in the presence of playback rate changes

Also Published As

Publication number Publication date
TW200617712A (en) 2006-06-01

Similar Documents

Publication Publication Date Title
WO2006051043A1 (en) Method for securely binding content protection information to a content and method for verifying this binding
USRE47730E1 (en) System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
US7760904B2 (en) Proprietary watermark system for secure digital media and content distribution
US11108569B2 (en) Renewable traitor tracing
US9252957B2 (en) Method for preventing laundering and repackaging of multimedia content in content distribution systems
US20040083364A1 (en) Method of secure transmission of digital data from a source to a receiver
JP2005285089A (en) Access control method, access control system, meta data controller, and transmission system device
US20050005143A1 (en) System and method for the copy-protected and use-protected coding and decoding transmission and storage of electronic audio and visual media
KR20010023967A (en) Copy protection by ticket encryption
KR100848369B1 (en) Method and device for producing coded data, for decoding coded data and for producing re-signed data
JP2002521868A (en) Method and apparatus for using watermarks and receiver-dependent criteria for copy protection
Goldschlag et al. Beyond Cryptographic Conditional Access.
Goldschlag et al. USENIX Technical Program-Paper-Smartcard 99 [Technical Program] Beyond Cryptographic Conditional Access
GUNAWAN Buyer-seller watermarking protocol in digital cinema
Eskicioglu Key Management for Multimedia Access and Distribution

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
122 Ep: pct application non-entry in european phase

Ref document number: 05801673

Country of ref document: EP

Kind code of ref document: A1