WO2009006302A1 - Progressive download or streaming of digital media securely through a localized container and communication protocol proxy - Google Patents

Progressive download or streaming of digital media securely through a localized container and communication protocol proxy Download PDF

Info

Publication number
WO2009006302A1
WO2009006302A1 PCT/US2008/068583 US2008068583W WO2009006302A1 WO 2009006302 A1 WO2009006302 A1 WO 2009006302A1 US 2008068583 W US2008068583 W US 2008068583W WO 2009006302 A1 WO2009006302 A1 WO 2009006302A1
Authority
WO
WIPO (PCT)
Prior art keywords
container
content
communications protocol
request
media player
Prior art date
Application number
PCT/US2008/068583
Other languages
French (fr)
Inventor
Hao-Nong Chen
Michael Rutman
Charles Duncan Maclean
Original Assignee
Widevine Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Widevine Technologies, Inc. filed Critical Widevine Technologies, Inc.
Priority to GB1001196.3A priority Critical patent/GB2463440B/en
Publication of WO2009006302A1 publication Critical patent/WO2009006302A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/612Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for unicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/65Network streaming protocols, e.g. real-time transport protocol [RTP] or real-time control protocol [RTCP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/70Media network packetisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/238Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidth; Processing of multiplex streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/238Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidth; Processing of multiplex streams
    • H04N21/2381Adapting the multiplex stream to a specific network, e.g. an Internet Protocol [IP] network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • H04N21/44055Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption by partially decrypting, e.g. decrypting a video stream that has been partially encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion

Definitions

  • This invention relates generally to digital container and communication protocols, and more particularly but not exclusively, to enabling the use of a first container, and first communication protocol and to securely and progressively download steaming digital media using a second container and second communication protocol, by employing a client based container and protocol proxy device.
  • the Internet has made widespread distribution of such content easier than ever.
  • the content delivered over the Internet may be provided in a variety of containers.
  • One such popular container for video and/or audio content is known as the Flash Video formal container or FLV.
  • FLV Flash Video formal container
  • One of the reasons lor its popularity is because it is viewable on most operating systems through a readily available FLV media player. These media players may often be easily, and sometimes freely, downloaded and integrated into a web browser as a plug- in.
  • a server is employed to enable a client's media player to request the FLV container to be downloaded over the Internet, to be played on the client device.
  • Several traditional configurations currently exist to enable the FLV container to be streamed to the client device, including those that use of a proprietary communication protocol known as Real Time Messaging Protocol (RTMP), developed by Adobe Systems (formerly developed by Macromedia).
  • RTMP Real Time Messaging Protocol
  • the FLV container may also be streamed using RTMP wrapped within the HTTP communications protocol.
  • RTMP the FLV container may also be streamed as an encrypted file to the client device's media player.
  • RlMP protocol has often resulted in an expensive server configuration, thereby limiting the use of the RTMP as a mechanism to stream Fl-V container in some environments.
  • FIGURE 1 shows a functional block diagram illustrating an environment for practicing the invention
  • FIGURE 2 shows one embodiment of a digital media device that may be employed
  • FlGURH 3 illustrates one embodiment, of a possible virtual smart card ⁇ seable within the digital media device
  • FIGURE 4 illustrates a logical flow diagram generally showing one embodiment of a process for using a local container and communication protocol proxy to manage a secure progressive download of container with container and communication protocol conversions, in accordance with the present invention.
  • the term ⁇ content includes any digital data that may be communicated over a network to be used by a computing device.
  • Non -exhaustive examples of content include but is not limited to multimedia data, including movies, videos, music. Pay Per View (PPV), Video On Demand (VoD), interactive media, audios, still images, text, graphics, scripts, applications, and other digital content useable by a computing device.
  • Content is often described by its format, or container, in which the content is provided.
  • container refers to a computer file or stream format in which content may be presented. Containers often disclose how the digital content is encoded, interleaved, and/or compressed.
  • a non-limiting and non-exhaustive list of examples of a container is: MPEG2-TS, FLV, H.264, MOV, MP4, 3GP, and ASF.
  • a communication protocol refers to a convention or standard that controls or enables a connection, communication, and/or data transfer between two computing endpoints.
  • a communication protocol can be defined as roles governing the syntax, semantics, and synchronization of communication over a network.
  • a communication protocol is employed to transport content within its container over a digital computer network.
  • a non-limiting and non-exhaustive list of examples of a communication protocol is: Real Time Messaging Protocol (RTMP), RTMPE, User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCPyiiuernet Protocol (TCP/IP, File Transfer Protocol (FTP), Secure Copy Protocol (SCP), Real-time Transport Protocol (or RTP) and Real Time Streaming Protocol (RTSP).
  • RTMP Real Time Messaging Protocol
  • RTMPE User Datagram Protocol
  • UDP User Datagram Protocol
  • HTTP Hypertext Transfer Protocol
  • TCP/IP Transmission Control Protocol
  • FTP File Transfer Protocol
  • SCP Secure Copy Protocol
  • RTP Real-time Transport Protocol
  • RTSP Real Time Streaming Protocol
  • a communications protocol may be unicast or multicast.
  • proxy refers to any software and/or hardware component useable to operate on behalf of other network components to manage conversion and/or pass through of a transmission between the network components, the proxy being interposed between the network components.
  • the proxy is configured to receive a transmission from one network component that is destined for another network component-
  • the proxy evaluates the transmission and converts one or more characteristics of the transmission and/or allows one or more characteristics of the transmission to be forwarded without a conversion.
  • the present invention is directed towards a method, apparatus, and system that employ a proxy component within a client device to receive securely downloaded content over a network using a first container and communications protocol, and to securely decrypt the content and provide it to a media player using a second container and second communications protocol.
  • the container is downloaded using any of a variety of mechanisms including but not limited to streaming the container over the network.
  • the streaming of the data may lie performed using a variety of mechanisms.
  • the streaming may employ a progressive download streaming, or fast start approach, that enables a received portion of the data to be played while other portions of the data are still being streamed.
  • other mechanisms may also be employed, including, but not limited to real-time streaming, broadcasting, PHP Hypertext, pre-preprocessing streaming, or any of a
  • a request for the container may be provided to a content server using a web browser, or the like.
  • the media player may be used to provide the request for the container.
  • the request might be redirected through the proxy component and sent to the content server using a first container and communications protocol.
  • the first container may be FLA'' and the f lrst communications protocol is HTTP.
  • the invention is not so limited.
  • the first container might also be MPEG2-TS and the first communication protocol Real-time Transport Protocol (or RTP), or any of a variety of other protocols useable to distribute multimedia content in containers over a network.
  • RTP Real-time Transport Protocol
  • the content is selectively encrypted and placed in any of a variety of containers, including, but not limited to Windows Media Video Formal (WMV), Windows Media Audio Format (WMA), Advanced Systems Format (ASF), Real Audio (RA/RAM), MPEG-4 MOV. H.264 or the like, without departing from the scope of the invention.
  • the containers are communicated over the network using any communication protocol, including, but not limited to RTMP, R TPME, UDV, HTTP. TCP/IP, FTP. SCP, RTP. or RTSP.
  • the proxy component may then receive at least a portion of the container, decrypt at least some of the received container, and provide the decrypted portion to the media player, virtually on-the-fly (or virtually real-time), and further proxy(convert) the data using a second container and second communications protocol,.
  • a non-limiting and non-exhaustive list of containers includes: MPEG2-TS. FLV, H.264, MOV, MP4, 3GP, and ASF.
  • a non-limiting and non-exhaustive list of examples of a communications protocol includes: R TMP, RlPME, UDP, H ITP, TCP/IP, FIT, SCP, RTP, and RTSP.
  • the encrypted portion of the received container may be securely stored in a data store, secure cache, or the like, on the client device.
  • the proxy may convert from any one of the containers to any one of the other containers.
  • the proxy may also convert from any one of the communications protocols to any one of the other communication protocols. It should be noted, however, that the proxy may also allow a first container or first communication protocol to be a second container or second communication protocol.
  • the proxy might select to convert a first container to a second container, where the first and second containers are different, but select to maintain the same communications
  • the proxy might maintain the first and second communications protocols to be the same communications protocol- Similarly, the proxy may select to convert a first communications protocol to a second communications protocol, where the first and second communications protocol are different, but select to maintain the same container for both the first and second containers.
  • FIGURE 1 is a functional block diagram illustrating an exemplary operating environment 100 in which the invention may be implemented.
  • Operating environment 1(X) is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known environments and configurations may be employed without departing from the scope or spirit of the present invention.
  • operating environment 100 includes a digital media device 102, a network 104, and a content server! 06.
  • Network 104 is coupled to and enables communication between digital media device 102 and content server 106.
  • digital media device 102 may include virtually any computing device capable of receiving containers and/or software over a network, such as network 104. from another computing device, such as content server 106.
  • Digital media device 102 may also include any computing device capable of receiving the container and/or software employing other mechanisms, including, but not limited to CDs, DVDs, tape, electronic memory devices, and the like.
  • the set of such devices may include devices that typically connect using a wired communications medium such as personal computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network I 5 Cs, and the like.
  • the set of such devices may also include devices that typically connect using a wireless communications medium such as cell phones, smart phones, pagers, vvalkie talkies, radio frequency (RF) devices, infrared (IR) devices, CBs, integrated devices combining one or more of the preceding devices, and the like.
  • Digital media device 102 may also be any device that is capable of connecting using a wired or wireless communication medium such as a PDA, POCKET PC, wearable computer, media players, and any other device that is equipped to communicate over a wired and/or wireless communication medium to receive and play the content.
  • digital media device 102 may employ any of a variety of devices to enjoy such content, including, but not limited to. a computer display system, an audio system, a jukebox, set top box (STB), a television, video display device, and the like.
  • Digital media device 102 may further employ virtual smart card (V SC)/Digital Copy
  • Digital media device 102 may employ the VSC/DCP software, for example, to manage access to content.
  • the VSC/DCP software can be renewed over a network by downloading at least a portion of the VSC/DCP software (including new encryption/decryption keys), or by receiving it via another mechanism.
  • a VSC/DCP software component is described in more detail below in conjunction with FIGURE 3. it should be clear that virtually any downloadable conditional access software module may also be employed.
  • Digital media device 102 may further include a browser application that is configured to receive and to send web pages, web-based messages, containers, or the like.
  • the browser application may be configured to receive and display graphics, text, multimedia, or any of a variety of other content, employing virtually any web based language, including but not limited to Standard Generalized Markup Language (SMGL), HyperTexl Markup Language (HTML), extensible Markup Language (XML), or the like.
  • SMGL Standard Generalized Markup Language
  • HTML HyperTexl Markup Language
  • XML extensible Markup Language
  • the browser application may be configured with one or more .scripts, applets, plug-ins, or the like, that may be arranged to enable display of content based on the container.
  • the browser application may include a media player, or the like, that is configured to play such containers, as FLV, small web format (SWF), MPEG, or the like.
  • the media player may also play a variety of other container formats.
  • the media player or other content player component may be distinct from the browser application.
  • the web browser may be configured to access a web page, or the like, over network 104 that may be hosted on a remote computing device, such as content server 106, or the like.
  • a user of digital media device 102 may then select for download containers.
  • the containers may be real-time streamed, progressively downloaded, adaptively downloaded (or downloaded using a variety of other mechanisms) over network 104 to be played within the browser application using the media player.
  • the media player may also be used to play the container, where the media player is distinct from a
  • the container Ls downloaded over network 104 using HTTP.
  • the containers may also be downloaded over network 104 using any of a variety of communication protocols, including but not limited to those mentioned above.
  • the containers are encrypted.
  • the containers may be selectively encrypted. That is, the some portions of the containers may be encrypted using one or more encryption keys, while another portion of the container stream may be unencrypted or left in the clear.
  • encryption may be selectively applied to at least a portion of a video elementary stream (ES) of the real-time streamed, progressively, or adaptively downloaded container, a portion of the audio ES, a portion of the digital data ES, and/or any combination and any portion of video, audio, data elementary streams that comprise container stream.
  • Selective encryption may further include selectively encrypting at least a portion of an I- frame. P-frarne, B-frarne, and any combination of P, B, and I frames within the container stream.
  • the media player may be configured to request and/or receive content in a second container type using a second communication protocol, such as the RTMP streaming protocol or the like.
  • a container and communication protocol pa>xy (CCPP) component may be provided to digital media device 102 that is configured to intercept the selectively encrypted first container, and communication protocol or progressively downloaded stream in a first container and communication protocol and securely decrypt it and provide it to the media player using a second container, such as MP4 and communication protocol such as RTMP. or some other second protocol.
  • Network 104 Ls configured to couple one computing device to another computing device to enable them to communicate.
  • Network 104 is enabled to employ any form of computer readable media for communicating information from one electronic device to another.
  • network 104 may include a wireless interface, and/or a wired interface, such as the Internet, in addition to local area networks (LANs), wide area networks (WANs), direct connections, such as through a universal serial bus (USB) port, other forms of computer- readable media, or any combination thereof.
  • LANs local area networks
  • WANs wide area networks
  • USB universal serial bus
  • a router acts as a link between LARs, enabling messages to be sent from one to another.
  • communication links within LANs typically include twisted wire pair or coaxial cable, while communication links between networks may
  • network 8 utilize analog telephone lines, full or fractional dedicated digital lines including Tl, T2, T3. and T4, Integrated Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs). wireless links including satellite links, or other communications links known to those skilled in the art.
  • ISDNs Integrated Services Digital Networks
  • DSLs Digital Subscriber Lines
  • wireless links including satellite links, or other communications links known to those skilled in the art.
  • remote computers aid other related electronic devices could be remotely connected to either LANs or WANs via a modem and temporary telephone link,
  • network 104 includes any communication method by which information may travel between networked devices.
  • the media used to transmit information in communication links as described above illustrates one type of computer-readable media, namely communication media.
  • computer-readable media includes any media that can be accessed by a computing device.
  • Computer-readable media may include computer storage media, communication media, or any combination thereof.
  • Content server 106 includes servers that may be managed for producers, developers, and owners of content that can be distributed to digital media device 102. Such content include pay-for-view or time and subscription television, movies, interactive video games, interactive news television, catalogue browsing, distance learning, video conferencing, and the like. It is apparent that such content owned by content server 106 is not limited to video content only, and may include audio only services, without departing from the scope or spirit of the present invention. Thus, content is intended to include, but not be limited to, audio, video, still images, text, graphics, and other forms of content directed towards a user.
  • the content is provided as in a Moving Pictures Experts Group (MPEG) container stream, such as a transport stream, or the like.
  • MPEG Moving Pictures Experts Group
  • the container may be provided as FLV file formal, MP3 file format, MP4 file format, or the like.
  • the container may be stored on content server 106 and/or distributed to various participants within operating environment 100 as selectively encrypted container.
  • content server 106 may selectively encrypt at least a portion of the container, while leaving another portion unencrypted.
  • Content server 106 may select to encrypt a video elementary stream (ES), an audio ES, a digital data ES. and/or any combination, and/or any portion of video, audio, data elementary streams of the container.
  • ES video elementary stream
  • audio ES audio ES
  • digital data ES digital data ES
  • any portion of video, audio, data elementary streams of the container may be selectively encrypted using one container encryption key, while another portion of the container may be selectively encrypted using another container encryption key.
  • the content server! 06 may also select to encrypt the entire container, without departing from the scope or .spirit of the invention.
  • Content server 106 may further select to encrypt at. least a portion of the container using any of a variety of encryption techniques, including, but not limited to RSA algorithms.
  • Data Encryption Standard (DBS), International Data Encryption Algorithm (IDEA), Skipjack, RC4, Advanced Encryption Standard (ABS), Elliptic Curve Cryptography, or the like.
  • content server 106 may perform such encryption on-the-fl y, or store the container as already selectively encrypted.
  • devices that may operate as content server 106 include personal computers, desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs. servers, or the like.
  • content server 106 may also include any of a variety of mobile devices, such as described above in conjunction with digital media device 102, or the like.
  • Illustrative Digital Media Device FKiURE 2 shows one embodiment of a digital media device that may be employed in the operating environment 100 of FIGURE 1.
  • Digital media device 200 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.
  • Digital media device 200 may represent, for example, one embodiment of digital media device 102 of FIGURE 1.
  • Digital media device 2(X) includes central processing unit 212, video display adapter 214, and a mass memory, all in communication with each other via bus 222.
  • the mass memory generally includes RAM 216.
  • the mass memory stores operating system 220 for controlling the operation of digital media device 2(K). Any general-purpose operating system may be employed.
  • BIOS Basic input/output system
  • digital media device 2(K) also can communicate with the Internet, or some other communications network, via network interface unit 210, which is constructed for use with various communication protocols including the TCP/IP protocol.
  • Network interface unit 210 is sometimes known as a transceiver, transeeiving device, or network interface card (NIC).
  • NIC network interface card
  • Computer-readable storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • Examples of computer-readable storage media include, but is not. limited to RAM. ROM, EEPROM, flash memory or other memory technology. CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
  • the mass memory also stores program code and data.
  • One or more applications 250 are loaded into mass memory and run on operating system 220.
  • Examples of application programs may include tran.scoders, schedulers, calendars, database programs, CODECs, networking programs, media communication stacks, user interlace programs, encryption/decryption programs, security programs, container programs, account management programs, and so forth.
  • Application programs may also include virtual smart card VSODCP 258, browser 252, and container and communication protocol proxy or CCPP 256.
  • VSC/DCP 258 includes computer-executable code, data, decryption/encryption keys, and the like, that is configured to enable container protection similar to physical smart card approaches.
  • the VSC/DCP 258 is configured as software that may be downloaded to and reside within digital media device 2(K ) to enable changes in security solutions to be implemented rapidly (in seconds, minutes, or hours) at relatively low costs. This is in stark contrast to physical smart card approaches that often require new hardware to be generated and distributed. Such physical approaches typically are made available as updates about once or twice a year.
  • VSC/DCP 258 removes physical constraints on container protection layers providing the secure container to a user. For example, by replacing a physical smart card with the VSC/DCP 258, physical interface cards, links, or the like, may be removed. Removal of such physical components from digital media device 200 is directed at. improving a channel change time over traditional systems, as well as overall communication performance enhancements positively impacting user experience while viewing cont.ent.Use of the described VSC/DCP 258 also enables privacy (confidentiality), integrity, timeliness, access control (authorization), and authentication (identity), as well as rapid renewal, cross link copy protection or digital rights management, and greater capacity, flexibility, and an ability to bind to a device to provide increased security.
  • Typical VSC/DCP 258 software may include various components including but not limited to secure stores, fingerprinting modules, secure message managers, entitlement managers, key generators, and the like.
  • the VSC/DCP 258, and its components, may be configured to enable protection of received container.
  • the VSC/DCP 258 may be configured, in part, to generate a decryption key for use in decrypting received container.
  • the VSC/DCP 258 may receive the decryption key from another device, or component, within the client device, over a network, from a portable memory device, or from a variety of other mechanisms.
  • VSC/DCP 258 may receive a decryption key, and use the decryption key to decrypt the encrypted container.
  • Browser 252 may include virtually any client application configured to enable a user to display and interact with text, images, and other information typically located on a network device, such as content .server 106 of FIGURE 1.
  • browser 252 may include, but is not. limited to, Internet Exlporer. Mozilla Firefox, Safari, Opera, Netscape, or the like.
  • browser 252 may include a plug-in component: media player 254.
  • Media player 254 may represent any of a variety of container players, including those configured to request and/or play FLV container. MPEG, or the like. It should be noted, while media player 254 Is illustrated as a plug-in to browser 252, the invention is not so limited. Thus, in one embodiment, media player 254 may be configured and arranged to operate as a standalone application distinct from browser 252.
  • Container and Communication Protocol Proxy 256 is configured and arranged to intercept requests for containersfrom media player 254.
  • the request may be received for FLV containers or any other container such as H.264, »MP4, MOV, or the like.
  • containers are requested using RTMP, however, the request may also be received using any of a variety of other communication protocols, including, but not limited to RTMPE (encrypted RTMP), RTP, RTSP or the like,
  • RTMPE Encrypted RTMP
  • RTP Real-Time Transport Protocol
  • RTSP Real-Time Transport Protocol
  • the container and communication protocol used by the media player 254 may be referred to as the second container and protocol.
  • the container and communication protocol that is communicated over the network, such as network 104 of FIGURE 1 may then be referred to a the first container and communication protocol.
  • Such terms clearly are arbitrary, and other naming conventions may also be used, without narrowing the scope of the invention.
  • container andeommnication protocol proxy 256 may then provide the request, for containers over a network using the first container and communication protocol, and receive the requested container using the first communication protocol.
  • the first container may include but is not limited to FLV, H.264 or MOV or the like and the communication protocol may include, but is not. limited to HTTP, RTP, UDP, RTSP, RTMP, RTMPE or the like.
  • the container may be communicated over the network as an MPEG Transport Stream (TS) using User Datagram Protocol (UDP), Transport Control Protocol (TCP), or the like.
  • container and communication proxy 256 may receive the container as selectively encrypted container.
  • the container requested is in the FLV file format.
  • the invention Ls not so constrained, and other container file formats may also Ix used.
  • the container file may also Ix in the MPEG format * or the like.
  • the container may be transmitted using a multicast, and/or a unicasi protocol.
  • Proxy 256 may receive the container in a container stream. In one embodiment, a portion of the container may be received, and decrypted, while still receiving at ⁇ east another portion of the container. Thus, in one embodiment, proxy 256 may receive a progressive download of the container stream. Container and Communication Protocol Proxy 256 may then provide the decrypted container to media player 254 using the second container and communication protocol. Thus, container and communication proxy 256 is configured and arranged to convert the first container and communication protocol into the second container and communication protocol, and/or convert the second communication protocol container into the first container and communication protocol. For example, container and communication protocol proxy 256 might convert FLV containers communicated over HlTP into FLV containers communicated over RTMP; H.264 containers communicated over UDP into FLV containers communicated over RTMP; or the like.
  • container and communication protocol proxy 256 may include a secure data store that is configured to securely store decrypted and/or encrypted container.
  • container and communication protocol proxy 256 may employ a secure data store within VSCJDCP 258, or the like, to store received containers, where the container may be provided using any of a variety of streaming mechanisms, including, but not limited to those described above.
  • Container and Communication Protocol Proxy 256 may employ a process such as described in more detail below in conjunction with FIGURE 4 to perform at least some of its actions.
  • container and communication protocol proxy 256 is shown as a disctinci component, the invention is not so limited.
  • container and communication protocol proxy 256 may be a component within VSC/DCP 258.
  • container and communication protocol proxy 256 may be downloaded as a separate component, downladed as a component within VSC/DCP 258, or even configured as a downloadable plug-in to browser 252.
  • FKiURE 3 illustrates one embodiment of a possible virtual smart card / Digital Copy Protection (VSC/DCP).
  • VSC/DCP 300 of Figure 3 may include many more components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention, and variations in the arrangement and type of the components may be made without departing from the spirit or scope of the invention. Moreover, although VSC/DCP 300 is described, other downloadable conditional access system software modules may also be employed. For example, another VSC that may also be employed is described in more detail in U.S. Patent No. 7,299,292, entitled "Process and streaming sewer for encrypting a data stream to a virtual smart card client system," which issued on November 20, 2007, and which is incorporated herein in iis entirely.
  • VSC/DCP 300 enables privacy (confidentiality), integrity, timeliness, access control (authorization), and authentication (identity), rapid renewal, cross link copy protection or digital rights management, and greater capacity, flexibility, and an ability to bind to a device to provide increased security.
  • VSC/DCP 3(K) includes tamper detector 314, communication module
  • cryptographic module 360 cryptographic module 360.
  • entitlement manager 316 secure message manager 312.
  • key generator 318 fingerprinter/binding module 320, DCP 322.
  • secure storage module 310. and container and communications protocol proxy 356 (or simply proxy 356, or CCPP 356).
  • Secure storage module 310 is configured to provide a secure local store that may include containers tightly bound to the digital media device. Binding to the digital media device may be performed using, for example, a fingerprint, hash, or the like. Moreover, local security may be provided using encryption, obfuscation, or through use of various network resources. In one embodiment, secure storage module 310 may receive and securely store container decryption keys, or the like. In one embodiment, secure storage module ⁇ IO, or the like, may be used to enable secure storage of decrypted containers received from container and communication protocol proxy 256 of FIGURE 2 (and/or container and communication protocol proxy 356).
  • Fingerprinter/binding module 320 is configured to provide a fingerprint that uniquely identifies the digital media device.
  • a fingerprint may be made up of a number of elements specific to each fingerprint. Such elements are termed herein as ridges. Each ridge includes an element of a fingerprint that provides information to the fingerprint making it unique from other fingerprints. Some examples of ridges include a hardware serial number, operating system version number, Internet Protocol address, physical memory size, and the like. Each ridge included within the fingerprint refines the identity of the system so that it may be uniquely identified within a system. ' Hie combinations of all fingerprints may create a handprint or system fingerprint that uniquely identifies a personal computer, server, client device, set top box, or similar device within the system. An order of each of the fingerprint groups and individual ridges r ⁇ ay affect the resulting system fingerprint or handprint.
  • Key generator 318 is configured to employ cryptographic module 36X ) to enable generation of cryptographic keys. Such generation may employ for example, a rapid renewal mechanism whereby the new generation of keys may be performed within a short period of time, compared to traditional physical smart card key replacement mechanisms. In one embodiment key generator 318 may enable generation of new keys within hours rather than days, weeks, or even months. In one embodiment, to further obfuscate a potential point of attack dynamic rapid renewal is employed, wherein regeneration of keys, and the like, is performed on a random basis to create an unpredictable environment. In another embodiment such dynamic rapid renewal may also be employed to replace various software components that may further minimize an attack. Employing such rapid renewal of enables use of VSC/DCP 3(K) in a variety of other situations, including banking, enterprise security, e-commerce, and by studios for content distribution, as well as managing streaming media container using container keys.
  • Tamper detection 314 may be applied at a variety of points within VSCTDCP 3(K) to ensure a highly secure infrastructure. Typically, some level of tamper protection or resistance may be provided as part of the software and/or hardware of VSC/DCP 3(K). As shown, tamper protection 314 may provide protection or resistance from tampering * and similar hacking approaches, including, but not limited to digital copy protection. Thus, in one embodiment, tamper detection 314 may operate as a DCP device.
  • This protection may further include agents that are configured to perform various actions, including but not limited to in-circuit emulator detection, debugger detection, debugger resistance, memory space violation detection and protection, screen scrapper detection, audio scrapper detection, as well as similar application level piracy behavior detection and protection.
  • tamper detection 314 may be configured to provide DCP, the invention is not so limited.
  • DCP 322 may be implemented as a separate component from tamper detection 314.
  • DCP 322 may be configured monitor for attacks on containers that might arise in the time between decryption and rendering when media is 'in the clear/ aid also protecting against common static and dynamic attacks on the containers.
  • DCP 322 might, further monitor activities based on rules allowing or disallowing the playo ⁇ t of encrypted containers.
  • One embodiment of a possible implementation of DCP 322 might, employ techniques .such as are described in the pending U.S. Patent Application Serial No. 11/150,357, entitled “Apparatus, System, And Method for Protecting Content Using Fingerprinting and Real-Time Evidence Gathering,” filed June K ) , 2005, which is incorporated herein by reference.
  • digital fingerprinting, pattern recognition, and real-time tamper evidence gathering are used to monitor for unauthorized access and to provide an appropriate response when such unauthorized access is detected.
  • Digital fingerprinting may be based, at least in part, on a behavior of selected computer processes.
  • a predetermined set of parameters associated with at least one process on a client. device are monitored over time to detect a change in state.
  • the state change is employed to create a fingerprint for the process.
  • Statistical analysis is then applied to additional data collected to determine whether the additional data indicates unauthorized behavior. If such unauthorized attempts to copy or otherwise access the container is detected, a variety of actions may be performed, including, but not limited, to sending a message over a network to inhibit additional sending of a container, destroying a container currently received, or the like. It is noted, however, that the present invention is not limited to such non-exhaustive example implementation, and others may also be used for DCP 322.
  • DCP 322 might be implemented as a distinct component separate from VSC/DCP 258 may also be provided to provide digital copy protection, in addition to tamper detection 314.
  • Tamper detection 314 may be configured to identify tampering from other systems, such as those on a digital media device, and the like. For example, in an interactive television environment it may be possible to deploy tamper detection within a network to monitor for cloning attempts of virtual smart cards and/or its various components. Tamper detection 314 may further provide a trusted time source, thereby preventing replay attacks.
  • Cryptographic module 360 is configured to provide a variety of cryptographic keys, including symmetric or private keys, asymmetric or public keys, and the like. Although cryptographic module 360 may employ virtually any cryptographic mechanisms, In one embodiment, cryptographic module 360 employs AES for symmetric cryptography. In another embodiment, cryptographic module 360 employs RSA for asymmetric cryptographic actions.
  • Secure message manager 312 is configured Io provide a secure medium for message exchange. Although not illustrated, secure message manager 312 may interact with a variety of other components of VSC/DCP 3(K ) as required to ensure that mutual authentication of end parties is accomplished and privacy of messages is maintained.
  • Entitlement Manager 3! ⁇ > is configured to manage the receipt, storage, sending, and interpretation of entitlements.
  • entitlement manager 316 may perform various actions associated with security control activities as described above. For example, token manager 316 may receive entitlement messages and manage the key acquisition, key transfer, key identification, rights validation, key decipher, and container decryption steps described above.
  • entitlement manager 316 may employ secure message manager 312 to enable secure communications between a server and the digital media device.
  • Communication module 301 is configured to enable communications ol containers, and/or entitlements between VSC/DCP 300 and the digital media device, a network, or the like. Communication module 301 may then provide the container and/or entitlements to various components within VSCJDCP 300 for performance of various container security layer actions, as described in more detail above.
  • container and communication protocol proxy 256 of FIGURE 2 is distinct from VSC/DCP 258 of FIGURE 2, in one embodiment, communication module 303 may be used to enable secure communications between proxy 256 and VSC/DCP 258 and/or with media player 254 of FIG URE 2.
  • proxy 356 represents one embodiment on the invention where container and communication protocol proxy 256 in implemented within VSC/DCP 258.
  • container and communication protocol proxy 356 is substantially similar to container and communication protocol proxy 256 of FIGURE 2, except that it is configured and arranged to operate as a component within the VSC/DCP.
  • container and communication protocol proxy 356 is shown to communicate though communication module 301.
  • container and communication protocol proxy 356 might also be configured to communicate directly with one or more other components within VSC/DSP 300, without departing from the .scope of the invention.
  • process 400 is generalized to employ the container and communication protocol proxy to convert between a fust container and communication protocol and a second container and communication protocol, of which these containers and communication protocols may include, but are not limited to the container types and communication protocols mentioned above.
  • the request may be received from the media player; however, in another embodiment, the request may be redirected to the container and communication protocol proxy by a script, applet, or the like, within the browser, on the displayed web page from the container server, or the like.
  • Processing moves to decision block 404, where a determination is made whether the received request for container is in the second container and communication protocol format. If so, processing branches to block 406; otherwise, processing flows to block 4i().
  • processing flows next to block 410.
  • the content server might receive the request for the container through the web page, as HTTP, or other first protocol format.
  • the container and communication protocol proxy might, not intercept, the request and re-route it to the container server. Therefore, block 402 might not be performed, and instead, process 400 would instead flow to block 410 where the request from the web page is directly sent as a first container and communication protocol formatted request.
  • independent of how the request is initially formatted and/or from which component within a digital media device the request may be "intercepted" and analyzed to determine the format protocol being used.
  • the invention should not be construed as being limited to a single analysis approach and a plurality of approaches is useable, without departing from the scope of the invention.
  • processing moves next to block 412, where the content server provides the container using the first container and communication protocol format to the client device.
  • the container is in the H.264 file format. However, the invention is not limited to this file format, and others may also be employed.
  • the container is selectively encrypted.
  • the container is streamed to the client device, such that some of the container may Ix received for decrypting and playing on the client device, while another portion is still being downloaded to the client device, or is otherwise not yet received by the client device. As noted above, such downloading of the container may be performed using any of a variety of mechanisms, including, but not limited to random access, adaptive streaming, progressive downloading, real-time streaming, or the like.
  • the 20 communication protocol proxy is configured to request a change in the mechanism used for streaming or otherwise downloading of the container.
  • the container and communication protocol proxy may select to dynamically change the mechanism for downloading of the container based on various criteria.
  • the container and communication protocol proxy might be configured and arranged to monitor network conditions over which the container is received and dynamically modify the downloading based on some predefined criteria of the network conditions.
  • network conditions may include, but are not limited to bandwidth changes, packet failures, number of network disconnects, or the like.
  • the invention is not limited to merely monitoring network conditions, however, and a variety of other approaches may be used.
  • the container/communication protocol proxy may be configured and arranged to monitor various states of a buffer to which the container r ⁇ ay be provided, if the buffer is detected to have some defined state, such as container exceeding or dropping below a threshold level within the buffer, or the like, then the container and communication protocol proxy may modify the download mechanism being used.
  • the proxy might change the downloading mechanism by sending a message to the server to request that the downloading mechanism be changed to another mechanism.
  • the container and communication protocol proxy may select to modify a quality of the container being received. For example, the container and communication protocol proxy might send a request to the server sending the container, to change at least a first portion of the container being transmitted to be compressed or otherwise encoded at a different value than a previous portion of the container. For example, if the container and communication protocol proxy determines, for example that a buffer condition is detected, and/or a network condition is detected then the container and communication protocol proxy might request that a next portion of the container be sent encoded at a different definition level. For example, the encoding might be changed from a high definition level (HD) level to a lower level of quality, such as a standard definition (SD) level (or vice versa).
  • HD high definition level
  • SD standard definition
  • the invention is not limited to merely changing a mechanism used for sending the container or a quality of the container.
  • the proxy may be configured to modify both the quality and the download mechanism * or even to vary which one to employ based on different conditions.
  • the container and communication protocol proxy receives the stream selectively encrypted container from the container server.
  • the received selectively encrypted container may be securely stored until requested for play by the media player, or otherwise provided to the media player, deleted, or the like.
  • the container and communication protocol proxy may then decrypt at least a portion of the received container.
  • the container and communication protocol proxy may then decrypt at least a portion of the received container.
  • the container and communication protocol proxy or other component, provides the decrypted container to the media player using the second container and communications protocol.
  • the decrypted container may be stored in a secure data store of the container and communication protocol proxy, VSC, or the like. Thus, the decrypted container is unavailable for imp ⁇ >per usage.
  • the container and communication protocol proxy or other component may begin to decrypt it, and provide it to the media player using the second container and communication protocol.
  • the invention enables almost immediate playing of the received container by the media player without having to wait for the entire container to have been received. Moreover, if the media player requests to seek another point in the container, such as might arise through, for example, fast-forwarding, or the like, the invention may satisfy this request as well.
  • the computer program instructions may also cause at least some of ihe operational steps shown in the blocks of the flowchart to be performed in parallel. Moreover, some of the steps may also be performed across more than one processor, such as might arise in a multi-processor computer system. In addition, one or more blocks or combinations of blocks in the flowchart illustration may also be performed concurrently with other blocks or combinations of blocks, or even in a different sequence than illustrated without departing from the scope or spirit of the invention.
  • blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It. will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.

Abstract

Various embodiments are directed towards employing a container and communication protocol proxy component within a client, device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container Ls sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination.

Description

PROGRKSSIVK DOWNLOAD OR STREAMING OFDlGITAL MEDIA SiSCURELY THROUGH A LOCALIZED CONTAINER AND COMMUNICATION PROTOCOL
PROXY
CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the benefit of U.S. Provisional Application Serial No. 60/947,263 filed on June 29, 2007, entitled "Progressive Http Download or Streaming of Digital Media Securely Through a Localized Real Time Messaging Protocol Proxy," the benefit of the earlier filing date of which b hereby claimed under 35 U.S.C. § 1 19 (e) and 37 C.F.R. § 1.78, and is further incorporated herein by reference.
TECHNICAL FIELD
This invention relates generally to digital container and communication protocols, and more particularly but not exclusively, to enabling the use of a first container, and first communication protocol and to securely and progressively download steaming digital media using a second container and second communication protocol, by employing a client based container and protocol proxy device.
BACKGROUND
Of all die industries that have been revolutionized by the rise of digital technology and the Internet, few have been swept so greatly as the "content" industries, such as producers and providers of music, movies, pay per view (PPV), Video on Demand (VoD), interactive media, and the like. The Internet has made widespread distribution of such content easier than ever. The content delivered over the Internet may be provided in a variety of containers. One such popular container for video and/or audio content is known as the Flash Video formal container or FLV. One of the reasons lor its popularity is because it is viewable on most operating systems through a readily available FLV media player. These media players may often be easily, and sometimes freely, downloaded and integrated into a web browser as a plug- in.
ϊn a traditional configuration, a server is employed to enable a client's media player to request the FLV container to be downloaded over the Internet, to be played on the client device. Several traditional configurations currently exist to enable the FLV container to be streamed to the client device, including those that use of a proprietary communication protocol known as Real Time Messaging Protocol (RTMP), developed by Adobe Systems (formerly developed by Macromedia). The FLV container may also be streamed using RTMP wrapped within the HTTP communications protocol. Using RTMP, the FLV container may also be streamed as an encrypted file to the client device's media player. However, use of the RlMP protocol has often resulted in an expensive server configuration, thereby limiting the use of the RTMP as a mechanism to stream Fl-V container in some environments.
Using HTTP to stream or progressively download FLV container to the client device's media player, while currently less expensive, sometimes results in exposing the content to a security risk. This is because in today's configuration, even though the FLV container may be transported over network from the server as an encrypted file, the decrypted R-V container may be exposed, or in the clear on the client device. Such exposure enables the FLV container to be improperly copied and/or distributed. Thus, it is with respect to these considerations and others that the present invention has been made.
BRIEF DESCRIITION OF THE DRAWINGS
Non-limiting and non-exhaustive embodiments of the invention are described with reference to the following drawings, ϊn the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified.
For a better understanding of the invention, reference will be made to the following
Detailed Description of the Invention, which is to be read in association with the accompanying drawings, wherein:
FIGURE 1 shows a functional block diagram illustrating an environment for practicing the invention; FIGURE 2 shows one embodiment of a digital media device that may be employed;
FlGURH 3 illustrates one embodiment, of a possible virtual smart card υseable within the digital media device; and
FIGURE 4 illustrates a logical flow diagram generally showing one embodiment of a process for using a local container and communication protocol proxy to manage a secure progressive download of container with container and communication protocol conversions, in accordance with the present invention.
DETAILED DESCRIPTION The present invention now will be described more fully hereinafter with reference to the accompanying drawings, which form a part hereof, and which show, by way of illustration, specific embodiments by which the invention may lie practiced. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so thai this disclosure will be thorough and complete, and will fully convey the .scope of the invention to those skilled in the art. Among other things, the present invention may be embodied as methods or devices. Accordingly, the present, invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. The following detailed description is, therefore, not to be taken in a limiting sense.
Throughout the specification and claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise. The phrase "in one embodiment" as used herein does not necessarily refer to the same embodiment, though it may. As used herein, the term "or" is an inclusive "of* operator, and is equivalent to the term "and/or/* unless the context clearly dictates otherwise. The term "based on" is not exclusive and allows for being based on additional factors not described, unless the context clearly dictates otherwise. The meaning of "a." "an," and "the" include plural references. The meaning of "in" includes "in" and "on."
As u.sed herein, the term ^content" includes any digital data that may be communicated over a network to be used by a computing device. Non -exhaustive examples of content include but is not limited to multimedia data, including movies, videos, music. Pay Per View (PPV), Video On Demand (VoD), interactive media, audios, still images, text, graphics, scripts, applications, and other digital content useable by a computing device. Content is often described by its format, or container, in which the content is provided. Thus, as used here, the term "container" refers to a computer file or stream format in which content may be presented. Containers often disclose how the digital content is encoded, interleaved, and/or compressed. A non-limiting and non-exhaustive list of examples of a container is: MPEG2-TS, FLV, H.264, MOV, MP4, 3GP, and ASF.
As used here, the terms "communication protocol" or "protocol" refer to a convention or standard that controls or enables a connection, communication, and/or data transfer between two computing endpoints. Thus, a communication protocol can be defined as roles governing the syntax, semantics, and synchronization of communication over a network. A communication protocol is employed to transport content within its container over a digital computer network. A non-limiting and non-exhaustive list of examples of a communication protocol is: Real Time Messaging Protocol (RTMP), RTMPE, User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCPyiiuernet Protocol (TCP/IP, File Transfer Protocol (FTP), Secure Copy Protocol (SCP), Real-time Transport Protocol (or RTP) and Real Time Streaming Protocol (RTSP). Moreover, a communications protocol may be unicast or multicast.
As used here, the term "proxy" refers to any software and/or hardware component useable to operate on behalf of other network components to manage conversion and/or pass through of a transmission between the network components, the proxy being interposed between the network components. Thus, the proxy is configured to receive a transmission from one network component that is destined for another network component- The proxy evaluates the transmission and converts one or more characteristics of the transmission and/or allows one or more characteristics of the transmission to be forwarded without a conversion.
Briefly, the present invention is directed towards a method, apparatus, and system that employ a proxy component within a client device to receive securely downloaded content over a network using a first container and communications protocol, and to securely decrypt the content and provide it to a media player using a second container and second communications protocol. In one embodiment, the container is downloaded using any of a variety of mechanisms including but not limited to streaming the container over the network. Moreover, the streaming of the data may lie performed using a variety of mechanisms. Thus, in one embodiment, the streaming may employ a progressive download streaming, or fast start approach, that enables a received portion of the data to be played while other portions of the data are still being streamed. However, other mechanisms may also be employed, including, but not limited to real-time streaming, broadcasting, PHP Hypertext, pre-preprocessing streaming, or any of a
4 variety of adaptive streaming mechanisms, random access, seek, bookmark approaches, or the like. Changes in an encoding or compression of the container may also be used. A request for the container may be provided to a content server using a web browser, or the like. In one embodiment, the media player may be used to provide the request for the container. In one embodiment, the request might be redirected through the proxy component and sent to the content server using a first container and communications protocol. In one embodiment, the first container may be FLA'' and the f lrst communications protocol is HTTP. However, the invention is not so limited. For example, the first container might also be MPEG2-TS and the first communication protocol Real-time Transport Protocol (or RTP), or any of a variety of other protocols useable to distribute multimedia content in containers over a network. In one embodiment, the content is selectively encrypted and placed in any of a variety of containers, including, but not limited to Windows Media Video Formal (WMV), Windows Media Audio Format (WMA), Advanced Systems Format (ASF), Real Audio (RA/RAM), MPEG-4 MOV. H.264 or the like, without departing from the scope of the invention.
In one embodiment the containers are communicated over the network using any communication protocol, including, but not limited to RTMP, R TPME, UDV, HTTP. TCP/IP, FTP. SCP, RTP. or RTSP. The proxy component may then receive at least a portion of the container, decrypt at least some of the received container, and provide the decrypted portion to the media player, virtually on-the-fly (or virtually real-time), and further proxy(convert) the data using a second container and second communications protocol,. A non-limiting and non-exhaustive list of containers includes: MPEG2-TS. FLV, H.264, MOV, MP4, 3GP, and ASF. A non-limiting and non-exhaustive list of examples of a communications protocol includes: R TMP, RlPME, UDP, H ITP, TCP/IP, FIT, SCP, RTP, and RTSP.
In one embodiment, the encrypted portion of the received container may be securely stored in a data store, secure cache, or the like, on the client device. Thus, the proxy may convert from any one of the containers to any one of the other containers. The proxy may also convert from any one of the communications protocols to any one of the other communication protocols. It should be noted, however, that the proxy may also allow a first container or first communication protocol to be a second container or second communication protocol. Thus, in one embodiment, the proxy might select to convert a first container to a second container, where the first and second containers are different, but select to maintain the same communications
5 protocol during the conversion. That is, in one embodiment, the proxy might maintain the first and second communications protocols to be the same communications protocol- Similarly, the proxy may select to convert a first communications protocol to a second communications protocol, where the first and second communications protocol are different, but select to maintain the same container for both the first and second containers.
Illustrative Environment
FIGURE 1 is a functional block diagram illustrating an exemplary operating environment 100 in which the invention may be implemented. Operating environment 1(X) is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known environments and configurations may be employed without departing from the scope or spirit of the present invention.
As shown in the figure, operating environment 100 includes a digital media device 102, a network 104, and a content server! 06. Network 104 is coupled to and enables communication between digital media device 102 and content server 106.
One embodiment of digital media device 102 is described in more detail below in conjunction with FIGURE 2. Briefly, however, digital media device 102 may include virtually any computing device capable of receiving containers and/or software over a network, such as network 104. from another computing device, such as content server 106. Digital media device 102 may also include any computing device capable of receiving the container and/or software employing other mechanisms, including, but not limited to CDs, DVDs, tape, electronic memory devices, and the like. The set of such devices may include devices that typically connect using a wired communications medium such as personal computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network I5Cs, and the like. The set of such devices may also include devices that typically connect using a wireless communications medium such as cell phones, smart phones, pagers, vvalkie talkies, radio frequency (RF) devices, infrared (IR) devices, CBs, integrated devices combining one or more of the preceding devices, and the like. Digital media device 102 may also be any device that is capable of connecting using a wired or wireless communication medium such as a PDA, POCKET PC, wearable computer, media players, and any other device that is equipped to communicate over a wired and/or wireless communication medium to receive and play the content. Similarly, digital media device 102 may employ any of a variety of devices to enjoy such content, including, but not limited to. a computer display system, an audio system, a jukebox, set top box (STB), a television, video display device, and the like.
Digital media device 102 may further employ virtual smart card (V SC)/Digital Copy
Protection (DCP.) software as described below. Digital media device 102 may employ the VSC/DCP software, for example, to manage access to content. The VSC/DCP software can be renewed over a network by downloading at least a portion of the VSC/DCP software (including new encryption/decryption keys), or by receiving it via another mechanism. Although a VSC/DCP software component is described in more detail below in conjunction with FIGURE 3. it should be clear that virtually any downloadable conditional access software module may also be employed.
Digital media device 102 may further include a browser application that is configured to receive and to send web pages, web-based messages, containers, or the like. The browser application may be configured to receive and display graphics, text, multimedia, or any of a variety of other content, employing virtually any web based language, including but not limited to Standard Generalized Markup Language (SMGL), HyperTexl Markup Language (HTML), extensible Markup Language (XML), or the like. Fn one embodiment the browser application may be configured with one or more .scripts, applets, plug-ins, or the like, that may be arranged to enable display of content based on the container. Thus, in one embodiment, the browser application may include a media player, or the like, that is configured to play such containers, as FLV, small web format (SWF), MPEG, or the like. The media player may also play a variety of other container formats. Moreover, in another embodiment, the media player or other content player component may be distinct from the browser application.
In one embodiment, the web browser may be configured to access a web page, or the like, over network 104 that may be hosted on a remote computing device, such as content server 106, or the like. A user of digital media device 102 may then select for download containers. The containers may be real-time streamed, progressively downloaded, adaptively downloaded (or downloaded using a variety of other mechanisms) over network 104 to be played within the browser application using the media player. However, it is noted that the media player may also be used to play the container, where the media player is distinct from a
7 browser application. In one embodiment, the container Ls downloaded over network 104 using HTTP. However, the containers may also be downloaded over network 104 using any of a variety of communication protocols, including but not limited to those mentioned above.
Jn one embodiment, the containers are encrypted. In one embodiment, the containers may be selectively encrypted. That is, the some portions of the containers may be encrypted using one or more encryption keys, while another portion of the container stream may be unencrypted or left in the clear. Moreover, encryption may be selectively applied to at least a portion of a video elementary stream (ES) of the real-time streamed, progressively, or adaptively downloaded container, a portion of the audio ES, a portion of the digital data ES, and/or any combination and any portion of video, audio, data elementary streams that comprise container stream. Selective encryption may further include selectively encrypting at least a portion of an I- frame. P-frarne, B-frarne, and any combination of P, B, and I frames within the container stream.
In one embodiment, the media player may be configured to request and/or receive content in a second container type using a second communication protocol, such as the RTMP streaming protocol or the like. Thus, as described below, in conjunction with FIGURES 2 and 4, a container and communication protocol pa>xy (CCPP) component may be provided to digital media device 102 that is configured to intercept the selectively encrypted first container, and communication protocol or progressively downloaded stream in a first container and communication protocol and securely decrypt it and provide it to the media player using a second container, such as MP4 and communication protocol such as RTMP. or some other second protocol.
Network 104 Ls configured to couple one computing device to another computing device to enable them to communicate. Network 104 is enabled to employ any form of computer readable media for communicating information from one electronic device to another. Also, network 104 may include a wireless interface, and/or a wired interface, such as the Internet, in addition to local area networks (LANs), wide area networks (WANs), direct connections, such as through a universal serial bus (USB) port, other forms of computer- readable media, or any combination thereof. On an interconnected set of LANs, including those based on differing architectures and protocols, a router acts as a link between LARs, enabling messages to be sent from one to another. Also, communication links within LANs typically include twisted wire pair or coaxial cable, while communication links between networks may
8 utilize analog telephone lines, full or fractional dedicated digital lines including Tl, T2, T3. and T4, Integrated Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs). wireless links including satellite links, or other communications links known to those skilled in the art. Furthermore, remote computers aid other related electronic devices could be remotely connected to either LANs or WANs via a modem and temporary telephone link, In essence, network 104 includes any communication method by which information may travel between networked devices.
The media used to transmit information in communication links as described above illustrates one type of computer-readable media, namely communication media. Generally, computer-readable media includes any media that can be accessed by a computing device.
Computer-readable media may include computer storage media, communication media, or any combination thereof.
Additionally, communication media typically embodies computer-readable instructions, data structures, program modules, or other transport mechanisms and includes any information delivery media. By way of example, communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, RF, infrared, and other wireless media.
Content server 106 includes servers that may be managed for producers, developers, and owners of content that can be distributed to digital media device 102. Such content include pay-for-view or time and subscription television, movies, interactive video games, interactive news television, catalogue browsing, distance learning, video conferencing, and the like. It is apparent that such content owned by content server 106 is not limited to video content only, and may include audio only services, without departing from the scope or spirit of the present invention. Thus, content is intended to include, but not be limited to, audio, video, still images, text, graphics, and other forms of content directed towards a user.
In one embodiment, the content is provided as in a Moving Pictures Experts Group (MPEG) container stream, such as a transport stream, or the like. However, the invention is not so limited, and other file formats may also be employed, without departing from the scope or spirit of the invention. For example, in one embodiment, the container may be provided as FLV file formal, MP3 file format, MP4 file format, or the like. Moreover, the container may be stored on content server 106 and/or distributed to various participants within operating environment 100 as selectively encrypted container. For example, in one embodiment, content server 106 may selectively encrypt at least a portion of the container, while leaving another portion unencrypted. Content server 106 may select to encrypt a video elementary stream (ES), an audio ES, a digital data ES. and/or any combination, and/or any portion of video, audio, data elementary streams of the container. In one embodiment, at least one portion of the container may be selectively encrypted using one container encryption key, while another portion of the container may be selectively encrypted using another container encryption key. It is noted, however, the content server! 06 may also select to encrypt the entire container, without departing from the scope or .spirit of the invention.
Content server 106 may further select to encrypt at. least a portion of the container using any of a variety of encryption techniques, including, but not limited to RSA algorithms. Data Encryption Standard (DBS), International Data Encryption Algorithm (IDEA), Skipjack, RC4, Advanced Encryption Standard (ABS), Elliptic Curve Cryptography, or the like. Moreover content server 106 may perform such encryption on-the-fl y, or store the container as already selectively encrypted.
Content server 106 may provide to a requesting device, such as digital media device 102, or the like, a decryption key that may be used to decrypt the selectively encrypted container, along with container attribute information, rights, and entitlements to access the container. In one embodiment, the decryption key may be encrypted and sent with the encrypted container. In another embodiment, the decryption key may be provided using an out-of-band mechanism. For example, the decryption key may be provided using any of the variety of portable storage devices described below, out-of-band over a network, via a virtual smart card such as to a VSC/DCP, or the like.
In any event, devices that may operate as content server 106 include personal computers, desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs. servers, or the like. However, content server 106 may also include any of a variety of mobile devices, such as described above in conjunction with digital media device 102, or the like.
Illustrative Digital Media Device FKiURE 2 shows one embodiment of a digital media device that may be employed in the operating environment 100 of FIGURE 1. Digital media device 200 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention. Digital media device 200 may represent, for example, one embodiment of digital media device 102 of FIGURE 1.
Digital media device 2(X) includes central processing unit 212, video display adapter 214, and a mass memory, all in communication with each other via bus 222. The mass memory generally includes RAM 216. ROM 232, and one or more permanent mass storage devices, such as bard disk drive 228, tape drive, optical drive, and/or floppy disk drive. The mass memory stores operating system 220 for controlling the operation of digital media device 2(K). Any general-purpose operating system may be employed. Basic input/output system ("BIOS") 218 is also provided for controlling the low-level operation of digital media device 200. As illustrated in FlGURK 2, digital media device 2(K) also can communicate with the Internet, or some other communications network, via network interface unit 210, which is constructed for use with various communication protocols including the TCP/IP protocol.
Network interface unit 210 is sometimes known as a transceiver, transeeiving device, or network interface card (NIC).
The mass memory as described above illustrates another type of computer-readable media, namely computer-readable storage media. Computer-readable storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. Examples of computer-readable storage media include, but is not. limited to RAM. ROM, EEPROM, flash memory or other memory technology. CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
The mass memory also stores program code and data. One or more applications 250 are loaded into mass memory and run on operating system 220. Examples of application programs may include tran.scoders, schedulers, calendars, database programs, CODECs, networking programs, media communication stacks, user interlace programs, encryption/decryption programs, security programs, container programs, account management programs, and so forth. Application programs may also include virtual smart card VSODCP 258, browser 252, and container and communication protocol proxy or CCPP 256.
One embodiment of VSC/DCP 258 is described in more detail below in conjunction with FIGURK 3. Briefly, however, VSC/DCP 258 includes computer-executable code, data, decryption/encryption keys, and the like, that is configured to enable container protection similar to physical smart card approaches. However, unlike the physical smart card approaches, the VSC/DCP 258 is configured as software that may be downloaded to and reside within digital media device 2(K) to enable changes in security solutions to be implemented rapidly (in seconds, minutes, or hours) at relatively low costs. This is in stark contrast to physical smart card approaches that often require new hardware to be generated and distributed. Such physical approaches typically are made available as updates about once or twice a year. Moreover, use of the VSC/DCP 258 removes physical constraints on container protection layers providing the secure container to a user. For example, by replacing a physical smart card with the VSC/DCP 258, physical interface cards, links, or the like, may be removed. Removal of such physical components from digital media device 200 is directed at. improving a channel change time over traditional systems, as well as overall communication performance enhancements positively impacting user experience while viewing cont.ent.Use of the described VSC/DCP 258 also enables privacy (confidentiality), integrity, timeliness, access control (authorization), and authentication (identity), as well as rapid renewal, cross link copy protection or digital rights management, and greater capacity, flexibility, and an ability to bind to a device to provide increased security.
Typical VSC/DCP 258 software may include various components including but not limited to secure stores, fingerprinting modules, secure message managers, entitlement managers, key generators, and the like. The VSC/DCP 258, and its components, may be configured to enable protection of received container. In one embodiment, the VSC/DCP 258 may be configured, in part, to generate a decryption key for use in decrypting received container. In another embodiment, the VSC/DCP 258 may receive the decryption key from another device, or component, within the client device, over a network, from a portable memory device, or from a variety of other mechanisms. In one embodiment, VSC/DCP 258 may receive a decryption key, and use the decryption key to decrypt the encrypted container. Browser 252 may include virtually any client application configured to enable a user to display and interact with text, images, and other information typically located on a network device, such as content .server 106 of FIGURE 1. Thus, browser 252 may include, but is not. limited to, Internet Exlporer. Mozilla Firefox, Safari, Opera, Netscape, or the like. As shown. browser 252 may include a plug-in component: media player 254. Media player 254 may represent any of a variety of container players, including those configured to request and/or play FLV container. MPEG, or the like. It should be noted, while media player 254 Is illustrated as a plug-in to browser 252, the invention is not so limited. Thus, in one embodiment, media player 254 may be configured and arranged to operate as a standalone application distinct from browser 252.
Container and Communication Protocol Proxy 256 is configured and arranged to intercept requests for containersfrom media player 254. in one embodiment, the request may be received for FLV containers or any other container such as H.264, »MP4, MOV, or the like. Additionally, containers are requested using RTMP, however, the request may also be received using any of a variety of other communication protocols, including, but not limited to RTMPE (encrypted RTMP), RTP, RTSP or the like, As used herein, for convenience, the container and communication protocol used by the media player 254 may be referred to as the second container and protocol. The container and communication protocol that is communicated over the network, such as network 104 of FIGURE 1 may then be referred to a the first container and communication protocol. Such terms, clearly are arbitrary, and other naming conventions may also be used, without narrowing the scope of the invention.
In any event, container andeommnication protocol proxy 256 may then provide the request, for containers over a network using the first container and communication protocol, and receive the requested container using the first communication protocol. In one embodiment, the first container may include but is not limited to FLV, H.264 or MOV or the like and the communication protocol may include, but is not. limited to HTTP, RTP, UDP, RTSP, RTMP, RTMPE or the like. In one embodiment, the container may be communicated over the network as an MPEG Transport Stream (TS) using User Datagram Protocol (UDP), Transport Control Protocol (TCP), or the like. In one embodiment, container and communication proxy 256 may receive the container as selectively encrypted container. In one embodiment, the container requested is in the FLV file format. However, the invention Ls not so constrained, and other container file formats may also Ix used. For example, the container file may also Ix in the MPEG format* or the like. Moreover, as noted above, the container may be transmitted using a multicast, and/or a unicasi protocol.
Proxy 256 may receive the container in a container stream. In one embodiment, a portion of the container may be received, and decrypted, while still receiving at {east another portion of the container. Thus, in one embodiment, proxy 256 may receive a progressive download of the container stream. Container and Communication Protocol Proxy 256 may then provide the decrypted container to media player 254 using the second container and communication protocol. Thus, container and communication proxy 256 is configured and arranged to convert the first container and communication protocol into the second container and communication protocol, and/or convert the second communication protocol container into the first container and communication protocol. For example, container and communication protocol proxy 256 might convert FLV containers communicated over HlTP into FLV containers communicated over RTMP; H.264 containers communicated over UDP into FLV containers communicated over RTMP; or the like.
In one embodiment, container and communication protocol proxy 256 may include a secure data store that is configured to securely store decrypted and/or encrypted container. In another embodiment, container and communication protocol proxy 256 may employ a secure data store within VSCJDCP 258, or the like, to store received containers, where the container may be provided using any of a variety of streaming mechanisms, including, but not limited to those described above. Container and Communication Protocol Proxy 256 may employ a process such as described in more detail below in conjunction with FIGURE 4 to perform at least some of its actions.
While container and communication protocol proxy 256 is shown as a disctinci component, the invention is not so limited. For example, in one embodiment, container and communication protocol proxy 256 may be a component within VSC/DCP 258. [n another embodiment, container and communication protocol proxy 256 may be downloaded as a separate component, downladed as a component within VSC/DCP 258, or even configured as a downloadable plug-in to browser 252. Thus, the various embodiments illustrated in the figures are not to be construed as narrowing the invention, and other embodiments, configurations, and arrangements are also envisaged within the scope of the invention. FKiURE 3 illustrates one embodiment of a possible virtual smart card / Digital Copy Protection (VSC/DCP). VSC/DCP 300 of Figure 3 may include many more components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention, and variations in the arrangement and type of the components may be made without departing from the spirit or scope of the invention. Moreover, although VSC/DCP 300 is described, other downloadable conditional access system software modules may also be employed. For example, another VSC that may also be employed is described in more detail in U.S. Patent No. 7,299,292, entitled "Process and streaming sewer for encrypting a data stream to a virtual smart card client system," which issued on November 20, 2007, and which is incorporated herein in iis entirely.
Use of VSC/DCP 300 enables privacy (confidentiality), integrity, timeliness, access control (authorization), and authentication (identity), rapid renewal, cross link copy protection or digital rights management, and greater capacity, flexibility, and an ability to bind to a device to provide increased security.
As shown, VSC/DCP 3(K) includes tamper detector 314, communication module
301, cryptographic module 360. entitlement manager 316, secure message manager 312. key generator 318. fingerprinter/binding module 320, DCP 322. secure storage module 310. and container and communications protocol proxy 356 (or simply proxy 356, or CCPP 356).
Secure storage module 310 is configured to provide a secure local store that may include containers tightly bound to the digital media device. Binding to the digital media device may be performed using, for example, a fingerprint, hash, or the like. Moreover, local security may be provided using encryption, obfuscation, or through use of various network resources. In one embodiment, secure storage module 310 may receive and securely store container decryption keys, or the like. In one embodiment, secure storage module }IO, or the like, may be used to enable secure storage of decrypted containers received from container and communication protocol proxy 256 of FIGURE 2 (and/or container and communication protocol proxy 356).
Fingerprinter/binding module 320 is configured to provide a fingerprint that uniquely identifies the digital media device. A fingerprint may be made up of a number of elements specific to each fingerprint. Such elements are termed herein as ridges. Each ridge includes an element of a fingerprint that provides information to the fingerprint making it unique from other fingerprints. Some examples of ridges include a hardware serial number, operating system version number, Internet Protocol address, physical memory size, and the like. Each ridge included within the fingerprint refines the identity of the system so that it may be uniquely identified within a system. 'Hie combinations of all fingerprints may create a handprint or system fingerprint that uniquely identifies a personal computer, server, client device, set top box, or similar device within the system. An order of each of the fingerprint groups and individual ridges røay affect the resulting system fingerprint or handprint.
Key generator 318 is configured to employ cryptographic module 36X) to enable generation of cryptographic keys. Such generation may employ for example, a rapid renewal mechanism whereby the new generation of keys may be performed within a short period of time, compared to traditional physical smart card key replacement mechanisms. In one embodiment key generator 318 may enable generation of new keys within hours rather than days, weeks, or even months. In one embodiment, to further obfuscate a potential point of attack dynamic rapid renewal is employed, wherein regeneration of keys, and the like, is performed on a random basis to create an unpredictable environment. In another embodiment such dynamic rapid renewal may also be employed to replace various software components that may further minimize an attack. Employing such rapid renewal of enables use of VSC/DCP 3(K) in a variety of other situations, including banking, enterprise security, e-commerce, and by studios for content distribution, as well as managing streaming media container using container keys.
Tamper detection 314 may be applied at a variety of points within VSCTDCP 3(K) to ensure a highly secure infrastructure. Typically, some level of tamper protection or resistance may be provided as part of the software and/or hardware of VSC/DCP 3(K). As shown, tamper protection 314 may provide protection or resistance from tampering* and similar hacking approaches, including, but not limited to digital copy protection. Thus, in one embodiment, tamper detection 314 may operate as a DCP device. This protection may further include agents that are configured to perform various actions, including but not limited to in-circuit emulator detection, debugger detection, debugger resistance, memory space violation detection and protection, screen scrapper detection, audio scrapper detection, as well as similar application level piracy behavior detection and protection. It should be noted, however, that while tamper detection 314 may be configured to provide DCP, the invention is not so limited. For example, in one embodiment, DCP 322 may be implemented as a separate component from tamper detection 314. As such, DCP 322 may be configured monitor for attacks on containers that might arise in the time between decryption and rendering when media is 'in the clear/ aid also protecting against common static and dynamic attacks on the containers. Moreover, DCP 322 might, further monitor activities based on rules allowing or disallowing the playoυt of encrypted containers. One embodiment of a possible implementation of DCP 322 might, employ techniques .such as are described in the pending U.S. Patent Application Serial No. 11/150,357, entitled "Apparatus, System, And Method for Protecting Content Using Fingerprinting and Real-Time Evidence Gathering," filed June K), 2005, which is incorporated herein by reference. In that implementation, digital fingerprinting, pattern recognition, and real-time tamper evidence gathering are used to monitor for unauthorized access and to provide an appropriate response when such unauthorized access is detected. Digital fingerprinting may be based, at least in part, on a behavior of selected computer processes. A predetermined set of parameters associated with at least one process on a client. device are monitored over time to detect a change in state. The state change is employed to create a fingerprint for the process. Statistical analysis is then applied to additional data collected to determine whether the additional data indicates unauthorized behavior. If such unauthorized attempts to copy or otherwise access the container is detected, a variety of actions may be performed, including, but not limited, to sending a message over a network to inhibit additional sending of a container, destroying a container currently received, or the like. It is noted, however, that the present invention is not limited to such non-exhaustive example implementation, and others may also be used for DCP 322.
Jn yet another embodiment, DCP 322 might be implemented as a distinct component separate from VSC/DCP 258 may also be provided to provide digital copy protection, in addition to tamper detection 314.
Tamper detection 314 may be configured to identify tampering from other systems, such as those on a digital media device, and the like. For example, in an interactive television environment it may be possible to deploy tamper detection within a network to monitor for cloning attempts of virtual smart cards and/or its various components. Tamper detection 314 may further provide a trusted time source, thereby preventing replay attacks. Cryptographic module 360 is configured to provide a variety of cryptographic keys, including symmetric or private keys, asymmetric or public keys, and the like. Although cryptographic module 360 may employ virtually any cryptographic mechanisms, In one embodiment, cryptographic module 360 employs AES for symmetric cryptography. In another embodiment, cryptographic module 360 employs RSA for asymmetric cryptographic actions.
Secure message manager 312 is configured Io provide a secure medium for message exchange. Although not illustrated, secure message manager 312 may interact with a variety of other components of VSC/DCP 3(K) as required to ensure that mutual authentication of end parties is accomplished and privacy of messages is maintained.
Entitlement Manager 3! <> is configured to manage the receipt, storage, sending, and interpretation of entitlements. As such, entitlement manager 316 may perform various actions associated with security control activities as described above. For example, token manager 316 may receive entitlement messages and manage the key acquisition, key transfer, key identification, rights validation, key decipher, and container decryption steps described above. Moreover, entitlement manager 316 may employ secure message manager 312 to enable secure communications between a server and the digital media device.
Communication module 301 is configured to enable communications ol containers, and/or entitlements between VSC/DCP 300 and the digital media device, a network, or the like. Communication module 301 may then provide the container and/or entitlements to various components within VSCJDCP 300 for performance of various container security layer actions, as described in more detail above.
Where, container and communication protocol proxy 256 of FIGURE 2 is distinct from VSC/DCP 258 of FIGURE 2, in one embodiment, communication module 303 may be used to enable secure communications between proxy 256 and VSC/DCP 258 and/or with media player 254 of FIG URE 2.
However, as shown, proxy 356 represents one embodiment on the invention where container and communication protocol proxy 256 in implemented within VSC/DCP 258. As noted elsewhere, such configuration is but one of a variety of configurations, and the invention should not be construed as being narrowed by such non-exhaustive example. As such, however, container and communication protocol proxy 356 is substantially similar to container and communication protocol proxy 256 of FIGURE 2, except that it is configured and arranged to operate as a component within the VSC/DCP. Thus, in this embodiment, container and communication protocol proxy 356 is shown to communicate though communication module 301. However, in another embodiment, container and communication protocol proxy 356 might also be configured to communicate directly with one or more other components within VSC/DSP 300, without departing from the .scope of the invention.
Generalized Operation
The operation of certain aspects of the invention will now be described with respect to FIGURE 4. FIGURE 4 illustrates a logical flow diagram generally showing one embodiment of a process for using a local container and communication protocol proxy to manage a secure communication of containers. Process 400 of FIGURB 4 may be implemented within container and communication protocol proxy 256 of FIGURE 2. In one embodiment, the local container and communication protocol proxy may receive FLV container requests from the media player in RTMP and convert it to HTTP requests for H.264 for transmission over the network.
However, as noted, the invention is not so limited. Thus, process 400 is generalized to employ the container and communication protocol proxy to convert between a fust container and communication protocol and a second container and communication protocol, of which these containers and communication protocols may include, but are not limited to the container types and communication protocols mentioned above.
Process 400 begins, after a start block, at block 402, where the container and communication protocol proxy may be configured to intercept from a media player component a second container and communication protocol request, to another embodiment, a user of the client device in which the container and communication protocol proxy and media player resides, might employ a browser to connect to a content server using a first communication protocol, such as HTTP. Thus, in one embodiment, the request might use the first communication protocol. The browser might display a web page that includes a link, or the like, useable for selecting a container for download. When the user clicks on the link, the browser might be arranged to re-route the link to the container and communication protocol proxy. Thus. in one embodiment, the request may be received from the media player; however, in another embodiment, the request may be redirected to the container and communication protocol proxy by a script, applet, or the like, within the browser, on the displayed web page from the container server, or the like.
Processing moves to decision block 404, where a determination is made whether the received request for container is in the second container and communication protocol format. If so, processing branches to block 406; otherwise, processing flows to block 4i().
At block 406, where information about the container being requests is extracted from the second communication protocol formatted request. Processing then flows to block 408, where the extracted information is then used to generate a fust protocol formatted request for the container. Processing flows next to block 410.
It is noted that in one embodiment, where the web page is displayed by the container server, the content server might receive the request for the container through the web page, as HTTP, or other first protocol format. Thus, in that embodiment, the container and communication protocol proxy might, not intercept, the request and re-route it to the container server. Therefore, block 402 might not be performed, and instead, process 400 would instead flow to block 410 where the request from the web page is directly sent as a first container and communication protocol formatted request. However, in another embodiment, independent of how the request is initially formatted and/or from which component within a digital media device the request may be "intercepted" and analyzed to determine the format protocol being used. Thus, the invention should not be construed as being limited to a single analysis approach and a plurality of approaches is useable, without departing from the scope of the invention.
ϊn any event, processing moves next to block 412, where the content server provides the container using the first container and communication protocol format to the client device. In one embodiment, the container is in the H.264 file format. However, the invention is not limited to this file format, and others may also be employed. In one embodiment, the container is selectively encrypted. In one embodiment, the container is streamed to the client device, such that some of the container may Ix received for decrypting and playing on the client device, while another portion is still being downloaded to the client device, or is otherwise not yet received by the client device. As noted above, such downloading of the container may be performed using any of a variety of mechanisms, including, but not limited to random access, adaptive streaming, progressive downloading, real-time streaming, or the like. In one embodiment, the container and
20 communication protocol proxy is configured to request a change in the mechanism used for streaming or otherwise downloading of the container. Thus, the container and communication protocol proxy may select to dynamically change the mechanism for downloading of the container based on various criteria.
For example, in one embodiment, the container and communication protocol proxy might be configured and arranged to monitor network conditions over which the container is received and dynamically modify the downloading based on some predefined criteria of the network conditions. Such network conditions may include, but are not limited to bandwidth changes, packet failures, number of network disconnects, or the like. The invention is not limited to merely monitoring network conditions, however, and a variety of other approaches may be used. For example, in another embodiment, the container/communication protocol proxy may be configured and arranged to monitor various states of a buffer to which the container røay be provided, if the buffer is detected to have some defined state, such as container exceeding or dropping below a threshold level within the buffer, or the like, then the container and communication protocol proxy may modify the download mechanism being used. In one embodiment, the proxy might change the downloading mechanism by sending a message to the server to request that the downloading mechanism be changed to another mechanism.
In another embodiment, based on some condition, the container and communication protocol proxy may select to modify a quality of the container being received. For example, the container and communication protocol proxy might send a request to the server sending the container, to change at least a first portion of the container being transmitted to be compressed or otherwise encoded at a different value than a previous portion of the container. For example, if the container and communication protocol proxy determines, for example that a buffer condition is detected, and/or a network condition is detected then the container and communication protocol proxy might request that a next portion of the container be sent encoded at a different definition level. For example, the encoding might be changed from a high definition level (HD) level to a lower level of quality, such as a standard definition (SD) level (or vice versa).
It should be understood, that multiple condition may be used, even providing multiple thresholds useable to vary the encoding or compression of portions of the data and thereby modify the quality of the container being received. Thus, when the conditions vary, the quality of different portions of the container may dynamically vary for a given container stream. Therefore, the quality of different portions of a given container stream røay vary over time based changes in monitored conditions. Moreover, the invention is not limited to merely changing a mechanism used for sending the container or a quality of the container. For example, the proxy may be configured to modify both the quality and the download mechanism* or even to vary which one to employ based on different conditions.
In any event, the container and communication protocol proxy receives the stream selectively encrypted container from the container server. Jn one embodiment, the received selectively encrypted container may be securely stored until requested for play by the media player, or otherwise provided to the media player, deleted, or the like.
Moving to block 414, the container and communication protocol proxy, or another component, may then decrypt at least a portion of the received container. Flowing next to block 416, the container and communication protocol proxy, or other component, provides the decrypted container to the media player using the second container and communications protocol. In one embodiment, the decrypted container may be stored in a secure data store of the container and communication protocol proxy, VSC, or the like. Thus, the decrypted container is unavailable for impκ>per usage.
Tn one embodiment the moment a portion of the container is received, the container and communication protocol proxy or other component, may begin to decrypt it, and provide it to the media player using the second container and communication protocol. Thus, in one embodiment, the invention enables almost immediate playing of the received container by the media player without having to wait for the entire container to have been received. Moreover, if the media player requests to seek another point in the container, such as might arise through, for example, fast-forwarding, or the like, the invention may satisfy this request as well. Upon completion of block 416, processing returns to a calling process.
It will be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by computer program instructions. These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks. The computer program instructions may be executed by a processor to cause a series of operational .steps to be performed by the processor to produce
22 a computer implemented process such that the instructions, which execute on the processor to provide steps for implementing the actions specified in the flowchart block or blocks. The computer program instructions may also cause at least some of ihe operational steps shown in the blocks of the flowchart to be performed in parallel. Moreover, some of the steps may also be performed across more than one processor, such as might arise in a multi-processor computer system. In addition, one or more blocks or combinations of blocks in the flowchart illustration may also be performed concurrently with other blocks or combinations of blocks, or even in a different sequence than illustrated without departing from the scope or spirit of the invention.
Accordingly,, blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It. will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.
The above specification, examples, and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims hereinafter appended.
23

Claims

CLAIMSWhat is claimed as new and desired co be protected by Letters Patent of the United States is:
1. A system for managing multimedia content over a network, comprising: a media player residing on a client device and configured to receive containers having content using a Real Time Messaging Protocol (RTMP) protocol, and to perform actions, including: sending an RTMP formatted request for a container of content; and a container and communication protocol proxy component residing on the client device and configured to perform actions, including: intercepting the RTMP formatted request from the media player: extracting from the RTMP formatted request information about the container being requested; generating a HyperText Transfer Protocol (HTTP) formatted request for the container being requested based on the extracted information; sending the HTTP formatted request over the network using HlTP; receiving at least a portion of the requested container streamed over the network using HTTP, wherein the at least a portion of the requested container is selectively encrypted; enabling decryption of the at least some of the received portion of the selectively encrypted container, such that the decrypted container is then provided to the media player using RTMP, wherein the media player Ls configured and arranged to play at least the received portion of container while another portion of the container is currently unavailable to the media player.
2. The system of Claim 1 , wherein the container is in at least one of a Flash Video (FLV) file format, Windows Media Video Format (WMV), Windows Media Audio Format (WMA) Advanced Systems Format. (AvSF), or a Real Audio (RA/RAM) file formal.
3. The system of Claim 1. the system further comprising: a component configured and arranged to perform digital copy protection of the container, such that if an unauthorized attempt to copy the container is detected, the component may inhibit access to the container.
24
4. The system of Claim 1 , wherein the HTfP formatted request is sent over the network to an HTTP server.
5. The system of Claim 1. wherein the container is received using one of a progressive downloading, a real-time streaming, an adaptive streaming mechanism, or modifying a quality of the requested container.
6. The system of Claim 1 , wherein the system resides within a digital media player.
7. A virtual smart card system residing with a client device for managing access to container over a network, the virtual smart card comprising: a communication module that is configured and arranged to receive and to send information; a cryptographic module that Ls configured and arranged Io receive encrypted container and to decrypt the container; and a container and communication protocol proxy module that is configured and arranged to convert between a first container and first communications protocol and a second container and a second communications protocol by performing actions, including: if a request for content employs the second container and second communications protocol, reformatting the request as a first container and first communications protocol request for content: sending the first container request for the content over the network towards a server that is configured to employ the t list communications protocol and to provide content using the first container: receiving at least a portion of the requested content over the network using the first container and first communications protocol, wherein the at least a portion of the requested first container is selectively encrypted: providing at least some of the received portion of the selectively encrypted content to the cryptographic module such that the received portion is decrypted: and providing the decrypted content to a media player using the second container and second communications protocol, wherein the media player is configured and arranged to play at least the received portion of content, using the second container while another portion of the content is currently unavailable to the media player.
25
8. The virtual smart card system of Claim 7, wherein the virtual smart card further comprises a secure storage module that is configured and arranged to receive and store containers.
9. The virtual smart card system of Claim 7, further comprising: a digital copy protection component that is configured and arranged to monitor for an unauthorized access of the received container.
10. The virtual smart card system of Claim 7, wherein the content is provided in a
Flash Video file format.
i I , The virtual smart card system of Claim 7, wherein the request for container is intercepted from one of a media player component or a web browser application,
12. The virtual smart card system of Claim 7, wherein the first communications protocol and the second communications protocol are different, communications protocols selected from at least one of a HyperText Transfer Protocol (HTTP), Real Time Messaging Protocol (R TM P), MPJsG, or RTMPE (RTMP encrypted) communications protocol.
13. A computer-readable storage medium that includes data and instructions, wherein the execution of the instructions on a client computing device provides for managing access to container over a network by enabling actions, comprising: if. a request for content employs a first container and first communications protocol: intercepting the first communications protocol formatted request, and formatting the request as an second container and second communications protocol request for content; sending the content request for the second container over the network towards a server configured to communicate using the second communications protocol: receiving at least a portion of the requested content using the second container streamed over the network using the second communications protocol, wherein the at least a portion of the requested content is selectively encrypted: decrypting the at least some of the received portion of the selectively encrypted content; and
26 providing the decrypted content to a media player using the first container and first communications protocol, wherein the media player is configured and arranged co play at least the received portion of first container while another portion of the first container is currently unavailable to the media player.
14. The computer-readable storage medium of Claim 13, wherein the instructions enable actions, further comprising: if the request container employs the first container and first communications protocol, sending the first container and first communications protocol formatted request over the network, independent of intercepting the request.
15. The computer-readable storage medium of Claim 13, wherein the selectively encrypted container is received using at least one of an adaptive streaming mechanism or a realtime streaming mechanism.
16. The computer-readable storage medium of Claim 13, wherein the received container employs a Flash Video (FLV) file format, or an MPEG file format.
ϊl. A method for managing access to container over a network, comprising: intercepting a first communications protocol formatted request, for content in a first container using a protocol converter proxy that is local to a client device; generating a second communications protocol formatted request using a second container for the content being requested based on the intercepted first communications protocol formatted request using the local proxy; sending, by the local proxy, the second container and second communications protocol formatted request over the network using the second communications protocol; receiving, at the local pκ>xy, at least a portion of the requested content using the second container streamed over the network using the second communications protocol, wherein the at least a portion of the requested content is selectively encrypted; decrypting of the at least some of the received portion of the selectively encrypted content; and providing the decrypted content to a media player using the first container and first communications protocol, wherein the media player is configured and arranged to play at
27 least the received portion of first container while another portion of the first container is currently unavailable to the media player.
18. The method of Claim 17, wherein the intercepted first communications protocol formatted request is intercepted from at least one of a media player or a browser application.
19. The method of Claim 17, wherein the received portion of the container is configured using a Flash Video file format.
20. The method of Claim 17, wherein at least a portion of the method is implemented within a virtual smart card thai is configured and arranged to execute the portion of the method,
21. The method of Claim 17, wherein receiving at least the portion of the requested container further comprises receiving the container streamed using at least one of an adaptive streaming mechanism, a progressive downloading, or a real-lime streaming mechanism.
28
PCT/US2008/068583 2007-06-29 2008-06-27 Progressive download or streaming of digital media securely through a localized container and communication protocol proxy WO2009006302A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1001196.3A GB2463440B (en) 2007-06-29 2008-06-27 Progressive download or streaming of digital media securely through a localized container and communication protocol proxy

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US94726307P 2007-06-29 2007-06-29
US60/947,263 2007-06-29

Publications (1)

Publication Number Publication Date
WO2009006302A1 true WO2009006302A1 (en) 2009-01-08

Family

ID=40160541

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2008/068583 WO2009006302A1 (en) 2007-06-29 2008-06-27 Progressive download or streaming of digital media securely through a localized container and communication protocol proxy

Country Status (3)

Country Link
US (3) US8243924B2 (en)
GB (1) GB2463440B (en)
WO (1) WO2009006302A1 (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107592554A (en) * 2017-09-20 2018-01-16 武汉斗鱼网络科技有限公司 Live video retransmission method and device
US10856020B2 (en) 2011-09-01 2020-12-01 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US10880620B2 (en) 2013-05-31 2020-12-29 Divx, Llc Playback synchronization across playback devices
US10893305B2 (en) 2014-04-05 2021-01-12 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US10904594B2 (en) 2016-05-24 2021-01-26 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US10917449B2 (en) 2013-03-15 2021-02-09 Divx, Llc Systems, methods, and media for delivery of content
US10931982B2 (en) 2011-08-30 2021-02-23 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US10979782B2 (en) 2012-08-31 2021-04-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US10992955B2 (en) 2011-01-05 2021-04-27 Divx, Llc Systems and methods for performing adaptive bitrate streaming
US11012641B2 (en) 2003-12-08 2021-05-18 Divx, Llc Multimedia distribution system for multimedia files with interleaved media chunks of varying types
US11017816B2 (en) 2003-12-08 2021-05-25 Divx, Llc Multimedia distribution system
US11044502B2 (en) 2016-05-24 2021-06-22 Divx, Llc Systems and methods for providing audio content during trick-play playback
US11050808B2 (en) 2007-01-05 2021-06-29 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11064235B2 (en) 2016-06-15 2021-07-13 Divx, Llc Systems and methods for encoding video content
US11102553B2 (en) 2009-12-04 2021-08-24 Divx, Llc Systems and methods for secure playback of encrypted elementary bitstreams
US11115450B2 (en) 2011-08-31 2021-09-07 Divx, Llc Systems, methods, and media for playing back protected video content by using top level index file
USRE48748E1 (en) 2011-06-29 2021-09-21 Divx, Llc Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
USRE48761E1 (en) 2012-12-31 2021-09-28 Divx, Llc Use of objective quality measures of streamed content to reduce streaming bandwidth
US11134115B2 (en) 2015-02-27 2021-09-28 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11178200B2 (en) 2013-12-30 2021-11-16 Divx, Llc Systems and methods for playing adaptive bitrate streaming content by multicast
US11178435B2 (en) 2011-09-01 2021-11-16 Divx, Llc Systems and methods for saving encoded media streamed using adaptive bitrate streaming
US11190497B2 (en) 2011-08-31 2021-11-30 Divx, Llc Systems and methods for application identification
US11245938B2 (en) 2014-08-07 2022-02-08 Divx, Llc Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
US11272232B2 (en) 2013-05-31 2022-03-08 Divx, Llc Synchronizing multiple over the top streaming clients
US11343300B2 (en) 2017-02-17 2022-05-24 Divx, Llc Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
US11349892B2 (en) 2015-01-06 2022-05-31 Divx, Llc Systems and methods for encoding and sharing content between devices
US11438394B2 (en) 2012-12-31 2022-09-06 Divx, Llc Systems, methods, and media for controlling delivery of content
US11457054B2 (en) 2011-08-30 2022-09-27 Divx, Llc Selection of resolutions for seamless resolution switching of multimedia content
US11470405B2 (en) 2013-05-30 2022-10-11 Divx, Llc Network video streaming with trick play based on separate trick play files
US11495266B2 (en) 2007-11-16 2022-11-08 Divx, Llc Systems and methods for playing back multimedia files incorporating reduced index structures
US11526582B2 (en) 2012-01-06 2022-12-13 Divx, Llc Systems and methods for enabling playback of digital content using status associable electronic tickets and ticket tokens representing grant of access rights
US11539780B2 (en) 2016-03-30 2022-12-27 Divx, Llc Systems and methods for quick start-up of playback
US11825142B2 (en) 2019-03-21 2023-11-21 Divx, Llc Systems and methods for multimedia swarms
US11849112B2 (en) 2013-03-15 2023-12-19 Divx, Llc Systems, methods, and media for distributed transcoding video data
US11886545B2 (en) 2006-03-14 2024-01-30 Divx, Llc Federated digital rights management scheme including trusted systems

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9177489B2 (en) * 2010-11-16 2015-11-03 James Leonard Driessen Digital rights convergence place chaser
CA2519116C (en) * 2003-03-13 2012-11-13 Drm Technologies, Llc Secure streaming container
US8243924B2 (en) 2007-06-29 2012-08-14 Google Inc. Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US7961878B2 (en) 2007-10-15 2011-06-14 Adobe Systems Incorporated Imparting cryptographic information in network communications
US7814221B1 (en) * 2008-06-13 2010-10-12 West Corporation Real-time streaming protocol gateway and proxy for serving and caching static media over a low bandwidth connection
US8387150B2 (en) * 2008-06-27 2013-02-26 Microsoft Corporation Segmented media content rights management
JP5338817B2 (en) * 2008-09-05 2013-11-13 富士通株式会社 Information disclosure device
US8051287B2 (en) * 2008-10-15 2011-11-01 Adobe Systems Incorporated Imparting real-time priority-based network communications in an encrypted communication session
TWI435568B (en) * 2009-02-02 2014-04-21 Wistron Corp Method and system for multimedia audio video transfer
CA2755774C (en) * 2009-03-19 2015-01-06 Azuki Systems, Inc. Method for scalable live streaming delivery for mobile audiences
CA2759880C (en) * 2009-03-23 2013-09-24 Azuki Systems, Inc. Method and system for efficient streaming video dynamic rate adaptation
US8122140B2 (en) * 2009-03-27 2012-02-21 Wyse Technology Inc. Apparatus and method for accelerating streams through use of transparent proxy architecture
US8654787B2 (en) * 2009-03-27 2014-02-18 Dell Products L.P. Apparatus and method for remote communication and transmission protocols
US20100325424A1 (en) * 2009-06-19 2010-12-23 Etchegoyen Craig S System and Method for Secured Communications
US9047458B2 (en) * 2009-06-19 2015-06-02 Deviceauthority, Inc. Network access protection
US8495359B2 (en) 2009-06-22 2013-07-23 NetAuthority System and method for securing an electronic communication
US20100332319A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Methods and Systems for Dynamic Serving of Advertisements in a Game or Virtual Reality Environment
US20100332320A1 (en) * 2009-06-24 2010-12-30 Joseph Martin Mordetsky Systems and Methods for Providing Conditional Authorization to Operate Licensed Software
US20100332331A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Systems and Methods for Providing an Interface for Purchasing Ad Slots in an Executable Program
US9800690B1 (en) 2009-06-26 2017-10-24 Tata Communications (America) Inc. Content-based redirection
US9712733B2 (en) * 2009-08-17 2017-07-18 Jianhua Cao Method and apparatus for live capture image-live streaming camera
US8401188B1 (en) * 2009-10-30 2013-03-19 Adobe Systems Incorporated System and method for partial encryption of frame-based electronic content
US9819840B2 (en) 2010-01-11 2017-11-14 Bryan Nunes Audio device that extracts the audio of a multimedia stream and serves the audio on a network while the video is displayed
WO2011085407A1 (en) * 2010-01-11 2011-07-14 Signet Media Inc. System and method for providing an audio component of a multimedia content displayed on an electronic display device to one or more wireless computing devices
US20120124179A1 (en) * 2010-11-12 2012-05-17 Realnetworks, Inc. Traffic management in adaptive streaming protocols
US20120134529A1 (en) * 2010-11-28 2012-05-31 Pedro Javier Vazquez Method and apparatus for applying of a watermark to a video during download
US20120210447A1 (en) * 2010-11-28 2012-08-16 Pedro Javier Vazquez Secure video download method
US9451319B2 (en) * 2010-12-17 2016-09-20 Microsoft Technology Licensing, Llc Streaming digital content with flexible remote playback
US20120185693A1 (en) * 2011-01-05 2012-07-19 General Instrument Corporation Secure progressive download for media content playback
AU2011100168B4 (en) * 2011-02-09 2011-06-30 Device Authority Ltd Device-bound certificate authentication
US8446834B2 (en) 2011-02-16 2013-05-21 Netauthority, Inc. Traceback packet transport protocol
US8725644B2 (en) * 2011-01-28 2014-05-13 The Active Network, Inc. Secure online transaction processing
CN102739417B (en) 2011-04-01 2014-08-20 华为技术有限公司 Streaming media service processing system, method and network equipment thereof
US8700406B2 (en) * 2011-05-23 2014-04-15 Qualcomm Incorporated Preserving audio data collection privacy in mobile devices
US9398347B2 (en) * 2011-05-30 2016-07-19 Sandvine Incorporated Ulc Systems and methods for measuring quality of experience for media streaming
US8943396B2 (en) * 2011-07-18 2015-01-27 At&T Intellectual Property I, Lp Method and apparatus for multi-experience adaptation of media content
US9084001B2 (en) 2011-07-18 2015-07-14 At&T Intellectual Property I, Lp Method and apparatus for multi-experience metadata translation of media content with metadata
US8959313B2 (en) 2011-07-26 2015-02-17 International Business Machines Corporation Using predictive determinism within a streaming environment
US8990452B2 (en) 2011-07-26 2015-03-24 International Business Machines Corporation Dynamic reduction of stream backpressure
US9148495B2 (en) * 2011-07-26 2015-09-29 International Business Machines Corporation Dynamic runtime choosing of processing communication methods
US8560526B2 (en) 2011-07-26 2013-10-15 International Business Machines Corporation Management system for processing streaming data
US9237362B2 (en) 2011-08-11 2016-01-12 At&T Intellectual Property I, Lp Method and apparatus for multi-experience translation of media content with sensor sharing
IN2014CN02708A (en) 2011-09-28 2015-08-07 Pelican Imaging Corp
KR101971621B1 (en) * 2011-11-11 2019-04-24 삼성전자주식회사 Method and apparatus for brokering between server and device and computer readable recording medium
US9270718B2 (en) * 2011-11-25 2016-02-23 Harry E Emerson, III Internet streaming and the presentation of dynamic content
US8949954B2 (en) 2011-12-08 2015-02-03 Uniloc Luxembourg, S.A. Customer notification program alerting customer-specified network address of unauthorized access attempts to customer account
DE102011089420A1 (en) * 2011-12-21 2013-06-27 Bayerische Motoren Werke Aktiengesellschaft Transfer device and communication network with a conversion device
AU2012100460B4 (en) 2012-01-04 2012-11-08 Uniloc Usa, Inc. Method and system implementing zone-restricted behavior of a computing device
US9405553B2 (en) 2012-01-30 2016-08-02 International Business Machines Corporation Processing element management in a streaming data system
AU2012100462B4 (en) 2012-02-06 2012-11-08 Uniloc Usa, Inc. Near field authentication through communication of enclosed content sound waves
US20130262693A1 (en) * 2012-04-02 2013-10-03 Chris Phillips Methods and apparatus for segmenting, distributing, and resegmenting adaptive rate content streams
US9146775B2 (en) 2012-04-26 2015-09-29 International Business Machines Corporation Operator graph changes in response to dynamic connections in stream computing applications
US8813117B1 (en) * 2012-04-27 2014-08-19 Google Inc. Content subset conditional access framework
DE102012022064A1 (en) 2012-11-09 2014-05-15 Thomas Klimpel System and method for playing music and / or multimedia data
US9930081B2 (en) 2012-11-13 2018-03-27 International Business Machines Corporation Streams optional execution paths depending upon data rates
AU2013100355B4 (en) 2013-02-28 2013-10-31 Netauthority, Inc Device-specific content delivery
WO2014160380A1 (en) * 2013-03-13 2014-10-02 Deja.io, Inc. Analysis platform of media content metadata
CN103338384A (en) * 2013-05-31 2013-10-02 优视科技有限公司 Video play method and video play device
EP2851833B1 (en) * 2013-09-20 2017-07-12 Open Text S.A. Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations
US10824756B2 (en) 2013-09-20 2020-11-03 Open Text Sa Ulc Hosted application gateway architecture with multi-level security policy and rule promulgations
US10171501B2 (en) 2013-09-20 2019-01-01 Open Text Sa Ulc System and method for remote wipe
FR3019428A1 (en) * 2014-03-31 2015-10-02 Orange DEVICE AND METHOD FOR REMOTELY CONTROLLING THE RESTITUTION OF MULTIMEDIA CONTENT
FR3024007B1 (en) 2014-07-16 2016-08-26 Viaccess Sa METHOD FOR ACCESSING MULTIMEDIA CONTENT PROTECTED BY A TERMINAL
US11593075B2 (en) 2015-11-03 2023-02-28 Open Text Sa Ulc Streamlined fast and efficient application building and customization systems and methods
US20170150206A1 (en) * 2015-11-24 2017-05-25 Le Holdings (Beijing) Co., Ltd. Online video player and its method
US10009380B2 (en) 2016-01-08 2018-06-26 Secureworks Corp. Systems and methods for security configuration
US10116625B2 (en) * 2016-01-08 2018-10-30 Secureworks, Corp. Systems and methods for secure containerization
US11388037B2 (en) 2016-02-25 2022-07-12 Open Text Sa Ulc Systems and methods for providing managed services
US9854302B1 (en) 2016-06-23 2017-12-26 Bryan Nunes Multimedia servers that broadcast a channel listing and packet-switched audio
US9959840B2 (en) 2016-06-23 2018-05-01 Bryan Nunes Multimedia servers that broadcast packet-switched audio with second screen content
US11412272B2 (en) 2016-08-31 2022-08-09 Resi Media Llc System and method for converting adaptive stream to downloadable media
US10511864B2 (en) 2016-08-31 2019-12-17 Living As One, Llc System and method for transcoding media stream
US11588872B2 (en) 2017-06-12 2023-02-21 C-Hear, Inc. System and method for codec for combining disparate content
US10187443B2 (en) 2017-06-12 2019-01-22 C-Hear, Inc. System and method for encoding image data and other data types into one data format and decoding of same
CN108322762A (en) * 2017-12-20 2018-07-24 湖北鸿云科技股份有限公司 High-performance media-on-demand server based on flv files and order program service method
US11681781B2 (en) * 2018-02-21 2023-06-20 Comcast Cable Communications, Llc Systems and methods for content security
CN113557513A (en) * 2019-03-21 2021-10-26 谷歌有限责任公司 Content encryption
EP3767965A1 (en) * 2019-07-19 2021-01-20 THEO Technologies Client web application with embedded streaming protocol converter
EP4004709A4 (en) * 2019-07-22 2023-08-09 C-Hear, Inc. System and method for codec for combining disparate content
US11477522B2 (en) * 2019-12-11 2022-10-18 Arris Enterprises Llc Trick play and trick rate support for HLS
CN111901634B (en) * 2020-07-31 2022-07-08 北京嘀嘀无限科技发展有限公司 Stream media on-demand method, device and computer readable storage medium
CN115134420A (en) * 2021-03-24 2022-09-30 华为技术有限公司 Media playing method and device and electronic equipment
CN113206841B (en) * 2021-04-26 2022-08-23 杭州当虹科技股份有限公司 AES decryption agent method and system based on HLS protocol
CN115473801B (en) * 2022-09-05 2023-09-29 北京许继电气有限公司 Data communication system and method for software defined communication interface

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6591365B1 (en) * 1999-01-21 2003-07-08 Time Warner Entertainment Co., Lp Copy protection control system
US20040078470A1 (en) * 2002-10-18 2004-04-22 International Business Machines Corporation Method and device for streaming a media file over a distributed information system
US20050120125A1 (en) * 2002-03-29 2005-06-02 Widevine Technologies, Inc. Process and streaming server for encrypting a data stream to a virtual smart card client system

Family Cites Families (109)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
CA1186028A (en) * 1982-06-23 1985-04-23 Microdesign Limited Method and apparatus for scrambling and unscrambling data streams using encryption and decryption
US4694489A (en) * 1983-12-22 1987-09-15 Frederiksen Jeffrey E Video transmission system
EP0243312B1 (en) * 1986-04-18 1995-07-19 Nagra Plus S.A. Decoder for a pay television system
EP0319530B1 (en) * 1987-05-22 1992-12-30 KUDELSKI SA Fabrique d'enregistreurs Nagra Magnetic or other recording device with one or more rotating engraving heads
FR2643529B1 (en) * 1989-02-22 1991-06-07 Kudelski Sa Fabr Enregistr Nag PAID TELEVISION SYSTEM USING A MEMORY CARD ASSOCIATED WITH A DECODER
CH682614A5 (en) 1990-02-21 1993-10-15 Kudelski Sa Method for scrambling and unscrambling a video signal.
CA2084575C (en) * 1991-12-31 1996-12-03 Chris A. Dinallo Personal computer with generalized data streaming apparatus for multimedia devices
US5339413A (en) * 1992-08-21 1994-08-16 International Business Machines Corporation Data stream protocol for multimedia data streaming data processing system
US5640546A (en) * 1993-02-23 1997-06-17 Network Programs, Inc. Composition of systems of objects by interlocking coordination, projection, and distribution
IL119874A (en) * 1993-04-16 1999-05-09 News Datacom Research Ltd Methods and systems for non program applications for subscriber television
US5592212A (en) * 1993-04-16 1997-01-07 News Datacom Ltd. Methods and systems for non-program applications for subscriber television
IL106746A (en) * 1993-08-19 1997-02-18 News Datacom Ltd CATV systems
US5774527A (en) * 1993-08-19 1998-06-30 News Datacom Ltd. Integrated telephone and cable communication networks
NL9301784A (en) * 1993-10-14 1995-05-01 Irdeto Bv System for encrypting and decrypting digital information.
KR950013093A (en) * 1993-10-19 1995-05-17 모리시타 요이찌 Scramble Transfer Device and Random Number Generator
IL107967A (en) 1993-12-09 1996-12-05 News Datacom Research Ltd Apparatus and method for securing communication systems
US5880769A (en) 1994-01-19 1999-03-09 Smarttv Co. Interactive smart card system for integrating the provision of remote and local services
IL111151A (en) * 1994-10-03 1998-09-24 News Datacom Ltd Secure access systems
US6298441B1 (en) * 1994-03-10 2001-10-02 News Datacom Ltd. Secure document access system
GB9407038D0 (en) * 1994-04-08 1994-06-01 Amstrad Plc Method and apparatus for transmitting and receiving encrypted signals
MY125706A (en) 1994-08-19 2006-08-30 Thomson Consumer Electronics High speed signal processing smart card
US5613002A (en) * 1994-11-21 1997-03-18 International Business Machines Corporation Generic disinfection of programs infected with a computer virus
KR100332743B1 (en) 1994-11-26 2002-11-07 엘지전자주식회사 Device and method for preventing illegal copy or unauthorized watching of digital image
US5758257A (en) * 1994-11-29 1998-05-26 Herz; Frederick System and method for scheduling broadcast of and access to video programs and other data using customer profiles
EP1643340B1 (en) * 1995-02-13 2013-08-14 Intertrust Technologies Corp. Secure transaction management
US6157721A (en) 1996-08-12 2000-12-05 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
US6658568B1 (en) 1995-02-13 2003-12-02 Intertrust Technologies Corporation Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
US5943422A (en) * 1996-08-12 1999-08-24 Intertrust Technologies Corp. Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5621793A (en) 1995-05-05 1997-04-15 Rubin, Bednarek & Associates, Inc. TV set top box using GPS
NL1000530C2 (en) * 1995-06-08 1996-12-10 Defil N V Holland Intertrust A Filtering method.
CA2179223C (en) * 1995-06-23 2009-01-06 Manfred Von Willich Method and apparatus for controlling the operation of a signal decoder in a broadcasting system
US6112226A (en) 1995-07-14 2000-08-29 Oracle Corporation Method and apparatus for concurrently encoding and tagging digital information for allowing non-sequential access during playback
US6035037A (en) * 1995-08-04 2000-03-07 Thomson Electronic Consumers, Inc. System for processing a video signal via series-connected high speed signal processing smart cards
GB9521739D0 (en) * 1995-10-24 1996-01-03 Nat Transcommunications Ltd Decoding carriers encoded using orthogonal frequency division multiplexing
US5684876A (en) * 1995-11-15 1997-11-04 Scientific-Atlanta, Inc. Apparatus and method for cipher stealing when encrypting MPEG transport packets
JP2000503154A (en) * 1996-01-11 2000-03-14 エムアールジェイ インコーポレイテッド System for controlling access and distribution of digital ownership
US5805705A (en) * 1996-01-29 1998-09-08 International Business Machines Corporation Synchronization of encryption/decryption keys in a data communication network
ATE196398T1 (en) * 1996-03-18 2000-09-15 News Datacom Ltd CHIP CARD COUPLING FOR PAY-TV SYSTEMS
US6049671A (en) * 1996-04-18 2000-04-11 Microsoft Corporation Method for identifying and obtaining computer software from a network computer
EP0827340A3 (en) * 1996-08-30 1999-10-06 Matsushita Electric Industrial Co., Ltd. Terminal apparatus and method for achieving interactive operations
US6226794B1 (en) * 1996-09-17 2001-05-01 Sarnoff Corporation Set top terminal for an interactive information distribution system
US5939975A (en) * 1996-09-19 1999-08-17 Nds Ltd. Theft prevention system and method
US5883957A (en) * 1996-09-20 1999-03-16 Laboratory Technologies Corporation Methods and apparatus for encrypting and decrypting MIDI files
EP0834991A1 (en) * 1996-10-02 1998-04-08 Irdeto B.V. Method for automatically searching a frequency range for signal channels in a receiver for digitally modulated signals, and receiver for applying such a method
US6141053A (en) 1997-01-03 2000-10-31 Saukkonen; Jukka I. Method of optimizing bandwidth for transmitting compressed video data streams
EP0858184A3 (en) * 1997-02-07 1999-09-01 Nds Limited Digital recording protection system
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6189097B1 (en) * 1997-03-24 2001-02-13 Preview Systems, Inc. Digital Certificate
US6073256A (en) * 1997-04-11 2000-06-06 Preview Systems, Inc. Digital product execution control
US6272636B1 (en) * 1997-04-11 2001-08-07 Preview Systems, Inc Digital product execution control and security
JPH10303880A (en) 1997-05-01 1998-11-13 Digital Vision Lab:Kk Service providing system
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
US6668325B1 (en) 1997-06-09 2003-12-23 Intertrust Technologies Obfuscation techniques for enhancing software security
US6055503A (en) * 1997-08-29 2000-04-25 Preview Systems Software program self-modification
US6009525A (en) 1997-08-29 1999-12-28 Preview Systems, Inc. Multi-tier electronic software distribution
US6112181A (en) * 1997-11-06 2000-08-29 Intertrust Technologies Corporation Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
EP0917356A1 (en) * 1997-11-17 1999-05-19 CANAL+ Société Anonyme Packet filtering
EP1044420A1 (en) 1997-11-28 2000-10-18 International Business Machines Corporation Processing extended transactions in a client-server system
CA2318936C (en) * 1997-12-10 2004-04-06 Thomson Licensing S.A. Method for protecting the audio/visual data across the nrss interface
US5991399A (en) * 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system
US7778418B1 (en) 1998-01-08 2010-08-17 Samsung Electronics Co., Ltd. System and method for copy protection for digital signals
EP0932124B1 (en) 1998-01-14 2002-05-02 Irdeto Access B.V. Integrated circuit and smart card comprising such a circuit
US6334213B1 (en) 1998-01-20 2001-12-25 Preview Systems Merging of separate executable computer programs to form a single executable computer program
DE19838628A1 (en) * 1998-08-26 2000-03-02 Ibm Extended smart card communication architecture and method for communication between smart card application and data carrier
IL123554A (en) * 1998-03-04 2003-01-12 Nds Ltd Key delivery in a secure broadcasting system
GB9806076D0 (en) * 1998-03-20 1998-05-20 Nds Ltd Improvements in or relating to the insertion and removal of smart cards
US6459427B1 (en) * 1998-04-01 2002-10-01 Liberate Technologies Apparatus and method for web-casting over digital broadcast TV network
US6285985B1 (en) * 1998-04-03 2001-09-04 Preview Systems, Inc. Advertising-subsidized and advertising-enabled software
US6009401A (en) 1998-04-06 1999-12-28 Preview Systems, Inc. Relicensing of electronically purchased software
BR9910131A (en) 1998-04-21 2001-01-09 Chr Hansen As Genetically modified lactic acid bacteria having modified diacetyl reductase activities
IL124595A (en) * 1998-05-21 2009-09-01 Yossef Tsuria Anti-piracy system
US6314572B1 (en) * 1998-05-29 2001-11-06 Diva Systems Corporation Method and apparatus for providing subscription-on-demand services, dependent services and contingent services for an interactive information distribution system
US6311221B1 (en) * 1998-07-22 2001-10-30 Appstream Inc. Streaming modules
US6314466B1 (en) * 1998-10-06 2001-11-06 Realnetworks, Inc. System and method for providing random access to a multimedia object over a network
IL126472A0 (en) * 1998-10-07 1999-08-17 Nds Ltd Secure communications system
US6327652B1 (en) 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6594365B1 (en) * 1998-11-18 2003-07-15 Tenneco Automotive Operating Company Inc. Acoustic system identification using acoustic masking
US7162642B2 (en) * 1999-01-06 2007-01-09 Digital Video Express, L.P. Digital content distribution system and method
US6505299B1 (en) * 1999-03-01 2003-01-07 Sharp Laboratories Of America, Inc. Digital image scrambling for image coding systems
US6415031B1 (en) * 1999-03-12 2002-07-02 Diva Systems Corporation Selective and renewable encryption for secure distribution of video on-demand
US7085931B1 (en) * 1999-09-03 2006-08-01 Secure Computing Corporation Virtual smart card system and method
JP2003513565A (en) 1999-10-29 2003-04-08 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Video coding method
US6449719B1 (en) * 1999-11-09 2002-09-10 Widevine Technologies, Inc. Process and streaming server for encrypting a data stream
JP2001144802A (en) 1999-11-11 2001-05-25 Canon Inc Apparatus, method and system for data communication and storag medium
KR100378791B1 (en) 1999-12-02 2003-04-07 엘지전자 주식회사 Packet identifier section filter
US6968061B2 (en) * 2000-02-17 2005-11-22 The United States Of America As Represented By The Secretary Of The Navy Method which uses a non-volatile memory to store a crypto key and a check word for an encryption device
JP2001273430A (en) * 2000-03-27 2001-10-05 Toshiba Corp Portable electronic device and point system
CA2305249A1 (en) * 2000-04-14 2001-10-14 Branko Sarcanin Virtual safe
AU2001275051A1 (en) * 2000-05-30 2001-12-11 Pointsec Mobile Technologies, Inc. Apparatus and methods for using a virtual smart card
US7245719B2 (en) * 2000-06-30 2007-07-17 Matsushita Electric Industrial Co., Ltd. Recording method and apparatus, optical disk, and computer-readable storage medium
JP4596693B2 (en) 2000-07-06 2010-12-08 パナソニック株式会社 Streaming method and system for executing the same
EP1182875A3 (en) 2000-07-06 2003-11-26 Matsushita Electric Industrial Co., Ltd. Streaming method and corresponding system
US7165175B1 (en) 2000-09-06 2007-01-16 Widevine Technologies, Inc. Apparatus, system and method for selectively encrypting different portions of data sent over a network
US20020089410A1 (en) * 2000-11-13 2002-07-11 Janiak Martin J. Biometric authentication device for use with a personal digital assistant
US6729549B2 (en) * 2000-12-19 2004-05-04 International Business Machines Corporation System and method for personalization of smart cards
EP1225513A1 (en) * 2001-01-19 2002-07-24 Eyal Dotan Method for protecting computer programs and data from hostile code
US20020104004A1 (en) * 2001-02-01 2002-08-01 Bruno Couillard Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules
US20020141582A1 (en) * 2001-03-28 2002-10-03 Kocher Paul C. Content security layer providing long-term renewable security
SE0101295D0 (en) 2001-04-10 2001-04-10 Ericsson Telefon Ab L M A method and network for delivering streaming data
US7237108B2 (en) 2001-09-26 2007-06-26 General Instrument Corporation Encryption of streaming control protocols and their headers
US20030063750A1 (en) 2001-09-26 2003-04-03 Alexander Medvinsky Unique on-line provisioning of user terminals allowing user authentication
KR20040104642A (en) 2002-04-26 2004-12-10 코닌클리케 필립스 일렉트로닉스 엔.브이. Security modules for conditional access with restrictions
US7356687B2 (en) 2002-05-21 2008-04-08 General Instrument Corporation Association of security parameters for a collection of related streaming protocols
US7549164B2 (en) 2003-06-11 2009-06-16 Symantec Corporation Intrustion protection system utilizing layers and triggers
US20040151315A1 (en) * 2002-11-06 2004-08-05 Kim Hee Jean Streaming media security system and method
US7246356B1 (en) * 2003-01-29 2007-07-17 Adobe Systems Incorporated Method and system for facilitating comunications between an interactive multimedia client and an interactive multimedia communication server
US8243924B2 (en) 2007-06-29 2012-08-14 Google Inc. Progressive download or streaming of digital media securely through a localized container and communication protocol proxy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6591365B1 (en) * 1999-01-21 2003-07-08 Time Warner Entertainment Co., Lp Copy protection control system
US20050120125A1 (en) * 2002-03-29 2005-06-02 Widevine Technologies, Inc. Process and streaming server for encrypting a data stream to a virtual smart card client system
US20040078470A1 (en) * 2002-10-18 2004-04-22 International Business Machines Corporation Method and device for streaming a media file over a distributed information system

Cited By (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11012641B2 (en) 2003-12-08 2021-05-18 Divx, Llc Multimedia distribution system for multimedia files with interleaved media chunks of varying types
US11355159B2 (en) 2003-12-08 2022-06-07 Divx, Llc Multimedia distribution system
US11735228B2 (en) 2003-12-08 2023-08-22 Divx, Llc Multimedia distribution system
US11735227B2 (en) 2003-12-08 2023-08-22 Divx, Llc Multimedia distribution system
US11297263B2 (en) 2003-12-08 2022-04-05 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11509839B2 (en) 2003-12-08 2022-11-22 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11159746B2 (en) 2003-12-08 2021-10-26 Divx, Llc Multimedia distribution system for multimedia files with packed frames
US11017816B2 (en) 2003-12-08 2021-05-25 Divx, Llc Multimedia distribution system
US11886545B2 (en) 2006-03-14 2024-01-30 Divx, Llc Federated digital rights management scheme including trusted systems
US11050808B2 (en) 2007-01-05 2021-06-29 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11706276B2 (en) 2007-01-05 2023-07-18 Divx, Llc Systems and methods for seeking within multimedia content during streaming playback
US11495266B2 (en) 2007-11-16 2022-11-08 Divx, Llc Systems and methods for playing back multimedia files incorporating reduced index structures
US11102553B2 (en) 2009-12-04 2021-08-24 Divx, Llc Systems and methods for secure playback of encrypted elementary bitstreams
US10992955B2 (en) 2011-01-05 2021-04-27 Divx, Llc Systems and methods for performing adaptive bitrate streaming
US11638033B2 (en) 2011-01-05 2023-04-25 Divx, Llc Systems and methods for performing adaptive bitrate streaming
USRE48748E1 (en) 2011-06-29 2021-09-21 Divx, Llc Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
US11611785B2 (en) 2011-08-30 2023-03-21 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US11457054B2 (en) 2011-08-30 2022-09-27 Divx, Llc Selection of resolutions for seamless resolution switching of multimedia content
US10931982B2 (en) 2011-08-30 2021-02-23 Divx, Llc Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US11716371B2 (en) 2011-08-31 2023-08-01 Divx, Llc Systems and methods for automatically generating top level index files
US11115450B2 (en) 2011-08-31 2021-09-07 Divx, Llc Systems, methods, and media for playing back protected video content by using top level index file
US11870758B2 (en) 2011-08-31 2024-01-09 Divx, Llc Systems and methods for application identification
US11190497B2 (en) 2011-08-31 2021-11-30 Divx, Llc Systems and methods for application identification
US11683542B2 (en) 2011-09-01 2023-06-20 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US10856020B2 (en) 2011-09-01 2020-12-01 Divx, Llc Systems and methods for distributing content using a common set of encryption keys
US11178435B2 (en) 2011-09-01 2021-11-16 Divx, Llc Systems and methods for saving encoded media streamed using adaptive bitrate streaming
US11526582B2 (en) 2012-01-06 2022-12-13 Divx, Llc Systems and methods for enabling playback of digital content using status associable electronic tickets and ticket tokens representing grant of access rights
US10979782B2 (en) 2012-08-31 2021-04-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US11528540B2 (en) 2012-08-31 2022-12-13 Divx, Llc System and method for decreasing an initial buffering period of an adaptive streaming system
USRE48761E1 (en) 2012-12-31 2021-09-28 Divx, Llc Use of objective quality measures of streamed content to reduce streaming bandwidth
US11438394B2 (en) 2012-12-31 2022-09-06 Divx, Llc Systems, methods, and media for controlling delivery of content
US11785066B2 (en) 2012-12-31 2023-10-10 Divx, Llc Systems, methods, and media for controlling delivery of content
US10917449B2 (en) 2013-03-15 2021-02-09 Divx, Llc Systems, methods, and media for delivery of content
US11849112B2 (en) 2013-03-15 2023-12-19 Divx, Llc Systems, methods, and media for distributed transcoding video data
US11470405B2 (en) 2013-05-30 2022-10-11 Divx, Llc Network video streaming with trick play based on separate trick play files
US11272232B2 (en) 2013-05-31 2022-03-08 Divx, Llc Synchronizing multiple over the top streaming clients
US10880620B2 (en) 2013-05-31 2020-12-29 Divx, Llc Playback synchronization across playback devices
US11765410B2 (en) 2013-05-31 2023-09-19 Divx, Llc Synchronizing multiple over the top streaming clients
US11178200B2 (en) 2013-12-30 2021-11-16 Divx, Llc Systems and methods for playing adaptive bitrate streaming content by multicast
US10893305B2 (en) 2014-04-05 2021-01-12 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US11711552B2 (en) 2014-04-05 2023-07-25 Divx, Llc Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US11245938B2 (en) 2014-08-07 2022-02-08 Divx, Llc Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
US11711410B2 (en) 2015-01-06 2023-07-25 Divx, Llc Systems and methods for encoding and sharing content between devices
US11349892B2 (en) 2015-01-06 2022-05-31 Divx, Llc Systems and methods for encoding and sharing content between devices
US11824912B2 (en) 2015-02-27 2023-11-21 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11134115B2 (en) 2015-02-27 2021-09-28 Divx, Llc Systems and methods for frame duplication and frame extension in live video encoding and streaming
US11539780B2 (en) 2016-03-30 2022-12-27 Divx, Llc Systems and methods for quick start-up of playback
US11044502B2 (en) 2016-05-24 2021-06-22 Divx, Llc Systems and methods for providing audio content during trick-play playback
US10904594B2 (en) 2016-05-24 2021-01-26 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US11546643B2 (en) 2016-05-24 2023-01-03 Divx, Llc Systems and methods for providing audio content during trick-play playback
US11895348B2 (en) 2016-05-24 2024-02-06 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US11729451B2 (en) 2016-06-15 2023-08-15 Divx, Llc Systems and methods for encoding video content
US11064235B2 (en) 2016-06-15 2021-07-13 Divx, Llc Systems and methods for encoding video content
US11483609B2 (en) 2016-06-15 2022-10-25 Divx, Llc Systems and methods for encoding video content
US11343300B2 (en) 2017-02-17 2022-05-24 Divx, Llc Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
CN107592554A (en) * 2017-09-20 2018-01-16 武汉斗鱼网络科技有限公司 Live video retransmission method and device
US11825142B2 (en) 2019-03-21 2023-11-21 Divx, Llc Systems and methods for multimedia swarms

Also Published As

Publication number Publication date
US20090003600A1 (en) 2009-01-01
US20120311721A1 (en) 2012-12-06
US8752194B2 (en) 2014-06-10
US20140245400A1 (en) 2014-08-28
US8243924B2 (en) 2012-08-14
GB201001196D0 (en) 2010-03-10
GB2463440B (en) 2012-08-29
GB2463440A (en) 2010-03-17
US9038147B2 (en) 2015-05-19

Similar Documents

Publication Publication Date Title
US9038147B2 (en) Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US10698985B2 (en) Extending data confidentiality into a player application
US10754930B2 (en) Remotely managed trusted execution environment for digital rights management in a distributed network with thin clients
KR100747755B1 (en) Process and streaming server for encrypting a data stream to a virtual smart card client system
NL1028324C2 (en) Digital broadcast video receiving circuit e.g. digital television, has scrambler encoding data packet to provide re-encoded digital data packet, and storage device storing received broadcast contents in encoded form
US20130283051A1 (en) Persistent License for Stored Content
US20040199771A1 (en) Method for tracing a security breach in highly distributed content
WO2005071873A1 (en) Method and system for session based watermarking of encrypted content
US20070180231A1 (en) Preventing entitlement management message (EMM) filter attacks
US10691778B2 (en) Method and system for providing secure codecs
US20080037782A1 (en) Reduction of channel change time for digital media devices using key management and virtual smart cards
EP3317796B1 (en) Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients
Costa et al. Securing video on demand content with SGX: a decryption performance evaluation in client-side
Mikityuk et al. Content protection in HTML5 TV platforms: Towards browser-agnostic DRM and cloud UI environments
CN117729379A (en) Video playing method and device and electronic equipment
Mikityuk Secure remote service execution for web media streaming
Jeong et al. MPEG-2 streaming protection scheme for digital rights management
Storey The design and implementation of a security and containment platform for peer-to-peer media distribution

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08772169

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 1001196

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20080627

WWE Wipo information: entry into national phase

Ref document number: 1001196.3

Country of ref document: GB

122 Ep: pct application non-entry in european phase

Ref document number: 08772169

Country of ref document: EP

Kind code of ref document: A1