WO2013026081A1

WO2013026081A1 - System and method of media streaming with enhanced security

Info

Publication number: WO2013026081A1
Application number: PCT/AU2011/001059
Authority: WO
Inventors: David Stuart DREW
Original assignee: Regency Cumulus Pty Ltd
Priority date: 2011-08-19
Filing date: 2011-08-19
Publication date: 2013-02-28

Abstract

A secure distribution system (100) includes media content storage facilities (112) and a digital media rights storage facility (114) for each consumer (108) or user of the system. Consumers (108) acquire content rights from retailers (106), and those rights are recorded in the rights storage facility (114). Cache nodes (126) within service provider networks facilitate unmetered streaming of a consumer's acquired content. Content is transferred from the storage facilities (112) to the cache nodes (126) only when required. Security of streaming of digital content from the cache nodes (126) to consumer player devices is enhanced by replicating a complete content stream (500), dividing each replicated stream into time segments (518), and constructing the replicated content streams such that each one comprises valid media content during only selected ones of the time segments in accordance with a schedule, which is determined such that, within any one time segment, at least one of the replicated content streams includes valid media content. A consumer player device (300) is thus able to receive simultaneously all of the replicated content streams, and reconstruct the complete media content stream (500). An eavesdropper lacking the required schedule information is, however, prevented from easily acquiring a copy of the complete content stream.

Description

SYSTEM AND METHOD OF MEDIA STREAMING WITH ENHANCED

SECURITY

FIELD OF THE INVENTION

The present invention relates to systems for distribution and delivery of streaming media, particularly audiovisual content such as movies and television programs, and more particularly to improvements in content distribution and enhancements to security of streaming content.

BACKGROUND OF THE INVENTION

With advances in digital video compression and coding technologies, along with the widespread deployment and availability of affordable broadband Internet access in homes and businesses, new technologies and behaviours in the consumption of media content have emerged.

For many decades the primary means of distribution of audiovisual content, including entertainment, news and information programs, has been via broadcast channels, initially via free-to-air radio transmission, and then later via cable and broadcast satellite systems. These 'traditional' distribution channels have the disadvantage that viewers are entirely at the mercy of programming schedules.

The introduction of consumer video cassette recorders (VCRs) offered home viewers, for the first time, the ability to shift viewing times. While VCRs were revolutionary upon their introduction, time shifting via VCR remains subject to properly setting the timer, and to the limited duration, lifetime and reliability of video cassette tape. Viewers therefore remained limited in the duration of broadcast content that they were able to time-shift, and of course were still only able to view programs actually scheduled and transmitted by the broadcasters.

Along with VCRs, video rental stores emerged which provided a very primitive form of Video-on-demand', subject to the availability of physical media at a location suitably convenient to the viewer. While video cassettes have since been superseded by DVD, the rental of physical media remains a common means by which viewers in many areas are able to acquire content for viewing substantially at their convenience. Aside from the replacement, to some extent, of the traditional 'bricks and mortar' video rental outlet with less-costly alternatives such as mail delivery and return, and automated kiosks, the physical media rental business model remains substantially unchanged since the very first days of the VCR.

The advent of digital video broadcasting, coincident with the development of improved technologies for video coding and compression, along with extremely low-cost and high-capacity digital storage devices (i.e. hard-disk drives), has enabled a new generation of personal digital video recording and time-shifting devices. Intelligent digital recorders, such as the TiVo Personal Video Recorder (PVR), include features such as multiple digital tuners, simultaneous record and playback capability, recording of programs automatically by criteria such as name, genre, topic and so forth (thereby significantly simplifying the process of setting recordings), and additional advanced features such as the automatic identification and recording of additional programs based upon a viewer's existing viewing habits and preferences.

However, through the aforementioned advances in video coding and available access bandwidth, the technology now exists to enable true video-on-demand to be delivered via the Internet. Indeed, it is already the case that many viewers, frustrated by the restrictions imposed upon them by the schedules of local broadcasters, have engaged in the recording, sharing and downloading of digital program content on a global basis, despite the fact that such activities generally constitute infringement of the content-owners' copyrights, punishable in many jurisdictions by both criminal and civil sanctions. However, the success of those legal downloading services that have been established, primarily in relation to the music industry, demonstrates that a majority of people are willing to 'do the right thing', if provided with the opportunity to do so in a sufficiently convenient manner.

A variety of technical, regulatory and commercial challenges have impeded the development of viable systems and techniques for the commercial provision of video-on-demand, and other services with high bandwidth and storage requirements. A few of these challenged are discussed below, although this is not intended to be by any means an exhaustive list.

One challenge is to reduce the exchange of data between networks operated by different carriers. This is a particular concern across international boundaries and over long distances, where real and significant interchange costs may be incurred by carriers, which must necessarily be passed on to the customers responsible for such costs being incurred. As a result it remains the case, at least in some markets, that broadband service subscribers are subject to monthly data caps, above which usage is charged on a volume basis. These charges reduce the economic viability of video-on-demand and similar services. The only circumstance in which the carriers may avoid metering of downstream data is where that data is sourced from within their own network.

A second challenge therefore is the distribution of content to multiple network Service Providers, so that subscribers may obtain the benefit of unmetered download of that content. In a competitive market, there may be numerous broadband network Service Providers, each of which might need to store its own copies of popular content, and none of which is in a position to store all of the content that might be available and of interest to its subscribers. There are real costs associated with the storage and maintenance of content on suitable server platforms, that may amount to around US$300.00 per title, per year, for each stored instance.

Furthermore, even if appropriate storage were to be available at an economically viable rate, each individual network Service Provider would need to negotiate content distribution contracts with every one of the relevant rights holders in the territory. The overhead involved in securing, maintaining and enforcing the relevant agreements and obligations is beyond the capability of many smaller network Service Providers. As a result, those video-on-demand services that do presently exist are generally the result of special relationships or historical deals completed between large Service Providers and specific content owners. These services therefore have limited (unmetered) availability, and are restricted to content available from the specific content owners, or rights holders, with which those relationships exist.

The net result of competition amongst content owners and producers, and amongst broadband network Service Providers, is a fragmented market in which the content that is legally available is distributed through multiple outlets. In other words, consumers who wish to rent or buy downloadable content may have to deal with a different supplier on each occasion. Many consumers are uncomfortable with dealing with multiple online e-commerce Service Providers, due to factors such as concerns about the security of their financial and personal information. Although consumers are increasingly willing to do business online, the traditional desire to deal primarily with known and trusted Service Providers remains. In other words, most consumers would prefer to purchase or rent their desired downloadable content from a single, or a small number, of trusted online retailers of their choice, just as they are able to do with traditional physical media.

Finally, although the provision of fully downloadable content (i.e. media content files that are wholly downloadable to the consumer's computer or other playback device prior to, or during, playback) may be technically straightforward, content-owners and rights holders would often prefer distribution in a streaming format, such that end-users are never in possession of a complete content file that may be vulnerable to copying and redistribution in violation of copyrights.

It is, accordingly, an object of the present invention to provide a technical solution to address the abovementioned problems of existing on-demand content distribution systems, amongst others.

SUMMARY OF THE INVENTION

In one aspect, the present invention provides a method of secure streaming of media content from at least one media server to a media client via a data network, the method comprising steps of:

establishing a plurality of logical streaming media sources of the at least one media server;

determining a plurality of time segments by which the media content may be divided; and

replicating the media content and transmitting a replicated content stream to the media client from each one of the logical sources,

wherein each replicated content stream comprises valid media content during only selected ones of the plurality of time segments in accordance with a schedule, the schedule being determined such that, within any one time segment, at least one of the replicated content streams comprises valid media content corresponding with that time segment,

whereby the media client is able to receive simultaneously all of the replicated content streams, and select between the received streams in accordance with the schedule in order to reconstruct a complete media content stream.

Advantageously, the secure streaming method serves to defeat attempts by eavesdroppers to acquire a copy of the complete content stream in the absence of advance information regarding the number and identity information of the logical sources, or information regarding the schedule. Accordingly, the method provides improved security of transmission of streaming media content.

In an embodiment, each logical streaming media source is identified by having a distinct address on the network. Advantageously, the media client, which is generally a media player application or device, is able to receive the replicated content streams by establishing a plurality of connections having source addresses corresponding with the network addresses of the logical streaming media sources.

In an embodiment, the media content comprises at least two elementary content components, wherein a separate schedule is determined for each elementary content component whereby the media client selects between each of the elementary content components of the received streams in accordance with the corresponding schedule. Advantageously, distributing different elementary content components across different ones of the plurality of logical sources further enhances security of the streaming media content by increasing the difficulty to an eavesdropper of tracking the elementary content stream components.

The elementary content components may be video, audio or subtitles/closed captions.

Conveniently, each time segment commences at a key frame of a video component of the media content.

In an embodiment, the method comprises steps of:

generating a predetermined schedule; and

transmitting a schedule file comprising the predetermined schedule from the media server to the media client prior to transmitting the replicated content streams,

whereby the media client selects between the received streams in accordance with the schedule in the schedule file. Advantageously, the schedule file is encrypted prior to transmission from the media server to the media client, and decrypted by the media client. Accordingly, an eavesdropper may be prevented from obtaining a copy of the contents of the schedule file, and thus the information required in order to track the complete content stream.

In another aspect, the invention provides a media streaming system, comprising:

at least one media server computer system comprising a microprocessor operatively coupled to at least one memory device and at least one network interface; and

at least one persistent storage device accessible by the media server on which is stored at least one media content file,

wherein the memory device comprises instruction code executable by the microprocessor and configured to cause the microprocessor to execute steps of:

establishing a plurality of logical streaming media sources of the media streaming system;

replicating the media content and transmitting a replicated content stream to a media client from each one of the logical sources,

wherein each replicated content stream comprises valid media content during only selected ones of the plurality of time segments in accordance with a schedule, the schedule being determined such that, within any one time segment at least one of the replicated content streams comprises valid media content corresponding with that time segment,

whereby the media client is able to receive simultaneously all of the replicated content streams, and select between the received streams in accordance with the schedules in order to reconstruct a complete media content stream.

In another aspect, the invention provides a method of playback of streamed media content comprising:

establishing a plurality of connections via a data network to corresponding logical streaming media sources of at least one media server; receiving simultaneously, from each of the logical sources, a replicated media content stream which comprises valid media content during only selected ones of a plurality of time segments into which a complete media content stream has been divided;

reconstructing the complete media content stream by selecting between the received streams in accordance with a schedule; and

playing the reconstructed media content stream via one or more media output devices.

In an embodiment, the media content stream comprises at least a video component and an audio component, and the one or more media output devices comprise a display device and at least one speaker device, the method further comprising steps of:

demultiplexing the video component and the audio component from the media content stream;

outputting the video component via the display device;

outputting the audio component via the at least one speaker device; and embedding in one or both of the output video and audio components a user identification signal.

Advantageously, the embedding of a user identification signal within one or more of the output components enables the identity of a user to be determined in the event that the media content stream is duplicated by direct capture from the output devices, and subsequently redistributed in violation of copyright or other applicable laws.

In an embodiment, the user identification signal is a watermark embedded in the output video component.

In another aspect, the invention provides a networked media player comprising:

a microprocessor, having operatively coupled thereto at least one memory device, a network interface device and at least one media output device,

the memory device comprising instruction code executable by the microprocessor, and configured to cause the microprocessor to execute steps of: establishing a plurality of connections to corresponding logical streaming media sources of at least one media server via the network interface device;

receiving simultaneously from each of the logical sources a replicated media content stream which comprises valid media content during only selected ones of a plurality of time segments into which a complete media content stream has been divided;

selecting between the received streams in accordance with a schedule in order to reconstruct the complete media content stream; and outputting the media content stream via the media output device.

In a further aspect, the invention provides a method of secure distribution of digital media content within a networked environment comprising a plurality of territorial rights-holders, a plurality of online digital media content retailers, a plurality of online digital media content consumers, and a plurality of broadband data network Service Providers interconnecting at least the retailers and consumers, the method comprising steps of:

providing digital media content storage facilities, operatively accessible by at least one distribution server, storing digital media content files for which digital distribution rights are held by one or more of the territorial rights-holders;

providing, for each consumer, a digital media rights storage facility, operatively accessible by at least one authentication server, storing consumer identification information, consumer authentication information, and digital media content licensing information relating to rights acquired by the consumer;

the authentication server receiving authentication credentials of a consumer, identifying a corresponding digital media rights storage facility of the consumer and validating the received credentials against the consumer authentication information;

the authentication server, responsive to a request received from an e-commerce server of one of the online digital media content retailers to store licensing information of digital media content acquired by the consumer from the retailer in the consumer's media rights storage facility, storing the licensing information in the media rights storage facility; the authorisation server subsequently receiving a request from the consumer for access to the item of digital media content, and verifying the consumer's access right against the digital media content licensing information; and

the authentication server signalling the distribution server to provide access by the consumer to the requested item of media content.

In an embodiment, a broadband data network service provider of the consumer provides a network comprising one or more cache nodes including cache storage facilities for temporary storage of digital media content files, and the distribution server provides access by the consumer to the requested item of media content by a method comprising steps of:

determining whether the item of media content is stored in a cache node of the network accessible to the consumer;

in the event that the item of media content is not stored in a cache node of the network accessible to the user, transmitting a copy of the corresponding digital media content file to the cache node; and

directing a media player of the consumer to access the requested item of media content from the cache node.

In an embodiment, the step of directing the media player to access the media content comprises updating a network address translation service to direct a network identifier provided by the media player to one or more logical streaming media sources of the cache node. In an Internet-based embodiment, the network is an Internet Protocol (IP) network, and the address translation service is a Domain Name Service (DNS).

In an embodiment, the method further includes maintaining a log of transactions including a record of at least the details of each acquisition of digital media content from each retailer.

Further aspects, features and advantages of the invention will be apparent from the following description of exemplary embodiments, which are provided for purposes of illustration only, and should not be considered limiting of the invention as described in any of the foregoing statements, or defined in the claims appended hereto. BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will now be described with reference to the accompanying drawings, in which like reference numerals indicate like features, and wherein:

Figure 1 is a block diagram of a networked environment comprising a digital media content distribution system embodying the invention;

Figure 2 is a block diagram showing further detail of the digital media content distribution system of Figure 1 ;

Figure 3 is a block diagram of a networked media player embodying the invention;

Figure 4 is an alternative view of the architecture of the system shown in Figure 1 ;

Figure 5 illustrates segmentation of media content for secure streaming according to an embodiment of the invention; and

Figure 6 is a block diagram illustrating a process of secure media streaming from a cache node to a media player according to an embodiment of the invention.

DETAILED DESCRIPTION OF EMBODIMENTS

Figure 1 is a block diagram illustrating schematically a networked environment 100 within which the present invention may be embodied.

A digital media content distribution system 102 provides primary storage, maintenance and original distribution of digital media content.

Within the commercial environment there are a number of territorial rights- holders 104, each of which holds relevant rights for the distribution of specific items of media content, such as movies, television programs, documentaries, and so forth. In general, a number of different rights may attach to each content item, including broadcast rights, and the rights to distribute the content in various formats, such as on physical media (e.g. DVD), as a 'pay-per-view' broadcast service, as part of a subscription broadcast service, via download, as a live streaming service, and so forth. The details of these different potential rights are not relevant to the embodiments of the invention discussed herein, except to the extent that it is assumed that the territorial rights-holders 104 possess the relevant rights to the content required for distribution through the digital media content distribution system 1 02.

The commercial environment also includes a number of online retailers 106. The online retailers 106 are typically accessible via the Internet, through a web browser, and provide the usual e-commerce storefront enabling consumers to establish accounts, search for, select and purchase products, including downloadable digital products, such as software, music, video, and other media. From the consumer's perspective, the process of renting or purchasing content in accordance with embodiments of the present invention is substantially identical to any other online e-commerce transaction. As such, the implementation of the e-commerce storefront provided by any of the online retailers 106 is not relevant to an explanation of the present invention, and is therefore omitted in the interests of clarity and brevity.

The networked environment 100 also includes a number of end-consumers 108, who are presumed to be interested in acquiring content for consumption upon demand, either on a 'rental' or 'purchase' basis.

The digital media content distribution system 102, the e-commerce retailers 106, and the consumers 108, are all interconnected via a network 1 10, generally understood to be the Internet, but which in fact comprises numerous individual Internet Service Providers (ISPs). As such, the provider of broadband data networking services to each of the consumers 108, each of the e-commerce retailers 106 and to the provider of the digital media content distribution system 102 are generally all different. Importantly, in accordance with embodiments of the present invention it is not necessary, in order for each consumer 108 to achieve the full benefits of access to any available digital media content, that the consumer subscribe to any particular Internet Service Provider. As will be described in greater detail below, the technical implementation of embodiments of the invention enables all consumers, as subscribers to any participating ISP, to receive digital media content on-demand without a requirement for metering of the corresponding data usage, and therefore without concern of exceeding any monthly data cap that may apply.

Turning now to further details of the digital media content distribution system 102, a media content storage facility 1 12 is provided, in which copies of distributable digital media content are stored. The facility 1 12 generally consists of one or more primary storage servers (or 'origin servers'), having large volumes of available storage for containing media content files in a form suitable for distribution, as described in greater detail below.

Preferably, highly reliable, robust and redundant storage technologies are employed, to ensure that the primary copies of the digital media content files held centrally by the digital media content distribution system 102 are always available, and suitably protected against hardware and software failures.

The content held within the digital media content files stored in the facility 1 12 is generally provided by the territorial rights-holders 104, in accordance with suitable agreements reached for distribution of the content with the operator of the digital media content distribution system 102.

The distribution system 102 also includes a media rights storage facility 1 14. This will generally consist of one or more databases containing records associated with particular consumers, and the rights that they may have acquired to access and consume particular items of media content through transactions completed with one or more of the e-commerce retailers 106. The process by which these rights may be acquired by a consumer 108 will now be described in general terms with reference to Figure 1 .

A consumer 108 wishing to acquire a right to consume (e.g. play back) a particular item of media content, such as a movie, accesses an online retailer 106 using a conventional web browser, as indicated by the arrow 1 16. In a conventional manner, the consumer 108 selects the desired content, and the desired access right. For example, different options may be available in order to 'purchase' the content (i.e. a right to unlimited and indefinite playback), a rental period (e.g. unlimited viewing within one week of purchase), or a single playback upon demand. The various rights options that may be available are dependent upon the rights granted to, and by, the specific territorial rights-holders 104.

Once a purchase has been made by the consumer 108, information regarding that purchase is transmitted by the e-commerce retailer 106 to the digital media content distribution system 102, and in particular to the media rights storage facility 1 14 as indicated by the arrow 1 18. The specific rights that have been acquired by the consumer 108 are then stored within the rights storage facility 1 14 in association with the consumer's account.

Preferably, information regarding the transaction is also transmitted/stored 120 into a transaction log 122. The transaction log 122 therefore maintains a complete record of all rights acquisitions and transactions between consumers (e.g. 108) and e-commerce retailers 106. Actual financial transactions are peripheral to the technical invention, however it will be clear that the transaction log 122 enables transactions to be tracked and audited. In one embodiment, payment is received from the end consumer 108 by the content distribution system 102, an agreed proportion of this is then paid, via a B2B transaction, to the online retailers 106 by the operator of the digital media content distribution system 102, and ultimately the relevant royalties agreed with the territorial rights- holders 104 are paid by the operator of the digital media content distribution system 102. Conveniently, these distributions of royalties may be conducted on a periodic basis, e.g. monthly, on the basis of the audit trail provided by the transaction log 122.

At a subsequent time, e.g. immediately, or after some intervening period, the consumer 108 will wish to access and play back the media content that they have purchased. This is achieved through the use of a specialised media content playback apparatus, embodying the invention, which is described in greater detail below with reference to Figure 3. In general, however, the playback apparatus may be a conventional personal computer executing a suitable media content player application, or may be a set-top box, a home entertainment or gaming console, an internet-enabled television, a tablet, a PDA, a smart-phone, or similar device. The media player accesses the digital medial content distribution system 102, and in particular the media rights storage facility 1 14, and indicated by the arrow 124. The player is then able to present the consumer with a list of the available media content assets for playback. The user can then select the desired item of media content.

Once the consumer has made a selection, the digital medial content distribution system 102 proceeds to execute the steps necessary for retrieval and playback of the selected content. The system enables all consumers 108 to access content from one or more cache nodes 126 located within the networks of their specific Internet Service Provider. In this way, download/streaming of the content need not be metered by the ISP.

The digital medial content distribution system 102 first determines whether the selected item of media content is already stored in a suitable cache node 126 of the ISP. If not, then the required content file is identified within the media content storage facility 1 12, and transferred to the cache node 126, as indicated by the arrow 128. In some instances this transfer may incur data exchange charges, however these charges are incurred only once, or only occasionally, and are therefore effectively shared across all subscribers of the particular ISP. This results in significant data interchange savings to the ISP in the case of popular content, which constitutes the majority (by volume) of all media content accessed by consumers.

Finally, the content is provided to the player application from the cache node 126, as indicated by the arrow 130. In accordance with embodiments of the invention, all content is provided in a streaming mode, rather than a download mode. This prevents the end-consumer 108 from easily obtaining access to a complete digital media content file, which may then be vulnerable to copying and/or redistribution. From the consumer's perspective, there is no inconvenience in the use of a streaming mode, rather than a download mode, because all of the same functionality (including replay, immediate access, and 'trick play' modes such as pause, fast-forward and rewind) are instantly accessible through the media player apparatus interacting with the cache nodes 126.

Figure 2 is a block diagram showing further detail of the digital media content distribution system 102 described above with reference to Figure 1 . In the exemplary embodiment the system 102 includes one or more servers 202, each of which comprises a computer system having at least one microprocessor 204, which is interfaced with volatile memory 206 (e.g. random access memory), and local non-volatile storage 208 (such as a hard disk drive, or similar). The non-volatile storage device 208 is used primarily to contain programs and data required for the operation of the server 202, and for the implementation and operation of various software components embodying features of the present invention. The volatile memory device 206 generally contains executable program instructions and transient data relating to the operation of the server 202, including programs and data transferred temporarily from the non-volatile storage 208.

In the embodiment shown, the server 202 further includes at least one network interface device 210 coupled to the processor 204, providing access to communications over a local area network (LAN) 212. One or more storage facilities 1 12, such as suitable database servers, are accessible via the LAN 212. A network gateway device 214, which preferably incorporates a firewall and/or other security measures, provides access via the LAN 212 to the external network 1 10.

While Figure 2 illustrates one exemplary embodiment of the system 102, it will be appreciated that other implementations are also possible, such as are within the general knowledge and capabilities of the person skilled in the relevant art. For example, the storage facilities 1 12 need not be provided as separate database servers accessed via the LAN 212, but instead may be accessible to the processor 204 via other interfaces of the server 202. Furthermore, many conventional components of the system 102 that are not necessary to describe an embodiment of the invention, such as various other common computer peripherals and interfaces, have been omitted from the simplified block diagram for simplicity and clarity.

In operation, the memory device 206 contains a body of program instructions 216 embodying various software-implemented features of the present invention. The server 202 is thereby configured to implement the various operations described above with reference to Figure 1 . In particular, the server 202 is configured to receive purchase information transmitted by an e-commerce retailer 106, to record the purchase details in the media rights storage facility 1 14, and to update the transaction log 122. The media rights storage facility 1 14 and the transaction log 122 may be maintained in the local non-volatile storage medium 208, or may be stored to a separate database server (not shown) accessible, for example, via the LAN 212.

The server 202 is also configured to receive requests from consumer media players 108, for access to media content for which the consumer has acquired appropriate rights, as recorded in the media rights storage facility 1 14. Upon receiving a request, the server 202 accesses the media rights storage facility 1 14, verifies the availability of rights, and undertakes the steps necessary to initiate streaming of the corresponding content from an appropriate cache node 126 to the media player 108. A further function of the server 202 is to authenticate a consumer (or associated media player), for example by receiving account credentials from a media player 108 via the network 1 10, and verifying the credentials against account information stored within the media rights storage facility 1 14. For example, each account may have an associated user name and password, which are configured by a consumer into the media player application 108, and which can then subsequently be transmitted to the server 202 upon connection by the media player 108. Subsequently, the server 202 may retrieve information regarding the rights owned by the consumer from the media rights storage facility, and transmit these back to the media player 108 via the network 1 10, so that the player 108 can present a user with a listing, menu, search facility and/or other suitable interface for selection of content for playback.

Figure 3 shows a block diagram 300 of a networked media player according to one possible embodiment. In this embodiment the player is implemented as a software application executing on a computing platform 302 according to a conventional microprocessor architecture. The platform 302 may be a general-purpose desktop or notebook PC, or may be an appliance with embedded hardware and software, such as a set-top box or home entertainment console. In some embodiments, the computing architecture may even be built into a television set or other audiovisual device. The media player 300 includes a microprocessor 304, which is coupled to volatile memory 306, and non-volatile storage 308. The non-volatile storage, which primarily contains programs and data required for the operation of the media player and its supporting operating system platform, may be a magnetic storage device, such as a hard disk drive, or a solid-state storage device, such as a read-only memory, or a flash memory.

The media player 300 also includes a network interface 310 coupled to the processor 304, providing access (either directly or indirectly) to the network 1 10. One or more interfaces 312 provide access to media output devices, such as a video display monitor or television set 314, and speakers 316. The media player 300 will also typically include one or more forms of human interface (not shown) such as a keyboard, a pointing device (e.g. a mouse), a keypad, a remote control device, a smart-phone, a PDA, a motion- sensing input device (e.g. Microsoft™ Kinect™) or the like.

In operation, a body of program instructions 318 embodies various software-implemented features and functions of the media player 300. These include connection to, and authentication by, the distribution server 202, and presentation of available content to the user along with one or more suitable content selection functions, as described above with reference to Figure 2. Additionally, the media player 300 is configured to provide an interface for media playback, including a range of interactive features such as play, pause, rewind, fast-forward, and other 'trick play' features, along with display options and other functions commonly associated with media playback software and devices.

Additional media playback functions, specifically embodying features of the present invention, are described below in greater detail with reference to Figure 6.

Figure 4 is a block diagram showing an alternative view of the architecture 400 of the system shown in Figure 1 . This diagram conveniently illustrates further detail of the operation of an exemplary embodiment of the invention.

The system is effectively operated under the direction of a control layer 402, implemented by one or more servers 202. The control layer 402 directs the transfer of information to and from media-content storage facilities 1 12 and media rights storage facilities 1 14.

End-customers, and their associated media player devices or software applications 406, are logically grouped according to their network Service Providers, e.g. 404. Each network Service Provider, conventionally an ISP, incorporates its own internal cache nodes 408. The architecture 400 employs a network address translation service, such as a domain name server (DNS) 410 in the Internet context, which is also configured by the control layer 402. In particular, the DNS 410 is used as a mechanism for directing a media player 300 to access the appropriate cache node 126 for streaming of selected media content. Specifically, the media player 300 is configured to access the cache node 126 using one or more specific universal resource locators (URLs), specifying the relevant transfer protocol and a corresponding host and domain name for the server. In the exemplary embodiment, the hypertext transfer protocol (HTTP) is used as the delivery mechanism for streaming content, because it is widely deployed and robust to effects of network congestion such as pauses and stalls. However, other suitable streaming media protocols may be employed, such as Real Time Streaming Protocol (RTSP) or Real Time Messaging Protocol (RTMP).

The network player 300 accesses the DNS server 410, as indicated by the arrow 412, in order to translate the host and domain names to corresponding IP addresses for streaming of the media content. In the exemplary embodiment, the resulting IP addresses correspond with one or more network addresses associated with the appropriate cache node 126. To ensure that the media player 300 connects to the desired cache node 126, the control layer 402 configures the DNS server 410 with the required translation between the host and domain names and the relevant IP addresses associated with the cache node 126. The configured translations are assigned a time-to-live (TTL) of zero, such that on each use of the host and domain names the media player 300 is forced to perform a new resolution via the DNS server 410, due to the fact that its previous translation has expired. In this way, it is possible for a single URL, or preconfigured set of URLs, used by the media player 300 to dynamically resolve to the appropriate cache node 126, as directed by the control layer 402.

In an alternative embodiment, Border Gateway Protocol (BGP) may be employed to implement the required address 'translation'. More particularly, each player, e.g., 300 is connected to an Autonomous System (AS) comprising the desired cache node, e.g. 126. One or more common addresses may then be advertised as the streaming server addresses, and BGP used to control the cost of the route to these addresses, to direct the connections to the desired cache node. In this embodiment, an effective address 'translation' is performed between a network address and a corresponding physical/virtual interface (ultimately an associated MAC address), as compared with the translation between a URL and a network address in a DNS-based embodiment.

The above description, with reference to Figures 1 to 4, exemplifies the overall operation of the digital media content distribution system 102, and architecture 400. As described, this overall exemplary approach enables consumers 108 to acquire content rights from a plurality of distinct online retailers 106, those rights being recorded within a central media rights storage facility 1 14, with 'master' copies of the corresponding digital media content files being held within a single central media content storage facility 1 12, on behalf of a plurality of different territorial rights-holders 104. The system also enables copies of the digital media content files to be transferred to a plurality of cache nodes 126, which may be deployed across a number of different network Service Providers. The consumers 108 are thereby able to access and stream the content for which they have acquired rights from a cache node located within the network Service Provider to which they subscribe. Unmetered access to the content can thereby be implemented. The system is thus completely agnostic to the number and/or nature of competing territorial rights-holders, online retailers, and network Service Providers. Consumer choice and convenience is maximised. Access by the territorial rights-holders to the marketplace of consumers is also maximised. Furthermore, access by consumers to a range of competing retailers is also facilitated, while the retailers, for their part, are also provided with access to a competitive market of consumers.

Having described the overall system operation, architecture and advantages, the following description, referring to Figures 5 and 6, describes an exemplary implementation of a method and apparatus for streaming of the media content, e.g. between the cache nodes 126 and the media player devices 300, which provides enhanced security against capture, copying and/or redistribution of the streaming media content.

The general principle employed by embodiments of the invention in order to provide enhanced security of streaming media is to transmit digital media content from the cache nodes 126 to the players 300 via a plurality of simultaneous/parallel streams. According to an exemplary embodiment, each stream is identified by a different source address. Each one of the parallel streams may be sourced from a different cache node 126, from a different physical network interface of a cache node, and/or from a different address associated with a single physical network interface of a cache node. In general, therefore, each parallel media stream is received from a distinct logical source, which may or may not correspond with a particular distinct physical source. Figure 5 is a schematic diagram illustrating segmentation of media content for secure streaming according to an exemplary embodiment of the invention. A complete streamable media content file 500, such as an audiovisual content file, is divided into a plurality of time segments, e.g. 502. Preferably, each time segment commences with a key frame, e.g. 504, designated K₀ to K_N in Figure 5. For example, the complete media content file 500 may represent an MPEG transport stream (TS) or program stream (PS), itself comprising a number of elementary streams, such as a video stream 514 and an audio stream 516. Additionally, an MPEG TS or PS file may comprise a stream containing subtitles or closed captions, and the format also supports additional synchronous and non-synchronous content. By way of example, the following discussion focuses upon video and audio streams 514, 516, however the skilled person will readily appreciate that the same principles may be extended to additional elementary streams.

The streamable media content file 500 may include media, e.g. video, audio, and/or other streams, which implement access controls such as digital rights management (DRM) technologies. These controls may be implemented independently and in addition to the security enhancements provided in accordance with the invention. In particular, the segmentation, replication and transmission of the media content file 500, as described below, may be applied to protected and unprotected content.

In order to enhance the security of streamed content, the complete content file 500 is replicated across a plurality of parallel streams. Any desired number of streams may be employed, and Figure 5 illustrates a general case of M streams, of which four streams 506, 508, 510, 512 are shown for the purposes of illustration.

The replicated streams 506, 508, 510, 512 are constructed from the complete content stream 500 such that each replicated content stream contains valid media content (i.e. audio and/or video) during only selected time segments. More particularly, during each time segment at least one of the replicated content streams comprises a valid copy of at least one of the elementary streams 514, 516 making up the complete content stream 500. Preferably, in each one of the time segments there is only one of the replicated content streams containing valid content of each one of the elementary streams 514, 516.

As shown in Figure 5, during the first time segment 502 commencing with key frame K₀ a valid portion of the video elementary stream 518 is transmitted in the replicated stream 506, while a valid portion of the elementary audio stream 524 is transmitted via the replicated stream 508. In each subsequent segment, the valid contents of the elementary streams may be transmitted via different replicated streams, such as second video segment 520 via replicated stream 512, through to the final video segment 522, transmitted via replicated stream 508. Similarly, within each time segment the elementary audio stream is transmitted on a different replicated stream, e.g. final audio segment 526 transmitted via replicated stream 512.

The method of segmenting the complete media content stream over a number of parallel segmented streams, as discussed above, advantageously enhances the security of media streaming. In particular, in order to capture the complete media content stream 500 an eavesdropper needs to identify and capture not just the information streamed from a single source address, but all of the information streamed from a number of logical source addresses. The eavesdropper may not know the number of parallel streams being used, the start and end points of each time segment, e.g. 502, or which ones of the parallel streams are carrying valid media data at any given time.

Therefore, in order to maximise the security enhancement, it is desirable to ensure that an eavesdropper is unable to determine these parameters of the transmitted parallel streams in advance of transmission. One exemplary method for achieving this is to generate a schedule for the transmission of the complete content 500 via the parallel replicated streams in advance, and then to transmit a copy of the schedule securely to the media player 300 prior to the commencement of streaming. Secure transmission may be achieved by encrypting the schedule data.

Encryption may be performed, for example, through the use of a secret encryption key securely embedded within the player device 300 and known also to the digital media content distribution system 102 and/or the cache nodes 126. Alternatively, secure transmission of the schedule data may employ a certificate-based authentication of the player 300, in combination with public/private key encryption. In this regard, various suitable cryptographic techniques will be available for use by persons skilled in the art, noting that the quantity of schedule data is relatively small, and it is therefore feasible to use reasonably computationally-intensive encryption and decryption algorithms which would not be practical for use in relation to the streamed content itself.

By way of example, the table below represents a schedule corresponding with the segmentation and distribution of valid media content illustrated in Figure 5. The first column of the table is the identifying number of the initial key frame of each segment. The second column indicates the identifying number of the replicated stream containing valid streaming video content during the corresponding segment, while the third column contains the number of the replicated stream containing the valid audio content. As will be appreciated, the table is readily extended to include additional columns for any further elementary streams that may be contained within the complete content file 500.

In some embodiments of the invention the schedule may be generated by the digital media content distribution system 102, i.e. at the control layer 402, and transmitted to the relevant cache node 126 which then transmits a copy securely to the player 300. Alternatively, the cache node 126 may be responsible for generation of the schedule. A schedule may be selected from one or more predefined schedules, or may be uniquely generated, for example using a random or pseudo-random process, prior to the commencement of streaming. For additional security, transmissions within the system, including any or all of the schedule and each replicated media stream, may be encapsulated with a further level of encryption, for example using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) in a TCP/IP-based implementation. As will be appreciated by persons skilled in the art, the use of such transport layer security has no impact on the operation of an embodiment of the invention as described above, and simply uses an existing available service for further security enhancement.

Figure 6 is a block diagram 600 providing a further illustration of a process of secure media streaming from a cache node 126 to a media player 300 according to an exemplary embodiment of the invention.

As shown in the diagram 600, a cache node 126 comprises a computing platform having at least one central processing unit 602. The central processing unit 602 is coupled to at least one non-volatile storage medium 604, which may be used to store relevant programs and data for operation of the cache node 126, as well as copies of streaming media content required for transmission to one or more players 300.

The processor 602 is also coupled to volatile memory 606, such as random access memory, which contains transient programs and data related to the operation of the computing platform 1 16, including functions associated with the replication, segmentation and transmission of streaming media.

A network interface 610 coupled to the processor 602 provides access to the network 1 10, via which the cache node 126 communicates with the digital media content distribution system 102. A plurality of further logical network interfaces, e.g. 612, comprise sources of parallel media streams, and may correspond with distinct physical network interface devices, or may be virtual network interfaces sharing one or more physical network interface devices which may be the same as, or different from, the network interface 610. Each logical and/or physical network interface 612 has its own assigned network address.

For the purposes of the block diagram 600, it is assumed that the player application 300 has previously been employed by a consumer to select and request media content for which that consumer has relevant media rights within their media rights storage facility 1 14. Furthermore, it is assumed that the required complete media content file is stored locally within the cache node 126, e.g. in non-volatile storage 604. The processor 602 then either generates, or receives via network interface 610, a schedule for segmentation and transmission of the requested media content. The schedule is securely transmitted, as described above, to the player 300, as indicated by the arrow 614. Additionally, in the exemplary embodiment identifying or watermarking information, uniquely associated with the consumer, is transmitted to the player 300, as indicated by the arrow 616. The purpose of this identifying information will be discussed in greater detail below.

Streaming of the media content then commences via the parallel streams

618, in accordance with the schedule that is now known to the processor 602 and the player 300. As described above, with reference to Figure 5, the processor 602 replicates the complete content stream, and segments and distributes the content in accordance with the schedule. The player 300 effectively includes at least two logical 'switches' 620, 622, which are generally software elements operated in accordance with the schedule in order to switch between the received parallel streams, in order to reassemble the video and audio elementary streams respectively.

In the exemplary embodiment of the player 300, an additional function 624 is provided, which is able to add a watermark overlay to the video stream prior to its display on the display device 314. This watermark is preferably based upon the unique identifying information of the consumer, which was transmitted to the player 300 prior to the commencement of streaming. Accordingly, if the media content is copied by direct video capture from the display, and then subsequently redistributed in violation of the content owners' copyright, the watermarking will enable the original source of the illegally copied content to be identified. As will be appreciated by persons skilled in the art, various implementations of the watermarking 624 are available. For example, the watermark may be permanent of intermittent. It may be visible or invisible. It may involve a combination of a variety of different such techniques. In other embodiments a watermark may alternatively, or additionally, be imposed upon the audio stream, or another stream of the media content. For example, the watermark may comprise an audible or inaudible addition to the audio stream. Inaudible watermarks may be imposed by adding information outside the parameters of normal perception, such as very low-level pseudo-random 'noise', or as low or high frequency components beyond the range of human hearing.

A further desirable feature in embodiments of the invention is to utilise the non-content-bearing segments of the parallel media streams, e.g. segment 528 in Figure 5, to convey additional warning messages to any would-be eavesdroppers. For example, a video elementary stream may be employed to transmit one or more still frames containing copyright messages, or warnings about the consequences of piracy. An audio elementary stream segment may be used to transmit similar messages in an audible format, while a subtitle or closed-caption stream segment may transmit basic copyright or warning messages.

While an exemplary embodiment of the invention has been described, it will be appreciated that there are many possible variations, enhancements and alternative implementations possible within the general scope of the invention. For example, in some embodiments it may be possible to include additional information within the valid transmitted media content stream, such as advertising or other promotional material. Consumers may be provided with pricing options for purchase or rental of content based upon their willingness to receive such additional promotional content. Many other such variations in the operation of the system described herein may also be implemented. Accordingly, it will be understood that the general scope of the invention is not limited to the examples described in detail herein, but rather is as defined by the following claims.

Claims

CLAIMS:

1 . A method of secure streaming of media content from at least one media server to a media client via a data network, the method comprising steps of:

2. The method of claim 1 wherein each logical streaming media source is identified by having a distinct address on the network.

3. The method of claim 1 wherein the media content comprises at least two elementary content components, wherein a separate schedule is determined for each elementary content component whereby the media client selects between each of the elementary content components of the received streams in accordance with the corresponding schedule.

4. The method of claim 3 wherein the elementary content components are two or more of video, audio or subtitles/closed captions.

5. The method of claim 3 wherein each time segment commences at a key frame of a video component of the media content.

6. The method of claim 1 which further comprises steps of:

generating a predetermined schedule; and

whereby the media client selects between the received streams in accordance with the schedule in the schedule file.

7. The method of claim 6 wherein the schedule file is encrypted prior to transmission from the media server to the media client, and decrypted by the media client.

8. A media streaming system, comprising:

9. A method of playback of streamed media content comprising:

establishing a plurality of connections via a data network to corresponding logical streaming media sources of at least one media server;

receiving simultaneously, from each of the logical sources, a replicated media content stream which comprises valid media content during only selected ones of a plurality of time segments into which a complete media content stream has been divided;

10. The method of claim 9 wherein the media content stream comprises at least a video component and an audio component, and the one or more media output devices comprise a display device and at least one speaker device, the method further comprising steps of:

outputting the video component via the display device;

1 1 . The method of claim 10 wherein the user identification signal is a watermark embedded in the output video component.

12. A networked media player comprising:

13. A method of secure distribution of digital media content within a networked environment comprising a plurality of territorial rights-holders, a plurality of online digital media content retailers, a plurality of online digital media content consumers, and a plurality of broadband data network Service Providers interconnecting at least the retailers and consumers, the method comprising steps of:

14. The method of claim 13 wherein a broadband data network service provider of the consumer provides a network comprising one or more cache nodes including cache storage facilities for temporary storage of digital media content files, and the distribution server provides access by the consumer to the requested item of media content by a method comprising steps of:

15. The method of claim 14 wherein the step of directing the media player to access the media content comprises updating a network address translation service to direct a network identifier provided by the media player to one or more logical streaming media sources of the cache node.

16. The method of claim 15 wherein the network is an Internet Protocol (IP) network, and the address translation service is a Domain Name Service (DNS).

17. The method of claim 13 further including maintaining a log of transactions including a record of at least the details of each acquisition of digital media content from each retailer.

18. A computer-readable medium having recorded thereon computer executable instructions which, when executed, implement a method according to claim 1 .

19. A computer-readable medium having recorded thereon computer executable instructions which, when executed, implement a method according to claim 9.