[go: up one dir, main page]

GB2636852A - Data processing apparatuses and methods - Google Patents

Data processing apparatuses and methods Download PDF

Info

Publication number
GB2636852A
GB2636852A GB2319992.0A GB202319992A GB2636852A GB 2636852 A GB2636852 A GB 2636852A GB 202319992 A GB202319992 A GB 202319992A GB 2636852 A GB2636852 A GB 2636852A
Authority
GB
United Kingdom
Prior art keywords
content
digital video
video content
distribution path
distribution information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2319992.0A
Other versions
GB202319992D0 (en
Inventor
Stuart Moore Nigel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Group Corp
Original Assignee
Sony Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Group Corp filed Critical Sony Group Corp
Priority to GB2319992.0A priority Critical patent/GB2636852A/en
Publication of GB202319992D0 publication Critical patent/GB202319992D0/en
Priority to PCT/GB2024/053138 priority patent/WO2025133591A1/en
Publication of GB2636852A publication Critical patent/GB2636852A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8358Generation of protective data, e.g. certificates involving watermark
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Technology Law (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

A data processing apparatus comprising circuitry configured to: receive digital video content over a first content distribution path; determine if a match condition is met, the match condition being that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content; if the match condition is met, allow output of the digital video content for presentation. Determining whether the match condition is met may comprise performing an extraction process for extracting distribution information from the digital video content; verifying a digital signature of successfully extracted distribution information using a public key associated with a legitimate source of the digital video content; determining whether the first content distribution path matches the second content distribution path of successfully extracted distribution information; if distribution information is successfully extracted from the digital video content, the digital signature is successfully verified and the first content distribution path matches the second content distribution path, determine the match condition to be met.

Description

DATA PROCESSING APPARATUSES AND METHODS BACKGROUND
Field of the Disclosure
The present disclosure relates to data processing apparatuses and methods.
Description of the Related Art
The "background" description provided is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in the background section, as well as aspects of the description which may not otherwise qualify as prior art at the time of filing, are neither expressly or impliedly admitted
as prior art against the present disclosure.
To help alleviate piracy of digital content (in particular, digital video content), technologies such as digital rights management (DRM) technologies have been implemented. These use, for example, digital encryption to ensure that only users who legitimately purchase content or who subscribe to a legitimate content provider are able to decrypt and view the content.
In response to this, however, certain bad actors have begun a different model of piracy (redistribution piracy) in which a stream of content is legitimately obtained and decrypted (e.g. through a subscription to a legitimate content provider) but then redistributed (for a fee less than that charged by the legitimate content provider) to non-legitimately subscribed users through a non-legitimate distribution path over a network. This is enabled, for example, by providing such users with a software application (e.g. mobile app) and/or hardware device (e.g. altered set top boxes (STBs)) for receiving the content through the non-legitimate distribution path.
There is a desire for a technical solution to alleviate this growing problem. The present disclosure is not limited to providing a technical solution to this problem.
SUMMARY
The present disclosure is defined by the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
Non-limiting embodiments and advantages of the present disclosure are explained with reference to the following detailed description taken in conjunction with the accompanying drawings, wherein: Figs. 1A and 1B schematically show a content providing apparatus and content receiving apparatus; Fig. 2 schematically demonstrates methods of redistribution piracy; Fig. 3 schematically shows an example process implemented at a content providing side; Fig. 4 schematically shows a first example process implemented at a content receiving side; Fig. 5 schematically shows a second example process implemented at a content receiving side; Fig. 6 schematically shows a watermark generation technique; Fig. 7 schematically shows use of a watermark confidence value; and Figs. 8A and 8B show example methods.
Like reference numerals designate identical or corresponding parts throughout the drawings.
DETAILED DESCRIPTION OF THE EMBODIMENTS
Fig. 1A shows a data processing apparatus / device (content providing apparatus / device) 100 for providing digital content over a communications network. Fig. 1B shows a data processing apparatus / device (content receiving apparatus / device) 111 for receiving the digital content over the communications network. The communications network (not shown) is the internet, for example.
The content providing apparatus 100 comprises a processor 101 for executing electronic instructions, a memory 102 for storing the electronic instructions to be executed and electronic input and output information associated with the electronic instructions, a storage medium 103 (e.g. a hard disk drive or solid state drive) for long term storage of digital information, a communication interface 104 for sending electronic information to and/or receiving electronic information from one or more other apparatuses and a user interface 105 (e.g. a touch screen, a non-touch screen, buttons, a keyboard and/or a mouse) for receiving commands from and/or outputting information to a user. Each of the processor 101, memory 102, storage medium 103, communication interface 104 and user interface 105 are implemented using appropriate circuitry, for example. The processor 101 controls the operation of each of the memory 102, storage medium 103, communication interface 104 and user interface 105.
The content receiving apparatus 111 comprises a processor 106 for executing electronic instructions, a memory 107 for storing the electronic instructions to be executed and electronic input and output information associated with the electronic instructions, a storage medium 108 (e.g. a hard disk drive or solid state drive) for long term storage of digital information, a communication interface 109 for sending electronic information to and/or receiving electronic information from one or more other apparatuses and a user interface 110 (e.g. a touch screen, a non-touch screen, buttons, a keyboard and/or a mouse) for receiving commands from and/or outputting information to a user. Each of the processor 106, memory 103, storage medium 108, communication interface 109 and user interface 110 are implemented using appropriate circuitry, for example. The processor 106 controls the operation of each of the memory 107, storage medium 108, communication interface 109 and user interface 110.
Digital content is transmitted over the network from the communication interface 104 of the content providing apparatus 100 to the communication interface 109 of the content receiving apparatus 111, for example.
Fig. 2 demonstrates an example mechanism of redistribution piracy.
At step 202, a legitimate digital content stream 201 is received from a legitimate source (e.g. legitimate content provider who has produced or paid appropriate licensing fees for the content).
At step 203, the relevant DRM key(s) are used to decrypt the content. The DRM key(s) are obtained from the legitimate source (e.g. since payment for the legitimate digital content stream 201 has been made).
Two example ways of redistributing the content are then given.
In one example, once the legitimate content stream 201 has been decrypted, it is passed as a decrypted content stream 213 to another encryption process 208 which uses new DRM key(s) to re-encrypt the content stream. The re-encrypted content stream is then distributed as a redistributed content stream 210 at step 209. The new DRM key(s) are pirate system DRM key(s) used to ensure only customers who pay the bad actor are able to decrypt the redistributed content stream 210.
In another example, the legitimate content stream decrypted at step 203 is decoded at step 204 and output at step 205. The essence of the content is then captured again at step 206. For instance, the content may be output to a display and then captured with a camera or a digital copy of the decoder output may be captured (e.g. by a compromised hardware device). A resulting stream of captured content is then encoded at step 207 and passed to the encryption and distribution processes 208 and 209 (as previously described) which output the redistributed content stream 210.
In either case, the result is that a legitimate content stream 201 (accessible using DRM key(s) provided by the legitimate content source) is converted to an illegitimate redistributed content stream 210 (accessible using DRM key(s) provided by the bad actor).
Distribution can be scaled to deliver the redistributed content stream to a large number of customers of the bad actor from a single legitimate content stream. This piracy negatively affects the provider of the legitimate content stream 201 and/or the rights holder of the content.
Figs. 3 and 4 illustrate an example content delivery technique less susceptible to the types of redistribution piracy exemplified in Fig. 2. The steps of Fig. 3 are implemented by content providing apparatus 100 under control of the processor 101, for example. Such a content providing apparatus 100 is operated by a legitimate distributor of the content. The steps of Fig. 4 are implemented by content receiving apparatus 111 under control of the processor 106, for example. Such a content receiving apparatus 111 is operated by a consumer of the content.
As shown in Fig. 3, at the content transmission side, at step 301, original content data indicative of original digital content (in particular, video content) is obtained. A watermark is then added to the original content data at step 302 to obtain watermarked original content data at step 303. The watermarked original content data is then encoded at step 304, packaged at step 305 and encrypted (using suitable DRM key(s)) at step 306. It is then transmitted at step 307 via a legitimate distribution path as legitimate content stream 201.
Distribution information is also added to the watermarked original content data. For example, the distribution information may be added as pad of one or more of the encoding 304, packaging 305, encrypting 306 or transmission 307 steps. The distribution information indicates the legitimate distribution path (e.g. Hypertext Transfer Protocol, HTTP, resource, as indicated by at least part (e.g. host and path) of a Uniform Resource Identifier, URI, (or, more particularly, a Uniform Resource Locator, URL) or broadcast frequency for broadcast content) for transmission of the legitimate content stream. The distribution information is digitally signed by the legitimate distributor (using a private key) so any alteration of the distribution information is detectable at the receiver side.
The transmitted legitimate content stream 201 thus includes both a watermark and digitally signed distribution information. The watermark is an example of a forensic indicator, marker or fingerprint which imparts a particular characteristic on the content when it is presented. The watermark may be, for example, a pattern of changes to the content, for instance an array of values by which to change values (e.g. DCT coefficients) of the video content. The watermark thus becomes part of the video data which is passed to the encoder 304. The digitally signed distribution information is added in any suitable form, for example, as Network Abstraction Level (NAL) unit of the encoded digital video bit stream when the video content is encoded according to the Advanced Video Coding (AVC) / H.264 standard.
As shown in Fig. 4, at the content receiving side, at step 401, the legitimate content stream 201 is received via the legitimate distribution path. The content is then decrypted at step 402 (using suitable DRM key(s)) and decoded at step 403 to obtain the watermarked original content data at step 404 and digitally signed distribution information at step 406 (the digitally signed distribution information being extracted at step 406). The digital signature of the digitally signed distribution information is also verified at step 406 (using a public key provided by the legitimate distributor). At step 407, the watermark is extracted (that is, derived from the content data).
Watermark extraction may be blind, that is to say, without reference to a version of the original content, or non-blind, which, for example, may correlate a version of the original content with that received, to identify differences, the differences being representative of the watermark. In some examples of the disclosure, blind watermark extraction may be used over a few frames or partial frames of video content to successfully determine the presence of the watermark to initiate verification of the distribution path (such verification occurring at step 408 -see below).
Upon successful extraction of the watermark and verification of the digital signature of the digitally signed distribution information, at step 408, the indicated distribution path indicated by the verified distribution information is compared to the actual distribution path (e.g. HTTP resource) used to deliver the content stream 201. The actual distribution path is measured at step 409 (e.g. by determining the HTTP resource indicated in the HTTP request to obtain the content stream). At step 410, it is determined to allow presentation (display) of the watermarked original content at step 405 if the actual distribution path matches the indicated distribution path. Otherwise, a blank screen, error message (indicating a help resource, for example) or the like is displayed. In an example, if the actual distribution path and indicated distribution path do not match, the actual distribution path (which, due to the lack of a match, will be an illegitimate distribution path), optionally with the indicated distribution path, is recorded (e.g. in storage medium 108). This information may then be gathered by a suitable undertaking (e.g. the content provider or anti-piracy groups) to monitor sources of pirated content, for example.
The present technique thus only allows the content to be displayed if the distribution path indicated by the distribution information (which cannot be altered by an unauthorised party due to use of the digital signature) matches the actual distribution path used to obtain the content. A redistributed content stream 210 (like that shown in Fig. 2) will have a different distribution path to the legitimate content stream 201 (since a bad actor, although having access to the legitimate content stream 201 itself, is not able to use the distribution path (e.g. HTTP resources) of the legitimate content provider to provide the redistributed content stream 210). A redistributed content stream 210 thus cannot be played back when content is provided and received using the mechanism of Figs. 3 and 4.
Furthermore, the use of the watermark means the mechanism is backwards compatible, since the distribution path comparison is only carried out if a watermark is successfully extracted at step 407. This means legacy content (which includes neither a watermark nor distribution information) can still be presented (otherwise the lack of distribution information and, thus, the lack of an indicated distribution path, would mean a successful match with the actual distribution information could never occur and thus presentation of the legacy content would never be permitted). On the other hand, for content including the watermark and distribution information, the nature of the watermark means it is preserved as part of the video content (whether as part of decrypted content stream 213 or as output 212 of a display) and thus the distribution path comparison will always need to result in a successful match in order for the content to be presented. Redistribution piracy opportunities for protected content (i.e. that including both a watermark and distribution information) are therefore reduced while reducing the risk of negatively affecting the ability to present legacy content.
Fig. 5 shows an example implementation of Fig. 4 on a content receiving device 111 (in this example, a television) to help reduce the risk of bad actors being able to circumvent the piracy reduction measures of the present technique.
The legitimate content stream 201 is received by a software application 501 (e.g. media content retrieval and viewing application) installed on the content receiving device 111. The content stream 201 is received in one or more portions with each portion being received as part of an HTTP response to a previously transmitted HTTP request. The HTTP resource indicated by each HTTP request / response pair represents the legitimate distribution path for that portion of the content.
In this proposed new system, for the software application 501 to transmit the HTTP request to receive the next portion of content (in a corresponding HTTP response) from the relevant HTTP resource, the software application, at step 504, transmits the HTTP request to an HTTP interceptor 509 of the OS 505. The HTTP interceptor 509 stores the URL of the HTTP request in a URL store 507 and adds the HTTP request to an HTTP stack 508. The HTTP request 510 is then transmitted from the HTTP stack 508 over the network and the corresponding HTTP response including data representing the portion of content is received over the network by the software application 501.
The data indicating the portion of content provided in the HTTP response includes first data 502 representing the content itself and the digitally signed distribution information. It also includes second data 503 representing a public key certificate of the legitimate content provider, which may be provided as part of the code of the application 501 itself or obtained dynamically (e.g. using standard known techniques). In this example, the distribution information is the URL (or at least a portion of the URL, e.g. the host and path) of the HTTP request / response. The public key certificate includes the public key for verifying the digital signature of the digitally signed distribution information and associates the public key with the legitimate content provider. The public key certificate itself is digitally signed by a suitable certifying authority (and is itself verifiable by a public certificate (including public key) of the certifying authority provided to the content providing device 111 in advance (e.g. during manufacture)). Although shown as separate instances of data 502 and 503, the first and second data may be combined as a single instance of data. For example, the public key certificate of the legitimate content provider may itself be provided included in the distribution information.
The first and second data are provided to decoder and WM control logic 506 which performs the decoding and watermark control logic in the way described with reference to Fig. 4, for example. Here, the comparison of the distribution path indicated in the distribution information with the actual distribution path is the comparison of the URL (or part of the URL) indicated in the distribution information with each of the URL(s) (or part of the URL(s)) stored in the URL store 507. The content is then only presented (as per step 405) if there is a match. In an example, the URL store stores the URLs of a plurality of the most recent (e.g. 10, 20 or 30 most recent) HTTP requests and/or stores the URL of each HTTP request for a predetermined time period (e.g. 10, 20 or 30 seconds). This helps ensure legitimate content can be presented even if there is latency between the transmission of HTTP requests and the subsequent HTTP response receipt, watermark extraction and distribution path comparison processes.
In an example, each portion of content associated with a respective HTTP request / response pair is a Dynamic Adaptive Streaming over HTTP (DASH) segment and the URL is the DASH segment URL. DASH segment URLs for all DASH quality levels (e.g. resolutions) for a predetermined future time period (e.g. the next 30 or 60 seconds) may be provided to enable the software application 501 (via the OS 505) to request the next DASH segment at an appropriate quality level. The digitally signed distribution information may be provided with each delivered DASH segment to enable the URL comparison to take place.
The arrangement of Fig. 5 helps improve robustness of the present technique because it makes it difficult for a software application 501 provided by a bad actor to provide a URL matching the URL of the digitally signed distribution information to logic 506 while transmitting an HTTP request with a different URL (where a non-legitimate redistributed content stream is located) over the network to actually retrieve the content. Rather, it is ensured the URL of each HTTP request actually transmitted to obtain the content is used in the comparison with the URL indicated in the distribution information.
This is enabled by not permitting changes to the OS 505 or logic 506 by software application developers. For example, in Fig. 5, the decoder and WM control logic 506 is only able to access URLs obtained from the HTTP interceptor 509 (and stored in the URL store 507) of the OS 505 (which is not accessible to software application developers). The logic 506 is not able to access HTTP stacks which are part of the software application 501.
This helps prevent any bypass of the URL match check carried out by the logic 506. Further, the logic 506 matches the content currently being processed with the corresponding URL used for downloading the content from the URL store 507. For example, the logic 506 ensures the HTTP response comprising the content corresponds with an HTTP request associated with a URL stored in the URL store 507. This helps prevents illegitimate software applications 501 from, for example, making an HTTP request to the legitimate content source using the HTTP interceptor 509 (meaning a legitimate URL is stored in the URL store 507), discarding the corresponding HTTP response and then obtaining the content from an illegitimate source. The robustness of the system is thus further improved.
Although URLs are mentioned in the above example, it will be appreciated that, more generally, URIs may be used.
The security of the present technique can be improved by improving the unpredictability of the watermark. In particular, by making the form (e.g. appearance) and/or location of the watermark less predictable, it is difficult for a bad actor to attempt to locate and remove the watermark from a redistributed content stream (thereby circumventing the activation of the comparison step 408 if no watermark is extracted). Watermark strength may be adapted such that the watermark payload is represented by modifications to the video content of greater density or magnitude in busier or more noisy parts of the video content rather than in more uniform parts of the video content. In some examples, the greater the watermark strength, the easier it is to decode and/or extract. The ability to decode and/or extract the watermark accurately may be enhanced further by utilising a watermark embedded in a combination of audio in addition to video content (that is, in digital audio content associated with digital video content). The watermark may also, for example, be included in the audio only.
In one example, a different (pseudo) random string of numbers (e.g. generated using a deterministic random number generator and a seed, such as the current date and/or time) is periodically (e.g. once per day) sent from the content providing device 100 to the content receiving device 111. The string is sent over a secure channel established between the content providing device 100 and content receiving device 111 (e.g. encrypted using a public key of a public / private key pair of the content receiving device 111) which is not accessible to the software application 501, for example. For instance, the secure channel may only be accessible by the OS 505. The string indicates different form(s) and/or location(s) of the watermark over a time period. For example, if a new string is transmitted each day, the string may indicate the form and/or location of the watermark during each of one or more equal time periods during that day.
This is exemplified in Fig. 6, which shows a (pseudo) random string 604 comprising a plurality of segments 601 B, 602B and 603B indicating the position and form of the watermark for a plurality of respective time periods T1, T2 and T3. If a new version of the string 604 is generated each day, each of T1, T2 and T3 may last for 8 hours, for example. In reality, there may be a larger number of segments and corresponding time periods (more generally, N segments, so the period of time (e.g. 1 day / 24 hours) for which the current version of the string is valid is divided into N equal time periods).
Each segment includes two sub-segments. In particular, segment 601 B, corresponding to watermark 601A displayed over first time period Ti, includes sub-segment 601C indicating the position (xi, yl) of the watermark 601A and sub-segment 601 D indicating the form of the watermark 601A. Similarly, segment 602B, corresponding to watermark 602A displayed over second time period 12, includes sub-segment 602C indicating the position (x2, y2) of the watermark 602A and sub-segment 602D indicating the form of the watermark 602A. Similarly, segment 603B, corresponding to watermark 603A displayed over third time period T3, includes sub-segment 603C indicating the position (x3, y3) of the watermark 603A and sub-segment 603D indicating the form of the watermark 603A. It is noted the different shapes shown in watermarks 601A, 602A and 603A are simplified examples to schematically demonstrate the different form of the watermarks. In reality, the form of the watermarks is more subtle (e.g. based on adjustments to Discrete Cosine Transform (DCT) coefficients).
The generator of string 604 (executed by processor 101, for example) may be configured to generate segments and/or sub-segments of the string within predetermined constraints.
For example, the position (x," yn) of the watermark corresponding to time period Tr, is a position on an x-y plane defined for the video frame and the watermark itself is defined within a rectangle of predetermined dimensions with a lower left corner positioned at position (xn, y,). The x-y plane may be normalised so that, for each sub-segment 601C, 602C and 603C indicating a respective watermark position, the generator of string 604 generates two numbers between 0 and 1. The first number represents the xn position, with the left-most side of the video frame corresponding to 0 and the right-most side of the video frame corresponding to 1. The second number represents the yr, position, with the bottom of the video frame corresponding to 0 and the top of the video frame corresponding to 1.
The normalised values of the sub-segments 601C, 602C and 603C are converted to corresponding (x, y) pixel values. For example, for a normalised value x, the pixel position xp = INT (x*Rx), where Rx is the number of pixels in the x-direction of the video frame (e.g. Rx = 1920 or 3840 pixels). Similarly, for a normalised value y, the pixel position yp = INT (y*Ry), where Ry is the number of pixels in the y-direction of the video frame (e.g. Ry = 1080 or 2160 pixels). The pixel position of the watermark is then defined as (xp, yp).
The rectangle within which each watermark 601A, 602A and 603A is defined has predetermined dimensions in the normalised coordinate system of a x b (where a and b may be different or the same, e.g. a = b = 0.05 or 0.1) and the generator of string 604 generates, for each sub-segment 601 D, 602D and 603D indicating a respective watermark form, one or more random numbers (e.g. again between 0 and 1) to apply (e.g. as a scaling factor) to one or more DCT coefficients of the portion of the video image within the rectangle in a predetermined way to change the form of this portion of the video image. This is what creates the watermark.
In an example, the pixels of the watermark rectangle positioned at pixel position (xp, yp) are all pixels with x pixel position xp to xp + INT (a*Rx) and all pixels with y pixel position yp to yp + INT (b*Ry). The DCT coefficient(s) of these identified pixels (e.g. the luminance Y component of these pixels) are then multiplied (scaled) by respective random number(s) of the relevant sub-segment 601 D, 602D or 603D.
For example, each sub-segment 601 D, 602D and 603D may include a plurality of random numbers between 0 and 1 which are respectively multiplied in a round robin fashion with the luminance DCT coefficients of the identified pixels of the corresponding rectangle in a particular order (e.g. raster scan order) to generate adjusted luminance DCT coefficients. This adjusts the form of the portion of the video frame within the rectangle in a predetermined way, thereby creating the watermark. It will be appreciated this is only a simple example and any suitable watermark generation method using randomisation as known in the art may be used.
During a given time period Tn, addition of the watermark at step 302 (which may form part of the encoding step 304 if DCT coefficient adjustment is used for watermark generation) thus uses the same set of random numbers (i.e. those defined in the corresponding segment 601 B, 602B or 603B of the current string 604) as used to extract the watermark at step 407 (which may form part of the decoding step 403 if DCT coefficient adjustment is used for watermark generation). This makes it easy for the content receiving device 111 to successfully extract the watermark, thereby reducing latency.
In particular, since the sub-segments 601C, 602C and 603C indicate the position of a rectangle of a predetermined size containing the watermark, the content receiving device 111 knows where to look for the watermark, reducing the latency compared to analysing the entire video frame to try to extract the watermark. At the same time, due to the string 604 being regularly updated over a secure channel, the position and form of the watermark regularly changes. It is thus difficult for a bad actor to reliably be able to detect a watermark and remove it, thereby improving the robustness of the present technique.
Fig. 7 shows an example (e.g. carried out at step 407) in which the confidence of watermark detection is determined for each frame of video and compared to one of more thresholds to determine whether or not the watermark is present (and thus whether or not the distribution path comparison of step 408 should be activated). This takes into account that, due to the use of lossy compression, signal channel noise or the like, watermark detection may not be perfectly reliable.
In particular, a watermark which is present may occasionally not be detected (false negative). This may undesirably cause the distribution path comparison of step 408 to be deactivated (thereby potentially allowing redistribution piracy) even though there is a watermark present.
A watermark which is not present may also occasionally be detected (false positive). This may undesirably cause the distribution path comparison of step 408 to be activated even though there is no watermark present. If there is no watermark present, the content will be legacy content which also does not include digitally signed distribution information. The I 0 distribution path comparison will thus output a comparison failure. This stops a user from being able to view legacy content and is detrimental to the user experience.
It is therefore desirable to try to reduce the effects of false negatives and false positives using a confidence value for watermark detection, as exemplified in Fig. 7. Here, a confidence value indicating the likelihood of a watermark being present in each decoded video frame is determined. The confidence value may range from 0 to 1, for example (with numbers close to 1 indicating greater confidence).
As shown in Fig. 7, receipt of the legitimate content stream 201 begins at time t = 0 and, as frames of the legitimate content stream 201 are decoded and the watermark successfully extracted, the confidence value successively increases for each frame.
The confidence value is, for example, the proportion of the last N frames for which the watermark was successfully extracted. For instance, if N = 10, then the confidence value will grow from 1/10 = 0.1 for the first frame (if the watermark is detected in the first frame) to 2/10 = 0.2 for the second frame (if the watermark is detected in the second frame) to 3/10 = 0.3 for the third frame (if the watermark is detected in the third frame) and so on.
Once the confidence value reaches an activation threshold (e.g. 0.7), it is considered there is sufficient confidence that the watermark is present in the content. The distribution path comparison of step 408 is therefore activated.
There is also a deactivation threshold (set at less than or equal to the activation threshold, e.g. 0.5), at which point it is considered there is not sufficient confidence that the watermark is present in the content.
Thus, for example, if, from frame n, no watermark is detected in that or the next 5 frames (that is, frames n to n + 5), this will result in the confidence value falling below the deactivation threshold of 0.5 (since only the four frames n-4 to n-1 of the previous N = 10 frames will have had successful watermark extraction, meaning the confidence value falls to 0.4).
This indicates the user may have started to receive legacy content and thus the distribution path comparison of step 408 needs to be deactivated to stop presentation of the content being blocked. At the same time, false negative detection in a smaller number of successive frames will not result in the deactivation of the distribution path comparison.
The confidence in the presence or absence of the watermark is therefore assessed over a plurality of successive frames and compared to activation and deactivation thresholds to reduce the impact of false negatives and false positives on the viewer experience. In particular, use of the activation threshold means a false positive for a small number of frames of legacy content is unlikely to trigger the activation of the distribution path comparison, thereby reducing the risk of a user being denied access to legacy content.
II
Furthermore, use of the deactivation threshold means a false negative for a small number of frames of protected content is unlikely to trigger the deactivation of the distribution path comparison, thereby reducing the risk of some frames of protected content being presented without a distribution path comparison first being performed. This makes it difficult for bad actors, for example, to determine whether they have been able to identify and remove a watermark from an individual frame (which would otherwise be displayed while other frames are not) and use this information to gradually learn details about the current watermark.
Use of the watermark is optional (e.g. it may not be necessary for a service which does not provide any legacy content without added distribution information). In this case, steps 302 and 303 may be omitted from Fig. 3, steps 404 and 407 and the watermark check part of step 408 may be omitted from Fig. 4 and the watermark check part of logic 506 may be omitted from Fig. 5.
Figs. 8A and 8B show example methods.
Fig. SA is executed by the processor 101 of the content providing apparatus 100, for example.
The method starts at step 801.
At step 802, digital video content (e.g. legitimate content stream 201 or redistributed content stream 210) is received over a first content distribution path (e.g. from an HTTP resource controlled by the legitimate content provider, if the digital video content is the legitimate content stream 201, or from an HTTP resource controlled by a bad actor, if the digital video content is the redistributed content stream 210).
At step 803, it is determined determine if a match condition is met. The match condition is that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content. The second distribution path is, for example, an HTTP resource controlled by the legitimate content provider from which the legitimate content stream is received. It is represented in the distribution information by at least a portion of a URL associated with the legitimate HTTP resource, for example. The distribution information is verifiable due to being digitally signed using a secret key of the legitimate content provider, the digital signature being verifiable with a public key corresponding to the secret key.
The match condition will only be met if the first distribution path matches the second distribution path. Thus, for example, at least a portion of a URL associated with the HTTP resource of the first distribution path must match a corresponding portion of the URL associated with the HTTP resource of the second distribution path. At step 803, it is determined if the match condition is met.
if the match condition is met (indicating the digital video content has been received from a legitimate source and is therefore a legitimate content stream 201), the method proceeds to step 804 and output of the digital video content for presentation is allowed. The method then ends at step 805. However, if the match condition is not met (indicating the digital video content has not been received from a legitimate source and may therefore be a redistributed content stream 210), the method ends at step 805 without allowing output of the digital video content for presentation.
Fig. 8B is executed by the processor 106 of the content receiving apparatus 111, for 10 example.
The method starts at step 806.
At step 807, digital video content (e.g. the original content data received at step 301 in Fig. 3) is received.
At step 808, the verifiable distribution information is added to the digital video content. As mentioned, the distribution information indicates a legitimate content distribution path (e.g. HTTP resource) and is verifiable by way of being digitally signed by the legitimate content 20 provider.
At step 809, the digital video content is transmitted (e.g. to content receiving device 111) via the legitimate content distribution path.
The method ends at step 810.
Example(s) of the present disclosure are defined by the following numbered clauses: 1. A data processing apparatus comprising circuitry configured to: receive digital video content over a first content distribution path; determine if a match condition is met, the match condition being that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content; if the match condition is met, allow output of the digital video content for presentation.
2. A data processing apparatus according to clause 1, wherein determining whether the match condition is met comprises: performing an extraction process for extracting distribution information from the digital video content; verifying a digital signature of successfully extracted distribution information using a public key associated with a legitimate source of the digital video content; determining whether the first content distribution path matches the second content distribution path of successfully extracted distribution information; if distribution information is successfully extracted from the digital video content, the digital signature is successfully verified and the first content distribution path matches the second content distribution path, determine the match condition to be met.
3. A data processing apparatus according to clause 1 or 2, wherein the second content distribution path is a Hypertext Transfer Protocol, HTTP, resource and the verifiable distribution information comprises at least a portion of a Uniform Resource Identifier, URI, of the HTTP resource.
4. A data processing apparatus according to clause 3, wherein the circuitry is configured to: intercept an HTTP request to retrieve the digital video content from an application executed by the circuitry; store at least a portion of a URI of the HTTP request; transmit the HTTP request; compare the stored portion of the URI of the HTTP request with a corresponding portion of the URI of the verifiable distribution information of the received digital video content; and determine the match condition is met when the stored portion of the URI of the HTTP request with a corresponding portion of the URI of the verifiable distribution information of the received digital video content.
5. A data processing apparatus according to any preceding clause, wherein the circuitry is configured to: determine if a marker has been imparted on the digital video content and/or on digital audio content associated with the digital video content; if it is determined a marker has not been imparted on the digital video content, allow output of the digital video content for presentation without determining if the match condition is met.
6. A data processing apparatus according to clause 5, wherein the circuitry is configured to: receive, over a secure channel, a string of data representing at least one of a form and location of the marker during each of a plurality of respective time periods; determine if a marker has been imparted on the digital video content during each of the time periods using the string of data.
7. A data processing apparatus comprising circuitry configured to: receive digital video content; add verifiable distribution information to the digital video content, the distribution information indicating a legitimate content distribution path; and transmit the digital video content to a second data processing apparatus via the legitimate content distribution path.
8. A data processing apparatus according to clause 7, wherein the circuitry is configured to make the distribution information verifiable by digitally signing the distribution information using a secret key associated with a legitimate source of the digital video content.
9. A data processing apparatus according to clause 7 or 8, wherein the legitimate content distribution path is a Hypertext Transfer Protocol, HTTP, resource and the verifiable distribution information comprises at least a portion of a Uniform Resource Identifier, URI, of the HTTP resource.
10. A data processing apparatus according to any one of clauses 7 to 9, wherein the circuitry is configured to impart a marker on the digital video content and/or on digital audio content associated with the digital video content.
11. A data processing apparatus according to clause 10, wherein the circuitry is configured to: generate a string of data representing at least one of a form and location of the marker during each of a plurality of respective time periods; transmit the string of data to the second data processing apparatus over a secure channel; and impart a marker on the digital video content during each of the time periods using the string of data.
12. A computer-implemented data processing method comprising: receiving digital video content over a first content distribution path; determining if a match condition is met, the match condition being that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content; if the match condition is met, allowing output of the digital video content for presentation.
13. A computer-implemented data processing method comprising: receiving digital video content; adding verifiable distribution information to the digital video content, the distribution information indicating a legitimate content distribution path; and transmitting the digital video content via the legitimate content distribution path.
14. A program for controlling a computer to perform a method according to clause 12 or 13.
15. A computer-readable storage medium storing a program according to clause 14.
Numerous modifications and variations of the present disclosure are possible in light of the above teachings. It is therefore to be understood that, within the scope of the claims, the disclosure may be practiced otherwise than as specifically described herein.
In so far as embodiments of the disclosure have been described as being implemented, at least in part, by one or more software-controlled information processing apparatuses, it will be appreciated that a machine-readable medium (in particular, a non-transitory machine-readable medium) carrying such software, such as an optical disk, a magnetic disk, semiconductor memory or the like, is also considered to represent an embodiment of the present disclosure. In particular, the present disclosure should be understood to include a non-transitory storage medium comprising code components which cause a computer to perform any of the disclosed method(s).
It will be appreciated that the above description for clarity has described embodiments with reference to different functional units, circuitry and/or processors. However, it will be apparent that any suitable distribution of functionality between different functional units, circuitry and/or processors may be used without detracting from the embodiments.
Described embodiments may be implemented in any suitable form including hardware, software, firmware or any combination of these. Described embodiments may optionally be implemented at least partly as computer software running on one or more computer processors (e.g. data processors and/or digital signal processors). The elements and components of any embodiment may be physically, functionally and logically implemented in any suitable way. Indeed, the functionality may be implemented in a single unit, in a plurality of units or as part of other functional units. As such, the disclosed embodiments may be implemented in a single unit or may be physically and functionally distributed between different units, circuitry and/or processors.
Although the present disclosure has been described in connection with some embodiments, it is not intended to be limited to these embodiments. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in any manner suitable to implement the present disclosure.

Claims (15)

  1. CLAIMS1. A data processing apparatus comprising circuitry configured to: receive digital video content over a first content distribution path; determine if a match condition is met, the match condition being that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content; if the match condition is met, allow output of the digital video content for presentation.
  2. 2. A data processing apparatus according to claim 1, wherein determining whether the match condition is met comprises: performing an extraction process for extracting distribution information from the digital video content; verifying a digital signature of successfully extracted distribution information using a public key associated with a legitimate source of the digital video content; determining whether the first content distribution path matches the second content distribution path of successfully extracted distribution information; if distribution information is successfully extracted from the digital video content, the digital signature is successfully verified and the first content distribution path matches the second content distribution path, determine the match condition to be met.
  3. 3. A data processing apparatus according to claim 1, wherein the second content distribution path is a Hypertext Transfer Protocol, HTTP, resource and the verifiable distribution information comprises at least a portion of a Uniform Resource Identifier, URI, of the HTTP resource.
  4. 4. A data processing apparatus according to claim 3, wherein the circuitry is configured to: intercept an HTTP request to retrieve the digital video content from an application executed by the circuitry; store at least a portion of a URI of the HTTP request; transmit the HTTP request; compare the stored portion of the URI of the HTTP request with a corresponding portion of the URI of the verifiable distribution information of the received digital video content; and determine the match condition is met when the stored portion of the URI of the HTTP request with a corresponding portion of the URI of the verifiable distribution information of the received digital video content.
  5. 5. A data processing apparatus according to claim 1, wherein the circuitry is configured to: determine if a marker has been imparted on the digital video content and/or on digital audio content associated with the digital video content; if it is determined a marker has not been imparted on the digital video content, allow output of the digital video content for presentation without determining if the match condition is met.
  6. 6. A data processing apparatus according to claim 5, wherein the circuitry is configured to: receive, over a secure channel, a string of data representing at least one of a form and location of the marker during each of a plurality of respective time periods; determine if a marker has been imparted on the digital video content during each of the time periods using the string of data.
  7. 7. A data processing apparatus comprising circuitry configured to: receive digital video content; add verifiable distribution information to the digital video content, the distribution information indicating a legitimate content distribution path; and transmit the digital video content to a second data processing apparatus via the legitimate content distribution path.
  8. 8. A data processing apparatus according to claim 7, wherein the circuitry is configured to make the distribution information verifiable by digitally signing the distribution information using a secret key associated with a legitimate source of the digital video content.
  9. 9. A data processing apparatus according to claim 7, wherein the legitimate content distribution path is a Hypertext Transfer Protocol, HTTP, resource and the verifiable distribution information comprises at least a portion of a Uniform Resource Identifier, URI, of the HTTP resource.
  10. 10. A data processing apparatus according to claim 7, wherein the circuitry is configured to impart a marker on the digital video content and/or on digital audio content associated with the digital video content.
  11. 11. A data processing apparatus according to claim 10, wherein the circuitry is configured to: generate a string of data representing at least one of a form and location of the marker during each of a plurality of respective time periods; transmit the string of data to the second data processing apparatus over a secure channel; and impart a marker on the digital video content during each of the time periods using the string of data.
  12. 12. A computer-implemented data processing method comprising: receiving digital video content over a first content distribution path; determining if a match condition is met, the match condition being that the first content distribution path matches a second content distribution path indicated by verifiable distribution information provided with the digital video content; if the match condition is met, allowing output of the digital video content for presentation.
  13. 13. A computer-implemented data processing method comprising: receiving digital video content; adding verifiable distribution information to the digital video content, the distribution information indicating a legitimate content distribution path; and transmitting the digital video content via the legitimate content distribution path.
  14. 14. A program for controlling a computer to perform a method according to claim 12 or 13.
  15. 15. A computer-readable storage medium storing a program according to claim 14.
GB2319992.0A 2023-12-22 2023-12-22 Data processing apparatuses and methods Pending GB2636852A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB2319992.0A GB2636852A (en) 2023-12-22 2023-12-22 Data processing apparatuses and methods
PCT/GB2024/053138 WO2025133591A1 (en) 2023-12-22 2024-12-17 Data processing apparatuses and methods to verify a legitimate content distribution path

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2319992.0A GB2636852A (en) 2023-12-22 2023-12-22 Data processing apparatuses and methods

Publications (2)

Publication Number Publication Date
GB202319992D0 GB202319992D0 (en) 2024-02-07
GB2636852A true GB2636852A (en) 2025-07-02

Family

ID=89768117

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2319992.0A Pending GB2636852A (en) 2023-12-22 2023-12-22 Data processing apparatuses and methods

Country Status (2)

Country Link
GB (1) GB2636852A (en)
WO (1) WO2025133591A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6973444B1 (en) * 1999-03-27 2005-12-06 Microsoft Corporation Method for interdependently validating a digital content package and a corresponding digital license
EP2287772A3 (en) * 2001-01-17 2011-06-22 ContentGuard Holdings, Inc. System and method for digital rights management using a standard rendering engine
US7603720B2 (en) * 2002-04-29 2009-10-13 The Boeing Company Non-repudiation watermarking protection based on public and private keys
EP2557521A3 (en) * 2003-07-07 2014-01-01 Rovi Solutions Corporation Reprogrammable security for controlling piracy and enabling interactive content
US8037506B2 (en) * 2006-03-03 2011-10-11 Verimatrix, Inc. Movie studio-based network distribution system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
GB202319992D0 (en) 2024-02-07
WO2025133591A1 (en) 2025-06-26

Similar Documents

Publication Publication Date Title
US9367885B2 (en) Method and system for adding and detecting watermark
US8705791B2 (en) Method and system for utilizing GPS information to secure digital media
US8806215B2 (en) Method and system for robust watermark insertion and extraction for digital set-top boxes
US8265276B2 (en) Method for combining transfer functions and predetermined key creation
US6668246B1 (en) Multimedia data delivery and playback system with multi-level content and privacy protection
US7607017B2 (en) Embedding data in material
US8000493B2 (en) Method and system for watermark embedding in a multimedia system-on-chip
US8245046B2 (en) Interconnect device to enable compliance with rights management restrictions
WO2002003385A1 (en) Copy protection of digital data combining steganographic and cryptographic techniques
US11212595B1 (en) System and method for watermarking over the top (OTT) content delivered through OTT platform
US20040187005A1 (en) Method and system for marking digital content
US12273601B2 (en) Live video streaming architecture with real-time frame and subframe level live watermarking
CN103141110A (en) Method and system for providing encrypted content to multiple user devices
US12041318B2 (en) System and method for automatic detection and reporting of group watermarking data
US20130064288A1 (en) Secured content distribution
GB2636852A (en) Data processing apparatuses and methods
US20100064139A1 (en) System and method of extending marking information in content distribution
US12229293B2 (en) Secure client watermark
US20230141582A1 (en) Digital Watermarking in a Content Delivery Network
JP2014175757A (en) Digital watermark processing system for generating digital watermark by coupling divided elements, server, program and method
KR101450649B1 (en) Drm system for multimedia contents by using software correction filter
CN112153417A (en) Content scrambling protection method and system for copyright of streaming media content
HK1235126A1 (en) System and method for creating a temporal-based dynamic watermark
Barnes A Survey of Recent Advances in Video Security