[go: up one dir, main page]

HK1055365A - Method and system to uniquely associate multicast content with each of multiple recipients - Google Patents

Method and system to uniquely associate multicast content with each of multiple recipients Download PDF

Info

Publication number
HK1055365A
HK1055365A HK03107472.9A HK03107472A HK1055365A HK 1055365 A HK1055365 A HK 1055365A HK 03107472 A HK03107472 A HK 03107472A HK 1055365 A HK1055365 A HK 1055365A
Authority
HK
Hong Kong
Prior art keywords
content
unique
key
watermark
copy
Prior art date
Application number
HK03107472.9A
Other languages
Chinese (zh)
Inventor
M‧A‧G‧怀特
A‧A‧魏斯
Original Assignee
Entriq
Irdeto Access Bv
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Entriq, Irdeto Access Bv filed Critical Entriq
Publication of HK1055365A publication Critical patent/HK1055365A/en

Links

Description

Method and system for uniquely associating multicast content with each of a plurality of recipients
RELATED APPLICATIONS
This application is related to and claims priority from european patent application No. 00200793.8 entitled "method and system for providing a copy of scrambled content with a unique watermark, and system for descrambling the scrambled content", filed on 3/6/2000, which is hereby incorporated by reference. This application is also related to and claims priority from U.S. provisional patent application No. 60/218,031, entitled "method and system for uniquely associating multicast content with each of a plurality of recipients," filed on 12/7/2000, which is hereby incorporated by reference.
Technical Field
The present invention relates generally to data processing. In particular, the present invention relates to "watermarking" or uniquely authenticating content. In particular, the present invention relates to a method and system for multicasting content uniquely associated with each of a plurality of recipients.
Background
Today, text, audio, and video content ("content") can be transmitted using a variety of techniques. For example, an Internet (Internet) server may transmit a video clip to a large number of users. Such a process is typically referred to as "streaming". However, there are a number of challenges for streaming content over the Internet. One challenge is content protection. The challenge of such content protection relates to preventing illegal copying and distribution of premium content. Another challenge is bandwidth economy. The challenge of such bandwidth economy relates to transferring content within a limited bandwidth.
One method of content protection is watermarking. Watermarking is a process of inserting unique information ("watermark") into content in a non-deletable manner. That is, an attempt to remove the watermark may result in the loss of all or part of the original content. A watermark is a form of, for example, a rubber stamp that is applied to one frame of a moving image with a unique signature. Typically, for a server to perform watermarking on the Internet, the server must send the user content with different watermarks. Thus, a disadvantage of the single watermarking process is that each item of content must be uniquely watermarked for each user or entity to which the content is assigned. Watermarking can be bandwidth intensive and very complex for the server if the number of users receiving the content is large.
Another method of content protection is to encrypt or scramble the content. For example, to prevent unauthorized copying of content, the content is encrypted with one or more keys and decrypted by the user using the key that correctly accesses the content. Generally, content is compressed and encrypted simultaneously. A disadvantage of single encrypted content is that unauthorized copying of the content after decryption and descrambling is still possible. To detect such unauthorized copying, a fingerprint or watermark may be added to the content to indicate that the content is copyrighted. One problem with adding watermarks to encrypted content is that the content must first be decrypted before the watermark is added. Thus, if the content is encrypted, access to the content will not be possible. Moreover, adding a watermark and decrypting the content requires a lot of processing power.
One approach to addressing bandwidth limitations is multicast (multicasting). Multicasting is the process of sending content to multiple users at the same time by a single server. For example, a server on the Internet may send ("multicast") a video clip to many users at one time. Thus, a single server can send content to many users without causing both the server and the network to become too congested. A disadvantage of single multicast is that it is difficult to protect the multicast content. For example, multicasting is incompatible with existing watermarking techniques because it relies on all users receiving exactly the same data. However, watermarking relies on all users receiving data that is uniquely printed with a "stamp". As such, distributing content such as text, audio, and video data over the Internet presents a number of problems related to providing the content within a limited bandwidth and ensuring that the content is protected or authenticated.
Summary of The Invention
According to one aspect of the invention, a method is disclosed in which a copy of at least a portion of content having a first watermark is encrypted. A copy of at least a portion of the content having the second watermark is encrypted. The copy portion encrypted with the first watermark and the copy portion encrypted with the second watermark are combined in a manner unique to each user.
According to another aspect of the invention, a method is disclosed in which first and second copies of content are watermarked with first and second watermarks, respectively. A first copy of the content is encrypted using a first key and a second copy of the content is encrypted using a second key. The encrypted first and second copies are combined into a single data stream.
Other features and advantages of the present invention will be apparent from the accompanying drawings and from the detailed description that follows.
Brief Description of Drawings
The invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
FIG. 1 illustrates an exemplary diagram of a network environment in which the present invention may be implemented;
FIG. 2 illustrates a diagram of merging encrypted content according to one embodiment;
FIG. 3 illustrates a block diagram of a content server delivering encrypted content to a client in accordance with one embodiment;
FIG. 4A illustrates an operational flow diagram for providing encrypted content according to one embodiment;
FIG. 4B illustrates a flowchart of one operation of decrypting encrypted content, according to one embodiment;
FIG. 5 illustrates a block diagram of a content server for unicast key and multicast encrypted watermarked content, according to one embodiment;
FIG. 6A illustrates an operational flow diagram for generating a single data stream having encrypted content;
FIG. 6B illustrates an operational flow diagram for distributing keys and the single data stream of FIG. 6A;
FIG. 7 illustrates an exemplary video frame performing the operations of FIG. 6A; and
FIG. 8 is a block diagram of an exemplary data processing or computing system in which the present invention may be implemented.
Detailed Description
In the described method and system content can be securely distributed and protected in a manner that is feasible in terms of bandwidth economy and that ensures that users can be authenticated by the received content. In one embodiment, a copy of the encrypted content may be provided such that a unique watermark can be added to the copy. In another embodiment, the content may be watermarked and multicast to the clients simultaneously. Likewise, when providing reliably watermarked protected content, the content may be distributed by using the bandwidth availability of multicast.
In the following description, a watermark is referred to as an identifier or signature. For example, an identifier or signature may be used to indicate copyrighted data. The watermark can also be used to indicate the source and authorization of the data or the identity of the data client/user/customer. In addition, watermarking allows for the processing of encrypted content in such a way that it can be multicast and still produce a pattern unique to decryption. Furthermore, in the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to those skilled in the art that the present invention may be practiced without these specific details.
Exemplary network Environment
FIG. 1 illustrates an exemplary diagram of a network environment 100 in which the present invention may be implemented. Referring to fig. 1, a content server 104 may communicate with a number of clients 1(101-1) through N (101-N) through a network 102. In one embodiment, the network 102 is the Internet (Internet). The Internet is a worldwide system of interconnected networks that operate over Internet Protocol (IP) to transmit data (e.g., packets). In other embodiments, network 102 may be other network types, such as a token ring network, a Local Area Network (LAN), or a Wide Area Network (WAN). Network 102 can also operate in a wired or wireless environment.
Content server 104 is a type of network device used to communicate over network 102. In one implementation, content server 104 is a general purpose computer such as a WEB server. In other embodiments, content server 104 is a network device including a network router, switch, bridge, gateway, or other similar network device for communicating over network 102. The content server 104 includes a media server module 108 coupled to the content store 106. Content storage 106 is a storage device such as, for example, a hard disk, a compact disc read only memory (CD), a Digital Video Disc (DVD), Random Access Memory (RAM), Dynamic Random Access Memory (DRAM), or other similar storage device for storing distributed content.
In one embodiment, the media server module 108 is a processing device to process instructions or code to perform the operations described herein. In another embodiment, the media server module 108 is a hardware and/or software module that performs the same. The media server module 108 recovers and processes the content stored on the content store 106 and distributes the content to the clients 1 through N. The content stored in content memory 106 may include video and/or audio data or other similar data types. For example, the content can include Moving Picture Experts Group (MPEG) data. In one embodiment, the media server module 108 operates according to the processing techniques as described in relation to fig. 2, 3, 4A, and 4B. In another embodiment, the media server module 108 operates according to the processing techniques as described in relation to fig. 5, 6A, 6B, and 7.
Clients 1 through N may be general-purpose computers for receiving content from content server 104 over network 102. Alternatively, clients 1 through N may also be additional content servers, such as content server 104. For example, clients 1 through N may be personal computers, workstations, laptops, or other similar computing devices. Clients 1 through N may also be electronic portable devices such asSuch as a Personal Data Assistant (PDA), wireless telephone, or other similar device, which may communicate with a content server over the network 102 over a wired or wireless medium. Clients 1 through N may include applications that view and display content from content server 104. For example, clients 1 through N may include a client such as, for example, Real PlayerTMOr QuickTimeTMTo play the application of video data.
Example of providing copies of encrypted content Using unique watermarks
The following description relating to the embodiments of fig. 2, 3, 4A and 4B provides a copy of the content encrypted with a watermark that is unique to each of a number of clients and broadcasts the encrypted content to the clients. Fig. 2 illustrates a diagram 200 of merged encrypted content according to one embodiment. For purposes of explanation, the content is described as "movie content" but could obviously be other types of content, such as a recorded audio file.
In one embodiment, the content store 106 includes three copies of movie content. Each copy stored in content store 106 is encrypted in a suitable manner. A first copy 210, called the "pivot copy", is encrypted. The second copy 220 of the content is obtained by watermarking at least one portion of the complete content with a first identifier, e.g. a "1 s" sequence or a more complex two-bit sequence. Thereafter, the second copy 220 is encrypted in a suitable manner to obtain an encrypted copy that is watermarked with the first identifier. A third copy 230 of the content is obtained by watermarking at least one portion of the complete content with a second identifier, e.g. a "0 s" sequence or a more complex two-bit sequence. Thereafter, the third copy 230 is encrypted in a suitable manner to obtain an encrypted copy that is watermarked with the second identifier. The second and third copies 220 and 230 may be watermarked with any unique identifier.
The watermarked copies 220 and 230 may comprise a percentage of the original movie content. For example, the watermarked copies 220 and 230 may include 1% to 20% of the full movie content. However, the complete movie content may be watermarked with the first and second identifiers, respectively. In an alternative embodiment, the hub replica 210 may be omitted. Further, the copies 210, 220, and 230 may be stored on separate storage devices or separate servers.
In one embodiment, if a client requests movie content from the content server 104, the media module server 108 will add a watermark unique to the client. That is, in the example of fig. 2, the watermark would be a unique identifier having unique 1(ones) sequences ("1 s") and 0 (zeros) sequences ("0 s"). Based on the unique 1-sequence and 0-sequence, the media module server 108 merges the encrypted portion of the backbone copy 210, the first copy 220 watermarked with the 1-sequence watermark, and the second copy 230 watermarked with the 0-sequence watermark, and transmits the merged portion to the requesting client. Likewise, the requesting client receives an encrypted copy imprinted with the user's unique watermark.
However, the watermark is not necessary to encrypt and decrypt the content in the relatively insecure content server 104 environment. The 1-sequence and 0-sequence unique identifications and associated client identification information may be stored in content store 106 or in a separate storage device. The backbone copy of the scrambled content 210 is used to reduce the amount of data that needs to be stored in the content memory 106. Alternatively, a scrambled copy of the content may be provided with a watermark without using the backbone copy 210.
Fig. 3 illustrates a block diagram 300 of the content server 104 communicating scrambled content with one client 100 according to one embodiment. The client 100 may represent clients 1 through N in fig. 1. Referring to fig. 3, the content server 104 includes a media server module 108 having a receiving module 302 coupled to an encryption module 304, which is coupled to a key management module 306. Each module may be a separate processing device or a hardware and/or software module operating within content server 104 to process instructions or code for performing the operations described herein.
The encryption module 304 encrypts the content of the reception module 302. In one implementation, the receiving module 302 may receive the content of the content memory 106. In another embodiment, the receiving module 302 receives content from the network 102 or an external connection such as a cable or modem line. The encryption module 304 may encrypt the content using a key in a standard encryption process. For example, the encryption module 204 can insert keys into the video content stream as Entity Control Messages (ECMs) to encrypt the video content stream.
In one embodiment, watermarking may be performed on the client side. For example, the client 100 may add a watermark during a decryption process for decrypting encrypted content of the content server 104. Client 100 may decrypt the encrypted content of content server 104 by storing the encrypted content in real time or at an advanced time.
For purposes of explanation, in the following description, the receiving module 302 in the client 100 receives encrypted content representing a "movie" that is broadcast to the client 100. Other types of content such as text or commonly broadcast audio content may be used. The receiving module 302 may be programmed to provide a number of double portions or so-called double lit portions of the movie. In one embodiment, if the movie is compressed, for example, according to the MPEG standard, the I-frame or similar portion is double lit to keep the bandwidth low. In one embodiment, the receiving module 302 provides the watermark to the doubly lit portion. For example, the receiving module 302 can add a 0 sequence (or first identifier) watermark and a 1 sequence (or second identifier) watermark to select portions of each doubly lit portion. The receive module 302 then passes the hub portion and the double lit portion to the encryption module 304.
Encryption module 304 uses the key provided by key management module 306. Key management module 306 may include one or more storage devices to store a large number of keys for scrambling content. In one embodiment, the encryption module 304 encrypts the pivot portion using a first key (key 1) to provide the pivot copy 210, encrypts the portion watermarked with the 1 sequence using a second key (key 2) to provide the second copy 220, and encrypts the portion watermarked with the 0 sequence using a third key to provide the third copy 230.
The key management module 306 in the content server 104 includes a key management application to allow the client 100 to receive a unique copy of the encrypted content in a predetermined manner by transmitting the client keys 2 and 3. The key management module 306 also allows the client 100 to decrypt the encrypted content of the encryption module 304. That is, the key management module 100 provides the unique key information to the client 100 through the encryption module 304 to decrypt one uniquely combined encrypted content having an encrypted portion watermarked with a 0 sequence (or first identifier) and an encrypted portion watermarked with a 1 sequence (or second identifier). Also, the key management module 306 may store information related to the client receiving the unique merged portion. In this way, the client 100 can provide a clear content stream of a movie with a unique watermark or identifier. Thus, the content stream can be easily verified to determine whether the appropriate client is receiving and watching the movie.
The key management module 306 may, for example, provide entity control messages ECMs with key 1, key 2, or key 3. During the broadcast of the encrypted content, the key management module 306 provides ECMs to the respective clients with the keys to obtain a unique combination of the 1 and 0 sequences at the respective clients. In the example of fig. 3, the key management module 306 may provide ECMs to the client 100 through the encryption module 304 or directly using an external connection of the network 102.
The client 100 includes a receiving module 308 for receiving encrypted content from the content server 104. The receiving module 308 can also receive keys from the key management module 306 in the content server 104. The receiving module 308 is coupled to a decryption module 310, which is coupled to a key management module 312. Each module may be a separate processing device or hardware and/or software module that processes instructions or code for performing the operations described herein.
The client 100 decrypts the encrypted content from the content server 104 using the decryption module 310. The receiving module 308 receives the encrypted content from the encryption module 304 and extracts the ECMs from the encrypted content and passes the ECMs to the key management module 312. The key management module 312 provides the keys from the extracted ECMs to the decryption module 310. The receive module 308 also provides the encrypted content from the content server 104 to the decrypt module 310.
In one embodiment, the content server 104 provides ECMs with key 1 and key 2 or key 3 unique to the client 100. In particular, the key management module 312 of the client 100 communicates the key to the decryption module 310. The decryption module 310 uses this key to obtain the clear content of the uniquely combined 0 and 1 sequences. In one embodiment, only the second watermark with the 1 sequence may be decrypted if only key 2 is available, whereas only the part watermarked with the 1 sequence may be decrypted if only the third key is available. In this example, the watermarking of the hub replica 210 is directly controlled by the content server 104.
In an alternative embodiment, the key management program or instructions may be downloaded or permanently stored in the key management module 312 at the client 100. For example, key management module 312 may include a smart card to provide secure download programs or instructions. In particular, the smart card may receive an ECM that includes all three keys (key 1 through key 3), which are provided to the decryption module 310 in a manner unique to the smart card.
Fig. 4A illustrates a flow diagram of operations 400 for providing scrambled content according to one embodiment. First, operation 400 begins with operation 402.
At operation 402, a copy of at least a portion of the watermarked content is provided with a first identifier (e.g., "0 s"). For example, the receiving module 302 provides the content printed with the "0 s" watermark to the encryption module.
At operation 404, a copy of at least a portion of the watermarked content is provided with a second identifier (e.g., "1 s"). For example, the receiving module 302 provides the content printed with the "1 s" watermark to the encryption module.
At operation 406, the copies of the content that are watermarked with the watermarks "0 s" and "1 s" are encrypted. In one embodiment, the encryption module 304 can encrypt the watermarked content into three parts, such as a hub copy 210 having a unique key of 1, a first copy 220 of the watermarked "1 s" encrypted content encrypted with a unique key of 2, and a second copy 230 of the watermarked "0 s" encrypted content encrypted with a unique key of 3.
At operation 408, the merging of the portions of the first copy 220 and the second copy 230 is unique to each client. In one embodiment, portions of the first copy 220 and the second copy 230 are merged with the pivot copy 210. In an alternative embodiment, portions of the first copy 220 and the second copy 230 are not merged with the pivot copy 210. The encryption module 304 may perform the operations described above. Encryption module 304 or key management module 306 may send the unique key (e.g., keys 1 through 3) to a client to decrypt the content.
FIG. 4B illustrates a flowchart of operations 450 for decrypting encrypted content, according to one embodiment. First, operation 450 begins with operation 452.
At operation 452, a unique key is received, and content server 104 encrypts content using the key. For example, the receiving module 308 of the client 100 may receive the unique key. The receiving module 308 can communicate the unique key to a key management module 312 or a decryption module 310 in the client 100.
At operation 454, encrypted content is received. The encrypted content is "double lit" in which at least a portion is copied and watermarked with a different identifier. For example, the client 100 can receive the encrypted content of operation 400 through the receiving module 308. However, the encrypted content can be received before the unique key is received in operation 452.
At operation 456, the encrypted content is decrypted. For example, the decryption module 310 can use the received unique key to decrypt encrypted content from the content server 104.
Multiple watermark instance
The following embodiments, in connection with fig. 5, 6A, 6B, and 7, describe a method and system for authenticating unique multicast content with each of a plurality of recipients. The following embodiments describe a "multi-watermark" process of a single data stream of, for example, video content, by encrypting it in a manner that allows a large number of unlocked keys to be distributed to multiple recipients ("customers"). Each key may decrypt the content into a unique form. In one embodiment, the content is encrypted once and then distributed to multiple clients. To unlock the content and for viewing, one or more unique keys are required to decrypt the content. That is, each unique key will result in the content it decrypts being universally unique and viewable.
Fig. 5 illustrates a block diagram 500 of the content server 104 for unicasting keys and multicasting encrypted content according to one embodiment. Referring to fig. 5, the content server 104 includes a content store 106 for storing content, the content store 106 coupled to a server media module 108. In one embodiment, the server media module 108 includes a watermarking module 506 coupled to the content store 106 and an encryption module 507 coupled to a key database 508. Each module may be a separate processing device or hardware and/or software module that processes instructions or code for performing the operations described herein.
The content storage 106 stores multicast content. For example, the content store 106 may store text, audio, and video content. In the following embodiments, the content memory 106 stores a stream of video data. The watermarking module 506 processes the video data stream in the content memory 106. In one implementation, the watermarking module 506 adds a unique watermark or stamp to redundant data (e.g., frames or packets in a video data stream) for multi-watermarking. That is, redundant data slices (e.g., "frames") are included in the video data stream. The watermark or stamp referencing any modifications to one or more video frames will cause detectable information to be added to those frames. Watermarking module 506 passes these watermarked frames to encryption module 507.
The encryption module 507 encrypts these watermarked frames. In one embodiment, encryption module 507 may uniquely encrypt each of the repeated frames as some of the frames repeat in the video stream. Likewise, a unique encryption and decryption key may be used and associated with each redundant frame. The key database 508 may store these keys. Key database 508 may include one or more key tables that are mapped for unique clients/users/customers ("customers"), and will be described below. In one embodiment, the encryption module 507 unicasts a unique key from the key database 508 to each customer. The encryption module 507 can also multicast the watermarked content, which has been encrypted, to all customers requesting to receive the multicast. In an alternative embodiment, the encryption module 507 first multicast and then unicast the key.
Fig. 6A illustrates a flow diagram of operations 600 for generating a single data stream with encrypted video frames. First, operation 600 begins with operation 602.
At operation 602, select frames in the video data stream stored in the content memory 106 are watermarked. For example, as shown in FIG. 7, frame 715 represents 5 frames of original content. The watermarking module 506 may provide a unique watermark to the repeated frames. The number of repetitions generated is not relevant except that the repetition does occur, which allows a portion of the whole to be uniquely encrypted. In the example of FIG. 7, it can be seen that the letters are stamped onto the lower right hand corner of the repeating frame as shown by frame 725.
At operation 604, the selected watermarked frame and the remaining frames are encrypted with a unique key. As shown in frame 735 of fig. 7, the stamped frame is encrypted using a unique key consistent with stamp uniqueness. That is, if the stamp is unique, then the key is also unique. The remaining frames are encrypted using a public key. For example, frames stamped with stamps "ADA", "LME", "XRD", and "QEW" are encrypted using a unique key. The non-stamped or non-watermarked frames are encrypted using a public key.
At operation 606, frames 735 are merged into a single data stream as shown in frame 745 of FIG. 7. A single data stream, frame 745, may be multicast to the requesting customer. In one embodiment, the public key is sent to all customers. The incorporation of other keys set for the customer indicates which frames can be decrypted and likewise which stamps will be in the customer decryption mode. In one embodiment, a decryption key unique to each customer is sent to the customer at a single point.
Since frames can be duplicated and uniquely sealed and uniquely encrypted, a two-dimensional array of key/seal pairs can be established for any given entry of content. The array has the same width as the number of time slots selected for the uniquely stamped frame and has the same depth as the number of time slots of the repeated frame.
As shown in fig. 7, each of the frames 725 is selected for stamping a stamp watermark. Here, the use of two watermarks or stamps therefore requires an array having two widths. In each chapter selection, each frame is repeated twice, requiring 2 depths. As shown in Table 1 below, a 2 x 2 array of mappings of unique keys to each seal is shown.
Table 1
Frame 2 and 3 frame 5 key 1 ADA key 3 LME key 2 XRD key 4 QEW
By selecting those keys sent to any given customer, it can be determined which stamps are provided in relation to the once decrypted content. For example, the array described above has four potential ways of merging. Thus, there may be four unique verifiable patterns after decryption. An exemplary table 2 below shows each customer receiving a key based on a seal in the content.
Table 2
The signature Michael key 1, key 3 ADA, LMEDonald key 2, key 4 XRD, QEWJane key 1, key 4 ADA, QEWMary key 2, key 3 XRD, LME in the key content received by the customer
When a video stream is partially repeated, the video content may be encrypted in a manner that ensures uniqueness of the decryption pattern. This concept relies on the fact that not all keys are assigned to the customer who needs the content item, but rather a unique combination of keys just enough to decrypt the content into a viewable state.
The most popular video compression technique involves starting an animation sequence using key frames (or I-frames) and then data describing how the remaining frames in the sequence differ from each other. In one embodiment, since the multi-watermark instance described above relies on the repetition of video frames, a multi-watermark engine associated with a video compression engine may be used to determine where to generate key frames to provide a compression scheme.
Fig. 6B illustrates a flowchart of the operation 650 of assigning keys and the single data stream of fig. 6A. First, operation 650 begins with operation 652.
At operation 652, the unique key is unicast. For example, the keys in tables 1 and 2 above are unicasted to one or more clients or customers.
At operation 654, the single data stream, having the unique watermark and encrypted with the unique key, is multicast. For example, frame 745 shown in fig. 7 is multicast to one or more clients or customers. In further embodiments, the order of operation 652 and operation 654 may be reversed.
Thus, the operations described above in fig. 6A and 6B illustrate how multicast content is uniquely associated with each of a plurality of clients and customers.
Exemplary data processing or computing System
Fig. 8 is a block diagram of an exemplary data processing system 800 for a content server or client. For example, digital processing system 800 may represent content server 104 depicted in fig. 1, 2, and 5. Digital processing system 800 may also store a set of instructions that cause the system to perform any of the operations described above. Digital processing system 800 also may represent clients or other types of network devices in a network, including network routers, network switches, or bridges or gateways. Digital processing system 800 also may represent a client, such as a portable electronic device, for example, a personal data assistant, a mobile device, a network appliance, or any other type of machine that can execute specific sequences of instructions for actions to be taken by that machine.
Referring to FIG. 8, digital processing system 800 includes a bus 808 that is coupled to a Central Processing Unit (CPU)802, a main memory 804, a static memory 806, a network interface 822, a video display 810, an alpha-numeric input device 812, a pointer control device 814, a drive unit 816, and a signal generation device 820. Devices coupled to bus 808 may communicate information or data to each other using bus 808. Also, the devices of digital processing system 800 are exemplary, and one or more of the devices may be omitted or added. For example, one or more memory devices may be used for digital processing system 800.
The CPU802 may process the instructions 826 via the bus 808 or the instructions 826 stored in the main memory 804 or in a machine-readable medium 824 located within the drive unit 806. For one embodiment, CPU802 may process and execute instructions to perform the operations described in FIGS. 2A, 2B, 6A, and 6B. Bus 808 is a communication medium used to transfer data or information for digital processing system 800.
Main memory 804 may be, for example, a Random Access Memory (RAM) or some other dynamic storage device. Main memory 804 stores instructions 826 that can be used by CPU 802. Main memory 804 also may store temporary variables or other intermediate information during execution of instructions by CPU 802. Static memory 806 can be, for example, a Read Only Memory (ROM) and/or other static storage device, for storing information or instructions that can also be used by CPU 802. The drive unit 816 may be, for example, a hard or floppy disk drive unit or an optical disk drive unit with a mechanically readable medium 824 storing instructions 826. The machine-readable medium 824 may also store other types of information or data.
The video display 810 may be, for example, a Cathode Ray Tube (CRT) or a Liquid Crystal Display (LCD). The video display device 810 displays information or graphics for the user. Alpha-numeric input device 812 is an input device (e.g., a keyboard) for communicating information and command selections to digital processing system 800. The pointer control device 814 may be, for example, a mouse, a trackball, or pointer direction keys for controlling movement of an object on the video display 810. The signal generating device 820 may be, for example, a speaker or a microphone.
Digital processing system 800 may be connected to network 102 through a network interface device 822. Network interface 822 may connect to a network, such as a Local Area Network (LAN), a Wide Area Network (WAN), a token ring network, the Internet, or other type of network. The network interface device 822 may also support different network protocols such as, for example, hypertext transfer protocol (HTTP), Asynchronous Transfer Mode (ATM), optical distributed data interface (FDDI), frame relay, or other similar protocols.
Thus, a method and system for uniquely authenticating multicast content with each of a plurality of receivers has been described. In the foregoing detailed description, the invention has been described with reference to specific exemplary embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (60)

1. A computer-implemented method, comprising:
encrypting a copy of at least a portion of the content having the first watermark;
encrypting a copy of at least a portion of the content having the second watermark; and
the encrypted copy portion with the first watermark and the encrypted copy portion with the second watermark are combined in a manner unique to each client.
2. The computer-implemented method of claim 1, wherein the first watermark comprises "0 s" and the second watermark comprises "1 s".
3. The computer-implemented method of claim 1, further comprising:
the combined portion is distributed to one or more clients over a network.
4. The computer-implemented method of claim 3, wherein the network comprises the Internet.
5. The computer-implemented method of claim 1, further comprising:
encrypting a hub portion of the content; and
the encrypted pivot copy portion, the encrypted copy portion with the first watermark, and the encrypted copy portion with the second watermark are merged in a manner unique to each client.
6. A server, comprising:
a storage device for storing content; and
an encryption module to encrypt a copy of at least a portion of the content with the first watermark, encrypt a copy of at least a portion of the content with the second watermark, and combine the portion of the encrypted copy with the first watermark and the portion of the encrypted copy with the second watermark in a manner unique to each client.
7. The server of claim 6, wherein the first watermark comprises "0 s" and the second watermark comprises "1 s".
8. The server of claim 6, wherein the server distributes the merged portion to one or more clients over a network.
9. The server of claim 6, wherein the network comprises the internet.
10. The server of claim 6, wherein the encryption module is to encrypt the backbone portion of the content and combine the encrypted backbone copy portion, the encrypted copy portion with the first watermark, and the encrypted copy portion with the second watermark in a manner unique to each client.
11. A computing system, comprising:
means for storing content; and
means for encrypting a copy of at least a portion of the content with the first watermark and encrypting a copy of at least a portion of the content with the second watermark; and
means for merging the encrypted copy portion with the first watermark and the encrypted copy portion with the second watermark in a manner unique to each client.
12. The computing system of claim 11, wherein the first watermark comprises "0 s" and the second watermark comprises "1 s".
13. The computing system of claim 11, further comprising:
means for assigning the combined portion to one or more clients over a network.
14. The computing system of claim 13, wherein the network comprises the internet.
15. The computing system of claim 11, further comprising:
means for scrambling a hub portion of the content; and
means for merging the encrypted pivot copy portion, the encrypted copy portion with the first watermark, and the encrypted copy portion with the second watermark in a manner unique to each client.
16. A machine-readable medium that provides instructions, which if executed by a processor, cause the processor to perform operations comprising:
encrypting a copy of at least a portion of the content having the first watermark;
encrypting a copy of at least a portion of the content having the second watermark; and
the scrambled copy portion with the first watermark and the scrambled copy portion with the second watermark are combined in a manner unique to each client.
17. A digital processing system, comprising:
a storage device for storing an encrypted copy of at least a portion of the content watermarked with the first identifier and an encrypted copy of at least a portion of the content watermarked with the second identifier; and
a processing unit coupled to the storage device, the processing unit combining the watermarked encrypted copy portions with first and second identifiers unique to each client.
18. The digital processing system of claim 17, wherein the processing unit sends the merged portion to each client.
19. The digital processing system as claimed in claim 17, wherein the first identifier comprises "0 s" and the second identifier comprises "1 s".
20. The digital processing system of claim 17, wherein the storage device is to store a client identifier and a corresponding unique combination of watermarked copies for the client.
21. The digital processing system of claim 17, wherein the storage device is to store a hub scrambled copy of the content.
22. The digital processing system of claim 21, wherein the processing unit is to combine at least a portion of the neutral encrypted copy with the encrypted copy portion watermarked with the first identifier and the encrypted copy portion watermarked with the second identifier.
23. A digital processing system, comprising:
a receiving module for providing clear content having a plurality of double portions, a first portion watermarked with a first identifier and a second portion watermarked with a second identifier;
an encryption module coupled to the receiving module, the encryption module for encrypting the explicit content with a first key, encrypting the first portion watermarked with the first identifier with a second key, and encrypting the second portion watermarked with the second identifier with a third key; and
a key management module for managing keys to allow one or more clients to decrypt encrypted content that is a combination of encrypted first and second portions watermarked with the first identifier and the second identifier, respectively, in a manner unique to each client.
24. The digital processing system as claimed in claim 23, wherein the first identifier comprises "0 s" and the second identifier comprises "1 s".
25. The digital processing system as set forth in claim 23, wherein the encryption module is for providing Entity Control Messages (ECMs) using the first key, the second key and the third key, wherein the second and third keys alternate to obtain a unique combination of "0 s" and "1 s" that is unique to each client.
26. The digital processing system of claim 23, wherein the storage device is to store a unique combination of the client identification and the corresponding watermarked copy for the client.
27. A computer-implemented method, comprising:
watermarking the first and second copies of the content with first and second watermarks, respectively;
encrypting a first copy of the content using the first key and a second copy of the content using the second key; and
the encrypted copies are merged into a single data stream.
28. The computer-implemented method of claim 27, further comprising:
a single data stream is multicast to one or more clients.
29. The computer-implemented method of claim 27, further comprising:
the unique key and the public key are stored in a database comprising an array for matching the unique key to the unique watermark.
30. The computer-implemented method of claim 29, further comprising:
the unique key is selectively unicasted to one or more clients.
31. The computer-implemented method of claim 30, further comprising:
each client is associated with a received unique key and a watermark in the data stream.
32. A server, comprising:
a storage device for storing content;
a processing unit for watermarking redundant portions of the content with one or more unique watermarks, encrypting the watermarked redundant portions with a unique key for each unique watermark and encrypting the remainder of the stream of content with a public key, and combining the encrypted portions into a single data stream.
33. The server of claim 32, wherein the processing unit is configured to multicast the single data stream to one or more clients.
34. The server of claim 32, further comprising:
a database for storing the unique key and the public key, the database comprising an array matching the unique key with the unique watermark.
35. The server of claim 32, wherein the processing unit is to selectively unicast the unique key to the one or more clients.
36. The server of claim 32, wherein the processing unit is operative to associate each client with a unique key and a watermark in the data stream.
37. A computing system, comprising:
means for storing content;
means for watermarking redundant portions of the content with one or more unique watermarks;
means for encrypting the watermarked redundant portion using a unique key for each unique watermark and encrypting the remainder of the content stream using a public key; and
means for merging the encrypted portions into a single data stream.
38. The computing system of claim 37, further comprising:
means for multicasting a single data stream to one or more clients.
39. The computing system of claim 37, further comprising:
means for storing the unique key and the public key in a database comprising an array for matching the unique key to the unique watermark.
40. The computing system of claim 37, further comprising:
the unique key is selectively unicasted to the devices of one or more clients.
41. The computing system of claim 37, further comprising:
means for associating each client with a unique key and a unique watermark in the data stream.
42. A machine-readable medium that provides instructions, which if executed by a processor, cause the processor to perform operations comprising:
watermarking redundant portions of the content with one or more unique watermarks;
encrypting the watermarked redundant portion using a unique key for each unique watermark and encrypting the remainder of the content stream using a public key; and
the encrypted portions are combined into a single data stream.
43. A method of distributing content, the method comprising:
watermarking the first and second copies of the content portion with first and second identifiers, respectively;
encrypting each of the first and second copies of the content portion with at least first and second keys, respectively;
providing both the first and second copies of the content portion to the first and second users; and
at least the first key is provided to the first user and the second key is provided to the second user such that the first user can decrypt a first copy of the portion of the content watermarked with the first identifier and such that the second user can decrypt a second copy of the portion of the content watermarked with the second identifier.
44. The method of claim 43, wherein the content comprises text, audio, or video content.
45. The method of claim 43, wherein providing the first and second replicas and the key comprises providing the first and second replicas and the key over a network.
46. The method of claim 45, wherein the network comprises the Internet.
47. An apparatus, comprising:
watermarking means for watermarking the first and second copies of the content portion with the first and second identifiers, respectively;
encrypting means for encrypting each of the first and second copies of the content portion with at least first and second keys, respectively;
providing means for providing both the first and second copies of the content portion to the first and second users;
providing means for providing at least a first key to a first user and a second key to a second user, such that the first user may decrypt a first copy of the portion of content watermarked with the first identifier, and such that the second user may decrypt a second copy of the portion of content watermarked with the second identifier.
48. The apparatus of claim 47, wherein the content comprises text, audio, or video content.
49. The apparatus of claim 47, wherein the providing means for the first and second replicas and the key comprises providing means for providing the first and second replicas and the key over a network.
50. The apparatus of claim 49, wherein the network comprises the Internet.
51. A machine-readable medium that provides instructions, which if executed by a processor, cause the processor to perform operations comprising:
watermarking the first and second copies of the content portion with first and second identifiers, respectively;
encrypting each of the first and second copies of the content portion with at least first and second keys, respectively;
providing both the first and second copies of the content portion to the first and second users; and
at least the first key is provided to the first user and the second key is provided to the second user such that the first user can decrypt a first copy of the portion of the content watermarked with the first identifier and such that the second user can decrypt a second copy of the portion of the content watermarked with the second identifier.
52. A method of distributing content, the method comprising:
watermarking the plurality of sets of copied content portions with a plurality of sets of identifiers, each identifier in each set being unique to a particular copied content portion;
encrypting each portion of the replicated content within each group with an independent one of a plurality of keys;
providing a plurality of sets of copied content portions to a plurality of availabilities; and
a unique group key selected from a number of keys is provided to each of the plurality of users such that each of the plurality of users can decrypt the plurality of groups of the copied content portions to produce content that includes a range of unique identifiers.
53. The method of claim 52, wherein the step of providing the plurality of sets of replicated content portions includes multicasting the plurality of sets of replicated content portions to the plurality of users over the internet.
54. The method of claim 53, wherein the step of providing the unique set of keys to each of the plurality of users comprises unicasting the unique set of keys to each of the plurality of users over the Internet.
55. The method of claim 52 wherein the content portion comprises a text, audio, or video content portion.
56. An apparatus, comprising:
watermarking means for watermarking the plurality of sets of copied content portions with the plurality of sets of identifiers; each identifier in each set is unique to a particular replicated content part;
encrypting means for encrypting each of the duplicate content portions within each group with an independent one of a plurality of keys;
providing means for providing the plurality of sets of copied content parts to a plurality of users; and
providing means for providing a unique set of keys selected from a number of keys to each of the plurality of users such that each of the plurality of users can decrypt the plurality of sets of copied content portions to produce content comprising a series of unique identifiers.
57. The apparatus of claim 56, wherein
The providing means for providing the plurality of sets of copied content parts includes a multicast delivery means for multicasting the plurality of sets of copied content parts to a plurality of users over the internet.
58. The apparatus of claim 57, wherein
The providing means for providing the unique set of keys to each of the plurality of users comprises a multicast means for unicasting the unique set of keys to each of the plurality of users over the internet.
59. The apparatus of claim 56, wherein the content portion comprises a text, audio, or video content portion.
60. A machine-readable medium that provides instructions, which if executed by a processor, cause the processor to perform operations comprising:
watermarking the plurality of sets of copied content portions with a plurality of sets of identifiers, each identifier in each set being unique to a particular copied content portion;
encrypting each portion of the replicated content within each group with an independent one of a plurality of keys;
providing the plurality of sets of copied content portions to a plurality of users; and
a unique set of keys selected from a number of keys is provided to each of the plurality of users such that each of the plurality of users can decrypt the plurality of sets of copied content portions to produce content that includes a range of unique identifiers.
HK03107472.9A 2000-03-06 2001-03-06 Method and system to uniquely associate multicast content with each of multiple recipients HK1055365A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP00200793.8 2000-03-06
US60/218,031 2000-07-12

Publications (1)

Publication Number Publication Date
HK1055365A true HK1055365A (en) 2004-01-02

Family

ID=

Similar Documents

Publication Publication Date Title
CN1419760A (en) Method and system to uniquely associate multicast content with each of multiple recipients
US7058809B2 (en) Method and system to uniquely associate multicast content with each of multiple recipients
CN1200534C (en) data communication
CN101491078B (en) Method, apparatus and system for secure distribution of content
CN1182717C (en) Digital video content transmission encryption and decryption method and equipment
CN1235405C (en) Digital video content transmisson ciphering and deciphering method and apparatus
CN1118162C (en) Method for protecting information term transferred from secret unit to decoder
AU2001243465A1 (en) Method and system to uniquely associate multicast content with each of multiple recipients
CN1809984A (en) Improved secure authenticated channel
CN101080896A (en) Method for transmitting digital data in a local network
CN1613228A (en) Generation of a watermark being unique to a receiver of a multicast transmission of multimedia
CN1422399A (en) System and process for storing securely secret information, apparatus and server to be used in such a system and method for distribution of a digital content
CN1604522A (en) Method of creating domain based on public key cryptography
CN1479484A (en) Apparatus and method for layered encryption
CN1515116A (en) Access Control Method for Encrypted Programs
CN1675928A (en) Method for verifying validity of domestic digital network key
US20060047976A1 (en) Method and apparatus for generating a decrpytion content key
CN1285195C (en) The Method of Using Public Network to Create Personal Virtual Network
US7415440B1 (en) Method and system to provide secure key selection using a secure device in a watercrypting environment
HK1055365A (en) Method and system to uniquely associate multicast content with each of multiple recipients
CN1339893A (en) Conditioned receiving system based on storage and its file authorizing, enciphering and deciphering method
KR100995439B1 (en) Streaming data protection device and method and streaming security system using same
JP4663390B2 (en) Content distribution system, content distribution method, server device and terminal device, and program.
Dwork Copyright? Protection?
Judge Security and protection architectures for large-scale content distribution