HK1245451B - Media distribution & management system & apparatus - Google Patents

Description

Media distribution and management systems and devices

Technical Field

The present invention relates to a media distribution and management system, and more particularly, but not exclusively, to such a system: the system is implemented using a network terminal unit (NTU) or an Internet device that interacts with an Internet infrastructure to transmit and control digital content, including (but not limited to) digital content streamed and downloaded to digital devices, such as (but not limited to) television display units, video display units, etc.

Background Art

There are some forms of content reception and content viewing devices available to consumers. These devices include television "set-top boxes" provided by media distribution companies. Well-known versions in Australia include Foxtel and Optus boxes. These devices are limited to the reception and delivery of content typically delivered via cable arrangements.

There are also known forms of "Internet appliances" which receive digital content, typically via the Internet, for transmission, typically by streaming, to a television display unit etc. The "Apple TV" device is an example of such a device currently in use in Australia.

It is also known to stream digital content to a personal computer over the Internet with the help of file sharing services such as BitTorrent. Such services and their protocols are highly insecure, unsuitable for streaming, often take a long time to start playing, and are not conducive to features such as "jumping" to a specific point in the content.

The problem with these current devices and mechanisms for receiving and delivering digital content is that the current Internet infrastructure has variable upload and download speeds and makes it difficult (and in some cases impossible, particularly for some consumers in a home environment) to reliably receive content in real time or near real time, particularly high definition and ultra high definition content or large file size content on demand.

Many, if not all, current Internet video delivery systems use adaptive bitrate (ABR) technology to overcome the problems of on-demand video delivery via the Internet. However, ABR reduces bitrate and clarity, degrading the user experience.

Additionally, in other cases, the selection of content available to the consumer is limited by the proprietary nature of the device.

Furthermore, current mechanisms for local content control, its delivery and display are not intuitive or "user-friendly."

The present invention aims to solve or at least improve some of the above disadvantages, or to provide a useful alternative.

Remark

The term "comprise" (and its grammatical variations) is used in this specification in the inclusive sense of "having" or "including", rather than in the exclusive sense of "consisting only of".

The above discussion of the prior art in the context of the invention is not an admission that any of the information discussed herein is part of the common general knowledge of a person skilled in the art in any country or is citable prior art.

Summary of the Invention

Thus, in one of the broader forms of the invention, there is provided a network device for receiving digital content from a remote location; the device includes decoding and re-encoding means for downloading, decoding and then re-encoding the digital content for onward transmission to a digital device for consumption by a user.

Preferably, the digital content is re-encoded according to a secure HDMI encoding algorithm.

Preferably, the network device receives the digital content according to criteria including one or more of the following:

a. The most needed group

b. Fastest download speed

c. Minimum delay

d. The network address that can most easily and efficiently obtain the next digital bit or group of bits to maintain real-time or near real-time delivery of digital content.

In another broader form of the invention, there is provided a network server that aggregates digital content items upon request from a network device at a remote location for subsequent onward forwarding of copies of at least a portion of the items in accordance with a secure method.

Preferably, the security method comprises obtaining and forwarding data packets constituting the digital content according to one or more of the following criteria:

e. Most needed groups

f. Fastest download speed

g. Minimum delay

h. The network address that can most easily and efficiently obtain the next digital bit or group of bits to maintain real-time or near real-time delivery of digital content.

In another of its broader forms, the present invention provides a method of assembling a digital content item; the method comprising receiving at least a first portion of the digital content item from a source store of the digital content at a remote location.

Preferably, the method further comprises obtaining and forwarding data packets constituting said digital content item according to one or more of the following criteria:

f. Most needed groups

g. Fastest download speed

h.Minimum delay

i. The network address that can most easily and efficiently obtain the next digital bit or group of bits to maintain real-time or near real-time delivery of digital content.

In yet another broader form of the invention, there is provided a distributed system for delivering digital content; the system comprising at least one content aggregator in communication with a source store; a plurality of network devices; the aggregator receiving the digital content in the form of content items; the aggregator securing the digital content for distribution by the system; the source store providing the digital content to the plurality of network devices; each network device receiving a specified content item via a request from the network device to the system.

Preferably, the system communicates via the Internet.

Preferably, each network device operates according to secure peer assistance principles that enable receiving at least a portion of a content item from another one of the plurality of network devices if the content item has been previously downloaded to the other one of the plurality of network devices.

In another broad form of the present invention, there is provided a system for acquiring, aggregating, processing, managing, publishing, searching, selling, distributing and settling purchases of digital content; the system operating in accordance with the method described above.

Preferably, the settlement step includes making payments to content owners and retailers for designated digital content items in accordance with the composite rights and distribution window agreement.

In another broader form of the present invention, there is provided a method of integrating the above system to allow a plurality of Internet retailers to sell digital content delivered according to the above method.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will now be described with reference to the accompanying drawings, in which:

FIG1 is a block diagram of a media distribution and management system according to a first embodiment of the present invention.

FIG. 2 is a circuit block diagram of a network device that may be used in conjunction with the system of FIG. 1 .

3 is a video output view illustrating a graphical structure for interactive use with an operational control mode of the device of FIG. 2 .

4A to 4F are video output views illustrating further graphical structures for interactive use with the operational control mode of the device of FIG. 2 .

FIG5 is a block diagram of a media distribution and management system according to the first embodiment.

FIG6 is a block diagram of an aggregator of the system of FIG5.

FIG. 7 is a flow chart that implements the service functions of the aggregator and source store of the system of FIG. 5 .

8 is a flow diagram of data packet sources and data packet flows that may contribute in whole or in part to the delivery of digital content under the system of FIG. 5 .

FIG. 9 is a conceptual diagram of the entire system of FIG. 5 including a method for joining.

10 is a block diagram of an embodiment of the system of FIG. 1 conceived from a user's perspective.

FIG11 is a layout diagram of a processor module according to another embodiment of the present invention.

FIG12 schematically illustrates some module functions of the modules of FIG11 .

FIG. 13 is a block diagram of data functions operable using another embodiment of FIG. 11 .

FIG. 14 is a screenshot of a menu screen output from the embodiment of FIG. 11 .

FIG. 15 is a screenshot of a menu selection screen output from the embodiment of FIG. 11 .

FIG. 16 is a screenshot of the selection screen interface of the embodiment of FIG. 11 .

DETAILED DESCRIPTION

First preferred embodiment

Referring to Figure 1, there is shown a block diagram of a media distribution and management system 10 according to a first preferred embodiment.

In this case, the system 10 includes a source store 11 (sometimes referred to as a "super pop" in parts of this specification). The source store 11 can be implemented as a single server, or it can itself be a network of servers. In a specific commercial implementation, these servers can form part of a business partner's content distribution network. The source store 11 communicates with various databases 12 containing digital content 13 that is available for licensed use (usually, but not always, subject to negotiation of appropriate terms). The source store 11 typically receives the digital content 13 as "packaged" content, meaning that digital rights management (DRM) has been applied to the content.

The source store 11 makes the content 13 available to subscribers or buyers via a network device 14. The network device 14 is located at or near the point where the digital content 13 is consumed.

According to an embodiment of the present invention, the network device 14 can receive the digital content 13 directly from the source store 11 according to a communication protocol 15 that is generally available when communicating via the Internet 16. Most commonly, it is expected that communication will be via the Internet 16, but other structures that facilitate the use of the protocol 15 are contemplated. The security of the digital content 13 from the acquisition point to the network device 14 can be ensured by using one or more of the following security techniques and features:

Secure access to the platform's security environment through Aspera

All main assets are stored and processed in a secure environment approved by the platform

Mezzanine storage in platform secure storage

Platform security transcoding field transcoding

Platform Security DRM Wrapper on Microsoft PlayReady Server

Transferring DRM-wrapped assets from the platform to the EdgeCast source store[11]

Another embodiment includes independent secure acquisition, mezzanine storage, transcoding, and DRM packaging with or in conjunction with a Motion Picture Association of America approved facility.

All rights and authorizations managed by the platform and Microsoft PlayReady

Super PoP and Secure Peer Assist ^™ distribution to network devices with secure PlayReady client hardware Trusted Execution Environment (TEE) via EdgeCast Network

The system is designed for multi-layered security starting from the bottom

Network equipment ensures secure DRM transcoding in TEE to ensure HDMI HDCP connection to TV

Network device network access is protected by Public Key Infrastructure (PKI) security and certificates

The communication structures and algorithms programmed into the aggregator database 12 and network devices 14 are such that content 13 is initially obtained from the aggregator database 12, typically via the Internet 16, followed by an initialization sequence that grants a given network device 14 permission to access and use a designated item 17 of digital content 13. Again, but not necessarily always, the permission will be subject to negotiation of commercial terms before access to the designated item 17 is provided.

Once all or part of a given item 17 has been downloaded to a given network device 14, it can be "played" by that device. Typically, the device will output secure, e.g., HDMI HDCP, digital content to an audio-visual display device 18, such as a television. In other embodiments, it can be securely streamed wirelessly or over Ethernet to other devices, such as tablets, phones, and televisions. In other cases, it can be gaming content that is played on the device or "side-loaded" wirelessly or over Ethernet or some other method to a gaming device, such as another gaming platform.

A feature of the present system 10 is that content (or portions thereof) may be downloaded from a source store 11 or a network device 14 that already stores a specified item 17 if another network device 14 negotiates and requests access to the same specified item 17 .

The decision on which source to use will be based on network knowledge and secure peer assistance principles 19, which include:

a. The most needed group

b. Fastest download speed

c. Minimum delay

d. The network address that can most easily and efficiently obtain the next digital bit or group of bits to maintain real-time or near real-time delivery of digital content.

Routing information may be distributed and/or centralized and may be in the form of a hash table or other efficient database mechanism.This detailed knowledge combined with the control and routing of network devices 14 is a form of software defined networking (SDN).

Specifically, "network knowledge" includes address information for all data packets that constitute digital content 13, and more specifically, includes address information for all data packets that at any one time constitute part of a given item 17. This data packet address information may be stored in a database 40 as shown in FIG2 , where each individual address, such as address AA of a corresponding data packet 24, is linked to a certain location, in this case location loc1.

The database 40 may be stored on or form part of the source store 11, or it may be a separate server. In other cases, it may be stored at least in part in the memory 21 of each network device 14 to provide a distributed storage arrangement. It will be appreciated that over time, a large number of sources will become available, distributed over a wide area, from which a given item 17 may be downloaded (in whole or in part).

The decision on which source to use can be made with the telecom operators and ISPs to optimize the use of their networks and minimize costs for consumers, telecom operators and ISPs, and service operators. This can take the form of "unmetered content" agreements for secure peer-to-peer assisted services that remain within the network operator's domain.

Commercially different models may be used regarding what is allowed based on which specified items are downloaded or streamed to a specified network device 14. For example, the model may be based on "pay per play," such as paying per view or rental or download to keep.

In an alternative, it could be based on a subscription model.

One example of a network device 14 is described in more detail below, but it should be understood that a processor programmed to provide the functionality described above could be located within a smart phone or smart TV or game console - it is not necessarily limited to a specific stand-alone dedicated network device 14.

The combination of a Super PoP CDN and secure peering assistance ensures optimal delivery. Video packets originate from the best available location. A network of network device nodes provides an optimal network architecture: intelligence and storage at the farthest edge of the network (i.e., at the customer premises). This is facilitated by the primary Super PoP to fill any gaps. This architecture ensures we maximize bandwidth for user connections while minimizing tiered network traffic and inter-network peering. Network protocols and parameters have been optimized empirically.

Based on their secure peer-to-peer assistance principles and applications, they understand and report network traffic at the SCTP, TCP/IP, UDP, and video packet levels. Each network device 14 constitutes an intelligent node in the mesh network. This may sometimes be described as grid computing or distributed cloud computing. We combine distributed and centralized routing information and intelligence down to the video packet level. This allows for optimal management of the network through capabilities similar to software-defined networking.

Secure peer-assisted delivery allows for an entire ecosystem for managing video and game delivery over the internet. Each network device 14 monitors network and video packet-level metrics and statistics, reporting service and video status in real time. Combined with the video asset management and distribution platform and the Super Point of Presence CDN, comprehensive quality of service (QoS) monitoring and control is provided for the entire network. Secure peer-assisted delivery provides a highly efficient method for video delivery over the internet, minimizing network load and maximizing network and customer viewing performance. Secure peer-assisted delivery can also be implemented in consumer electronics (CE) applications.

Secure Peer Assist Principle 19 extends network coverage to the edge, directly to the customer's home. Secure Peer Assist Principle 19 can be designed to leverage the modern Internet: high-end customer premises acceleration is achieved through fiber backhaul from the switch. The Secure Peer Assist architecture uses a network of network device nodes, each programmed with Secure Peer Assist Principle 19, combined with a Super PoP CDN architecture to drive users' connections at maximum capacity, ensuring the highest quality content delivery without perceptible interruptions.

In a preferred form, digital content 13 stored on source stores 11 can be syndicated. For example, the stored digital content 13 can be made available as a store portal on anyone's website, much like YouTube provides a portal on its website. Participating website owners can select subcategories from the main categories to find titles relevant to their audience.

The aggregator database 12 may include the following technologies to assist in applying appropriate security to the digital content 13 prior to transmission to the source store 11:

Design for security at every level from the ground up

Secure peer-assisted network designed to be secure, hidden and undiscoverable

Secure peer-assisted network management system protected by PKI and security certificates

Secure peer assistance is "invisible" to the BitTorrent network and is not similar in protocol to that of other networks.

All secure peer-assisted protocols are standard Internet protocols or security protocols with PKI security and authentication

All digital content13 is encrypted with Microsoft PlayReady DRM and protected within the network device TEE

PlayReady DRM is implemented in the device hardware within its Trusted Execution Environment (TEE)

The device operating system is fully integrated with and utilizes hardware DRM to protect the media pipeline

In one embodiment, the device operating system may be Microsoft Windows

PlayReady key management is completely separate from and in addition to network device TEE security and key management.

PlayReady DRM and decryption are protected by the network device TEE

Key management and storage are performed in secure applications and environments on the device

In one embodiment, the secure key management system can leverage an innovative secure packaging environment enabled by processor architecture, instruction sets, libraries, application programming interfaces (APIs), and authentication services.

user interface

2 , the network device 14 and an example visual display device 18 are shown in greater detail.

In this case, the network device 14 includes a processor or microprocessor 20 in communication with a memory 21. The microprocessor 20 is in communication with input-output devices 22 through which signals can be sent to and received from external digital devices, which preferably include at least a visual display 23. The processor or microprocessor may include a graphics processing unit (GPU), or the GPU may be a separate processor, system, or subsystem.

The memory contains code, including code corresponding to secure peer assistance criteria 19, which enables processor 20 to perform various functions, including sending and receiving digital content 13 over network 25. Network 25 may include the Internet 16, local area network 26, and wide area network 27, all in communication with each other.

The digital content 13 will typically comprise a plurality of data packets 24, each data packet 24 comprising a header 24A and a payload 24B.

Payload 24B includes digital data, which may more specifically be audio data, video data, game data, or other data.

Note that the packets 24 do not necessarily arrive in sequence at the device 14. In a typical case, different packets will arrive from different sources - in this regard, reference is made to Figures 8 and 10.

The core function of the network device 14 is to controllably send and receive digital content 13 and locally convert the digital content 13 into a local signal 27 for driving external digital devices such as (but not limited to) an audio-visual display device 18 .

Another function of the network device 14 is to allow the user to control the “purchase” and “playback” of digital content received or sent from the network device 14 .

In a preferred form, the user experience and user interface are kept as simple as possible. In the simplest form, user control is simply achieved by moving a cursor left or right via a remote control device. These actions control the display of very simple on-screen menus and content. These can be homogenous or mixed, i.e. pure menu or pure content displays or a mixture of the two. In a preferred form, the display is arced or circular to reflect the user experience and is controlled by a remote control device. In cases where there are a large number of items to display, such as a large content library, the display can be concentric arcs or concentric circles of content "slices", i.e. a clear graphical image of a "cover" of content titles. In another embodiment, these tiles can be in the form of a grid.

Menu navigation is implemented through a simple combination of "left" and "right" navigation. At its simplest, a menu of action items can be navigated left or right by clicking left or right. In one example, the menu can be moved left or right accordingly under a selection graphic device such as a cursor box. In another example, the selection graphic device can be moved left or right. Once highlighted, a menu item can be selected by a simple single click. This may result in an action or navigation deeper into the menu structure. Navigation can be "out" by double-clicking. Alternatively, there may be menu navigation items such as "Back" or "Cancel". For navigation of a large number of objects, such as a video library, these objects can be displayed in a grid of concentric arcs, rings, or slices. Navigation can be "into" the rings by clicking, "out" by double-clicking, and left and right by clicking left or right. The selected item, slice, arc, or ring can be highlighted by increasing its focus and/or size. The currently unselected item, slice, arc, or ring can be defocused by moving away from the center of focus and/or "defocusing" the item or reducing its size. This may give the user the effect that unselected items, slices, arcs, or rings move away from the user, while selected items, arcs, or rings move toward the user.

More complex uses can be supported through control mechanisms such as velocity- or distance-dependent actions. Small actions can result in slow, brief movements of menus or items. Larger actions can result in faster, longer movements of menus or items. Similarly, the speed of an action can determine the scale or nature of a menu's movement. This can be independent of or dependent on the distance of the action.

In a preferred form, the user graphical display is very simple, clean, uncluttered and clear to provide a sense of ease of use.

For example, referring to Figures 4A to 4F, the operation sequence may be as follows: In Figure 4A, the graphical structure 28 is shown to be located on a substantially vertical arc, or it may be located on a substantially horizontal arc as shown in Figure 4B. The user manipulates the cursor 29 device around one of the selected graphical structures 28, for example, to designate the "My Movies" graphical structure.

Then, in this case, the user may move the cursor through a series of movie options to specify the "Captain America" movie option as shown in FIG. 4D .

At any time, the user can "exit" the current menu item to move up one level to the series of graphical structures 28 shown in Figure 4E. Figure 4F shows the details of the particular selection when the "Captain America" graphical structure is highlighted by the cursor 29 (Figure 4D is in the purchase menu available in the context of a store from the syndicated web store 41 - see Figure 6).

In another form, this may be achieved by a control cursor 29 in the form of a rectangular frame device associated with a graphical structure 28 displayed on the visual display 23 , in this case the audiovisual display device 18 .

In certain forms, the graphical structure 28 may lie on an arcuate or circular path.

In one form, these controls may be "simulated" in a remote control application on, for example, a smartphone that is connected wirelessly or via the internet to the main network device 14 or "satellite" network devices 14 that make up the home network.

In another form, these controls may be embodied in a television remote or game controller.

In another form, these controls may be duplicated on a smaller version of the network device 14 that is wirelessly connected to a main network device 14 or a "satellite" network device 14 that makes up the home network.

As shown in Figures 5 and 6, these UI concepts allow for simplified control of the operation of the network device 14, including, in particular, the selection of digital content 13 for viewing on the audiovisual display device 18. Importantly, the UI reflects the user's physical experience, such as in one embodiment of circles and arcs, arcs for menus and images, concentric circles (or arcs) for displaying menus or titles, and a mix of menus and images. In another embodiment, menus and images can be displayed in a grid of tiles.

First embodiment

In a preferred form, the network device 14 includes at least the following functions:

Connect to the internet via WiFi or Ethernet cable

Connect to TV via HDMI or WiFi

Connect to USB or HDMI for TV control

Connect to other devices such as tablets, PCs via WiFi or Ethernet

Secure Peer Assistance Guidelines Network Client

Microsoft PlayReady Security Client

Trusted Execution Environment

Stream movies, TV, and games

"Remote" features such as seek, pause, rewind, fast forward, slow motion via an app or wireless connection to a "home" device or smaller version of the device

Remote control via TV controls, game controller, keyboard, trackpad, or mouse

Stream, download, and store all your content (with mass storage options)

Sideload games to other gaming platforms, tablets, and phones

High Definition and Ultra High Definition (“4K”)

Managing libraries including third-party content

Share content securely. Content will be DRM protected and a mechanism will be provided to purchase keys to unlock the content.

Record and send metrics/statistics to management systems

Monitor and manage content behavior and performance

Monitor and manage network behavior and performance

Media Center

The overall topology of the example system can be shown in Figures 5, 6, and 7, with the following functional specifications:

Functional Description

An embodiment of the network device 14 of the present invention comprises a device operating in accordance with the secure peer-assisted protocol 19, and is a portable device for downloading, storing, streaming, playing, and sharing high-quality movies, games, and television on a television or connected device. It combines secure peer-assisted protocol 19 technology with a content source store 11 and a syndicated retail content online store 41 to deliver the latest Hollywood and independent films, television, and games in true HD and UHD on the television. Embodiments of the network device 14 address a key issue currently facing OTT and IP TV delivery: the exponential growth of video traffic. In this context, the network device 14 provides a new generation of content owners with the flexibility to choose what they want to watch, when they want to watch it, with whom they want to share it, and how and when they want to share it, at any given moment, in true HD and UHD.

Function:

Connect to the internet via WiFi a, b, g, n, ac or Ethernet cable to download and stream movies and TV from the GT TV Store

Bluetooth options such as connecting to a TV or other devices

Connect to a TV via HDMI v 2.0a and HDCP 2.2 or higher as standards evolve

Full HD 1080p60, Ultra HD (4K UHDTV 2160p 3840X 2160) and HDCP secure HDMI connector or connect via optical fiber to a high quality audio sound system supporting high quality audio such as Dolby 5.1 or 7.1.

Supports a wide range of video coding standards, including all H.264 codecs

H.265 HEVC and VP9 and the Open Media Codec Alliance

3xUSB ports for connecting to other devices, peripherals, and TV controls

PSU for power supply

Connect to other devices such as mobile phones, tablets, PCs via WiFi or Ethernet

Remote Control and Initial Store Purchase

Streaming via Miracast and DRM

Secure peer-assisted network client in a secure environment

Play movies, TV, and games, including "remote control" features such as seek, pause, rewind, fast forward, slow motion

Microsoft PlayReady Security Client

Sideload games to other gaming platforms, tablets, phones via Ethernet, WiFi, or USB (future version)

Stream, download, and store all your content (with mass storage options)

HD and UHD

Managing libraries including third-party content

Share content securely

Record and send metrics/statistics to management systems Content behavior and performance Network behavior and performance

Media Center

Universal Plug and Play (UPnP)

model

All models will be designed to fit into a single housing to minimize production costs. This will be a highly aesthetically pleasing device of form and function, with a simple yet innovative human-machine interface. It will be designed to appeal to both the ultra-early adopter market and the mainstream market. It will be incredibly simple to use.

Base Model: This is the base model with a minimum 2TB optical drive and 128GB of SSD storage. It will be a fully functional peer in a secure peer-assisted network, enabling high-quality downloads and streaming of movies and TV from 41 stores. It will be controlled from the unit itself, via a phone or tablet app, or with a TV remote or keyboard, trackpad, or mouse.

Base Model with Disk Library: This is the base unit with a minimum 2TB 2.5" disk drive for storing movies. It will be able to store 200-400 HD movies or 100 UHD movies, depending on the size of the code.

SSD Model with SSD Library: This is the base unit with a 250GB-2TB SSD hard drive. It will store 100 UHD movies, depending on the size of the encoding.

Media Center and Streaming This will allow secure streaming of digital content to CE devices such as mobile phones and tablets, as well as streaming of user content to TV sets.

Network device control applications

The network device 14 can be controlled via an app on a phone or tablet. This could be an Android or iOS app initially for iPhones and tablets. Other apps will be implemented in the future. This can provide full remote control of all viewing functions, as well as the ability to purchase directly from stores accessible via the network device.

The television can also optionally be controlled remotely via USB or Bluetooth (if equipped) or via a network device 14 .

power

In the preferred form, the system must be as low power as possible. The system can be powered by an AC power pack. The system can optionally be powered by batteries.

operating system

The system can run a secure, real-time version of the Linux operating system or the Microsoft Windows operating system.

Architecture

In the Example 1 system, the system architecture can be ARM Cortex A9 or later, including ARM TrustZone, or it can be Intel Core architecture 6th generation or later, including Security Guard Extensions (SGX), Memory Protection Extensions (MPX), secure encapsulation, and hardware DRM.

Security

In the Example 1 system, all media files will be DRM-encrypted. Preferred DRMs are Microsoft PlayReady for movies, Ubisoft DRM, or Tages Solid Shield for games, but other studio-licensed DRMs can be used, including Adobe Access and Google Widevine. This system can provide a robust long-term solution, with trusted applications added to the field throughout the device's lifecycle. The system can conform to the Trusted Execution Environment specification. It can support trusted boot mode and trusted control of all I/O ports.

The system can support Intel Security Guard Extensions (SGX), Memory Protection Extensions (MPX), secure enclosures, and hardware DRM.

The system can support secure authentication and sealing.

The system can support the ARM Advanced System Architecture and Infrastructure Platform for Digital Rights Management (DRM) and integrates the TrustZone Address Space Controller (TZASC) to protect areas of RAM used to store valuable content.

The architecture can support the integration of media accelerators such as GPUs, video engines, and display controllers, all of which will need to be aware of the processor's security state.

The system can provide anti-tamper protection and a real-time clock.

The system can support secure hardware encryption acceleration to optimize DRM decoding speed. The system can support high-assurance startup and recognition of digitally signed software.

The system may support secure JTAG-JTAG, ie, restrict usage (in no debug level) unless a secret key challenge/response protocol is successfully executed.

DRM

The preferred form of the system of Example 1 will support digital rights management (DRM). Initially, Microsoft PlayReady is preferred for movies and TV, while Ubisoft DRM or Tages Solid Shield are preferred for games. Other studio-approved DRMs, such as Adobe Access and Google Widevine, are alternatives.

Hardware and O/S

Current hardware and O/S specifications

I/O ports/antenna

AC power adapter

3x USB 2.0

1X 1000Mb Ethernet

HDMI 2.0a connector

WiFi a, b, g, n, ac

HiFi audio and video or HDMI

Large-capacity storage

2.5-inch disk drive with at least 2TB

SSD minimum 128G-1TB

Referring to FIG. 13 , a conceptual flow diagram for syndication of digital content 13 is shown.

In summary, the system of Example 1 is described, and is preferably implemented by a network device 14 of the type described with reference to FIG. 2 .

The preferred form of criteria for receiving data packets at a network device operates according to one or more of the following, alone or in combination:

a. Most needed group

b. Fastest download speed

c. Minimum delay

d. The network address that can most easily and efficiently obtain the next digital bit or group of bits to maintain real-time or near real-time delivery of digital content.

Preferably, the digital content, and more specifically designated digital content items, are DRM wrapped, delivered to the network device and decoded at the network device using the Microsoft PlayReady infrastructure.

Referring to FIG. 10 , there is shown the system 10 conceived from a user's perspective.

Broadly, in this case, there is a "super pop" that combines an aggregator database 12, a source store 11, and a data packet address database/network management server 40, which in conjunction with a distributed network device 14 and preferably uses the Internet as the primary communication channel to coordinate the efficient and timely delivery of data packets 24 (constituting designated items 17 of digital content 13), thereby allowing the secure and timely delivery of various digital content to users 42.

The system enhances the experience for all stakeholders by providing confidence in the security of digital data to originators and rights holders, while also providing a wide range of digital content for users 42 to choose from, all delivered in a controlled and timely manner, making essentially real-time streaming as well as data download available over a variety of Internet connections.

Other preferred embodiments

11 , 12 and 13 , there is shown a basic platform and functional implementation of another embodiment of the present invention, which can be implemented using an Intel brand chipset and a Microsoft Windows brand software module.

It will be appreciated that for at least some embodiments of the present invention, it would be advantageous to operate in a highly secure state so that potentially valuable software, such as ultra-high definition (UHD) movies, can be processed without fear of disclosure or unauthorized use.

Typical ultra-high-definition movies operate according to MPEG4 standards, such as H.264 (so-called HD resolution, which typically operates at 1080 pixels or lines on the screen) and H.265 (so-called 4K or UHD resolution, which operates at 2160 lines or pixels on the screen). Such typical movie file sizes may be on the order of 15-20 GB. In another preferred embodiment of the present invention, the "secure peer assistance" arrangement described in the previous embodiment is enabled on a Windows/Intel platform.

11 , there is shown a circuit board 111 having mounted thereon at least a Trusted Platform Module (TPM) 112 in communication with a processor 113 and a memory 114. Alternatively, the TPM may be embodied in the processor 113 or an associated system module.

Trusted platform module 112 includes a unique identifier 115 , certificates 116 for encryption and decryption, and secure boot code 117 .

In this case, the Trusted Platform Module 112 implements the Trusted Computing Group architecture on hardware that is part of the TXT platform available from Intel Corporation, providing a Trusted Execution Environment (TEE) that includes Intel Security Guard Extensions (SGX), Memory Protection Extensions (MPX), secure encapsulation, and hardware DRM.

In a preferred arrangement, the TPM is incorporated into a processor or associated module, and the processor supports Intel Security Guard Extensions (SGX), Memory Protection Extensions (MPX), Secure Enclosure, and hardware DRM.

In its preferred form, DRM is implemented using the Microsoft PlayReady environment. In this arrangement, Ultra HD 4K content will play if and only if:

Hardware DRM environment detected

This environment is located in the Trusted Execution Environment and

All video outputs are implemented using the preferred output protocol, in a particularly preferred embodiment HDCP 2.2.

In operation, the trusted platform module 112 allows the processor 113 to enter a trusted execution state.

The preferred operating system loaded into memory 114 and executed by processor 113 is Microsoft Windows 10 operating system or later.

Referring to FIG12 , the processor 113 and memory 114 can optionally execute a virtual machine 118 within an Intel Architecture environment. The virtual machine 118 allows direct hardware access by an operating system such as the Windows 10 operating system while operating in a highly secure environment. Movie files 119 downloaded to the memory 114 using the secure peer-assisted arrangement of the previous embodiment can be processed, and the video stream is decoded by a hardware DRM and HDCP level shifter protocol converter (LSPCON) chip 120 for secure output to a preferably ultra-high-resolution display device 121 via an HDMI, DisplayPort, or Thunderbolt connection.

Alternatively, the video stream can be securely routed to the secure GPU 120A for secure output via HDMI.

13 , which schematically illustrates data flow on platform 111. Movie files 119, preferably assembled from a number of sources in the form of a secure peer-to-peer assistance platform 122, are processed by components including a virtual machine 118, optionally operating in a Windows 10 environment, using hardware DRM, which provides a highly secure output stream 119A, which is processed by a converter chip 120 (preferably an HDCP 2.2 LSPCON chip) to output a secure video stream 119C that can be displayed on an ultra-high resolution display device 121.

The trusted execution environment and flow 119A are protected by data 119B provided from an independent security support and authentication server 123, as shown in Figure 13.

The end result is a stream 119C that has been decoded in real time and output to an ultra-high resolution display device 121 while maintaining a high level of security, thereby allowing very high resolution video files such as UHD 4K definition movie files to be displayed essentially in real time in accordance with US Movielabs and Motion Picture Association specifications for high value content, as well as individual studio and content owner specifications.

FIG. 14 is a screenshot of a menu screen output to the screen 121 , through which a user can select a movie for viewing on the display 121 .

FIG. 15 is a screenshot of a menu selection screen through which a user can select a movie to view on the display 121 using a scrolling arrangement.

Figure 16 is a screenshot of the selector screen layout.

Specifically, a user can utilize association techniques that cluster items for selection based on predetermined criteria. An example of such a system is described in US 2014/0330841, the specification, claims, and drawings of which are incorporated herein by cross-reference. Specifically, an association algorithm is applied between items belonging to a finite set of items, where each item has an associated visual tag and at least one set of attributes shared by every other item belonging to the finite set of items, to facilitate discovery of the items within the finite set.

Specifically, a scoring system was used to quantify the degree of correlation.

In another preferred embodiment, secure peer assistance can be "plugged in" to or integrated with the adaptive bitrate protocol in order to take advantage of the wide range of existing assets and resources that use adaptive bitrate. This can be achieved through direct integration or through an application programming interface (API). Secure peer assistance will be responsible for network communications and will interface with adaptive bitrate resources such as media servers, video encoders and segmenters, digital rights management systems, key management systems, content distribution networks, video players, browsers, client applications, etc. Secure peer assistance will manage the delivery of video and other content packets in a timely manner. To the adaptive bitrate protocol, it will appear as an optimal single fixed rate stream. In practice, this will convert the adaptive bitrate into progressive download or optimal fixed rate streaming depending on the available user bandwidth.

In another preferred embodiment, secure peer assistance will be integrated with dynamic adaptive streaming over HTTP (DASH), also known as MPEG-DASH, using common encryption and Encrypted Media Extensions (EME). The proposed name for this arrangement is DSPASH (Dynamic Secure Peer Assistance over HTTP). This preferred embodiment will be integrated with HTML5 browsers that support Media Source Extensions. This will provide a standardized implementation that can be implemented most efficiently across multiple consumer devices.

Another preferred embodiment will use Microsoft PlayReady DRM and the Microsoft Edge HTML5 browser on the above preferred embodiment on an Intel processor hardware platform that implements PlayReady in hardware with a tightly integrated Microsoft Windows 10 (or higher) operating system.

Industrial Applicability

The network device may be implemented as a standalone hardware unit or as a plurality of connected units programmed with the secure peer assistance principle described above. In an alternative form, the secure peer assistance principle may be used to be programmed into other devices such as smartphones, game consoles, smart televisions, etc.

The aggregator 12 and source store 11 may be implemented using server-based devices.

Claims (3)

1. A network device that interacts with an Internet infrastructure to transmit and control digital content, including but not limited to digital content streamed and downloaded to the digital device, the digital device including but not limited to television display units and video display units constituting intelligent nodes in a mesh network, and the network device being capable of operating in conjunction with a plurality of other network devices; The network device receives digital content from a remote location in a distributed storage arrangement; the distributed storage arrangement includes storage locations at any of the source stores and/or the various network devices constituting smart nodes; the network device includes decoding and re-encoding means for downloading, decoding, and then re-encoding the digital content for continued transmission to a local digital device for consumption by a user via the digital device. The network devices constitute intelligent nodes in the mesh network of the other network devices. Each of the network devices communicates on the mesh network with reference to a network address; Each network device operates according to a secure peer-to-peer auxiliary routing criterion, including transmitting data using a secure protocol; the secure peer-to-peer auxiliary routing criterion enables the reception of at least a portion of the content item from the other network devices if the content item has already been previously downloaded to the other network devices among the plurality of network devices. Furthermore, each of the network devices receives the digital content from the network address, from which the next digital bit or bit group can be obtained most easily and efficiently to maintain real-time or near-real-time transmission of the digital content; and wherein the digital content is re-encoded according to a secure encoding algorithm; Furthermore, each of the network devices receives the digital content according to the secure peer-to-peer auxiliary routing criteria, including one or more of the following: a. The most needed group, b. The fastest download speed c. Minimum delay d. A network address that can most easily and efficiently obtain the next digital bit or bit group to maintain real-time or near real-time transmission of digital content; The digital content is obtained from distributed and/or centralized routing information based on hash tables or other effective database mechanisms, as follows: a. Feed from local network equipment, or b. Reciprocal feeding, c. Server feed The routing information is stored in the form of a lookup table; The network device thereby uses the lookup table and network protocol to combine distributed and/or centralized routing information and intelligent information down to the video packet level, thereby achieving optimal management of the network using software-defined networking (SDN) capabilities, wherein the network protocol is one or more of SCTP, TCP/IP, UDP, video packet level, and other protocols. 2. The network device of claim 1, wherein the network device receives additional security data from a standalone server for the purpose of: securely authenticating the network device and the client to allow the purchase and delivery of content to the network device and the client via the Internet. 3. The network device according to claim 1, wherein the network device is implemented using a virtual machine environment, the virtual machine environment providing direct hardware access to the operating system.