[go: up one dir, main page]

US9270461B2 - System and method for efficient support for short cryptoperiods in template mode - Google Patents

System and method for efficient support for short cryptoperiods in template mode Download PDF

Info

Publication number
US9270461B2
US9270461B2 US13/871,889 US201313871889A US9270461B2 US 9270461 B2 US9270461 B2 US 9270461B2 US 201313871889 A US201313871889 A US 201313871889A US 9270461 B2 US9270461 B2 US 9270461B2
Authority
US
United States
Prior art keywords
url
cryptoperiod
key
template
mpd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/871,889
Other versions
US20130290698A1 (en
Inventor
Alexander Giladi
Shaobo Zhang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FutureWei Technologies Inc
Original Assignee
FutureWei Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to PCT/US2013/038521 priority Critical patent/WO2013184248A1/en
Application filed by FutureWei Technologies Inc filed Critical FutureWei Technologies Inc
Priority to JP2015509203A priority patent/JP5861220B2/en
Priority to US13/871,889 priority patent/US9270461B2/en
Priority to CN201611006035.1A priority patent/CN106452759B/en
Priority to CN201380022345.0A priority patent/CN104255010B/en
Priority to KR1020147032698A priority patent/KR101603136B1/en
Publication of US20130290698A1 publication Critical patent/US20130290698A1/en
Assigned to FUTUREWEI TECHNOLOGIES, INC. reassignment FUTUREWEI TECHNOLOGIES, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ZHANG, SHAOBO, GILADI, Alexander
Priority to US14/954,765 priority patent/US10171233B2/en
Publication of US9270461B2 publication Critical patent/US9270461B2/en
Application granted granted Critical
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • H04L9/18
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/70Media network packetisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/75Media network packet handling
    • H04L65/762Media network packet handling at the source 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/262Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists
    • H04N21/26258Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists for generating a list of items to be played back in a given order, e.g. playlist, or scheduling item distribution according to such list
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/61Network physical structure; Signal processing
    • H04N21/6106Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
    • H04N21/6125Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/637Control signals issued by the client directed to the server or network components
    • H04N21/6373Control signals issued by the client directed to the server or network components for rate control, e.g. request to the server to modify its transmission rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/845Structuring of content, e.g. decomposing content into time segments
    • H04N21/8456Structuring of content, e.g. decomposing content into time segments by decomposing the content in the time domain, e.g. in time segments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/85Assembly of content; Generation of multimedia applications
    • H04N21/858Linking data to content, e.g. by linking an URL to a video object, by creating a hotspot
    • H04N21/8586Linking data to content, e.g. by linking an URL to a video object, by creating a hotspot by using a URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to the field of media streaming, and, in particular embodiments, to a system and method for efficient support for short cryptoperiods in template mode.
  • Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH), also known as MPEG-DASH, is developed to enable high quality streaming of media content over the Internet delivered from conventional Hypertext Transfer Protocol (HTTP) web servers.
  • DASH Dynamic Adaptive Streaming over Hypertext Transfer Protocol
  • media content can be encoded into media streams at different rates.
  • Media content can be segmented into a plurality of segment files that can be streamed individually and independently from a server or network to a client device, upon receiving request for content from the client.
  • the server also provides media presentation description (MPD) corresponding to a group of segment files, e.g., for a video or program.
  • the MPD includes information that allows the client to play the content. Segments can be obtained by the client using segment templates for generating universal resource locators (URLs) to fetch the content.
  • URLs universal resource locators
  • the segments templates may be provided in the MPD.
  • the MPD also includes a key and randomly generated initialization vectors (IVs) that are used with the key for decrypting the segment content at the client side.
  • IVs initialization vectors
  • An efficient representation for IVs is needed to support the segment template mode.
  • a method for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an initialization vector (IV) that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client.
  • MPD media presentation description
  • IV initialization vector
  • a method for communicating encryption information in template mode in DASH includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.
  • a network component for communicating encryption information in template mode in DASH includes a processor and a computer readable storage medium storing programming for execution by the processor.
  • the programming including instructions to send in a MPD to a client a template for generating a URL to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receive from the client a URL configured according to the template, and upon receiving the URL, return an IV corresponding to the URL to the client.
  • a user device for communicating encryption information in template mode in DASH includes a processor and a computer readable storage medium storing programming for execution by the processor.
  • the programming including instructions to receive in a MPD from a network server a URL IV attribute indicating a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value in the MPD, configure a URL for the IV using the template, send the URL for the IV, and receive an IV.
  • FIG. 1 is an example of a DASH architecture.
  • FIG. 2 is a flow diagram for an embodiment method for efficient representation and use of IVs for encrypted content with segment template representation in DASH;
  • FIG. 3 is a diagram of a processing system that can be used to implement various embodiments.
  • FIG. 1 shows an example of a DASH architecture 100 for streaming media (e.g., video, music, games, applications, etc.) to clients (e.g., subscribers or general users).
  • the media can include live broadcast events or programs, on demand content or video, or both.
  • the DASH architecture 100 includes one or more media servers 110 that provide media content, e.g., in the form of segment files according to Organization for Standardization (ISO) Base Media File Format (BMFF).
  • BMFF Base Media File Format
  • the DASH architecture 100 includes one or more clients 120 that comprise user equipment or devices, such as set-top boxes (STBs), desktop computers, laptop computers, tablet computers, smartphones, or any other type of mobile/personal devices.
  • STBs set-top boxes
  • the clients 120 can receive the media content from the servers 110 over any access network 130 , e.g., the Internet, a wireless local area network (WLAN), a WiFi network or hotspot, a cellular network, a cable infrastructure, a fiber optic backbone or access network, or combinations thereof.
  • any access network 130 e.g., the Internet, a wireless local area network (WLAN), a WiFi network or hotspot, a cellular network, a cable infrastructure, a fiber optic backbone or access network, or combinations thereof.
  • WLAN wireless local area network
  • WiFi WiFi network
  • hotspot e.g., a wireless local area network
  • cellular network e.g., a cellular network
  • cable infrastructure e.g., a cable infrastructure
  • fiber optic backbone or access network e.g., a fiber optic backbone or access network
  • the original content in the server 110 can be encoded into media streams (e.g., video streams) at different rates.
  • a video or other media content can be segmented into a plurality of segments that can be streamed individually and independently from a server 110 to a client 120 over the access network 130 .
  • the servers 110 also provide media presentation description (MPD) corresponding to video/media files, e.g., for each group of segment files of a video or program, including information to get the segments (e.g., segment URLs) and play the content (e.g., video rate information).
  • the servers 110 also provide universal resource locators (URLs) for the MPD files to indicate the location of the MPD files in the servers 110 or network 130 .
  • MPD media presentation description
  • URLs universal resource locators
  • the MPD is sent from the server 110 to the client 120 and describes a manifest (e.g., a list) of the available content (e.g., content segments), its various alternatives, URL addresses (e.g., of content segments), and other characteristics.
  • the MPD can be delivered from a content server 110 to the client 120 using HTTP.
  • the client 120 learns about the content (e.g., a video or a program) timing, content or media availability, media types, resolutions, minimum and maximum bandwidths, the existence of various encoded alternatives of multimedia components, accessibility features and required digital rights management (DRM), media-component locations on the network, and other content characteristics.
  • the media content e.g., on demand video or a broadcast program, is divided into a plurality of addressed segments that can be forwarded separately.
  • the segments each represents a chunk or portion of the content and has a corresponding URL and duration indicated in the MPD.
  • the client 120 selects the appropriate encoded alternative and starts streaming the content by fetching the segments of content using HTTP GET requests.
  • the information includes the locations of the files/segments in the servers 110 and/or network 130 .
  • the client 120 can also determine the video rate based on network conditions for the client 120 (e.g., determine which segments files to get that match a suitable download rate).
  • a SegmentList field or parameter can be used in a media presentation description (MPD) for segment encryption.
  • the SegmenList can indicate a list of segments that are encrypted.
  • randomly generated initialization vectors (IVs) are also provided for decrypting the segments of the same SegmentList at the client.
  • IVs are the segment numbers. This weakens the security of encryption, where it may be easy to learn or discover the IV sequence to decrypt and access the content without authorized access.
  • random IVs can be inserted in an m3u8 manifest (in the MPD) by putting the IVs into a #EXT-X-KEY tag. This option is not possible with the template mode representation for segments, which reduces the HLS content compatibility in the template mode.
  • System and method embodiments are provided herein for efficient representation and use of IVs for encrypted segments using template mode representation in DASH.
  • the embodiments include using a URL template for deriving the IVs (at the client). By adding one extra HTTP GET request per cryptoperiod or per segment, using randomly generated IVs becomes possible.
  • the cryptoperiod is the period in which the same decryption parameters (Key and IVs) are used. This allows compatibility in situations where the #EXT-X-KEY tag is used at relatively high frequency.
  • a URL template attribute is added to a ContentProtection element (of the MPD) for generating URL templates for deriving the IVs.
  • a client When operating in a template mode, a client can check the key and IV values, either once per cryptoperiod using the earliest segment for the $Number$ or $Time$ variable derivation from the URL template, or for every segment if there are no CryptoPeriod elements in the ContentProtection element.
  • the ContentProtection element (in the MPD) includes the CryptoPeriod element and a @ivURLTemplate attribute for indicating the IV template URL, as shown in Table 1.
  • @ivUrlTemplate O This specifies the URL for IV derivation, e.g., using same syntax and variable substitution as defined in ISO/IEC 23009- 1 sec. 5.3.9.4.4.
  • the segment number inserted is the number of the first segment of the associated CryptoPeriod.
  • use of @ivUrlTemplate does not imply use of either @keyUrlTemplate or SegmentTemplate.
  • M Mandatory
  • O Optional
  • OD Optional with Default Value
  • CM Conditionally Mandatory.
  • For elements: ⁇ minOccurs>. . . ⁇ maxOccurs> (N unbounded) Elements are bold; attributes are non-bold and preceded with an @
  • an optional @ IV attribute of the CryptoPeriod element may be included to specify the initialization vector for the applicable segment(s) within the CryptoPeriod. If this @ IV attribute is present, then the attribute value may be used as the IV when encrypting or decrypting with an associated key. The value can be interpreted as a 128-bit hexadecimal number in textual format and can be prefixed with 0x or 0X.
  • the IV URL may be derived (at the client) from the @ ivUrlTemplate attribute (unless the @ IV attribute is present in the current CryptoPeriod element).
  • the content of the HTTP response (from the server or network to client) can contain the IV value in a textual or binary representation. For example, a 128-bit hexadecimal number in textual format and can be prefixed with 0x or 0X.
  • the number of the segment may be used (e.g., as in template construction and elsewhere in 5.3.9.4.4 of ISO/IEC 23009-1) as the IV when encrypting or decrypting that media segment.
  • the big-endian binary representation of the sequence number can be placed in a 16-octet buffer and padded (on the left) with zeros.
  • the ContentProtection element (in the MPD) includes a CryptoPeriodType element and an @ivUriTemplate attribute for indicating the IV template URL, as shown in Table 2.
  • CryptoPeriodType This specifies properties common to all cryptoperiods.
  • numberSegments O This specifies the number of segments in a cryptoperiod. In case of CryptoTimeline, this is the number of segments in each cryptoperiod of this CryptoTimeline .
  • the attribute @numSegments may be absent if this is the last CryptoPeriod element of the Period. In this case, the cryptoperiod continues till the end of this Period.
  • the attribute @numSegments may not be absent for any CryptoTimeline element.
  • keyUriTemplate M This specifies the template for key URI generation, using same syntax and variable substitution as defined in ISO/IEC 23009-1: 2012, 5.3.9.4.4.
  • @keyUriTemplate is used once each cryptoperiod.
  • $Time$ the value used is the $Time$ value of segment S(i) is used.
  • the use of @keyUriTemplate does not imply use of @ivUrlTemplate or SegmentTemplate. Key derivation rules described in ISO/IEC 23009-4 sec. 6.4.3 may be used.
  • @ivUriTemplate O This specifies the template for IV URI generation using same syntax and variable substitution, e.g., as defined in ISO/IEC 23009-1: 2012, 5.3.9.4.4.
  • Use of @ivUrlTemplate does not imply use of either @keyUriTemplate or SegmentTemplate . IV format definition in see ISO/IEC 23009-4 sec. 6.4.4.2 may be used.
  • M Mandatory
  • O Optional
  • OD Optional with Default Value
  • CM Conditionally Mandatory.
  • For elements: ⁇ minOccurs>. . . ⁇ maxOccurs> (N unbounded) Elements are bold; attributes are non-bold and preceded with an @.
  • a CryptoTimeline element is also added (to the ContentProtection element) which uses run-length coding for deriving cryptoperiod boundaries. As such, the number of first segment within each derived cryptoperiod is used to bring in a key and IV pair for the cryptoperiod.
  • the CryptoTimeline element may be configured with a plurality of attributes as shown in Table 3.
  • the key and IV templates are needed.
  • a key and IV pair can be fetched according to the key and IV templates.
  • segments in each @d duration the same key/IV pair is used.
  • the CryptoTimeline element includes an @ivBase attribute for indicating the corresponding IV, as shown in Table 4.
  • CryptoTimeline This specifies a sequence of cryptoperiods, each containing same amount of segments.
  • the time duration of cryptoperiods does not have to be constant.
  • the constant is number of segments.
  • @numCryptoPeriods O This specifies number of constant-duration cryptoperiods within this timeline. If absent, the last cryptoperiod ends with the end of the Period this ContentProtection descriptor belongs to. This implies that the amount of segments in the last cryptoperiod in this case can be smaller than specified in the @numSegments attribute.
  • @firststartOffset OD This specifies the number of unencrypted segments between the end of the last cryptoperiod and the first segment of the first cryptoperiod in this CryptoTimeline . Default value is 0. Derivation rules described in ISO/IEC 23009-4 sec. 6.4.2 may apply.
  • @ivBase OD This specifies the IV base value for this cryptoperiod. When @ivBase is present, IV is a sum of @ivBase and Segment number, e.g., as described in ISO/IEC 23009-4 6.4.4.2. If absent, the default value is 0. The attribute @ivBase is not present if @ivUriTemplate is present.
  • @aadBase OD This specifies the AAD base value for this cryptoperiod.
  • AAD is the sum of @aadBase and the Segment Number. If absent, the default value is 0.
  • the ContentProtection element in the case where there are 4-segments cryptoperiods with fixed duration can includes the following syntax:
  • FIG. 2 shows an embodiment method 200 for using a temple IV URL in addition to a template key URL for resolving content encryption in DASH.
  • a server or network 210 sends a ContentProtection element (in a MPD) indicating both a key URL template and an IV URL template.
  • a CryptoPeriod element in the ContentProtection element includes a @ivUrlTemplate attribute in addition to a @keyUrlTemplate, as shown in Table 1.
  • the ContentProtection element may also include a CryptoTimeline element for deriving one or more cryptoperiods at the client.
  • the client derives the IV URL according to @ivUrlTemplate (unless an @IV attribute is also included to indicate the IV value to the client).
  • the client also derives the key URL according to @keyUrlTemplate.
  • the client may also derive the cryptoperiods using the CryptoTimeline element if present using run-length coding (as described above).
  • the client sends the key and IV URLs, e.g., at the beginning of each of the cryptoptoperiods derived from the CryptoTimeline element or for every segment if there are no CryptoPeriod elements in the Content Protection element.
  • the server or network responds with the key and IV for each cryptoperiod or segment.
  • the client decrypt the segment(s) using the corresponding key and IV (e.g., per cryptoperiod or per segment).
  • FIG. 3 is a block diagram of a processing system 300 that can be used to implement various embodiments. Specific devices may utilize all of the components shown, or only a subset of the components and levels of integration may vary from device to device. Furthermore, a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc.
  • the processing system 300 may comprise a processing unit 301 equipped with one or more input/output devices, such as a network interfaces, storage interfaces, and the like.
  • the processing unit 301 may include a central processing unit (CPU) 310 , a memory 320 , a mass storage device 330 , and an I/O interface 360 connected to a bus.
  • the bus may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus or the like.
  • the CPU 310 may comprise any type of electronic data processor.
  • the memory 320 may comprise any type of system memory such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), a combination thereof, or the like.
  • the memory 320 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs.
  • the memory 320 is non-transitory.
  • the mass storage device 330 may comprise any type of storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus.
  • the mass storage device 330 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, an optical disk drive, or the like.
  • the processing unit 301 also includes one or more network interfaces 350 , which may comprise wired links, such as an Ethernet cable or the like, and/or wireless links to access nodes or one or more networks 380 .
  • the network interface 350 allows the processing unit 301 to communicate with remote units via the networks 380 .
  • the network interface 350 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas.
  • the processing unit 301 is coupled to a local-area network or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, remote storage facilities, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Information Transfer Between Computers (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.

Description

This application claims the benefit of U.S. Provisional Application No. 61/639,635 filed on Apr. 27, 2012 by Alexander Giladi et al. and entitled “System and Method for Short Cryptoperiods,” which is hereby incorporated herein by reference as if reproduced in its entirety.
TECHNICAL FIELD
The present invention relates to the field of media streaming, and, in particular embodiments, to a system and method for efficient support for short cryptoperiods in template mode.
BACKGROUND
Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH), also known as MPEG-DASH, is developed to enable high quality streaming of media content over the Internet delivered from conventional Hypertext Transfer Protocol (HTTP) web servers. In the DASH architecture, media content can be encoded into media streams at different rates. Media content can be segmented into a plurality of segment files that can be streamed individually and independently from a server or network to a client device, upon receiving request for content from the client. The server also provides media presentation description (MPD) corresponding to a group of segment files, e.g., for a video or program. The MPD includes information that allows the client to play the content. Segments can be obtained by the client using segment templates for generating universal resource locators (URLs) to fetch the content. The segments templates may be provided in the MPD. In the case of encrypted segments, the MPD also includes a key and randomly generated initialization vectors (IVs) that are used with the key for decrypting the segment content at the client side. An efficient representation for IVs is needed to support the segment template mode.
SUMMARY OF THE INVENTION
In accordance with an embodiment, a method for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol (DASH) includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an initialization vector (IV) that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client.
In accordance with another embodiment, a method for communicating encryption information in template mode in DASH includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.
In accordance with another embodiment, a network component for communicating encryption information in template mode in DASH includes a processor and a computer readable storage medium storing programming for execution by the processor. The programming including instructions to send in a MPD to a client a template for generating a URL to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receive from the client a URL configured according to the template, and upon receiving the URL, return an IV corresponding to the URL to the client.
In accordance with yet another embodiment, a user device for communicating encryption information in template mode in DASH includes a processor and a computer readable storage medium storing programming for execution by the processor. The programming including instructions to receive in a MPD from a network server a URL IV attribute indicating a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value in the MPD, configure a URL for the IV using the template, send the URL for the IV, and receive an IV.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawing, in which:
FIG. 1 is an example of a DASH architecture.
FIG. 2 is a flow diagram for an embodiment method for efficient representation and use of IVs for encrypted content with segment template representation in DASH; and
FIG. 3 is a diagram of a processing system that can be used to implement various embodiments.
 DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
The making and using of the presently preferred embodiments are discussed in detail below. It should be appreciated, however, that the present invention provides many applicable inventive concepts that can be embodied in a wide variety of specific contexts. The specific embodiments discussed are merely illustrative of specific ways to make and use the invention, and do not limit the scope of the invention.
FIG. 1 shows an example of a DASH architecture 100 for streaming media (e.g., video, music, games, applications, etc.) to clients (e.g., subscribers or general users). The media can include live broadcast events or programs, on demand content or video, or both. The DASH architecture 100 includes one or more media servers 110 that provide media content, e.g., in the form of segment files according to Organization for Standardization (ISO) Base Media File Format (BMFF). The DASH architecture 100 includes one or more clients 120 that comprise user equipment or devices, such as set-top boxes (STBs), desktop computers, laptop computers, tablet computers, smartphones, or any other type of mobile/personal devices. The clients 120 can receive the media content from the servers 110 over any access network 130, e.g., the Internet, a wireless local area network (WLAN), a WiFi network or hotspot, a cellular network, a cable infrastructure, a fiber optic backbone or access network, or combinations thereof. To receive content using HTTP, the clients 120 need to first request the content.
In the DASH architecture 100, the original content in the server 110 can be encoded into media streams (e.g., video streams) at different rates. A video or other media content can be segmented into a plurality of segments that can be streamed individually and independently from a server 110 to a client 120 over the access network 130. The servers 110 also provide media presentation description (MPD) corresponding to video/media files, e.g., for each group of segment files of a video or program, including information to get the segments (e.g., segment URLs) and play the content (e.g., video rate information). The servers 110 also provide universal resource locators (URLs) for the MPD files to indicate the location of the MPD files in the servers 110 or network 130.
The MPD is sent from the server 110 to the client 120 and describes a manifest (e.g., a list) of the available content (e.g., content segments), its various alternatives, URL addresses (e.g., of content segments), and other characteristics. The MPD can be delivered from a content server 110 to the client 120 using HTTP. By parsing the MPD, the client 120 learns about the content (e.g., a video or a program) timing, content or media availability, media types, resolutions, minimum and maximum bandwidths, the existence of various encoded alternatives of multimedia components, accessibility features and required digital rights management (DRM), media-component locations on the network, and other content characteristics. The media content, e.g., on demand video or a broadcast program, is divided into a plurality of addressed segments that can be forwarded separately. The segments each represents a chunk or portion of the content and has a corresponding URL and duration indicated in the MPD.
Using the information in the MPD, the client 120 selects the appropriate encoded alternative and starts streaming the content by fetching the segments of content using HTTP GET requests. For example, the information includes the locations of the files/segments in the servers 110 and/or network 130. From the MPD information, the client 120 can also determine the video rate based on network conditions for the client 120 (e.g., determine which segments files to get that match a suitable download rate).
Currently, a SegmentList field or parameter can be used in a media presentation description (MPD) for segment encryption. The SegmenList can indicate a list of segments that are encrypted. In case of encrypted segments, randomly generated initialization vectors (IVs) are also provided for decrypting the segments of the same SegmentList at the client. When a SegmentTemplate field or parameter is used in the MPD to describe a template for obtaining segments, the IVs are the segment numbers. This weakens the security of encryption, where it may be easy to learn or discover the IV sequence to decrypt and access the content without authorized access. Further, in HTTP Live Streaming (HLS), random IVs can be inserted in an m3u8 manifest (in the MPD) by putting the IVs into a #EXT-X-KEY tag. This option is not possible with the template mode representation for segments, which reduces the HLS content compatibility in the template mode.
System and method embodiments are provided herein for efficient representation and use of IVs for encrypted segments using template mode representation in DASH. The embodiments include using a URL template for deriving the IVs (at the client). By adding one extra HTTP GET request per cryptoperiod or per segment, using randomly generated IVs becomes possible. The cryptoperiod is the period in which the same decryption parameters (Key and IVs) are used. This allows compatibility in situations where the #EXT-X-KEY tag is used at relatively high frequency. A URL template attribute is added to a ContentProtection element (of the MPD) for generating URL templates for deriving the IVs. When operating in a template mode, a client can check the key and IV values, either once per cryptoperiod using the earliest segment for the $Number$ or $Time$ variable derivation from the URL template, or for every segment if there are no CryptoPeriod elements in the ContentProtection element.
In an embodiment, the ContentProtection element (in the MPD) includes the CryptoPeriod element and a @ivURLTemplate attribute for indicating the IV template URL, as shown in Table 1.
TABLE 1
Element or
Attribute Name Use Description
@schemeIdUri 1 This may be urn:mpeg:dash:segenc:2012.
CryptoPeriod 0 . . . N This specifies information and URLs
needed for derivation of key information
@keyUrlTemplate O This specifies the template for key URL
generation, e.g., using same syntax and
variable substitution as defined in
ISO/IEC 23009-1 sec. 5.3.9.4.4. For a run
of segments using the same keyUrl, the
segment number inserted is the number of
the first segment of the associated
CryptoPeriod.
Note: use of @keyUrlTemplate does not
imply use of SegmentTemplate.
@ivUrlTemplate O This specifies the URL for IV derivation,
e.g., using same syntax and variable
substitution as defined in ISO/IEC 23009-
1 sec. 5.3.9.4.4. For a CryptoPeriod
without a @IV attribute, the segment
number inserted is the number of the first
segment of the associated CryptoPeriod.
Note: use of @ivUrlTemplate does not
imply use of either @keyUrlTemplate or
SegmentTemplate.
Legend:
For attributes:
M = Mandatory,
O = Optional,
OD = Optional with Default Value,
CM = Conditionally Mandatory.
For elements: <minOccurs>. . .<maxOccurs> (N = unbounded)
Elements are bold; attributes are non-bold and preceded with an @
Additionally, an optional @ IV attribute of the CryptoPeriod element may be included to specify the initialization vector for the applicable segment(s) within the CryptoPeriod. If this @ IV attribute is present, then the attribute value may be used as the IV when encrypting or decrypting with an associated key. The value can be interpreted as a 128-bit hexadecimal number in textual format and can be prefixed with 0x or 0X.
If the @ivUrlTemplate attribute is present in the ContentProtection element, then the IV URL may be derived (at the client) from the @ ivUrlTemplate attribute (unless the @ IV attribute is present in the current CryptoPeriod element). The content of the HTTP response (from the server or network to client) can contain the IV value in a textual or binary representation. For example, a 128-bit hexadecimal number in textual format and can be prefixed with 0x or 0X. If neither the @IV nor @ivUrlTemplate attributes are present for a CryptoPeriod, the number of the segment may be used (e.g., as in template construction and elsewhere in 5.3.9.4.4 of ISO/IEC 23009-1) as the IV when encrypting or decrypting that media segment. The big-endian binary representation of the sequence number can be placed in a 16-octet buffer and padded (on the left) with zeros.
In another embodiment, the ContentProtection element (in the MPD) includes a CryptoPeriodType element and an @ivUriTemplate attribute for indicating the IV template URL, as shown in Table 2.
TABLE 2
Element or
Attribute Name Use Description
CryptoPeriodType This specifies properties common to all
cryptoperiods.
@numSegments O This specifies the number of segments
in a cryptoperiod. In case of
CryptoTimeline, this is the number of
segments in each cryptoperiod of
this CryptoTimeline.
The attribute @numSegments may be
absent if this is the last CryptoPeriod
element of the Period. In this case, the
cryptoperiod continues till the end of
this Period. The attribute @numSegments
may not be absent for any
CryptoTimeline element.
@keyUriTemplate M This specifies the template for key
URI generation, using same syntax and
variable substitution as defined in
ISO/IEC 23009-1: 2012, 5.3.9.4.4. Attribute
@keyUriTemplate is used once each
cryptoperiod. Thus for a cryptoperiod
CP(i, d), the @keyUriTemplate URI
is constructed with $Number$ = i.
Same applies for $Time$: the value used
is the $Time$ value of segment S(i) is
used. The use of @keyUriTemplate
does not imply use of @ivUrlTemplate
or SegmentTemplate.
Key derivation rules described in ISO/IEC
23009-4 sec. 6.4.3 may be used.
@ivUriTemplate O This specifies the template for IV URI
generation using same syntax and variable
substitution, e.g., as defined in ISO/IEC
23009-1: 2012, 5.3.9.4.4. @ivUriTemplate
is used once each cryptoperiod, thus for a
cryptoperiod CP(i, d), the @ivUrlTemplate
URI is constructed with $Number$ = i.
Same applies for $Time$: the value used is
the $Time$ value of segment S(i) is used.
Use of @ivUrlTemplate does not imply
use of either @keyUriTemplate or
SegmentTemplate. IV format
definition in see ISO/IEC 23009-4 sec.
6.4.4.2 may be used.
Legend:
For attributes:
M = Mandatory,
O = Optional,
OD = Optional with Default Value,
CM = Conditionally Mandatory.
For elements: <minOccurs>. . .<maxOccurs> (N = unbounded)
Elements are bold; attributes are non-bold and preceded with an @.
Frequent cryptoperiod changes are common in the IPTV/Cable ecosystem, where same key and initialization vector combination can exist for 2 to 10 seconds. This can be accommodated in using multiple CryptoPeriod elements. However, when MPD updates are infrequent, the amount of MPD space taken up by the CryptoPeriod elements becomes significant. On the other hand, cryptoperiods tend to have easily predictable lengths (e.g., constant duration of 4 segments). Thus, run-length coding declaring, for example, 120 10-segment cryptoperiods can save about 119 unnecessary lines in a ContentProtection element. When used together with key and IV templates, the overall saving is about 90% in HTTP requests for keys and IVs. In an embodiment, a CryptoTimeline element is also added (to the ContentProtection element) which uses run-length coding for deriving cryptoperiod boundaries. As such, the number of first segment within each derived cryptoperiod is used to bring in a key and IV pair for the cryptoperiod. The CryptoTimeline element may be configured with a plurality of attributes as shown in Table 3.
TABLE 3
Element or
Attribute Name Use Description
CryptoTimeline CryptoTimeline element specifying a
sequence of constant-duration
cryptoperiods of segments.
@n O Number of constant-duration
cryptoperiods within this timeline. If
absent, the last cryptoperiod ends with the
end of the period that this
ContentProtection element belongs to.
@d M Cryptoperiod duration, in segments, of
every period in this CryptoTimeline.
@offset O Number of segments between the end of
the previous CryptoTimeline element and
this CryptoTimeline. Zero if absent. In
case this is the first CryptoTimeline, the
segment number is the first Segment
Number of this Period.
Legend:
For attributes:
M = Mandatory,
O = Optional,
OD = Optional with Default Value,
CM = Conditionally Mandatory.
For elements: <minOccurs>. . .<maxOccurs> (N = unbounded)
Elements are bold; attributes are non-bold and preceded with an @
In the case of using the CryptoTimeline element above, the key and IV templates (as described above) are needed. For each CryptoTimeline element, at the beginning of every period specified by the CryptoTimeline, a key and IV pair can be fetched according to the key and IV templates. For segments in each @d duration, the same key/IV pair is used.
In another embodiment, the CryptoTimeline element includes an @ivBase attribute for indicating the corresponding IV, as shown in Table 4.
TABLE 4
Element or
Attribute Name Use Description
CryptoTimeline This specifies a sequence of cryptoperiods,
each containing same amount of segments.
The time duration of cryptoperiods does
not have to be constant. The constant
is number of segments.
@numCryptoPeriods O This specifies number of constant-duration
cryptoperiods within this timeline. If
absent, the last cryptoperiod ends with
the end of the Period this
ContentProtection descriptor
belongs to. This implies that the amount
of segments in the last cryptoperiod in
this case can be smaller than specified
in the @numSegments attribute.
@firststartOffset OD This specifies the number of unencrypted
segments between the end of the last
cryptoperiod and the first segment of the
first cryptoperiod in this CryptoTimeline.
Default value is 0.
Derivation rules described in ISO/IEC
23009-4 sec. 6.4.2 may apply.
@ivBase OD This specifies the IV base value for this
cryptoperiod. When @ivBase is present,
IV is a sum of @ivBase and Segment
number, e.g., as described in ISO/IEC
23009-4 6.4.4.2. If absent, the default
value is 0.
The attribute @ivBase is not present
if @ivUriTemplate is present.
@aadBase OD This specifies the AAD base value for
this cryptoperiod. AAD is the sum of
@aadBase and the Segment Number.
If absent, the default value is 0.
CryptoPeriodType This specifies the common attributes and
elements (attributes and elements from
base type CryptoPeriodType), e.g., as
described in ISO/IEC 23009-4 sec. 5.1.4.
Legend:
For attributes:
M = Mandatory,
O = Optional,
OD = Optional with Default Value,
CM = Conditionally Mandatory.
For elements: <minOccurs>. . .<maxOccurs> (N = unbounded)
Elements are bold; attributes are non-bold and preceded with an @.

Typically, in a key rotation scenario, @firstStartOffset and @numCryptoPeriods are not specified, and the key/IV pair can change every @numSegments segments.
In an example, the ContentProtection element in the case where there are 4-segments cryptoperiods with fixed duration can includes the following syntax:
<ContentProtection
 schemeIdUri=″urn:mpeg:dash:segenc:2012″>
segenc:keyUrlTemplate=”https://example.com/keys/key.cgi?cid=
c0c96a693f6b&amp;sn=$Number$05d$″
segenc:ivUrlTemplate=″http://example.com/keys/iv.cgi?cid=
c0c96a693f6b&amp;sn=$Number$05d$″>
 <segenc:CryptoTimeline d=″4″/>
</ContentProtection>

Accordingly, during each cryptoperiod, the key and IV are requested from a license server. For example, for the first 4 segments, the key URL is https://example.com/keys/key.cgi?cid=c0c96a693f6b&amp;sn=00001, and the IV URL is http://example.com/keys/iv.cgi?cid=c0c96a693f6b&amp;sn=00001. For the next segments 5 to 8, the key URL is https://example.com/keys/key.cgi?cid=c0c96a693f6b&amp;sn=00005, and the IV URL is http://example.com/keys/iv.cgi?cid=c0c96a693f6b&amp;sn=000015.
FIG. 2 shows an embodiment method 200 for using a temple IV URL in addition to a template key URL for resolving content encryption in DASH. At step 201, a server or network 210 sends a ContentProtection element (in a MPD) indicating both a key URL template and an IV URL template. For instance, a CryptoPeriod element in the ContentProtection element includes a @ivUrlTemplate attribute in addition to a @keyUrlTemplate, as shown in Table 1. The ContentProtection element may also include a CryptoTimeline element for deriving one or more cryptoperiods at the client. At step 202, the client derives the IV URL according to @ivUrlTemplate (unless an @IV attribute is also included to indicate the IV value to the client). The client also derives the key URL according to @keyUrlTemplate. The client may also derive the cryptoperiods using the CryptoTimeline element if present using run-length coding (as described above). At step 203, the client sends the key and IV URLs, e.g., at the beginning of each of the cryptoptoperiods derived from the CryptoTimeline element or for every segment if there are no CryptoPeriod elements in the Content Protection element. At step 204, the server or network responds with the key and IV for each cryptoperiod or segment. At step 205, the client decrypt the segment(s) using the corresponding key and IV (e.g., per cryptoperiod or per segment).
FIG. 3 is a block diagram of a processing system 300 that can be used to implement various embodiments. Specific devices may utilize all of the components shown, or only a subset of the components and levels of integration may vary from device to device. Furthermore, a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc. The processing system 300 may comprise a processing unit 301 equipped with one or more input/output devices, such as a network interfaces, storage interfaces, and the like. The processing unit 301 may include a central processing unit (CPU) 310, a memory 320, a mass storage device 330, and an I/O interface 360 connected to a bus. The bus may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus or the like.
The CPU 310 may comprise any type of electronic data processor. The memory 320 may comprise any type of system memory such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), a combination thereof, or the like. In an embodiment, the memory 320 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs. In embodiments, the memory 320 is non-transitory. The mass storage device 330 may comprise any type of storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus. The mass storage device 330 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, an optical disk drive, or the like.
The processing unit 301 also includes one or more network interfaces 350, which may comprise wired links, such as an Ethernet cable or the like, and/or wireless links to access nodes or one or more networks 380. The network interface 350 allows the processing unit 301 to communicate with remote units via the networks 380. For example, the network interface 350 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas. In an embodiment, the processing unit 301 is coupled to a local-area network or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, remote storage facilities, or the like.
While this invention has been described with reference to illustrative embodiments, this description is not intended to be construed in a limiting sense. Various modifications and combinations of the illustrative embodiments, as well as other embodiments of the invention, will be apparent to persons skilled in the art upon reference to the description. It is therefore intended that the appended claims encompass any such modifications or embodiments.

Claims (19)

What is claimed is:
1. A method for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol (DASH), the method comprising:
sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an initialization vector (IV) that is used for encrypting a segment, wherein the segment is associated with a cryptoperiod where a plurality of segments are encrypted with the same encryption parameters;
including, in the MPD, a CryptoTimeline element for deriving one or more cryptoperiods at the client using run-length coding, the CryptoTimeline element indicating a sequence of cryptoperiods of constant duration each including the same number of segments, wherein the CryptoTimeline element includes a first optional attribute for indicating a number of constant-duration cryptoperiods within a timeline, a second mandatory attribute for indicating, by a number of segments, a cryptoperiod duration of every period in the timeline, and a third optional attribute for indicating a number of segments between the end of a previous CryptoTimeline element and the timeline;
in absence of an IV value in the MPD, receiving from the client a URL for the IV configured according to the IV URL template associated with at least one of the one or more cryptoperiods within the timeline; and
upon receiving the IV URL, returning an IV value corresponding to the IV URL to the client for decrypting each of the plurality of segments associated with the at least one cryptoperiod.
2. The method of claim 1 further comprising indicating in the MPD an IV attribute that indicates an IV value that causes the client to use the IV value for decrypting the segment regardless of the presence of the template for the URL of the IV.
3. The method of claim 1, wherein the MPD includes a CryptoPeriod element including an IV URL template attribute for indicating the template for generating the URL for the IV and a key URL template attribute for indicating another template for generating a URL for a key, and wherein the encryption parameters for the plurality of segments associated with the cryptoperiod include the IV and the key;
the method further comprising:
receiving from the client a URL for the key configured according to the key URL template associated with the at least one cryptoperiod; and
upon receiving the key URL, returning a key value corresponding to the key URL to the client for decrypting each of the plurality of segments associated with the at least one cryptoperiod.
4. The method of claim 3 further comprising providing the client with corresponding key and IV values per each of the one or more cryptoperiods within the timeline at the beginning of each cryptoperiod.
5. The method of claim 4 wherein the IV URL and the key URL are configured at the client once per associated cryptoperiod using an earliest segment for a number or time variable derivation from a template associated with the segment in the MPD.
6. The method of claim 1, wherein the returned IV value to the client is in a textual or binary representation in the body of an HTTP response.
7. A method for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol (DASH), the method comprising:
receiving in a media presentation description (MPD), at a client from a network server, a template for generating a universal resource locator (URL) to obtain an initialization vector (IV) that is used for encrypting a segment, wherein the segment is associated with a cryptoperiod where a plurality of segments are encrypted with the same encryption parameters, wherein the MPD includes a CryptoTimeline element indicating a sequence of cryptoperiods of constant duration each including the same number of segments, and wherein the CryptoTimeline element includes a first optional attribute for indicating a number of constant-duration cryptoperiods within a timeline, a second mandatory attribute for indicating, by a number of segments, a cryptoperiod duration of every period in the timeline, and a third optional attribute for indicating a number of segments between the end of a previous CryptoTimeline element and the timeline;
deriving one or more cryptoperiods from the CryptoTimeline element using run-length coding;
upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the IV URL template associated with at least one of the one or more cryptoperiods within the timeline;
sending the URL for the IV to the network server;
receiving an IV value corresponding to the IV URL for the at least one cryptoperiod from the network server; and
using the IV value to decrypt each of the plurality of segments associated with the at least one cryptoperiod.
8. The method of claim 7 further comprising:
receiving in the MPD, an IV attribute that indicates an IV value; and
upon detecting the IV value, using the IV value for decrypting the segment regardless of the presence of the template for the URL of the IV.
9. The method of claim 7 further comprising:
receiving in the MPD, an IV base attribute that indicates an IV base value; and
upon detecting the IV base value, obtaining an IV value for decrypting the segment as a sum of the IV base value and a segment number for the segment.
10. The method of claim 7 further comprising:
detecting whether there is an IV value, an IV base value, or a template for a URL of the IV in the MPD; and
upon determining the absence of IV value, IV base value, and template for a URL of the IV, using a number of the segment as an IV to decrypt the segment.
11. The method of claim 7 wherein the MPD includes a CryptoPeriod element including an IV URL template attribute for indicating the template for generating the URL for the IV and a key URL template attribute for indicating another template for generating a URL for a key, and wherein the encryption parameters for the plurality of segments associated with the cryptoperiod include the IV and the key;
the method further comprising:
configuring a URL for the key using the key URL template associated with the at least one cryptoperiod;
sending the URL for the key to the network server;
receiving a key value corresponding to the key URL for the at least one cryptoperiod from the network server; and
using the key value to decrypt each of the plurality of segments associated with the at least one cryptoperiod.
12. The method of claim 11 further comprising fetching corresponding IV and key values from the network server per each of the one or more cryptoperiods within the timeline at the beginning of each cryptoperiod.
13. The method of claim 12, wherein the IV URL and the key URL are configured once per associated cryptoperiod using an earliest segment for a number or time variable derivation from a template associated with the segment in the MPD.
14. A network component for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol (DASH), the network component comprising:
a processor; and
a non-transitory computer readable storage medium storing programming for execution by the processor, the programming including instructions when executed causing the processor to:
send in a media presentation description (MPD) to a client a template for generating a universal resource locator (URL) to obtain an initialization vector (IV) that is used for encrypting a segment, wherein the segment is associated with a cryptoperiod where a plurality of segments are encrypted with the same encryption parameters;
include, in the MPD, a CryptoTimeline element for deriving one or more cryptoperiods at the client using run-length coding, the CryptoTimeline element indicating a sequence of cryptoperiods of constant duration each including the same number of segments, wherein the CryptoTimeline element includes a first optional attribute for indicating a number of constant-duration cryptoperiods within a timeline, a second mandatory attribute for indicating, by a number of segments, a cryptoperiod duration of every period in the timeline, and a third optional attribute for indicating a number of segments between the end of a previous CryptoTimeline element and the timeline;
in absence of an IV value in the MPD, receive from the client a URL for the IV configured according to the IV URL template associated with at least one of the one or more cryptoperiods within the timeline; and
upon receiving the IV URL, return an IV value corresponding to the IV URL to the client for decrypting each of the plurality of segments associated with the at least one cryptoperiod.
15. The network component of claim 14, wherein the MPD includes a CryptoPeriod element including an IV URL template attribute for indicating the template for generating the URL for the IV and a key URL template attribute for indicating another template for generating a URL for a key, and wherein the IV and the key are encryption parameters for the plurality of segments associated with the cryptoperiod;
the programming instructions when executed further causing the processor to:
receive from the client a URL for the key configured according to the key URL template associated with the at least one cryptoperiod;
upon receiving the key URL, return a key value corresponding to the key URL to the client for decrypting each of the plurality of segments associated with the at least one cryptoperiod.
16. The network component of claim 15, the programming instructions when executed further causing the processor to provide the client with corresponding key and IV values per each of the one or more cryptoperiods within the timeline at the beginning of each cryptoperiod, wherein the IV URL and the key URL are configured at the client once per associated cryptoperiod using an earliest segment for a number or time variable derivation from a template associated with the segment in the MPD.
17. A user device for communicating encryption information in template mode in dynamic adaptive streaming over hypertext transfer protocol (DASH), the user device comprising:
a processor; and
a non-transitory computer readable storage medium storing programming for execution by the processor, the programming including instructions when executed causing the processor to:
receive in a media presentation description (MPD) from a network server a universal resource location (URL) initialization vector (IV) attribute indicating a template for generating a URL to obtain an IV that is used for encrypting a segment, wherein the segment is associated with a cryptoperiod where a plurality of segments are encrypted with the same encryption parameters, wherein the MPD includes a CryptoTimeline element indicating a sequence of cryptoperiods of constant duration each including the same number of segments, and wherein the CryptoTimeline element comprises a first optional attribute for indicating a number of constant-duration cryptoperiods within a timeline, a second mandatory attribute for indicating, by a number of segments, a cryptoperiod duration of every period in the timeline, and a third optional attribute for indicating a number of segments between the end of a previous CryptoTimeline element and the timeline;
derive one or more cryptoperiods from the CryptoTimeline element using run-length coding;
upon detecting an absence of an IV value in the MPD, configure a URL for the IV using the IV URL template associated with at least one of the one or more cryptoperiods within the timeline;
send the URL for the IV to the network server;
receive an IV value corresponding to the IV URL for the at least one cryptoperiod from the network server; and
use the IV value to decrypt each of the plurality of segments associated with the at least one cryptoperiod.
18. The user device of claim 17 wherein the MPD includes a CryptoPeriod element including an IV URL template attribute for indicating the template for generating the URL for the IV and a key URL template attribute for indicating another template for generating a URL for a key, and wherein the encryption parameters for the plurality of segments associated with the cryptoperiod include the IV and the key;
the programming instructions when executed further causing the processor to:
configure a URL for the key using the key URL template associated with the at least one cryptoperiod;
send the URL for the key to the network server; and
receive a key value corresponding to the key URL for the at least one cryptoperiod from the network server; and
use the key value to decrypt each of the plurality of segments associated with the at least one cryptoperiod.
19. The user device of claim 18, the programming instructions when executed further causing the processor to fetch corresponding IV and key values from the network server per each of the one or more cryptoperiods within the timeline at the beginning of each cryptoperiod, wherein the IV URL and the key URL are configured once per associated cryptoperiod using an earliest segment for a number or time variable derivation from a template associated with the segment in the MPD.
US13/871,889 2012-04-27 2013-04-26 System and method for efficient support for short cryptoperiods in template mode Active 2033-11-19 US9270461B2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
JP2015509203A JP5861220B2 (en) 2012-04-27 2013-04-26 System and method for effective support for short term crypto periods in template mode
US13/871,889 US9270461B2 (en) 2012-04-27 2013-04-26 System and method for efficient support for short cryptoperiods in template mode
CN201611006035.1A CN106452759B (en) 2012-04-27 2013-04-26 Systems and methods for efficiently supporting short encryption intervals in template mode
CN201380022345.0A CN104255010B (en) 2012-04-27 2013-04-26 Support for short cryptoperiods in template mode
PCT/US2013/038521 WO2013184248A1 (en) 2012-04-27 2013-04-26 Support for short cryptoperiods in template mode
KR1020147032698A KR101603136B1 (en) 2012-04-27 2013-04-26 Support for short cryptoperiods in template mode
US14/954,765 US10171233B2 (en) 2012-04-27 2015-11-30 System and method for efficient support for short cryptoperiods in template mode

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201261639635P 2012-04-27 2012-04-27
US13/871,889 US9270461B2 (en) 2012-04-27 2013-04-26 System and method for efficient support for short cryptoperiods in template mode

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/954,765 Continuation US10171233B2 (en) 2012-04-27 2015-11-30 System and method for efficient support for short cryptoperiods in template mode

Publications (2)

Publication Number Publication Date
US20130290698A1 US20130290698A1 (en) 2013-10-31
US9270461B2 true US9270461B2 (en) 2016-02-23

Family

ID=49478425

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/871,889 Active 2033-11-19 US9270461B2 (en) 2012-04-27 2013-04-26 System and method for efficient support for short cryptoperiods in template mode
US14/954,765 Active US10171233B2 (en) 2012-04-27 2015-11-30 System and method for efficient support for short cryptoperiods in template mode

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/954,765 Active US10171233B2 (en) 2012-04-27 2015-11-30 System and method for efficient support for short cryptoperiods in template mode

Country Status (6)

Country Link
US (2) US9270461B2 (en)
EP (2) EP3029941B1 (en)
JP (1) JP5861220B2 (en)
KR (1) KR101603136B1 (en)
CN (2) CN106452759B (en)
WO (1) WO2013184248A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170195990A1 (en) * 2015-12-30 2017-07-06 Quixey, Inc. Broadcasting Local Function Templates to Proximate Mobile Computing Devices
US20190132120A1 (en) * 2017-10-27 2019-05-02 EMC IP Holding Company LLC Data Encrypting System with Encryption Service Module and Supporting Infrastructure for Transparently Providing Encryption Services to Encryption Service Consumer Processes Across Encryption Service State Changes
US10673710B2 (en) * 2015-11-18 2020-06-02 Level 3 Communications, Llc Service activation system
US20200304497A1 (en) * 2018-08-07 2020-09-24 Microsoft Technology Licensing, Llc Encryption parameter selection

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015081218A1 (en) 2013-11-27 2015-06-04 Interdigital Patent Holdings, Inc. Media presentation description
CN103716166A (en) * 2013-12-27 2014-04-09 哈尔滨工业大学深圳研究生院 Self-adaptation hybrid encryption method and device and encryption communication system
US11310302B2 (en) 2014-01-09 2022-04-19 Samsung Electronics Co., Ltd. Method and apparatus for streaming dash content over broadcast channels
KR102379530B1 (en) * 2015-01-07 2022-03-29 삼성전자주식회사 Method and apparatus for transmitting and receiving media information in a communication system
WO2016172473A1 (en) 2015-04-24 2016-10-27 Vid Scale, Inc. Detecting man-in-the-middle attacks in adaptive streaming
MX2018008395A (en) * 2016-01-15 2018-08-15 Sony Corp Reception device, transmission device, and data processing method.
CN107276969B (en) * 2016-04-08 2019-11-22 杭州海康威视数字技术股份有限公司 A kind of transmission method and device of data
US10440085B2 (en) 2016-12-30 2019-10-08 Facebook, Inc. Effectively fetch media content for enhancing media streaming
US10476943B2 (en) * 2016-12-30 2019-11-12 Facebook, Inc. Customizing manifest file for enhancing media streaming
JP7142040B2 (en) 2017-07-06 2022-09-26 フラウンホーファー-ゲゼルシャフト・ツール・フェルデルング・デル・アンゲヴァンテン・フォルシュング・アインゲトラーゲネル・フェライン split video streaming concept
US12034835B2 (en) * 2018-01-31 2024-07-09 Comcast Cable Communications, Llc Managing encryption keys for content
CN109120998B (en) * 2018-08-28 2021-04-02 苏州科达科技股份有限公司 Media data transmission method, device and storage medium
JP2022525809A (en) 2019-03-22 2022-05-19 シンジェンタ クロップ プロテクション アクチェンゲゼルシャフト N- [1- (5-bromo-2-pyrimidine-2-yl-1,2,4-triazole-3-yl) ethyl] -2-cyclopropyl-6- (trifluoromethyl) pyridine as an insecticide -4-Carboxamide Derivatives and Related Compounds
CN111556340B (en) * 2020-05-21 2022-04-22 西安工业大学 Safe cross-platform video stream playing method
US11470136B2 (en) * 2020-10-07 2022-10-11 Tencent America LLC URL customization using the session-based dash operations
RU2764960C1 (en) * 2021-01-28 2022-01-24 федеральное государственное казенное военное образовательное учреждение высшего образования "Краснодарское высшее военное орденов Жукова и Октябрьской Революции Краснознаменное училище имени генерала армии С.М. Штеменко" Министерства обороны Российской Федерации Method and apparatus for forming cryptocode structures for imitation-resistant data transmission over communication channels

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060184790A1 (en) * 2004-03-26 2006-08-17 Microsoft Corporation Protecting elementary stream content
US7684568B2 (en) * 2003-11-24 2010-03-23 Intellon Corporation Encrypting data in a communication network
WO2010078281A2 (en) 2008-12-31 2010-07-08 Apple Inc. Real-time or near real-time streaming
US20110231519A1 (en) * 2006-06-09 2011-09-22 Qualcomm Incorporated Enhanced block-request streaming using url templates and construction rules
US20120023251A1 (en) * 2010-07-20 2012-01-26 Microsoft Corporation Dynamic composition of media
US20120090036A1 (en) 2010-10-07 2012-04-12 Samsung Electronics Co., Ltd. Method and apparatus for providing drm service
US20120114118A1 (en) * 2010-11-05 2012-05-10 Samsung Electronics Co., Ltd. Key rotation in live adaptive streaming
US20120233345A1 (en) * 2010-09-10 2012-09-13 Nokia Corporation Method and apparatus for adaptive streaming
US20120246462A1 (en) * 2011-03-23 2012-09-27 General Instrument Corporation System and methods for providing live streaming content using digital rights management-based key management
US20120259946A1 (en) * 2011-04-07 2012-10-11 Qualcomm Incorporated Network streaming of video data using byte range requests
US20130007223A1 (en) * 2006-06-09 2013-01-03 Qualcomm Incorporated Enhanced block-request streaming system for handling low-latency streaming
US20130246643A1 (en) * 2011-08-31 2013-09-19 Qualcomm Incorporated Switch signaling methods providing improved switching between representations for adaptive http streaming
US20130290697A1 (en) * 2012-04-26 2013-10-31 Futurewei Technologies, Inc. System and Method for Signaling Segment Encryption and Key Derivation for Adaptive Streaming
US20140226814A1 (en) * 2011-03-16 2014-08-14 Zte (Usa) Inc. Methods and apparatus for independent decryption of encrypted video frames

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006010211A1 (en) * 2004-07-28 2006-02-02 Ronald Wayne Spencer A locator device and system
US8935187B2 (en) * 2007-03-07 2015-01-13 Playspan, Inc. Distributed payment system and method
KR20120010164A (en) * 2010-07-19 2012-02-02 삼성전자주식회사 DRM service providing method and apparatus
KR20120034550A (en) * 2010-07-20 2012-04-12 한국전자통신연구원 Apparatus and method for providing streaming contents

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7684568B2 (en) * 2003-11-24 2010-03-23 Intellon Corporation Encrypting data in a communication network
US20060184790A1 (en) * 2004-03-26 2006-08-17 Microsoft Corporation Protecting elementary stream content
US20130007223A1 (en) * 2006-06-09 2013-01-03 Qualcomm Incorporated Enhanced block-request streaming system for handling low-latency streaming
US20110231519A1 (en) * 2006-06-09 2011-09-22 Qualcomm Incorporated Enhanced block-request streaming using url templates and construction rules
WO2010078281A2 (en) 2008-12-31 2010-07-08 Apple Inc. Real-time or near real-time streaming
US20120023251A1 (en) * 2010-07-20 2012-01-26 Microsoft Corporation Dynamic composition of media
US20120233345A1 (en) * 2010-09-10 2012-09-13 Nokia Corporation Method and apparatus for adaptive streaming
US20120090036A1 (en) 2010-10-07 2012-04-12 Samsung Electronics Co., Ltd. Method and apparatus for providing drm service
US20120114118A1 (en) * 2010-11-05 2012-05-10 Samsung Electronics Co., Ltd. Key rotation in live adaptive streaming
US20140226814A1 (en) * 2011-03-16 2014-08-14 Zte (Usa) Inc. Methods and apparatus for independent decryption of encrypted video frames
US20120246462A1 (en) * 2011-03-23 2012-09-27 General Instrument Corporation System and methods for providing live streaming content using digital rights management-based key management
US20120259946A1 (en) * 2011-04-07 2012-10-11 Qualcomm Incorporated Network streaming of video data using byte range requests
US20130246643A1 (en) * 2011-08-31 2013-09-19 Qualcomm Incorporated Switch signaling methods providing improved switching between representations for adaptive http streaming
US20130290697A1 (en) * 2012-04-26 2013-10-31 Futurewei Technologies, Inc. System and Method for Signaling Segment Encryption and Key Derivation for Adaptive Streaming

Non-Patent Citations (20)

* Cited by examiner, † Cited by third party
Title
"Information technology-Dynamic adaptive streaming over HTTP (DASH)-Part 1: Media presentation description and segment formats," International Standard, ISO/IEC 23009-1, First Edition, Apr. 1, 2012, 134 pgs.
"ISO/IEC FDIS 23009-4," International Ogranisation for Standardisation Organisation Internationale De Normalisation ISO/IEC JTC1/SC29/WG11 Coding of Moving Pictures and Audio, International Standard, Jan. 2013, 34 pgs.
"Segment Encryption for DASH segments," International Ogranisation for Standardisation Organisation Internationale De Normalisation ISO/IEC JTC1/SC29/WG11 Coding of Moving Pictures and Audio, Feb. 2012, 5 pgs.
(Committe Draft), "ISO/IEC CD 23009-4: Information technology-Dynamic adaptive streaming over HTTP (DASH)-Part 4: Segment encryption and authentication", ISO/IEC JTC 1/SC 29N, ISO/IEC JTC 1/SC 29/WG 11, May 12, 2012. *
Anthony Vetro, "The MPEG-DASH Standard for Multimedia Streaming Over the Internet," Industry and Standards, IEEE Computer Society, 2011, 7 pages.
Extended European Search Report received in Application No. 13799904.1-1908, mailed Dec. 5, 2014, 8 pages.
Giladi, A., Singer, D.; "ISO/IEC FDIS 23009-4: Information technology-Dynamic adaptive streaming over HTTP (DASH)-Part 4: Segment encryption and authentication"; ISO/IEC JTC1/SC29/WG11 MPEG2013/wxxxxx, Jan. 2013, Geneva, Switzerland. *
Giladi, Alex et al., "ISO/IEC FDIS 23009-4," International Organisation for Standardisation, ISO/IEC JTC1/SC29/WG11 Coding of Moving Pictures and Audio, Geneva, Switzerland, Jan. 21, 2013, 33 pages.
Gregorio, et al., RFC 6570, "URI Template," Internet Engineering Task Force (IETF), Category: Standards Track, ISSN: 2070-1721, Standards Track, Mar. 2012, 24 pages.
Hartung, Frank et al., "DRM Protected Dynamic Adaptive HTTP Streaming," Feb. 23, 2011, pp. 277-282.
International Search Report and Written Opinion received in International Application No. PCT/US13/38521 mailed Sep. 27, 2013, 6 pages.
Media Presentation Description and Segment Formats, "Information Technology-Dynamic Adaptive Streaming over HTTP (DASH)-Part 1: Media Presentation Description and Segment Formats," ISO/IEC 23009-1:2012(E), Jan. 5, 2012, 134 pages.
Mitsuhiro Hirabayashi, "Realizing seamless streaming delivery using existing Web server, Unfolding next-generation standard "MPEG-DASH" of streaming delivery," Network Software Development Department, Technical Development Department, Sony Corporation, Mar. 19, 2012, 24 pages. (including translation).
Pantos, R., "Http Live Streaming, draft-pantos-http-live-streaming-08," http://datatracker.ietf.org/drafts/current/, Mar. 23, 2012, 33 pages.
Pantos, R., "HTTP Live Streaming, draft-pantos-http-live-streaming-14," https://datatracker.ietf.org/doc/draft-pantos-http-live-streaming, Oct. 14, 2014, 41 pages.
Pantos, R., et al., "HTTP Live Streaming," Informational Internet-Draft, Oct. 15, 2012, pp. 1-38.
Piron, L., Giladi, A., and Singer, D.; "Segment Encryption for DASH segments"; Working Draft, ISO/IEC JTC1/SC29/WG11, MPEG2012/N 12526, Feb. 2012, San Jose, USA. *
Piron, Laurent et al., "Segment Encryption for DASH Segments," International Organisation for Standardisation ISO/IECJTC1/SC29/WG11 Coding of Moving Pictures and Audio, San Jose, Feb. 10, 2012, 5 pages.
Systems Subgroup, "WD of ISO/IEC 23009-3 Implementation Guidelines," International Ogranisation for Standardisation Organisation Internationale De Normalisation ISO/IEC JTC1/SC29/WG11 Coding of Moving Pictures and Audio, Feb. 2012, 15 pgs.
Wang, X., Liu, Y., Zhang, S.; "On Key Derivation and Transport for DASH Segment Encryption"; ISO/IEC JTC1/SC29/WG11, MPEG2012/m24967, Apr. 2012, Geneva, Switzerland. *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10673710B2 (en) * 2015-11-18 2020-06-02 Level 3 Communications, Llc Service activation system
US20170195990A1 (en) * 2015-12-30 2017-07-06 Quixey, Inc. Broadcasting Local Function Templates to Proximate Mobile Computing Devices
US10257284B2 (en) * 2015-12-30 2019-04-09 Samsung Electronics Co., Ltd. Broadcasting local function templates to proximate mobile computing devices
US20190132120A1 (en) * 2017-10-27 2019-05-02 EMC IP Holding Company LLC Data Encrypting System with Encryption Service Module and Supporting Infrastructure for Transparently Providing Encryption Services to Encryption Service Consumer Processes Across Encryption Service State Changes
US10439804B2 (en) * 2017-10-27 2019-10-08 EMC IP Holding Company LLC Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes
US20200304497A1 (en) * 2018-08-07 2020-09-24 Microsoft Technology Licensing, Llc Encryption parameter selection
US11805122B2 (en) * 2018-08-07 2023-10-31 Microsoft Technology Licensing, Llc Encryption parameter selection

Also Published As

Publication number Publication date
KR101603136B1 (en) 2016-03-14
CN104255010B (en) 2017-01-25
EP3029941B1 (en) 2018-11-14
JP2015520557A (en) 2015-07-16
JP5861220B2 (en) 2016-02-16
CN106452759B (en) 2019-11-19
CN106452759A (en) 2017-02-22
EP3029941A1 (en) 2016-06-08
US10171233B2 (en) 2019-01-01
US20130290698A1 (en) 2013-10-31
EP2834984A4 (en) 2015-02-11
CN104255010A (en) 2014-12-31
WO2013184248A1 (en) 2013-12-12
KR20150004392A (en) 2015-01-12
US20160099805A1 (en) 2016-04-07
EP2834984B1 (en) 2016-03-30
EP2834984A1 (en) 2015-02-11

Similar Documents

Publication Publication Date Title
US10171233B2 (en) System and method for efficient support for short cryptoperiods in template mode
US10188134B2 (en) Authenticated encryption support in DASH based segmented streaming media distribution
EP2859707B1 (en) Signaling and handling content encryption and rights management in content transport and delivery
US9787652B2 (en) System and method for signaling segment encryption and key derivation for adaptive streaming
US9015477B2 (en) System and method for secure asynchronous event notification for adaptive streaming based on ISO base media file format
US9385998B2 (en) Signaling and carriage of protection and usage information for dynamic adaptive streaming
US20150199498A1 (en) Flexible and efficient signaling and carriage of authorization acquisition information for dynamic adaptive streaming
US11647237B1 (en) Method and apparatus for secure video manifest/playlist generation and playback
EP3103262A1 (en) Client behavior control in adaptive streaming
US9843615B2 (en) Signaling and handling of forensic marking for adaptive streaming

Legal Events

Date Code Title Description
AS Assignment

Owner name: FUTUREWEI TECHNOLOGIES, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GILADI, ALEXANDER;ZHANG, SHAOBO;SIGNING DATES FROM 20130509 TO 20131111;REEL/FRAME:031943/0628

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8