This invention is related to multimedia transport networks such as video distribution networks, and to conditional access systems for accessing multimedia content transported via such a network.
There is currently in use a wide-array of technologies, protocols and standards for distributing multimedia services, e.g., video and audio programs. Existing multimedia transport networks provide the basic infrastructure for transporting such services from content providers to consumers. For example, one multimedia transport network model connects content providers, intermediaries and consumer set-top boxes together to enable effective distribution of multimedia services in real-time. The end result gives end-users, e.g., consumers, the ability to watch, play or otherwise interact with a selection of programs and services, e.g., video and audio programs, from a wide-array of sources.
Many transport networks are broadcast-oriented in that content providers or intermediaries send roughly the same signal representing one or more multimedia services to a plurality of end-users (consumers). Conditional access (CA) systems have been developed to control the usage and distribution of such services. A CA system provides one or more service providers and/or one or more intermediaries the ability to control who has access to such multimedia services. This is done for a numbers of reasons including to ensure that consumers pay for such service and/or to selectively allow or restrict consumer access to specific programs.
CA systems are often incompatible with each other, e.g., they include proprietary or secret components, and thus make interoperability difficult for content providers, intermediaries and consumers alike. There have been some efforts by industry groups to provide interoperability between CA systems. The Digital Video Broadcasting (DVB) Group (The DVB Project, Geneva, Switzerland) has developed a CA system standard called DVB Simulcrypt that provides for different CA routers, multiplexers and set-top boxes, potentially from different vendors, to be integrated seamlessly.
FIG. 1 illustrates a simplified example of a multimedia transport network that includes a CA system. One or more multimedia services 101, e.g., video programs, are transported to system 103 containing a multiplexer (“MUX”) and a scrambler. The multiplexer combines a plurality of multimedia services, e.g., video programs, into a single stream for distribution that can be later demultiplexed, e.g., uncombined, by devices such as the set-top boxes 109. The scrambler in system 103 scrambles or encrypts information such as the multimedia services 101. The MUX/Scrambler system 103 receives messages from a CA system 105 that provides the scrambler with one or more codewords used to scramble or encrypt the multimedia services as required to produce encrypted, multiplexed content 107. The encrypted, multiplexed content 107 is broadcast, typically in real-time, to one or more consumer set-top boxes (STB) 109. Each set-top box then demultiplexes and decrypts the broadcast data according to the rights provided to the particular set-top box, allowing the consumer to play, watch or interact with the multimedia service, as appropriate. Because there is no return-path from the set-top boxes in a broadcast-oriented transport network, a smartcard or similar device typically is used as a security device to descramble, i.e., decrypt, the content.
There are many forms of CA information known in the art. In the case of DVB Simulcrypt CA systems, messages called Entitlement Control Messages (ECMs) are used to carry encrypted traffic keys, e.g., codewords used to decrypt or decrypt multimedia content, to the set-top boxes. In addition to ECMs, messages called Entitlement Management Messages (EMMs) are used in Simulcrypt by a set-top box to determine if the consumer has the appropriate rights to access a particular multimedia service. ECMs and EMMs are items of CA information that, in the case of digital broadcast transport networks, are typically transported along with broadcast encrypted content.
Broadcast transport networks may be digital or analog. In the last few years, the broadcast transport networks used to link intermediaries with consumer set-top boxes have increasingly been digital, enabling all parties to benefit from the efficiency and capability of digital networks. Such transport networks include digital broadcast satellite (DBS) networks, digital cable hybrid/fiber coax (HFC) networks and terrestrial digital networks.
Digitized multimedia services, such as digital video programs or digital interactive content, are often compressed to decrease the cost associated with distribution. The Motion Picture Experts Group Standard 2 (MPEG-2) compression standard, for example, has become very popular and is currently (as of August, 2004) the de facto standard for compressing video programs in the digital video broadcast industry. The MPEG-2 standard provides a method in an encoder to deconstruct a multimedia service, e.g., a video program containing both video and audio or a multi-channel audio-only program, into elementary streams, e.g., one or more video or audio elementary streams. The resulting one or more elementary streams, along with other information such as timing information, e.g., to lip-sync audio and video elementary streams, are used by playback devices to reassemble an approximate reconstruction of the original multimedia service, e.g., the original video program or multi-channel audio-only program. MPEG-2 video is described in ISO/IEC 13818-2, while MPEG-2 audio is described in ISO/IEC 13818-3.
The MPEG-2 standard in ISO/IEC 13818-1 describes MPEG-2 transport packets. MP2T designates the use of MPEG-2 transport streams, for either audio or video, in packetized form. Packetized multimedia streams usually include additional information other than raw video and/or audio data. Such additional information can include identifying information, e.g., to identify the type of content in the packet, synchronization information, e.g., to identify and order received packets, transport information, e.g., to assist routing of packets, etc. For example, MP2T streams are a multiplex of packetized MPEG-2 elementary streams. Individual MP2T packets of a particular MP2T stream include, in addition to an MP2T payload containing a segment of raw multimedia data, e.g., a segment of an elementary stream, an MP2T header containing additional information such as identifying information and synchronization information.
Recently, Internet Protocol (IP) packet networks, such as the Internet, have become increasingly popular. Some vendors, looking to reduce costs and explore alternative multimedia distribution schemes, have attempted to use IP-based networks to carry digital multimedia streams. The Real-Time Transport Protocol (RTP), as defined in RFC-2250 (IETF), provides for real-time synchronization, and for transporting audio-video over IP-networks. For example, RTP provides for encapsulating one or more MP2T stream packets into an IP packet for transport over an IP network. Unfortunately, using IP to broadcast or otherwise transport multimedia services from content providers directly to consumer set-top boxes is not yet practical. More explicitly, a widely-deployed, low-cost IP-based infrastructure with sufficient real-time bandwidth to support transporting the kind of high quality, real-time multimedia streams as broadcast by multimedia service providers does not yet exist. Nonetheless, IP-based networks can potentially provide a low cost, flexible way for content providers to distribute multimedia services around the world.
Rather than broadcast multimedia streams from content providers all the way to end-user consumers, one existing compromise uses existing packet networks, e.g., existing IP networks, to transport multimedia streams from the content providers to one or more intermediaries. Transporting from an intermediary to the consumer set-top boxes then uses an existing digital broadcast transport network, such as a DBS network or a digital HFC network.
One of the problems with transporting content using IP from content providers to intermediaries and/or consumers is providing conditional access. While there exists a large number of methods for encrypting data over IP, a method of encrypting multimedia streams and transporting them over IP while retaining compatibility with existing CA systems is not known.
Two examples of existing methods of securely transporting material over IP networks are IPSec and Secure RTP (SRTP). IPSec, defined by a number of IETF RFCs, lacks two critical requirements for use in digital broadcast transport networks. While IPSec supports point to multipoint data encryption, this form of encryption is not readily compatible with existing CA infrastructure. Second, IPSec does not readily support the selective encryption of the data payload. For example, in order for some MP2T receivers to properly handle encrypted MP2T streams using RTP, the RTP headers of an RTP packet and the MP2T headers of any MP2T packets contained in such an RTP packet must not be encrypted, e.g., be what is termed “in the clear.”
Secure RTP (SRTP), defined by RFC-3711 (IETF), is potentially more useful, and combines the real-time synchronization aspects of the RTP protocol with encryption. SRTP further provides multicasting support. In particular, SRTP provides end-to-end and multicast IP encryption for multimedia services. Like RTP, SRTP supports multiple program transport, e.g., transporting a multiplexed multimedia stream, over IP. For example, a single SRTP packet can contain one or more MP2T packets, each MP2T packet belonging to possibly different MP2T streams, e.g., different multimedia services or programs. In addition, SRTP supports different multimedia formats including H.26x, MPEG-1, MPEG-2 and MPEG-4.
While SRTP supports having multiple multimedia stream segments, e.g., several MP2T packets per SRTP packet, the encryption for a particular SRTP packet is applied to the entire SRTP payload, e.g., to the part of the packet containing all the MP2T packets of the particular SRTP packet. This is incompatible with the needs of content providers and intermediaries, which require the ability to flexibly select and route different encrypted multimedia stream segments of a particular SRTP packet during transport. Thus, because of SRTP's inability to separately encrypt individual multimedia stream segments, applying STRP to existing CA systems is difficult, if not impossible.
Thus, there is a need in the art for a method and apparatus that can transport multimedia services over IP networks and over traditional digital broadcast transport networks while still retaining compatibility with existing CA systems, including the ability to encrypt individual multimedia stream segments of a packet used for transporting multimedia services.