In the pay media environment such as a pay television system, multimedia content sent to digital media players is provided in an encrypted form (i.e. a scrambled form), in order to provide a restricted access. Accordingly, only subscribers who have paid for the right to descramble such content receive suitable decryption keys for retrieving the content in its clear form. However, once descrambled, the content is subject to any fraudulent copies which can then be transmitted in its clear form to anybody without the ability to determine who is the owner or the authorized user of this content.
A known technique aiming to prevent or deter unauthorized copying of digital content, and thereby preserve the copyrights attached to this content, is the digital watermarking process. Watermarking is the process of embedding information into a digital signal which may be used to verify its authenticity or the identity of its owners, similarly as paper bearing a watermark for visible identification. If the signal is copied, then information relating to the watermark is also carried in the copy. There are generally two classes of digital watermarks: the visible watermarks and the invisible watermarks. Multimedia content such as TV programs, downloadable movies or audio/video data provided by streaming will preferably include invisible watermarks for obvious purposes.
In the particular case of the set-top box domain, the content (e.g. video and audio) is secured by a key generated by a Conditional Access System (CAS). Both the encrypted content and metadata comprising an encrypted decryption key are broadcasted or are available to subscribers, for instance through Dynamic Adaptive Streaming over HTTP (DASH).
The DASH is an enabler which provides formats to enable efficient and high quality delivery of streaming services over the Internet. Media content of these services are delivered from conventional HTTP web servers. The DASH is based on the standard “ISO base media file format” (ISO BMFF). Files conforming to the ISO BMFF are formed as a series of objects, called “boxes”. Referring to this standard, the content could be encrypted using either Advanced Encryption Standard (AES) Counter (CTR) mode or AES Cipher-block Chaining (CBC) mode. These two modes require Initialization Vector (IV) to encrypt the content.
The decryption process is performed at the user end by a Conditional Access Module (CAM). After this operation, the content is generally marked by application software of the user device (e.g. a set-top-box) by using watermarking metadata. Such metadata comprising typically information about where the watermark has to be embedded and which data has to be used as watermark. This means that the unprotected content and the watermarking metadata are exposed to such application software. Therefore the enforcement of the marking depends on the security of the software running on the user device. If this device is successfully attacked or just open (no software authentication), it is easier to bypass/modify the marking of the media content. Besides, it should be noted that, upon request, the application software is also able to perform any decryption process if it is provided with a decryption key. Generally, the initialization vector and the encrypted form of the decryption key are accessible by the application software. Therefore the application software would be able to perform the decryption of the media content and finally to have access to the unprotected content.
Taking in account that such application software is untrusted and that it may have access to the unprotected content, an attack on the watermarking process is still possible.
Therefore, there is a need to provide an efficient solution to secure the watermarking process performed onto unprotected media content which is received in an encrypted form by application software to add a digital watermark thereon.
Document EP 2 391 125 A1 relates to a method for embedding the tracing secret data into multimedia contents delivered to particular users. To this end, this document is focused on marking the data outputted by a security module in charge of the security operations for a descrambler unit. The aim is to produce a marked stream between the security module and the descrambling unit embodying some values representative of the security module having produced this stream of data. The data transmitted to the descrambling unit refers to post-marked correction data allowing calculation of reconstruction values so as to obtain a unique reconstructed marked video stream from a modified video stream and said correction data.
Document US 2010/0208891 A1 discloses a process to perform a personalized marking of an audiovisual sequence which can be securely distributed by broadcasting means. To this end, this document suggests sending to all of the receiver facilities unique information comprising a modified stream and a complementary stream. The reconstructed stream differs from the original stream by the fact that it comprises a first mark applied by a first watermarking step at the server. This first mark is preferably troublesome for the user. The complementary stream comprises watermarked data belonging to the marked audiovisual stream. A second mark is generated by the audiovisual decoder of the receiver and is used as personalization identifier for marking the reconstructed stream.