The present invention relates to content protection systems, and more specifically, to traitor tracing in a multilevel assignment environment.
The transition of many types of media from analog to digital offers new advantages to the consumer in quality and flexibility. Also, there is an increasing use of global distribution systems such as the Internet for the distribution of digital assets, including music, film, computer programs, photographs, games and other content. These trends have made it easy to produce and distribute flawless copies of content by content providers. Unfortunately, there is also a concurrent increase in the unauthorized copying, or pirating, of digital content, which has caused considerable economic losses to content providers. Effective countermeasures are important to the viability of businesses engaged in the distribution of digital media.
Piracy is a major concern and expense for content providers. To this end, industry consortia such as the 4C Entity (<www.4centity.com>) and AACSLA (<www.aacsla.com>) have been formed. These groups are licensing agencies that provide content protection tools based on Content Protection for Recordable Media (CPRM) and Advanced Access Content System (AACS), respectively. CPRM is a technology developed and licensed by the 4C group, comprising IBM, Intel, Matsushita, and Toshiba, to allow consumers to make authorized copies of commercial entertainment content where the copyright holder for such content has decided to protect it from unauthorized copying. AACS is a follow-on technology for the same purpose, under development by a group comprising IBM, Intel, Matsushita, Toshiba, Sony, Microsoft, Warner Brothers, and Disney.
In the AACS content protection system, devices such as DVD players are assigned a set of keys and a common key is used to encrypt the content. A pirate attack in this system may occur when the attackers re-distribute the common content encrypting key or the plain content to avoid being identified. This type of an attack is called an anonymous attack. In an anonymous attack, an attacker, or group of attackers, tries to hide their secret device keys and operate anonymously. In this attack, the attackers instrument their devices and collude to build a pirate copy of the decrypted plaintext content or the decryption key itself. The attackers can then redistribute either the plaintext content, or the decryption key. Alternatively, the attackers may build a clone with built-in device keys and re-sell the clone box; this kind of attack is called a clone attack.
The devices (or the owners of the devices) who are involved in the piracy and redistribution for both clone and anonymous attacks are called traitors. Traitor tracing is the forensic technology used to identify the traitors who have been involved in the piracy attack. In order to do traitor tracing for anonymous attacks, content may be divided into multiple segments and some of the segments are chosen to have multiple variations. A digital watermark is one way to build these variations. More importantly, those variations are not only differently watermarked, but also differently encrypted. During playback, each device can only decrypt exactly one variation at each segment. The differently watermarked and encrypted variations effectively build different content versions. Each different playback path becomes one version. The recovered pirated variation of encrypting keys, or the movie version, can be linked back to the actual devices (i.e., traitors) who were assigned those versions.
There are some practical issues with the above-described traitor tracing system. First of all, because the variations take extra space on the disc, or bandwidth during communication, the number of variations cannot be large. However, in practice, the number of devices a system needs to accommodate may be very large, e.g., in the billions. These are conflicting requirements. To address this issue some prior systems utilize two level of assignment, namely an “inner code” and an “outer code”. The inner code assigns the variation for each segment inside the content, which may be a movie. This assignment effectively creates multiple movie versions, each version becoming a symbol for the outer code assignment. The outer code assigns the movie versions (symbols) among a sequence of movies. This assignment solves the extra bandwidth requirement by having a small number of variations at each segment, while still managing to support a large number of devices.
A second practical issue relates to the actual traitor detection. The problem is that attackers collude in the attack and may mislead the tracing agency to erroneously incriminate innocent devices. The collusion attack creates an inherent difficulty in terms of tracing. After the above-described practical assignment is done, a straightforward approach to detect colluders might be to score every device and incriminate the highest scoring devices. In some prior systems, more efficient tracing algorithms are employed which use a set-cover algorithm to detect coalitions of pirates all together instead of one-by-one.
A set-cover detection technique is disclosed in U.S. patent application Ser. No. 11/323,247, which is incorporated by reference herein for all uses and purposes. The set-cover tracing can be used for any single level code. When used in a multi-level environment, for example, in a two level “inner code” and “outer code” environment, one can consider applying the set-cover tracing on the inner code first, and then on the outer code. The inner code tracing can identify which outer code symbol was used to create the pirate movie. This information becomes the input to the outer code tracing. This approach may be effective if the inner code tracing could always tell which outer symbol was used in creating a pirate movie. Unfortunately, in reality this is not always true. For example, when each segment comes with 16 variations inside a movie, i.e. symbol size is 16; k=2 to create 256 inner codewords. If there are 4-5 colluders mix-matching inside movie segments, the set-cover tracing on the inner code cannot tell which outer symbol was used and the system may be overwhelmed. Moreover, without information on which outer symbol was used in creating a movie copy, the set-cover tracing cannot be done on the outer code either. The system may then fail to catch any of the attackers even though there might be sufficient information to determine the identities of the attackers.