Video On Demand
Video On Demand (VOD) is an interactive application offered on a digital television (DTV) network, other movie network, or the like. VOD is made practical by broadband digital broadcasting via cable and satellite. Unlike earlier services where subscribers were granted access only to scheduled encrypted broadcasts (e.g., movie channels, special events programming, etc.), these “on-demand” services permit a subscriber to request a desired video, audio or other programming at any time. Upon receiving the request for programming (and, presumably, authorization to bill the subscriber's account), the service provider then transmits the requested program to the subscriber for viewing. Audio On Demand provides similar functionality for sound files (versus video files). In the main hereinafter, VOD is discussed.
The Motion Picture Association of America (MPAA) is a trade association of the American film industry, whose members include the industry's largest content providers (i.e., movie producers, studios). The MPAA requires protection of VOD content from piracy. Without security to protect the content, the member content providers will not release their content (e.g., movies) for VOD distribution. Without the up-to-date, high-quality content, the VOD market becomes non-viable.
For content providers and operators, the need for a secure VOD solution is therefore necessary. Two different approaches can be selected—either “pre-encryption,” or “encryption at playout.” Pre-encryption means that the content is encrypted before being stored (as a file) on the video server, the goal being to encrypt the content as soon as possible, for example as soon as it leaves the production studio. Pre-encryption is well suited to programming material having fixed content, such as movies, and is generally preferred for interactive applications. Encryption at playout means that the content is encrypted in real time, and is suitable for the secure broadcasting of live events. In the main hereinafter, VOD with pre-encrypted content is discussed.
As used herein, a “file” is the video source material which is stored, preferably encrypted, and a “stream” is the digital signal derived from the file when the file is broadcast (transmitted) to end user(s).
Modern VOD services give the user control over the playout of a selected program with features functionally comparable to those of a video cassette recorder (VCR)—for example, “trick play” (e.g., fast-forward, rewind, etc.). This requires that more than one file be maintained for a given program content—for example, a “normal” file and a “special” trick-play file which is associated with the normal file. The user is able to transition between the two files, interactively. Both files must, of course, be encrypted. (Again, in the main hereinafter, VOD with pre-encrypted content is discussed.)
MPEG-2
A digital TV signal is typically transmitted as a stream of MPEG-2 data, although other type streams are expected to become available in the future (e.g., MPEG-4) that are within the scope of the present invention. MPEG-2 is a method for compressed representation of video and audio sequences using a common coding syntax defined in the document ISO/IEC 13818 by the International Organization for Standardization. The MPEG-2 Video Standard specifies the coded bit stream for high-quality digital video.
The MPEG standard defines a transport stream (TS) for transmitting data from one or more MPEG streams. Each transport stream (TS) has a data rate of up to 40 megabits per second, which is enough for seven or eight separate TV channels/programs (also referred to as services). Each transport stream consists of a set of sub-streams (known as elementary streams), where each elementary stream can contain either MPEG-2 encoded audio, MPEG-2 encoded video, or data encapsulated in an MPEG-2 stream. A multiplexer assigns a packet identifier (PID) to each elementary stream, and splits the elementary streams into transport packets which are inserted into a transport stream (TS). The multiplexer can combine several MPEG streams into a single transport stream (TS).
MPEG-2 accommodates scrambling at the elementary stream level and/or at the transport stream level. The MPEG-2 specification contains a scrambling control field of two bits, both in the TS packet header and in the PES packet header. Generally, the first scrambling control bit indicates whether or not the payload is scrambled (encrypted), and the second scrambling control bit indicates the use of Even or Odd Key, as follows:
Bit ValuesDescription00No scrambling of packet payload01Reserved for future DVB use10Packet scrambled with even key11Packet scrambled with odd keyEncryption Schemes
Present encryption schemes typically employ a simple two-key encryption scheme to encrypt VOD content. Both keys taken together are essentially a single “cryptographic key set” used to encrypt the entire content. One of the keys comprises one or more “public keys” delivered with the content. The other key is required in combination with the public key(s) to decrypt the content, and is delivered as part of a successful authorization or licensing process. Neither key is useful absent the other key.
A problem with encrypting the VOD content with a single set of “public keys” is that an aggressive “attack” using exhaustive cryptographic “cracking” techniques could discover a pair of keys that will decode the content. Once broken, the content can be reproduced “in the clear” (i.e., unencrypted), thereby completely thwarting the security offered by the encryption scheme.
For highest security and greatest protection against cryptographic “cracking” attacks by “pirates”, it is highly desirable to increase the number of separate cryptographic keys used by changing the keys at numerous points during the encryption process. In other words, it is generally highly desirable to encrypt VOD files with frequently changing cryptographic keys. According to the MPEG-2 standard, when packets are encrypted with a changing key, it is necessary to toggle between even and odd parity key numbers.
Pre-encryption of video (e.g., MPEG-2) files is a cost effective method for enabling security for movies and other types of pre-recorded files. However, the pre-encryption of video when using more than two encryption keys has been problematic in the past. In particular, when it is desired to switch back and forth between two or more pre-encrypted files (such as a normal file and a special trick play mode file that provides, e.g., fast forward or rewind), it is very difficult to maintain encryption key synchronization (key sync). This problem can cause errors during decryption in the decoder, and has negatively impacted the introduction and ability to provide satisfactory and cost effective video on demand (VOD) services with trick play modes. The problem manifests itself when the normal file that is being played back is encrypted with an even (or odd) parity key choice and navigation moves to playback of a trick play (e.g., fast forward or rewind) file where the pre-encryption key is also an even (or odd) choice, yet different from the key that was used in the normal file. The same problem can occur when moving (transitioning, navigating) back from the trick play file to the normal file.
In the past, real time encryption has been proposed to solve this problem. However, real time encryption requires substantial hardware resources in order to function acceptably, and therefore carries a significant cost.