1. Technology Field
The disclosure relates generally to the field of data and content distribution and delivery via a content distribution or other network. In one exemplary aspect, the disclosure relates to the delivery or transfer of content in a protected manner.
2. Description of Related Technology
A wide range of services and functions including e.g., digital programming (movies, etc.), digital video-on-demand (VOD), personal video recorder (PVR), Internet Protocol television (IPTV), digital media playback and recording, as well high-speed Internet access and IP-based telephony (e.g., VoIP), etc. are available for delivery to consumers at their premises for reasonable prices or subscription fees. Other services available to network users include access to and recording of digital music (e.g., MP3 files), as well local area networking (including wire-line and wireless local area networks or WLANs) for distributing these services throughout the user's premises, and beyond.
The foregoing services and functions may be provided to the user via a wide variety of different equipment environments including, inter alia, cable modems, Wi-Fi hubs, WMANs (such as e.g., WiMAX networks), Ethernet hubs, gateways, switches and routers, computers, servers, cable set-top boxes, public switched telephone networks (PSTNs), cellular telephones/smartphones (including e.g., LTE-enabled networks), tablet computers (including so-called “phablets”), and portable digital music devices. Additionally, the foregoing may be provided by one or more vendors or service providers including e.g., a cable service provider (e.g., MSO), cellular service provider (CSP), wireless service provider (WSP), VoIP service provider, music download service, Internet service provider (ISP), PSTN telephone service, etc., and/or content may be distributed between devices in any of the foregoing networks.
As the number of devices and providers increases, there is an increased need to provide integration across multiple delivery platforms and networks. Specifically, movement of content delivered by these services within the user's premises (and/or outside the premises, such as between networks) is often substantially frustrated, largely due to concerns relating to protection of valuable (e.g., copyrighted) content, and surreptitious reproduction and distribution thereof. Such unauthorized reproduction and distribution not only detracts from the network operator's revenue and commercial viability, but also that of the content source (e.g., movie studio, recording studio/artist, etc.).
Various methods have heretofore been employed by network operators in order to attempt to frustrate surreptitious access to, and copying and distribution of, valuable content. For example, conditional access (CA) technologies have been utilized for such purposes. Additionally, symmetric or asymmetric encryption technologies, such as those in accordance with the Data Encryption Standard (DES) technique or Advanced Encryption Standard (AES) may be used to secure content delivery. So-called “trusted domains” and digital rights management (DRM) solutions have also been utilized for this purpose. Each of these techniques is now described in greater detail.
Conditional Access
Conditional access (CA) technologies are typically incorporated into content-based networks, such technologies including the digital encoding of various types of data including audio and video programming and music. Conditional access can generally be defined as the control of when and how a user may view and use the associated programming or information. Different types of conditional access may be desirable in a network delivery system in order to, e.g., accommodate improvements in the technology over time, as well as different conditional access attributes such as security and category of programming or user access level.
A variety of traditional methods of conditional access exist including, e.g., “PowerKey”, NDS, and DigiCipher. A generalized conditional access model is also provided by the well-known DVB (Digital Video Broadcasting) Specification TS 101 197 V1.2.1 (02/02), DVB SimulCrypt; Part 1: “Head-end architecture and synchronization”, and TS 103 197 V1.2.1 (02/02): “Head-end Implementation of SimulCrypt”, each incorporated herein by reference in its entirety.
FIG. 1a illustrates an exemplary prior art architecture 200 for providing content to a plurality of consumer premises equipment (CPE) via e.g., an HFC network using a conditional access scheme. Specifically, the network 100 distributes PowerKey protected content to the CPE. In order to access the content, each CPE utilizes the so-called “CableCard” plug-in security module access technology (also known as “a point-of-deployment (POD) module”). See, e.g., the CableCard-Host interface specification, which defines the interface between a digital cable receiver or STB (Host device) and the CableCard device provided by the MSO/cable operator. CableCard was developed to satisfy certain security requirements, and to allow retail availability of host devices, e.g., set-top boxes, digital cable ready televisions, DVRs, personal computers (PCs), integrated digital televisions, etc., for receiving cable services. The CableCard, comprising a PCMCIA device, can be inserted into a host device, allowing a viewer to receive cable systems' secure digital video services, e.g., pay-per-view (PPV) TV, electronic program guides, premium subscription channels, etc.
Specifically, the CableCard contains conditional access functionality, as well as the capability of converting messages to a common format. Thus, the CableCard provides a cable operator with a secure device at the subscriber premises, and acts as a translator so that the host device needs to understand a single protocol, regardless of the type of the network to which it is connected.
In FIG. 1a, the same PowerKey protected content (Content A) may therefore be sent to multiple CPE. Each CPE can then use its CableCard to access the content.
However, the requirement for a CableCard is comparatively tedious and expensive, especially given the recent trend toward home networking techniques which enable content transfer to and use on all of a user's devices (including personal computers, laptop and notebook computers, tablets, smartphones, etc.).
Moreover, the prior art PowerKey approach described above has no authentication entity or “proxy” that can authenticate CPE or other connected devices in anticipation of providing download services, no video (media) provisioning system, and hence by nature is highly localized.
“Trusted Domains”
Another related approach for content protection comprises the creation and enforcement of a “trusted domain” or TD. Specifically, such a trusted domain (TD) comprises an area (physically or virtually) within which programming or other content is protected from unauthorized access, distribution and copying. For example, in a cable network, a trusted domain may include not only the network portion where programming content traditionally is secured by, and within total control of, a cable operator (including, e.g., the headend, HFC delivery network, etc.,) but also user devices or CPE at subscribers' premises which are capable of receiving and securely storing programming content.
Using the trusted domain approach, the network operator can guarantee certain subscriber access, distribution, and usage policy enforcement with respect to content held within the domain. For example, a digital representation of a movie held within an operator's TD (e.g., on a hard drive of a user device) cannot be distributed over the Internet, wireless network, etc. in viewable form, and cannot become a source for duplication of multiple viewable copies.
Accordingly, a home network on which content may be transferred may be created; however, additional mechanisms are needed to ensure protection of the content within the trusted domain. One exemplary approach of implementing a trusted domain, described in co-owned U.S. Patent Application Publication No. 2006/0047957 filed Dec. 7, 2004 and entitled “Technique For Securely Communicating Programming Content”, now issued as U.S. Pat. No. 8,312,267, which is incorporated herein by reference in its entirety, comprises using two cryptographic elements (e.g., encryption keys), associated with a user and his/her client device(s), respectively, that control access to content stored in the client device(s) within the domain. For example, the content stored in the client device may be encrypted using a private or secret key in accordance with the Data Encryption Standard (DES) or Advanced Encryption Standard (AES) algorithms. When the encrypted content is transported from the client device to another device within the domain associated with the same user (or other common parameter or feature), the second device needs the cryptographic element (e.g., the secret key) to decrypt the encrypted content. To that end, the second device also receives from the source device an encrypted version of this secret key. The latter is generated by encrypting the secret key using a second and distinct cryptographic element (e.g., a public key in accordance with a public key algorithm) associated with the subscriber. The second device provides the encrypted version of the secret key to a remote apparatus, e.g., in a headend, where the secret key is recovered based on at least the encrypted version of the secret key and data relating to that user or client device. The second device then receives from the head-end another encrypted version of the secret key, which is generated by encrypting the recovered secret key using a third cryptographic element (e.g., a public key in accordance with a public key algorithm) associated with the second device. Based on at least this second encrypted version of the secret key, the secret key can be recovered in the second device to decrypt the encrypted content.
However, generally speaking, any “trusted domains” that might be established are not extendable beyond the CPE on the client side of the delivery network.
Digital Rights Management (DRM)
Another approach used to control the distribution and use of protected content within a content-based network is to employ so-called digital rights management (DRM). For example, Media rights management systems such as the Microsoft Windows® Media Digital Rights Manager (DRM), may be used.
FIG. 1b illustrates an exemplary prior art network for transfer of content using DRM techniques. As shown, the network generally comprises a content server in communication with a plurality of client devices (CPE 1, CPE2, etc.) via a hybrid fiber-coaxial (HFC) network.
First content, Content A-1 is provided to a first CPE (CPE 1), upon request therefor. The digital media or content is encrypted and locked with a “license key” that is particular to the requesting device (DRM License 1). The license key is stored in a license file or other data structure which is distributed separately from the media or content to the requesting device. A user can obtain the encrypted media file from a content server (such as by, e.g., receiving it in a broadcast, downloading it from a web site, purchasing it on a physical media, etc.). To play the digital media file, the user must acquire the license file including the license key for that media file from a DRM server. The user acquires the license key by accessing a pre-delivered license (which includes license terms or policies). Alternatively, when the user plays the file for the first time, a procedure is invoked for retrieving the license via a network connection or other delivery mode (e.g., the Internet). After obtaining the license with the license key, the user is able to access the media file according to the rules or rights specified in the license policies.
It is noted that, in FIG. 1b, the system operator (e.g., MSO) provides a means for encrypting the requested content with the device-specific license key to create the secured content file (Content A-1). The requesting CPE (CPE 1) will require the DRM license (DRM License 1) to access the content in the file as discussed above. In order to ensure that the requesting device and/or user is entitled to access the content, an association or data record is generated and maintained at a database at the network headend. Upon request for the DRM license, the DRM server determines whether the user/device is entitled to access prior to providing the DRM license thereto.
The DRM license includes rights of the devices and/or users, the rights determine aspects of the playback, copying, transfer, etc. of the content. The content source may set the usage rules and policies for licensing the content. When the user/device requests the DRM license from the DRM server, such as via a trusted software client, the rights particular to that user are utilized. The trusted client retrieves the content file and the content key, which it uses to then access the content.
As illustrated in FIG. 1b, when a second CPE (CPE 2) requests the same content (Content A), the content server provides content encrypted with a content key specific to the second device thereby creating a Content A-2 version of the requested content. Likewise, the DRM server will provide CPE 2 with DRM License 2 for accessing the protected content.
However, as previously noted, existing DRM technologies utilize device-specific encryption/decryption keys. Such DRM-based systems are accordingly incompatible with the previously referenced home networking models, as the transfer thereon would result in either (i) content that is not usable at the receiving device (due to failure to possess the appropriate license key or file), or (ii) simply a transfer of the content in an unprotected form.
Moreover, similar to CA technologies, the DRM approach described above has no authentication entity or “proxy” that can authenticate CPE or other connected devices in anticipation of providing download services, no video (media) provisioning system, and hence by nature is highly localized.
Various other technologies have demonstrated an ability to transfer content within a home network; however, such systems either do not use any DRM content protection, or utilize in-home DRM license generation for content protection. For example, the Motorola Televation™ device receives PowerKey signaling, and securely translates the rights and restrictions of that content from the PowerKey signaling to an Internet Protocol Rights Management-Home Network (IPRM-HN)/SecureMedia in-home DRM license. However, as discussed herein, in-home DRM license generation requires sharing sensitive information with the in-home device. Therefore, this mechanism dilutes the security of the DRM system, and may threaten the protection of the content.
Accordingly, improved apparatus and methods for distributing digital services to (and within) a user's premises are needed. Such improved apparatus and methods would ideally provide protection of content within the user's premises network, as well as outside of the premises network and across other networks.
In addition, the improved apparatus and methods would ideally enable content transfer within a given premises network in accordance with the rights established for the specific content, user, and/or rendering or storage device, without diluting or otherwise compromising the security of the transferred content.