In the context of multimedia distribution, a point-to-point link is a “unicast” link. Also referred to here by the term “point-to-multipoint” link is a broadcast link or a multicast link. The point-to-point link is a bidirectional link. The point-to-multipoint link is a unidirectional link from the sender to the receivers.
A client of a multimedia distribution service uses a terminal to access multimedia content. Accessing multimedia content means loading it into memory and lifting the protection therefrom on the fly as it is received or from a storage medium on which it has previously been stored. This permits the client to play it, to record it, or to make any other use thereof offered by a service for providing protected multimedia content.
Multimedia content includes audiovisual content, for example television programs, audio content alone, for example a radio program, or, more generally, any digital content containing video and/or audio such as a computer application, a game, a slideshow, a picture or any data set.
A particularly popular type of multimedia content is “temporal” multimedia content. Temporal multimedia content is multimedia content, the playing of which is a succession, in time, of sounds, in the case of an audio temporal content, or of pictures, in the case of a video temporal content, or of sounds and of pictures temporally synchronized with one another in the case of audiovisual temporal multimedia content. Temporal multimedia content can also comprise interactive temporal components synchronized with the sounds and the pictures.
The process of providing such content begins with coding or compressing it so transmission thereof will require less bandwidth.
To achieve such coding or compression, the video component of the content is coded according to a video format, such as MPEG-2. Many other formats, such as MPEG-4 ASP, MPEG-4 Part 2, MPEG-4 AVC (or Part 10), HEVC (High Efficiency Video Coding), or WMV (Windows Media Video) can alternatively be used, and rely on the same principles.
Such a coding method involves general data compression methods.
For fixed pictures, coding exploits the spatial redundancy internal to a picture, the correlation between the adjacent points and the lesser sensitivity of the eye to details.
For moving pictures, coding exploits the strong temporal redundancy between successive pictures. The use of the latter makes it possible to code certain pictures of the content, here called deduced pictures, with reference to others, here called source pictures, for example by prediction or interpolation, such that the decoding thereof is possible only after that of the source pictures. Other pictures, here called initial pictures, are coded without reference to such source pictures. These initial pictures, when encoded, contain, all the information necessary to be decoded. As such, they can be completely decoded independently of the other pictures. The initial pictures are thus the mandatory entry point in accessing the content.
The resulting coded content therefore does not comprise the data necessary for decoding each of the pictures independently of the others. Instead, it is made up of “sequences.” A sequence produces the compression of at least one “group of pictures” or “GOP.”
A group of pictures is a series of consecutive pictures in which each picture is either an initial and source for at least one deduced picture contained in the same series of consecutive pictures, or deduced and such that each of the source pictures necessary for the decoding thereof belongs to the same series of consecutive pictures, and not containing any smaller series of consecutive pictures and having these same properties. The group of pictures is thus the smallest part of content that can be accessed without having to first decode another part of this content. A “header” and an “end” delimit a sequence. These are each identified by a first specific code.
The header comprises parameters that characterize properties expected of the decoded pictures. Such properties might include horizontal and vertical sizes, ratio, and frequency. It is advantageous to repeat the header between groups of pictures of the sequence such that its successive occurrences are spaced apart by approximately a few seconds in the coded content. In a typical implementation, a group of pictures most commonly comprises 10 to 12 pictures representing a playing time of between 0.4 and 0.5 seconds in a 25 pictures-per-second system.
Temporal multimedia content can comprise several video components. In this case, each of these components is coded as described above.
The audio component of the content is also coded according to an audio format such as MPEG-2 audio.
Such a method for compressing audio temporal content obeys the same principles described above for that of video temporal content. The resulting coded content is therefore, analogously, made up of “frames.” A frame is the audio analog of a group of pictures in video. The frame is therefore the smallest part of audio content that can be accessed without having to decode another part of this audio content. The frame further contains all the information useful to the decoding thereof.
For example, a frame comprises 384 or 1152 samples each coding a sound, representing, depending on the sampling frequency of the signal, a playing time of 8 to 12, or 24 to 36 milliseconds, i.e. typically a few tens of milliseconds.
Temporal multimedia content can comprise several audio components. In this case, each of these components is coded as described above.
The coded components of the multimedia content, also qualified as elementary data streams, are then multiplexed or synchronized, after which they are combined into a single data stream, also called a “multimedia stream,” or a “stream.”
Such content, particularly when it is the subject of rights such as copyrights or neighboring rights, is provided protected by a multimedia content protection system that makes it possible to ensure the observance of conditions of access to the content that evolves from these rights.
Such content is then typically provided encrypted by virtue of its protection by a digital rights management, or DRM, system. This encryption is generally performed by an encryption key or by a symmetrical algorithm. It is applied to the stream resulting from the multiplexing or, before multiplexing, to the components of the coded content.
A DRM system is in fact a multimedia content protection system. The terminology of the field of digital rights management systems is thus used herein.
Accessing duly-protected temporal multimedia content more specifically means successively accessing, on the fly as they are received, successive segments. Such accessing includes loading successive segments of multimedia content into memory, removing the protection therefrom, decoding the segments, and transmitting them to a multimedia device. The multimedia device will then play them, store them, or any other use thereof offered by the service for providing protected multimedia contents.
Access to the protected temporal multimedia content will be described hereinafter only with a view to the playing thereof. The access procedure is ultimately agnostic to what the terminal will do with the multimedia content.
A “segment” describes a restricted part of the multimedia stream that is uncoded, the playing of which has a duration less than that of the playing of the entire multimedia stream. A segment therefore comprises a restricted part of each video or audio component of the uncoded multimedia stream, the playing of which has one and the same duration less than that of the playing of the entire multimedia stream. These restricted parts of components are synchronized in the stream to be played simultaneously. A segment therefore comprises the restricted part of the temporal series of video sequences or of groups of pictures, or of audio frames producing the coding of this restricted component part of the uncoded multimedia stream. This restricted part consists of a plurality of successive video sequences or groups of pictures or audio frames.
The term “successive” means immediately following one another without being separated in the temporal progress of the content by other video sequences or groups of pictures or audio frames. Typically, a segment comprises more than ten, one hundred, one thousand, or ten thousand groups of successive video pictures of one and the same coded video component of the stream, or more than ten to one hundred times more successive audio frames of one and the same coded audio component of the stream.
As used herein, an “uncoded” multimedia stream or segment is one that no longer needs to descrambling to be played by a multimedia device.
As used herein, “multimedia device” describes any device capable of playing the uncoded multimedia stream, such as a television or a multimedia player.
As used herein, “on the fly” means that segments of multimedia content are processed as they are received, without waiting for all segments of the complete multimedia content to have been entirely received.
In such a digital-rights management system, so as to improve the protection thereof, the content is provided, by the system for providing protected multimedia contents, split into several successive content segments individually protected by the digital rights management system. These segments are therefore ordered temporally relative to one another.
More specifically, a specific content key Ks, uses a symmetric algorithm to encrypt each segment Si. This content key Ksi is “specific” because it is only used to encrypt this segment Si out of all the segments of the multimedia content.
As such, it is useful to characterize a segment Si not by its structure but by the segment key Ks, used to encrypt it. A segment is therefore the plurality of immediately successive video sequences and audio frames encrypted with one and the same segment key Ksi.
In such a digital-rights management system, obtaining an intermediate license Li allows a terminal to access a segment Si. The intermediate license Li comprises an access right necessary for a terminal to access a segment of the content. The access right typically comprises a cryptogram (Ksi)*KGp. The access right may also comprise an access rule that describes those uses of the protected multimedia content that the terminal is authorized to make.
To further improve the protection of the content, an intermediate level of encryption of the keys Ksi is used. This makes it possible to change, during the temporal progress of the content, the encryption keys KGp used to compute the cryptograms (Ksi)*KGp transported in the licenses Li.
The segments are grouped together in blocks of segments. Each block contains only a restricted part of the segments of the content. Typically, each block contains at least one segment and, generally, several successive segments. Successive should be understood here to mean immediately following one another, without being separated, in the temporal progress of the content, by segments not belonging to the block concerned.
An intermediate key KGp is associated with each of these blocks. The segment key Ksi necessary to the decryption of a segment is encrypted with the intermediate key KGp associated with the block to which this segment belongs. The resulting cryptogram (Ksi)*KGp is then inserted into the license Li transmitted jointly with this segment.
The license L comprises an identifier of a terminal license Lp, which itself comprises the cryptogram (KGp)*KT of the intermediate key KGp obtained by encryption of this intermediate key KGp with the terminal key KT.
A block of segments is not therefore characterized by its structure but by the intermediate key KGp used to encrypt each key Ksi of all the segments of this block. A block is therefore formed by all the segments whose segment key Ksi is encrypted with one and the same intermediate key KGp.
In such a system, a terminal receives, jointly with an encrypted segment, an intermediate license Li comprising the cryptogram (Ksi)*KGp of the content key necessary to decryption that segment.
To access the content in order to make use thereof, the terminal extracts the access right from the license Li.
To access the segment, the terminal must first obtain the terminal license Lp that comprises the cryptogram (KGp)*KT. The terminal obtains this license Lp by submitting an access-rights request to the access-rights server. This request is submitted “out-of-band” over a point-to-point link between the terminal and the access-rights server. The response from the access-rights server is also transmitted to the terminal by this same point-to-point link.
The terminal then evaluates the license Lp. If the result of this evaluation is positive, the terminal decrypts the cryptogram (KGp)*KT using its terminal key KT. If the result of this evaluation is negative, the terminal inhibits the use of the license Lp, and in particular does not decrypt the cryptogram (KGp)*KT that it comprises. It thus prohibits access to the block of protected segments by virtue of the keys Ksi having been encrypted using this intermediate key KGp.
In the case where the terminal has not received the license Lp, it likewise inhibits its processing, and thus prohibits access to the block of protected segments currently being received. The result thereof, for the user of the terminal, is an interruption in the playing of the content.
It is therefore important for the terminal to obtain the license Lp associated with the next block of segments to be received sufficiently in advance of receiving the next block of segments. The moment at which receiving the next block of segments starts defines the moment of the next intermediate-key rotation in the stream. This is the process of “license pre-delivery.”
To guarantee pre-delivery of the license Lp, any license Lp transmitted to a terminal comprises a limit date before which that terminal must request the next terminal license Lp+1 from the access-rights server. The next date at which the terminal must connect to the access-rights server to request the next terminal license is called the “renewal expiration date.” When this renewal expiration date is reached, the terminal submits an access-rights request to the access-rights server. In response, the access-rights server transmits the next terminal license Lp+1 to the terminal.