The general problem is to provide a device that is capable of transmitting, in a secure fashion, a set of high-quality visual films in an MPEG-2 type format directly to a viewing screen such as, for example, a television screen or to be recorded on the hard disk of a box that connects the teletransmission network to a monitor-type screen, television screen, video projector or cinema screen all while preserving audiovisual quality, but avoiding fraudulent utilization such as the possibility of making pirated copies of films or audiovisual programs recorded on the hard disk of the decoder box.
With presently available solutions, it is possible to transmit films and audiovisual programs in digital format through broadcast networks of the Hertzian, cable, satellite, etc. type, or through DSL (Digital Subscriber Line) or BLR (local radio loop) telecommunications-type networks, through DAB (Digital Audio Broadcasting) networks, through RTC (Switched Telephone Network) networks or even through digital telecommunications networks (GSM, GPRS, UMTS, etc.). These works are often encrypted through various means well known in the art to avoid pirating of works broadcast in this way.
Nevertheless, the primary drawback for all currently available solutions (TiVo Inc., WO00165762) is that it is necessary to transmit not only the encrypted data, but also the decryption keys, towards the users. Transmission of decryption keys can take place before, at the same time or after the transmission of audiovisual programs. To increase security and therefore the protection of audiovisual works against ill-disposed use, decryption keys as well as audiovisual decoder decryption functions can comprise an improved means of security like continuous changes of encrypting keys all along the same audiovisual program, or chip cards or other physical keys which can, as an option, be updated remotely.
In this way, the solutions currently applied to a decoder box with the possibility of local recording of audiovisual programs in digital format on a support of the hard disk type or other type of memory, offers to the ill-disposed user the possibility of making unauthorized copies of programs recorded in this way, because at a given time, this user has, with a digital decoder box, whether or not it is associated with chip card systems, all the information, software programs and data to allow complete decryption of the audiovisual programs. In fact, because the availability of the data, the ill-disposed user will have the possibility of making illegal copies without anyone being aware of this fraudulent copying at the time it takes place.
One solution therefore consists of transmitting all or part of a digital audiovisual program solely upon request (on-request video services) through a broadband telecommunication network of the ADSL, cable or satellite type, without authorizing the local recording of audiovisual programs. WO 00/11871 (Open Entertainment) discloses a solution for distributing multimedia files upon request of the user. The drawback there is completely different and originates from the performances of these networks which do not allow guarantee of continuous flux of several megabits per second to each user, as required by the MPEG-2 flux which necessitates bandwidths of from several tens of kilobits to several megabits per second.
Another solution consists of separating the flux into two parts of which neither would be usable by itself. WO 99/08428 (Gilles Maton) discloses a multi-application treatment process of an active localizable terminal in which at least one connection is made with an identifiable program that is dedicated to the execution of an application, where the program dictates its conditions for making the functions available for use to the terminal. Through the use of a connection, the terminal punctually dialogs with the management center for the creation, if necessary, of input and output of capacities of this latter, where the management center may or may not become enslaved with the terminal at the level of the application with regard to the input program. That investigation likewise involves the identification process for the program and terminal being used. That process divides the flux into one part that is used to identify the user and one part that contains the program itself. In particular, the program is not usable, but is only interlocked by the first part.
U.S. 2002/0018565 discloses a method and system of controlling access to a normalized multimedia flux. That disclosure rests on the use of selective encrypting methods which keep the binary flux in compliance with its original standard. The authorized user must use a decryption key to have access to the video flux. Protection is carried out in three stages: extraction of encoded words, encryption of coded words and re-insertion of encrypted coded words into the binary flux. One example that is specific to the motion vectors is cited with the MPEG-4 type flux. Even so, the protection of flux motion vectors is supported by encryption methods that are well known. The initial contents of the flux are found entirely in the protected flux. Given that the solution from that disclosure preserves all the original data within the protected flux, it does not meet the high-security criteria.
On the other hand, EP 0778513 (Matsushita) describes a process that allows the illegal use of information to be prevented by adding monitoring information to verify the user's rights. The system allows the user to permanently know what part of the information is being used and by which user and from there to know if the user is in an illegal position or not. That process therefore secures the data by adding additional information to it that denatures the initial information.
WO 00/49483 (Netquartz) likewise discloses processes and systems to create a connection between the users and an editor of digitized entities. The process consists of at least one of the following stages: the stage for subdividing the digitized entity into two parts; the stage for memorizing one part in a memory zone of a server connected to a computer network; the stage where the other part is transmitted to at least one user who has computer equipment access; the connecting stage for the computer equipment to the computer network; the stage for establishing a functional connection between the first part and the second part. Those processes and systems do not specify whether the part recorded on the server can be stored by the user, which would allow this user to pirate the digitized entity.
WO 01/97520 “Video interface device, distribution system and transfer method for encoded programs and video sequences through the communication network” discloses a device for the secure broadcast of protected video fluxes. Protection of the video flux is carried out by replacing certain original imaged I by “false” images I or by permuting certain images I between them. The original images I extracted from the video flux are stored separately from the protected flux and are sent to the user when he wishes to view the video. In this way, replacing the original images I with “false” images I modifies the size of the protected flux relative to the original flux. Moreover, an ill-disposed user can easily detect a false I image of index n, because this image of index n is very different from the I image of index n−1 and from the I image of index n+1; then easily replace it with the I image of index n−1 or index n+1, or by an image calculated by interpolation between the images I of index n−1 and n+1, and thus recreate a flux very close to the original. Moreover, in an MPEG-2 flux, the images I represent only about one image out of 12 or 15, do not modify the remaining 11 P and B images, and do not sufficiently degrade the video, in particular because these P and B images also contain the intra macroblocks which “reconstruct” the image. Likewise, substituting the entire assembly with an I image is a rather extensive modification, one which is easily revealed by an automaton responsible for reconstructing the video. That solution does not therefore meet the high-security and strong visual degradation criteria for video fluxes.
Finally, U.S. Pat. No. 5,937,164 discloses a solution that consists of separating the flux into two parts of which the smaller part holds information necessary for utilization of the larger part. Nevertheless, that disclosure is not sufficient to address the identified problem. In effect, suppression of one part of the flux denatures the flux format, and is not therefore recognized as a standard flux, usable with general software applications. That process requires, at the same time, a specific server-side software, for separation of the two parts, and another specific software which ensures not only reconstruction of the flux, but also acquisition of the primary flux and its exploitation according to a format that is proprietary to the solution. That proprietary format is not the initial format of the flux before it was separation into two parts, in this known solution. In this way, an ill-disposed user will very easily detect the denatured data, specifically because of the non-compliance of the flux after separation.
U.S. Pat. No. 5,892,825 revisits the preceding patent, but in a narrower scope because the fluxes are still encrypted in it. U.S. Pat. No. 6,035,329 relies on the same principal and concerns a process that allows reading of a disk of the CD-ROM or DVD-ROM type, conditionally upon identification of rights by the insertion of a chip card on which information necessary for reading are stored. That process is not sufficient because it does not guarantee that the modified flux will be of the same format as the original flux. Finally, U.S. Pat. No. 6,185,306 discloses a process of transmitting encrypted data from a Web site to a requesting computer. That process nevertheless allows the user to access at any given time the tools necessary for copying the data.