1. Technical Field
This invention relates to cryptographic protocols for use, for example, in performing effective content level encryption (e.g., on MPEG-4 bit streams).
2. Summary
In particular, the invention relates to a method of generating cryptographically protected digital data encoding content and arranged into messages, each message being decodable by a decoder application on a client terminal having a service interface to assemble each message for the decoder application, the method including:    retrieving a message from a machine-readable medium;    encrypting at least part of the message; and    providing the encrypted messages as output in a format enabling a server service interface to arrange the message into at least one packet including at least one header and a payload, each payload including at least part of the message, at least one header including information enabling the service interface on the client to assemble each message for the decoder application from the payload of the packets.
The invention further relates to a server for enabling decryption of cryptographically protected data encoding content and arranged into messages, generated by means of such a method.
The invention also relates to a system for generating cryptographically protected digital data encoding content and arranged into messages, each message being decodable by a decoder application on a client terminal having a service interface to assemble each message for the decoder application, the system being configured to:    retrieve a message from a machine-readable medium;    encrypt at least part of the message; and to    provide the encrypted messages as output in a format enabling a server service interface to arrange the message into at least one packet including at least one header and a payload, each payload including at least part of the message, at least one header including information enabling the service interface on the client to assemble each message for the decoder application from the payload of the packets.
The invention further relates to a method of distributing digital data encoding content and arranged into messages from a server to one or more client terminals through a network, each message being decodable by a decoder application on a client terminal, said method including:    transmitting a plurality of data packets from the server through a network through a network interface of the server, each packet including at least one header and a payload, each payload including at least part of a message;    providing each message to a first of a series of at least one service interface between two layers in a protocol stack, installed on the server, each service interface configured to add at least one packet header to the packet encoding information enabling the client to process the remainder of the packet, the method further comprising transmitting packets including at least one header including information enabling a service interface on the client to assemble each message for the decoder application from the payload of the packets.
The invention also relates to a server for distributing digital data encoding content and arranged into messages to one or more client terminals through a network, each message being decodable by a decoder application on a client terminal, said server including:    a network interface for transmitting a plurality of data packets from the server through a network, each packet including at least one header and a payload, each payload including at least part of a message, the server further including a series of at least one service interface between two layers in a protocol stack, each service interface configured to add at least one packet header to the packet encoding information enabling the client to process the remainder of the packet, the server being configured to transmit packets including at least one header including information enabling a service interface on the client to assemble each message for the decoder application from the payload of the packets.
The invention also relates to a client terminal for receiving and processing digital data encoding content and arranged into messages, each message being decodable by a decoder application, comprising    an interface for receiving a plurality of data packets, each packet including at least one header and a payload, the terminal further including a series of at least one service interface between two layers in a protocol stack, each service interface configured to remove at least one packet header from the packet and process the remainder of the packet using information encoded in the removed packet header, including a service interface configured to assemble the messages for the decoder application from the payload of at least one packet, using information included in at least one header of the packet.
The invention also relates to a method for receiving and processing in a client terminal digital data encoding content and arranged into messages, each message being decodable by a decoder application, comprising    receiving a plurality of data packets by means of an interface of the client terminal, each packet including at least one header and a payload;    providing each packet to a first of a series of at least one service interface between two layers in a protocol stack, each service interface configured to remove at least one packet header from the packet and process the remainder of the packet using information encoded in the removed packet header, including a service interface configured to assemble the messages for the decoder application from the payload of at least one packet, using information included in at least one header of the packet.
The invention also relates to a computer program loadable into a computer and having the potential, when run on the computer, to provide the computer with the functionality of such a system, server or client terminal.
The invention lastly relates to a computer program loadable into a computer and having the potential, when run on the computer, to enable the computer to execute one of the above-mentioned types of methods.
Examples of such systems and methods are known, e.g. from international standard ISO/IEC 14496-1, known as MPEG (Moving Pictures Expert Group)-4.
MPEG and MPEG-4 are standards that have been proposed and, in the case of MPEG, are widely used in the distribution of video and, to a lesser degree, other forms of content. Moreover, applications such as distributing digital content over the Internet and others, have created a need for encrypting content, whether in the MPEG, MPEG-4 or any other format.
The MPEG-4 standard specifies an architecture of which the basic building blocks are formed by a scene description and elementary streams that convey streaming data. To distribute the streaming data, it is conveyed in SL-packetised streams (SPS). The packets contain elementary stream data partitioned in access units as well as side information, e.g. for timing and access unit labelling. The timing model relies on clock references and time stamps to synchronise audio-visual data conveyed by the one or more elementary streams. The concept of a clock with its associated clock references is used to convey the notion of time to a receiving terminal. Time stamps are used to indicate the precise time instants at which the receiving terminal consumes the access units in decoding buffers. An object time base (OTB) defines the notion of time for a given data stream. The resolution of this OTB can be selected as required by the application or as defined by a profile. All time stamps that the sending terminal inserts in a coded data stream refer to this time base. The OTB of a data stream is known at the receiving terminal by means of object clock reference (OCR) time stamps in the SL packet headers for this stream or by means of an indication of the elementary stream from which this object descriptor stream inherits the time base.
The object description framework consists of a set of descriptors that allows to identify, describe and properly associate elementary stream to each other and to audio-visual objects used in the scene description. Object descriptors are a collection of descriptors that describe one or more elementary streams that are associated to a single node in the scene. An elementary stream descriptor within an object descriptor identifies a single elementary stream. Each elementary stream descriptor contains the information necessary to initiate and configure the decoding process for the elementary stream, as well as intellectual property identification. Intellectual Property Management and Protection (IPMP) information is conveyed both through IPMP descriptors as part of the object descriptor stream and through IPMP streams, elementary streams that carry time variant IPMP information, in particular content encryption keys. Keys are associated with the content or other streams via appropriate IPMP stream descriptors. These keys must be synchronised with the content stream. The existing MPEG-4 model is used for delay and synchronisation management. Thus, the decryption application in the receiving terminal must appropriately manage time stamping.
The MPEG-4 bit stream syntax in its current form offers no explicit support for resynchronisation of the decryption process in the event that parts of the encrypted content bit stream are lost during transmission. Since the transport layer is not specified by MPEG-4 it is not possible to utilize characteristics of the underlying transport protocol for synchronization. MPEG-4 media may also be played back locally, in which case there is no transport involved. In an error-prone environment, the loss of a single bit would effectively destroy the remainder of the frame. There are many ciphers and associated modes that cannot perform self-synchronization, but that are very attractive under a wide range of evaluation criteria. Currently, these must all be ruled out, simply because there is not support in the extensions for the synchronization of the decryption process in the event of data loss.