1. Technical Field
The present disclosure relates generally to digital rights management as well as to data transfers to vehicle systems, and more particularly, to the distribution of cryptographic keys consumed in the playback of multimedia content through vehicle entertainment systems.
2. Related Art
Air travel typically involves journeys over extended distances that at the very least take several hours to complete. Some of the longer non-stop international flights have scheduled durations of over sixteen hours with travel distances extending beyond ten thousand miles. Passengers on board the aircraft are confined within an enclosed space of a designated seat for the entire duration of the flight, with only a few limited opportunities to leave the seat for use of the lavatory and so forth. Thus, even on the shortest trips an airline passenger has some idle time, which the passenger may occupy with work, leisure, and/or rest.
Airlines therefore provide on-board in-flight entertainment (IFE) systems that offer a wide variety of multimedia content for passenger enjoyment. Recently released movies are a popular viewing choice, as are television shows such as news programs, situation and stand-up comedies, documentaries, and so on. Useful information about the destination such as airport disembarking procedures, immigration and custom procedures and the like are also frequently presented. Audio-only programming is also available, typically comprised of playlists of songs fitting into a common theme or genre. Likewise, video-only content such as flight progress mapping, flight status displays, and so forth are available. Many in-flight entertainment systems also include video games that may be played by the passenger.
The specific installation may vary depending on service class, though in general, each passenger seat is equipped with a display device, an audio output modality, an input modality, and a terminal unit. The terminal unit may generate video and audio signals, receive inputs from the input modality, and execute pre-programmed instructions in response thereto. The display device is typically an LCD screen that is installed on the seatback of the row in front of the passenger, though in some cases it may be mounted to a bulkhead or retractable arm, or the like, that is in turn mounted to the passenger's seat. Furthermore, the audio output modality is a headphone jack, to which a headphone, either supplied by the airline or by the passenger, may be connected.
The multimedia content is encoded and stored as digital data on an on-board IFE content or media server that is remote the terminal unit. The terminal unit and the media server thus incorporate networking modalities such as Ethernet to establish data communications between each other. Once a particular selection of multimedia content is selected for playback by the passenger, the terminal unit retrieves the same, and a video decoder and an audio decoder function to generate the video and audio signals to the display device and the audio output modality, respectively, for presentation to the passenger.
Notwithstanding the availability of airline-installed IFE equipment such as the aforementioned seatback display screens and headphone jacks, an increasing number of passengers are choosing to bring on board their own portable electronic devices (PEDs) such as smart phones, media players, electronic readers, tablets, laptop computers, and so forth. In most cases, these devices are loaded with music, video, games, and other multimedia content of the user's choosing well before embarking. A variety of content distribution models exist, including per-item purchasing of individual songs, albums, movies, episodes, seasons, or other unit of multimedia content, rentals in which such items are accessible for a limited time (and at a correspondingly lower price), as well as subscription-based models in which a library of content is downloadable in exchange for the payment of a periodic fee.
Many content distribution services utilize digital rights management (DRM) technologies to restrict playback only to authorized users. The multimedia content is encrypted prior to distribution, and remains encrypted while stored on the user devices. Upon rendering payment or otherwise compensating the content distributor/owner, the user is provided with a decryption key that is utilized to decrypt the multimedia content for playback.
Although the purchase and loading of multimedia content onto PEDs have been greatly simplified, it is nevertheless a deliberate process that may require some effort in advance of a passenger's journey. New content may be downloaded via cellular networks and airport WiFi networks while still on the ground, but Internet connectivity may be limited or non-existent during flight. Thus, the passenger may not have the option to purchase content through conventional, Internet-based services.
One ready source of multimedia content is the on-board IFE system, and in more recent implementations, it is possible for PEDs to retrieve and playback content stored on the IFE content server via existing on-board WiFi networks. One commercially available wireless IFE system is ExpressPlay, and similar to conventional Internet-based services, the content delivered via this service is protected with DRM. Accordingly, a standard deployment includes a DRM license server (which is an implementation of the Marlin DRM platform), along with a device provisioning server and the aforementioned media server.
The Marlin DRM platform requires a unique cryptographic key for each client PED that can be traced to a trusted certificate authority (CA). These cryptographic keys may be stored on the media server. Each PED is assigned a device personality from the device provisioning server, and native app running on each PED retrieves the decryption keys using the assigned personality. The cryptographic keys are consumed, that is, once uniquely provisioned to a PED, it can no longer be used by another device at a different time. Thus, the more passengers use the IFE system, the more keys that are consumed.
Accordingly, new keys must be periodically loaded on to the media server so that passengers may continue to use the IFE system. One conventional method for such periodic loading of new keys involves the use of direct air-ground communications between the aircraft and a ground-based key server over a cellular model or a satellite communications module. Alternatively, the keys may be saved to a portable memory device that can be manually connected to the media server via a USB link between flights.
Other IFE systems may utilize alternative DRM platforms that require live connectivity from the aircraft to the ground for retrieving cryptographic keys. One such example is an IFE system offered by Lufthansa Technik, which utilizes the Microsoft ReadyPlay platform and requires each device to access a key server on the ground.
There are several deficiencies with existing cryptographic key loading methods. In the first instance, some aircraft may not have an operating air to ground communications modality. Furthermore, even when an aircraft has such capabilities, due to the high costs associated with per-data unit billing, it may not be economically viable to send consumable cryptographic keys over such networks. For example, a typical cryptographic key utilized in ExpressPlay implementations has a size of approximately 1 kilobyte, and so the bandwidth cost for delivering a key of this size would cost approximately ten times more than the cost of the key itself.
The aforementioned manual loading process is also problematic from several perspectives. Because human intervention is required, the costs can be substantial, particularly over an entire fleet of aircraft. Furthermore, being that such procedures are, by definition, not by demand, if the service is utilized more over a certain time period between manual loadings, it may not be available to the passengers because of the lack of available cryptographic keys. Along these lines, determining an appropriate number of cryptographic keys to load may be difficult, and oftentimes results in waste, as too many may be loaded. Each cryptographic key has an incremental cost, so each one that is not used during a given time period represents a lost opportunity cost.
Accordingly, there is a need in the art for an improved method for transferring consumable data such as cryptographic keys utilized for the playback of multimedia content on vehicles, in which persistent connections to a network resource are unavailable or cost-prohibitive.