PROTOCOLS

FIELD OF THE INVENTION

The invention generally relates to a secure distribution of audiovisual data. The invention relates more specially to a method and apparatus for secure distributing of audiovisual data encapsulated according to a plurality transport protocols to various devices connected to a network.

BACKGROUND OF THE INVENTION

Various de vices (STBs, PCs, mobile phones and other mobile entertainment devices) are used nowadays to consume the audiovisual content transported through multiple distribution infrastructures (satellite, radio, cable and IP networks). Providing unified commercial offers for all these technological platforms represents a key element for the service providers willing to differentiate themselves from their concurrence.

The technical means to deploy such cost-effective unified services are focusing on reusing hardware/software components on client side (chipsets for audio visual decoding/de-multiplexing, smartcards for descrambling etc.) and to transport the unique audiovisual streams through various distribution infrastructure. This feature is made possible by encapsulating the audio visual streams through multiple transport protocols. The most known protocols for audiovisual data transport are UDP (User Data gram Protocol), RTP (Real Time Protocol) and RTSP (Real Time Streaming Protocol) for IP networks, as well as MPEG-2 TS (Transport Stream) for satellite, radio and cable networks.

For example, a digital TV service using satellite infrastructure for broadcasting would use MPEG-2 TS as transport protocol. The same operator wants to provide an IPTV service for receiving devices connected to an IP network. In this situation, the audiovisual streams will be encapsulated according to two transport protocols: MPEG-2 TS to guarantee the transmission till the IP head-end infrastructures, and RTP or UDP for streaming the content to the devices connected to a n IP network. In order to protect the content transmission, most of the transport protocols contain specifications relating to security mechanisms: SRTP (Secure RTP) and ISMACryp (Internet Streaming Media Alliance) pro vides specification for content protection over RTP; DVB-CA (Common Scrambling Algorithm) specifies security mechanisms for content transport over MPEG-2 TS according to the DVB standard; IP SEC (Security) addresses the security of IP transport proto col.

The skilled man may use an y of the said security mechanisms 20 designed for a specific transport protocol to protect the content transmission.

However, u sing such a mechanism a specific transport protocol would allow the de- protection of audio visual steam only by the devices compliant to the said specific transport protocol. Regarding the example presented above, distributing securely audio visual streams to an IP-featured device would require a protection on IP level that would prevent a MPEG-2 TS featured device to access such an audiovisual stream.

This disadvantage is major: a service provider is forced to choose at the headend of the distribution infrastructure his protection system that would strongly limit the choice of hardware devices for the end-user.

In addition, once the protection system was chosen, it will be impossible to access to the clear audiovisual stream at any level of the distribution chain, to insert a mark identifying the distribution nodes, for example, or to simply modify the content of the audiovisual streams.

SUMMARY OF THE INVENTION

In order to re solve these disadvantages, the present demand proposes a method and system for securing the transport according to a plurality of transport protocols of an audiovisual stream to a device supporting any of the said transport protocols. The same protected audiovisual stream will then be able to be de- protected by a device supporting any of the said transport protocol, and not only one specific transport protocol. In this situation, the proposed method will allow protection and de-protection of an audiovisual stream in dependent of the hierarchy of the transport protocols used for encapsulating the said audiovisual content.

According to these statements, this document discloses a method is provided for secure distribution of an audiovisual stream constituted by a set of transport packets encapsulated according to a plurality of transport protocols suitable to be transmitted to a user device compatible with one of the said transport protocols, the method comprising the steps of:

- generating a protected audio visual stream from the original stream, the said principal audio visual comprising a set of modified transport packets that are different from the corresponding original transport packets at modification positions;

- generating a complementary stream of any format comprising digital information suitable to allow reconstruction of the original audiovisual stream from the said principal stream,

- reconstituting the on the said receiving de vice the original audiovisual stream from the protected stream as function of the said complementary stream

wherein the method is being characterized that:

- the said complementary stream comprises the said modification positions and

- the said modification position s are generated according to each transport protocol of the said transport protocols.

Another disclosure of the present invention is a system comprising:

- means to generate a protected audio visual stream from the original stream, the said protected audiovisual comprising a set of modified transport packets that are different from the corresponding original transport packets at modification positions;

- means to generate a complementary stream of any format comprising digital information suitable to allow reconstruction of the original audiovisual stream from the said protected stream, - means to reconstitute on the said receiving de vice the original audiovisual stream from the principal stream as function of the said complementary stream wherein the system is being characterized that:

- the said complementary stream comprises the said modification positions and

- the said modification positions are generated according to each transport protocol of the said transport protocols.

BRIEF DESCRIPTION OF THE DRAW INGS

The above aspect of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawing figures, wherein :

FIGS. 1 A and 1 B show the structured view of a protection system to securely deliver multimedia content encapsulated according to a plurality of transport protocols.

FIG. 2 shows a detailed description of a first and a second scrambling module integrated on server side into the protection system presented in FIG. 1.

FIG. 3 shows a detailed description of a descrambling module integrated on client side into the protection system presented in FIG. 1.

DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

Hereinafter, certain exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawing figures.

In the following description, the matters defined in the description such as a detailed construction and elements are nothing but the ones provided to assist in a comprehensive understanding of the invention. Thus, it is apparent that the present invention can be carried out without those defined matters. Also, well-known functions or constructions a re not described in detail since they would obscure the invention in unnecessary detail.

In addition, identical references within the accompanying drawing figures address similar technical elements, unless a different meaning is clearly described. FIG.1A is a structured view of a protection system comprising: a content distribution server 11 and a receiving device 12 to playback the content distributed by the serve r 11.

The original content stream 1 is a multimedia stream containing video and audio flows, as well as rich media flows.

The audiovisual compression methods are the ones well known to the skilled man like the standard ones: MPEG-2, MPEG-4 part 2, MPEG-4 AVC/H.26 4, MPEG-4 SVC etc. or the one s largely used by industry: Windows Media Audio and Video, VP6 etc.

The original stream 1 is constituted by a set of transport packets encapsulated according to a plurality of transport protocols.

According to a preferred and non-limitative embodiment, the transport packets are encapsulated according to the following transport protocols: first the audiovisual content is packaged according to MPEG-2 TS (see ISO/IEC 13818-1 ), the resulting MPEG-2 TS being encapsulated according to RTP (see RFC3550) to output RTP packets.

The original content stream 1 is scrambled by a scrambling module 2 that generates as output:

- a protected stream 121 comprising a set of modified transport packets that are different from the corresponding original transport packets at modification positions, and

- a complementary stream 122 that comprises the information needed by a descrambling module 22 to recover the original stream 1.

The functioning of the scrambling module 2 is detailed later in the document (FIG. 2).

The format of the complementary stream 122 can either be proprietary, either standard, for example compliant with at least one of the said transport protocols of the protected stream 121. According to one aspect, the transmission of the complementary stream 122 is protected by the protection module 5 using various cryptographic means well known by the skilled man.

Both protected stream 121 and complementary stream 122 are transmitted by a transmission module 4 according to a proprietary or standard transport protocol.

According to one aspect, both protected stream 121 and complementary stream 122 are transmitted separately by a transmission module 42 and a transmission module 43 respectively, according to a proprietary or standard transport protocol.

According to another aspect, the protected stream 121 and the complementary stream 122 are multiplexed before being transmitted.

According to one aspect, the protected stream 121 is unpacked by an unpacking module 311 or by a plurality n unpacking modules 31 n, after the transmission from the content distribution server 1 1 and before the reception on the receiving device 12. If the complementary stream 122 was mixed and transmitted through he same transport session as the protected stream 121 by the transmission device 4, it will be unpacked as well as the protected stream 121 . These unpacking modules are compliant to the transport protocols used to encapsulate the original stream 1 , the same as the ones used to encapsulate the protected stream 121. These unpacking operations are applied to allow the transmission of the protected stream 121 (and eventually the complementary stream 122) through a variety of network infrastructures (like satellite or cable regarding MPEG-2 TS, or IP regarding RTP) as well as to be adapted for consumption on a variety of receiving devices (like set-top- boxes for MPEG-2 TS, or IP media centers for RTP).

On the client side, the receiving device 12 recovers the protected stream 121 and the complementary stream 122 through the network interface 41.

The receiving device 12 is a computer, a set-top-box, a media center, a mobile phone, a PDA, a portable media player or any other hardware device with multimedia capabilities. The network interface 41 is an IP (Internet Protocol), cable, terrestrial, satellite or mobile network interface, depending on which kind of network the two streams are transmitted.

According to one aspect, complementary stream 122 is de-protected by a de- protection module 51 compliant with the protection module 5.

The two streams are then processed by the descrambling module 21 in order to generate the original transport packets 1 15 in function of the complementary stream 122. The functions of the descrambling module 22 will be described later (FIG. 3).

The original transport packets 115 are then processed by an unpacking module 311 , or by a plurality n unpacking modules 31 n in order to obtain the video frames and/or the audio samples that will be decoded and rendered by the multimedia decoding interface 6.

The multimedia decoding interface 6 is a software/hardware module performing audiovisual decoding, a multimedia player or an external device with various capabilities in terms of multimedia decoding and rendering.

According to one aspect, the unpacking module 311 or the plurality n unpacking modules 31 n are software/hardware modules integrated within multimedia decoding interface 6.

FIG.1 B is a structured view of an alternative protection system. The difference from the protection system presented within the FIG. 1A is that the protected content

121 is packaged according to a transport protocol by an encapsulating module 3, or according to n transport protocols by n encapsulating modules 3n in order to determine a second protected stream 123. This second protected stream 123 is processed by a second scrambling module 21 to generate the second complementary stream 124. The second protected stream 123 and the second complementary stream 124 are then processed as the protected stream 121 and the complementary stream 122 in FIG. 1A.

The second scrambling module 21 is used in the situation when further encapsulation operations according to various transport protocol occur after the protection process. This allows a greater flexibility for the service provider, which can choose any time a new distribution infrastructure, without being oblige to re-apply the initial protection process.

FIG. 2 details the functioning of the scrambling module 2 and the second scrambling module 21.

The functioning of the scrambling module 2 comprises a set of operation steps that will be described below.

The analyze step 211 is applied on each of the said original transport packets of the original stream 1 in order to determine all the transport protocols used to encapsulate the said original transport packets. The output is a list 131 of transport protocols, where the first transport protocol in the list is the one situated at lowest-level on the transport protocol stack.

According to the preferred embodiment, the result of the analyze step 21 1 is a list 131 containing two transport protocols: MPEG-2 TS and RTP.

The modification step 212 is applied in order to determine a modified transport packet 1 12 and a complementary packet 1 1 1 corresponding to each of the said original transport packets of the original stream 1. The complementary packet 11 1 has any format and it comprises digital information suitable to allow reconstruction of the said original transport packets from corresponding modified transport packets 112.

The modification step 212 is applied as described below.

First, the data chosen to be modified is isolated from the original transport packet by determining the transport packet corresponding to the first transport protocol from the list 131 . According to the preferred embodiment, the MPEG-2 TS packet is chosen for modification.

Secondly, the offset within the chosen transport packet and the size of the binary data to be modified are determined. The said offset and size are characterizing the modification position used by the descrambling module 22 to recover the original data and to insert it back into the modified transport packet to determine the original transport packet. Third, the original data extracted from the said chosen transport packet by using the modification position (offset and the size) is stored within complementary packet 111. The said offset and size are stored within the complementary packet 111 , too.

The type of the transport protocol (in the preferred embodiment, MPEG-2 TS), or the transport protocol position within the list 131 of transport protocol (the value 1 ) can be also stored within the complementary packet 111.

The complementary packet 1 1 1 comprises also the synchronization information allowing the descrambling module 22 to select the modified transport packet 112 and a complementary packet 111 in order to recover the original transport packet.

According to the preferred embodiment, the synchronization information comprises at least one of the following information related to the structure of the MPEG-2 TS packet or the PES packet: PID, streamjd, PTS, DTS, etc.

Alternative mechanisms to determine the synchronization information to be added inside the complementary packet 1 11 may be used. For example, the private data fields allowed by various transport protocols can be used to add a unique identifier within the modified transport packet 112 and stored within the complementary packet 111.

At the end of the modification step, the data is modified and inserted back into the original transport packet creating the modified transport packet 1 12. The data allowing the reconstruction of the original transport packet from the modified transport packet 112 is stored within the complementary packet 111.

According to one aspect, the data is modified by using various cryptographic techniques well-known to the skilled man. The key or the keys issued further to the use of these cryptographic techniques allowing the reconstruction of the said original transport packet are stored within the complementary packet 111.

According to another aspect, data is modified by replacing the original data with different data within the modified transport packet 1 12. The original data is then stored within the complementary packet 111. According to one aspect, the set of the modified transport packets 112 allows the unpacking module 311 or the plurality n unpacking modules 31 n to generate video frames and/or the audio samples to be decoded and rendered at a degraded visual and/or audible quality by the multimedia decoding interface 6. This can be achieved by implementing within the modification step 212 a modification method as the one described for example by the document WO2005/032135.

The updating step 213 generates an updated complementary packet 1 13 containing the information allowing the reconstruction of the original transport packet for any transport protocol in the list 131.

The updating step 213 is applied as following: for each transport stream in the list 131 , excepting the first one (already used by the modification step 212), the offset, the size, the identification information of the protocol and the synchronization information are generated as described further the modification step 212 and combined with the content of complementary packet 1 1 1 to generate the updated complementary packet 113.

According to the preferred embodiment, the updating step 213 is applied for RTP.

The packaging step 215 reassembles all the modified transport packets 1 12 to generate the protected stream 121 that is compliant to all the transport protocols that the original stream 1 is compliant with.

The packaging step 214 reassembles all the updated complementary packets 113 to generate the complementary stream 122 that is compliant to a proprietary transport protocol or to at least one of the transport protocols that the original stream 1 is compliant with.

The functioning of the second scrambling module 21 is similar to the one of the scrambling module 2, only the analyze step 216 being slightly different of the analyze step 211.

Further to the analyze step 216, a list 132 of transport protocols is generated to contain the difference between the set of transport protocols to which the second protected stream 123 is compliant with and the set of transport protocols already addressed within the complementary stream 122. The difference between the second updated complementary packets 1 14 and the corresponding updated complementary packets 1 13 are related to the information regarding the transport protocols from the list 132.

The output of the second scrambling module 21 is the second complementary stream 124 that resembles all the second updated complementary packets 114, and it t is compliant to a proprietary transport protocol or to at least one of the transport protocols that second protected stream 123 is compliant with.

FIG 3 details the functioning of the descrambling module 22.

The analyze step 221 takes as input parameter complementary packets 1 14 or 1 13 of the complementary stream 122 or 124 and a fixed value identifying a chosen transport protocol. This chosen transport protocol is the one supported by the unpacking module 311 or by the one of the n unpacking modules 31 n. The identity of the chosen protocol will used to extract from the complementary packet 1 14 or 1 13 the data contain ing the mod ification position (the offset and the size), the synchronization information and the data allowing the reconstruction of an original packet using a modified transport packet from the protected stream 121 or 123. The extracted data represents the output of this step.

The reconstitution step 222 uses the output data of the analyze step 221 to select the corresponding modified transport packet from the protected stream 121 or 123 and to reconstitute the original packet 115.

Accord ing to one aspect, the reconstitution step 222 appl ies various decryption techniques to reconstitute the original packet 115 from the corresponding modified transport packet using a decryption key or decryption keys from the output of the analyze step 222.

According to another aspect, the reconstitution step 222 replace the data from the modified transport to reconstitute the corresponding original packet 115 using the original data from the output of the analyze step 222.