US20060047952A1 - Method, system, device , signal and computer program product for metadata protection in tv-anytime - Google Patents

Method, system, device , signal and computer program product for metadata protection in tv-anytime Download PDF

Info

Publication number
US20060047952A1
US20060047952A1 US10/531,616 US53161605A US2006047952A1 US 20060047952 A1 US20060047952 A1 US 20060047952A1 US 53161605 A US53161605 A US 53161605A US 2006047952 A1 US2006047952 A1 US 2006047952A1
Authority
US
United States
Prior art keywords
data
signature
fragments
data fragments
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/531,616
Inventor
Sebastiaan Antonius Fransiscus Van Den Heuvel
Alexis Ashley
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Assigned to KONINKLIJKE PHILIPS ELECTRONICS, N.V. reassignment KONINKLIJKE PHILIPS ELECTRONICS, N.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ASHLEY, ALEXIS STEPHEN RICHARD, VAN DEN HEUVEL, SEBASTIAAN ANTONIUS FRANSISCUS ARNOLDUS
Publication of US20060047952A1 publication Critical patent/US20060047952A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8352Generation of protective data, e.g. certificates involving content or source identification data, e.g. Unique Material Identifier [UMID]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/84Generation or processing of descriptive data, e.g. content descriptors
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00855Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Definitions

  • the invention relates to a method of providing data integrity authentication and data protection, in which a set of data fragments is protected by a signature.
  • the invention further relates to a system for providing data integrity authentication and data protection, the system being arranged to receive and handle data fragments, of which a set of data fragments can be protected by a signature.
  • the invention further relates to a signature device for providing data integrity authentication and data protection, the device being arranged to handle data fragments, and the device being arranged to generate a signature to protect a set of data fragments.
  • the invention further relates to a verification device for verifying data integrity authentication and data protection, the device being arranged to handle data fragments, and the device being arranged to verify a signature to protect a set of data fragments.
  • the invention further relates to a signal comprising data fragments, of which a set of data fragments is protected by a signature.
  • the invention further relates to a computer program product for implementing such a method.
  • EPGs electronic program guides
  • the general term content typically comprises things like music, songs, movies, television programs, pictures and the likes, but can also refer to individual scenes, MPEG-4 objects, and so on.
  • Metadata for content items is available from a variety of sources. Metadata can be included with a broadcast stream (e.g. as MPEG-2 tables) or downloaded from external databases. For example, a television receiver or Personal Digital Recorder may be provided with an Internet connection, which allows the device to access metadata made available over the World Wide Web.
  • a broadcast stream e.g. as MPEG-2 tables
  • downloaded from external databases e.g. as MPEG-2 tables
  • a television receiver or Personal Digital Recorder may be provided with an Internet connection, which allows the device to access metadata made available over the World Wide Web.
  • This metadata generally comprises information such as title, artist, genre and so on, and may also contain a unique content reference identifier (CRID), sometimes also called a content reference identifier.
  • CRID unique content reference identifier
  • each individual content item can be uniquely identified.
  • further information can be retrieved from a database. For example, a user can select a content item which he wishes to see from the EPG, even though the time and place of broadcast are not yet known. Using the CRID, the system can then retrieve the time and place of broadcast of the content item when this information becomes available.
  • the CRID is not restricted to broadcast transmissions of content. It could also refer to a location on the Internet, or to any other source.
  • the purpose of content resolution is to allow acquisition of a specific instance of a specific item of content. For example a user may want to record an episode of a television series, but he does not necessarily know when and where that episode will become available. He can then use his personal digital recorder (PDR) or similar device to enter a reference to the episode or series by means of the CRID.
  • PDR personal digital recorder
  • a CRID may refer to an entire series or to an individual episode thereof.
  • the PDR Having received a CRID for a content item, the PDR tries to obtain the location of the content item.
  • This information is called a locator and it contains the date, time and channel on which the content item will be broadcast. The user however does not need to be aware of this.
  • the PDR waits for the specified date and time and then records the episode as it is broadcast on the specified channel.
  • the locator indicates a location on the Internet or the like, the PDR can simply retrieve the content from the indicated location as soon as it becomes available.
  • the TV-Anytime standardization body provides a standardized Content Reference ID. See TV-Anytime Forum, www.tv-anytime.org, Specification Series: S-4, on Content Referencing (Normative), Document SP004V11, 14 Apr. 2001, later version SP004V12, 28 Jun. 2002, ETSI TS 102 822-4.
  • This document specifies that the CRID contains an ⁇ authority> field indicating the body that created the CRID.
  • An authority will also provide the ability for the CRID to be resolved into locators or other CRIDs.
  • a locator is the name for locations in time and space of content.
  • the CRID further contains a ⁇ data> field which is a free format string that is compliant with the definition of Uniform Resource Identifiers (URIs) as given in “RFC2396, Uniform Resource Identifiers (URI): Generic Syntax.” This string should be meaningful to the authority given by the ⁇ authority> field.
  • URIs Uniform Resource Identifiers
  • the CRID is used for location resolution, which can be defined as the process of translating a CRID into other CRID(s) or locators. For instance, a CRID for an entire TV series could be translated into a series of CRIDs for the individual episodes of that series. Location resolution may be done in the recording device (typically a Personal Digital Recorder or PDR) or remotely. A resolution provider does location resolution. Resolution providers use resolving authority records (RARs) to be identified and located. A RAR includes at least an ⁇ authority> field, corresponding to a body that creates CRIDs.
  • RARs resolving authority records
  • a RAR also contains a URL and the resolution provider name.
  • the URL points to the location where resolution information can be found.
  • the resolution provider name contains the name of the body that is providing location resolution.
  • TV-Anytime information and services are valuable so protection of this information is important. Protection includes the issue of source authentication and spoofing; the integrity of the data is to be protected.
  • the receiver may want to check if the data is indeed coming from the expected source and hasn't been changed by a third party.
  • a third party can change the metadata or CRID table, it can make the PDR record other information then was intended including commercials, trailers or just other content. This is also very annoying for a user and may lower the trust the user has in the system.
  • the PDR may therefore want to check whether the content came from a trusted source. If the data can be authenticated to originate from one source even when it is distributed using different channels, the PDR can use this to make a choice when confronted with multiple sources of the same content. An example of this is when the data of a certain BBC show can be authenticated as being generated by the BBC, this raises the likelihood that this information is correct.
  • the source of the TV-Anytime data and metadata is not always the creator of the data.
  • the source could be a service provider gathering and grouping information from different sources. It could be useful to check who created the data and whether the data has been changed. In this case, the data that is received will hold parts provided by different sources.
  • each data fragment of the set comprises its own unique identifier
  • the signature comprises references to the respective unique identifiers of the data fragments of the set.
  • the invention describes a system in which signatures will be provided separately and references to unique identifiers will indicate which data fragments are covered by the signature.
  • the at least one identifier uniquely identifies a data fragment in order to enable the linking between data fragments and the signature. This is done by providing an (optional) field that is added to each data fragment for identification of that data fragment. An existing field could be used if all data fragments have such a field that uniquely identifies each data fragment. Otherwise, a special signature identifier could be added to each data fragment as an optional field. When this field is present it is a unique identification of that data fragment instance within the data.
  • a signature may refer to multiple data fragments, such that sets of data fragments are signed instead of individual data fragments. This has the further advantage that it is more efficient.
  • An embodiment of the method according to the invention is described in claim 3 .
  • An advantage is that only the hashes are needed to compute or verify a signature. This is especially advantageous (reduction of computation time) if the same data fragments are being used in multiple signatures.
  • XML clearly separates individual data fragments enabling the identification of data fragments in a standardized way. Data fragments can be collected in one or more XML documents.
  • Data fragments to be signed can be approached by the use of a transform function according to RFC3275) that removes the data fragments that are not considered for this signature.
  • the transform function refers to the data fragments using the unique identifier.
  • Such an index file would then link references to the appropriate signature files using the unique identifier to support a search option.
  • This table provides a grouping between the data that is signed and the list of signatures.
  • the DNS name is an easy and understandable choice for the unique identification of the organization.
  • the unique identifier identifies a data fragment, it does not define where this data fragment can be found within the total data.
  • the reference should preferably also be accompanied by a location indicator.
  • An embodiment of the method according to the invention is described in claim 14 .
  • An implementation indicates the path through the data that has to be taken in order to locate the data fragment.
  • An embodiment of the method according to the invention is described in claim 16 .
  • a different approach is to define a wrapper around the data document that further includes the signature information and possibly some other elements that need signing. In this way, the original data is included in the wrapper without changes, except for the addition of possibly missing unique identifiers.
  • a suitably defined wrapper may be extended to allow additional data to be included in the signed data.
  • the system according to the invention is characterized in that the system comprises means to receive and handle data fragments of the subset, each data fragment identified by a unique identifier, the system further comprises at least one of -means for associating a signature with the protected data fragments of the set using their unique identifiers, -means for verifying a signature associated with the set using the unique identifiers of the protected data fragments, and -means for generating a signature that references the protected data fragments by their unique identifiers.
  • the signature device is characterized in that the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and the device is arranged to generate signature information comprising the unique identifiers to refer to the data fragments of the set.
  • the verification device is characterized in that the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and the device is arranged to verify signature information comprising the unique identifiers to refer to the data fragments of the set.
  • each data fragment of the set comprises its own unique identifier
  • the signature comprises references to the unique identifiers of the data fragments of the set.
  • the invention is further characterized by a computer program product for implementing the method of claim 1 .
  • FIG. 1 schematically illustrates the process of content resolution
  • FIG. 2 shows the different fragments as defined by TV-Anytime
  • FIG. 3 a , 3 b , and 3 c show XML definitions and examples related to the unique identifier
  • FIG. 4 a , 4 b , and 4 c show XML definitions and examples related to the signature information
  • FIG. 5 shows XML definitions and examples related to the key information.
  • FIG. 1 schematically illustrates the process of content resolution.
  • the PDR 10 is instructed to record a content item identified by a Content Reference Identifier CRID.
  • Instructing the PDR to record a content item, or in other words scheduling that content item for recording can be done in a variety of ways.
  • a presently common way is that the user manually indicates, e.g. by selecting the content item in the EPG, that the content item is to be recorded.
  • the computer program product 12 with the computer-readable instructions in a suitable format such as a optical disc or solid state memory can be used to store or distribute the program instructions implementing the invention.
  • the PDR may be equipped to determine kinds of content items that the consumer may be interested in. This is known as user profiling or recommender systems. By keeping track of content items which the consumer views, and employing an implicit and/or explicit rating system for such content items, it becomes possible to predict with varying degrees of accuracy which other content items the consumer may be interested in. It then becomes possible to automatically record content items which are likely to be of interest to the consumer. Such content items could then be recorded by the PDR. Many techniques for user profiling are known in the art. When the PDR determines, using user profiling, that a particular content item may be of interest, it schedules the content item for recording.
  • the CRID for the content item is used to facilitate automatic recording of the content item.
  • the CRID could be entered manually by the user, or be the result of selecting a content item through an Electronic Program Guide. This second option assumes that the CRID is somehow provided to the PDR together with other metadata used in the EPG by a CRID provider entity 13 .
  • the user could perform a search using for example the title of the content item in a metadata database, and select the desired content item from the search results. The CRID is then supplied to the PDR by the search engine.
  • a trailer or preview for a movie could be broadcast with the CRID embedded in the content of the commercial in some way (e.g. a watermark).
  • the user could then press a button on his remote control, television or PDR.
  • the PDR or television then extracts the CRID from the content of the commercial.
  • the PDR tries to obtain locator information for the content item, using the CRID as input.
  • This locator information is not necessarily always available.
  • the CRID may refer to a movie that has only recently been released in movie theaters. This movie is not likely to be broadcast on television in the near future, so it cannot be scheduled using EPG information. In such a case, the PDR should regularly try to obtain the locator, as the locator may become available later (e.g. a year later, when the movie is going to be broadcast on TV).
  • the CRID could also refer to a TV series, which is then resolved into a number of CRIDs for individual episodes of that series. It is possible that no locator information is available for some episodes. Here the PDR should also regularly retry to obtain the locator(s) for those episodes.
  • Location resolution involves mapping a location-independent content reference (the CRID) to its location in time (e.g. scheduled transmission time in a broadcast system) and space (e.g. TV channel, IP address). As explained above, these locations in time and space are referred to as “locators.”
  • the process of location resolution may happen inside the PDR or by using a physically remote server, such as a server on the Internet.
  • the CRID essentially contains opaque information, which it cannot resolve to a location without external assistance.
  • a Resolution Provider (RP) which provider locator information for CRIDs is provided to solve this problem.
  • RP Resolution Provider
  • the name of the authority is present in the CRID in the ⁇ authority> field, as explained above. This name is present in the form of a registered Internet domain name. It is possible for an Resolution Authority (RA) 15 to be found on the Internet using the domain name resolution process specified in the TV-Anytime specification SP004.
  • Each RA will require one or more Resolving Authority Records (RAR) to exist in the PDR for location resolution to take place.
  • RAR Resolving Authority Records
  • Each resolving authority record will need to be placed inside some sort of transport specific container which allows the PDR to know that this is a RAR. In the case of multiple records for the same authority, the PDR can choose to just use one of them, or try them all in turn.
  • the Resolving Authority Record (RAR) contains the information that identifies the RAs where content reference resolution information can be found.
  • the PDR determines which RP to use to resolve a particular CRID.
  • the PDR then submits a request for a location accompanied by a CRID to the Resolution Provider in question.
  • the Resolution Provider returns the locator information (assuming this information is available in that RP, of course).
  • the PDR can then access the content source and obtain the content item.
  • a content item may have more than one locator, for example if it is broadcast multiple times or available from multiple providers.
  • the PDR may then choose which locator to use, or prompt the user to make a selection.
  • the PDR waits for the specified date and time and then records the episode as it is broadcast on the specified channel.
  • the locator indicates a location on the Internet or the like, the PDR can simply retrieve the content from the indicated location as soon as it becomes available.
  • the PDR may comprise local storage such as a sufficiently large hard disk, and/or a device such as a DVD+RW writer.
  • the storage on which content items are stored needs not be local to the PDR, but may also be an external device such as a hard disk or a file server connected to the PDR via a home network.
  • a content item may be erased when the rights associated with the content item require such erasure. Also, some content items may not come with a right to record the item at all, or with a right that permits viewing only for a limited amount of time, or for a limited number of times.
  • the PDR should then erase the content item when the limit is exceeded, or refuse further access to the content until further rights are obtained that permit further access.
  • the content as received in the client box can be protected during transport by encryption. Before the content can be accessed, the content has to be decrypted. This process is controlled by the DRM or conditional access (CA) system.
  • TV-Anytime specification distinguishes between two different distribution methods: unidirectional and bidirectional.
  • TV-Anytime data is another stream in the broadcast stream with the normal signaling in place. Access to this stream can be protected using traditional conditional access systems, such as scrambling.
  • conditional access systems such as scrambling.
  • the conditional access system is identified and the messages carrying the conditional access information related to this stream are indicated.
  • Most digital broadcast systems use the MPEG-2 transport stream format (ISO/IEC 13818-1:1996(E), Information technology—Generic coding of moving pictures and associated audio information: Systems, First Edition, 1996-04-15).
  • the source of the TV-Anytime data is not always the creator of the data.
  • the source could be a service provider gathering and grouping information from different sources. Data can also be retrieved by the PDR from different sources. Thus, data that is received will hold parts provided by different sources. It could be useful to check who created to data and whether the data has been changed. This is done using signatures.
  • TVA metadata is provided as TVA fragments.
  • a TVA fragment is “a self contained atomic portion of the metadata”.
  • the smallest TVA metadata element that can be signed is a fragment.
  • the invention includes the definition of a label that is used to uniquely identify a TV-Anytime fragment in order to link the fragment to the signature. This is done by providing an optional field that is added to each TV-Anytime fragment.
  • this unique identifier is a unique identification of that fragment instance within this instance of metadata. The unique identifier should allow for easy tracing of the fragment within the metadata. This is required in order to find the different fragments that are needed to calculate a signature.
  • FIG. 2 shows the different fragments as defined by TV-Anytime.
  • all fragments have an optional or compulsory unique identifier for identification of a fragment.
  • TVAID is used in these fragments.
  • TVAIDs are used to “indicate uniqueness within a metadata description”. Although they seem to match the requirement for an identifier, they're only unique for a particular type of TVAID. e.g. a serviceID and segmentID could be the same within a particular metadata description.
  • the TVAID is used as reference identifier. This provides a unique identifier if the reference used in the signature indicates the context (e.g. service or segment).
  • the TVAID can be used if all fragments have one (or one is added) and it is determined that using the TVAID a unique reference to the fragment can be made within this instance of the TVA metadata.
  • a special TVA signature identifier is added to all fragments as an optional field. Either the TVAID or a new identifier is defined for this purpose.
  • the XML definition for an example identifier added to each TVA fragment that uniquely identifies a fragment among other fragments of the same type within the metadata (or within the relevant instance of the metadata) is shown in FIG. 3 a .
  • an example of a format for all TV-Anytime fragments could be to add a TVASignatureId attribute, formally defined as shown in FIG. 3 b.
  • a further advantageous variation of the invention ensures that the identifier is unique among fragments of the same type within the metadata by starting the identifier with the DNS name (or another unique identification) of the organization responsible of generating the fragment. This would also allow the client to detect what organization published the data.
  • An example TVASignatureId of a fragment published by company MyCompany could look as shown in FIG. 3 c.
  • Labeling each individual fragment or set of fragments and signing using references has the advantage that, when properly chosen, the reference would provide a link from the signature file to the fragment. Furthermore, the unique identifier provides a link between the fragment(s) and the data containing the signature.
  • TVA metadata is expressed in XML
  • a transport neutral way of expressing signatures that allows the signatures to be carried in the same data structure could be to include the signatures in the TVA schema.
  • TV-Anytime metadata is expressed in XML a suitable choice would be xmldsig, but other XML-based signature schemes can of course be defined as well.
  • the signature can be stored according to the xmldsig standard. Additionally, references to the unique identifier indicate which fragments are used to calculate a signature. Although the unique identifier identifies a fragment, it does not define where this fragment can be found within the total TVAMain. In order to facilitate the searching of the correct fragment within the metadata, the reference (defined in URI format according to RFC2396) should preferably also indicate the location. An extension of the invention therefore adds an optional location indicator to indicate the path through the metadata that has to be taken in order to locate the fragment.
  • a compliant example definition of the fragment URI including the unique identifier according to the invention can be defined as “tva:// ⁇ path>/ ⁇ TVASignatureId>” where ⁇ path> is the path from the start of the metadata towards the fragment, and TVAID is the identifier of the fragment.
  • Some examples are “tva://TVAMain/aap.org;132423”, “tva://TVAMain/ClassificationTable/CSAlias/publisher.com;122314”, and “tva://TVAMain/ProgramDescription/ProgramLocationTable/Schedule/metwt.org;320984”.
  • the first example illustrates that it is also possible to sign the complete TVAMain metadata document. In this case, all of TVAMain without the certificate and signature parts should be considered.
  • the unique identifier (such as TVASignatureId) is used in URIs to refer to a fragment, the identifier should be compatible with the formatting restrictions placed upon URIs as described in RFC2396. Furthermore, in order to ease the parsing of the URI no slashes (“/”) are used in the TVASignatureId.
  • the TVASignatureTable will provide a grouping between the data that is signed and the list of signatures; an example definition of such a table is shown in FIG. 4 a and FIG. 4 b .
  • this definition there is an option to include other TV-anytime metadata documents such as the ContentReferencingTable and ResolvingAuthorityRecordTable in this table. This has the advantage that, as they can only occur once, no unique identifier is needed for that metadata in the table and in the URI.
  • a TVASignatureTable is defined as shown in FIG. 4 c .
  • Zero or more signatures can be present.
  • the implementation of the delivery system will have to take care that the relevant fragments and signature are present when needed. In the bi-directional delivery system missing fragments or missing signatures can be downloaded.
  • a different way to define the fragments that need to be signed is by defining a transform function (according to RFC3275) that removes some or all elements from the metadata that are not considered for a signature.
  • the corresponding public key of the party that applied the signature(s) is needed. Distribution of these keys can be done in several ways. They can be hard coded in the device, but as this would raise problems if new keys are used or when current keys are compromised, the most common way of distribution of the keys is by incorporating them into a so-called certificate-chain (“Applied Cryptography Second Edition: protocols, algorithms, and source code in C, Bruce Schneier, Wiley, 1996”). So in order to check the signature, in addition to the signatures data, also the certificates of the parties providing signatures are required.
  • TVASignature allows the inclusion of one or more ds:KeyInfo objects in order to support the carriage of such certificates within the TVASignature wrapper.
  • a XML complex type indicating a list of KeyInfo objects with accompanying identifiers is shown in FIG. 5 .
  • the reference URI is defined as “tva://KeyInfoListTable/ ⁇ Identifier>”, where ⁇ Identifier> is the identifier indicated in the KeyInfoWrapperType. Some examples are therefore “tva://KeyInfoListTable/132423”, “tva://KeyInfoListTable/435432h”, and “tva://KeyInfoListTable/MyKeyInfo”.
  • Public keys can also be stored using X509 certificates, where the subject field in the 509 certificate may too contain the organization name or a different unique identification identifying the key source. This provides an additional way to make sure the data is really signed by the organization that claims to have signed it.
  • Signatures can be generated using a suitable algorithm, such as DSA or RSA signature generation algorithms.
  • references to the unique identifier can either implicitly or explicitly be included in the data to be signed.
  • signatures can also be used to protect different tables used in a system.
  • More elaborate search options could be provided by adding signature index files. Such an index file would than link unique identifiers to the appropriate signature files.
  • the metadata object (such as TVAMain) is expanded with the signature fragments so it will include the signature information. This is advantageous if the signatures are distributed and accessed within the normal distribution system as is indicated by TV-Anytime.
  • signatures are provided separately, for example by definition of a wrapper that includes the TVAMain and possibly some other elements that need signing. This is advantageous as this would not change the current metadata specification and it would also allow to include other TV-Anytime documents (e.g. ContentReferencingTable and ResolvingAuthorityRecordTable).
  • the system according to the invention supports signatures over single or multiple fragments. This has the advantage that it enables to sign a set of fragments, which is more efficient than signing each individual fragment. It has the further advantage that it remains as much as possible compatible with the unidirectional as well as the bidirectional distribution system, while minimizing the level of change upon the existing metadata specification.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.

Abstract

This invention concerns a method, system, device, and signal for the protection of the integrity of TV anytime meta-data, and a signal carrying such protected information accordingly. Protection is obtained by applying a signature and certification approach. Optionally, an additional step of cannolization or a transform function is used. Data fragments can be labeled with a unique identifier so they can be referenced and separately signed individually or as a set by several different parties.

Description

  • The invention relates to a method of providing data integrity authentication and data protection, in which a set of data fragments is protected by a signature.
  • The invention further relates to a system for providing data integrity authentication and data protection, the system being arranged to receive and handle data fragments, of which a set of data fragments can be protected by a signature.
  • The invention further relates to a signature device for providing data integrity authentication and data protection, the device being arranged to handle data fragments, and the device being arranged to generate a signature to protect a set of data fragments.
  • The invention further relates to a verification device for verifying data integrity authentication and data protection, the device being arranged to handle data fragments, and the device being arranged to verify a signature to protect a set of data fragments.
  • The invention further relates to a signal comprising data fragments, of which a set of data fragments is protected by a signature.
  • The invention further relates to a computer program product for implementing such a method.
  • As the number of channels available to television viewers has increased, along with the diversity of the programming content available on such channels, it has become increasingly challenging for television viewers to identify television programs of interest. Historically, television viewers identify television programs of interest by analyzing printed television program guides. As the number of television programs has increased, it has become increasingly difficult to effectively identify desirable television programs using such printed guides.
  • More recently, television program guides have become available in electronic format, often referred to as electronic program guides (EPGs). Like printed television program guides, EPGs present overviews of the available content, which can be browsed by the user. The general term content typically comprises things like music, songs, movies, television programs, pictures and the likes, but can also refer to individual scenes, MPEG-4 objects, and so on.
  • The EPG compiles the overview from metadata that accompanies the individual content items. Metadata for content items is available from a variety of sources. Metadata can be included with a broadcast stream (e.g. as MPEG-2 tables) or downloaded from external databases. For example, a television receiver or Personal Digital Recorder may be provided with an Internet connection, which allows the device to access metadata made available over the World Wide Web.
  • This metadata generally comprises information such as title, artist, genre and so on, and may also contain a unique content reference identifier (CRID), sometimes also called a content reference identifier. Using the CRID, each individual content item can be uniquely identified. Further, using the CRID further information can be retrieved from a database. For example, a user can select a content item which he wishes to see from the EPG, even though the time and place of broadcast are not yet known. Using the CRID, the system can then retrieve the time and place of broadcast of the content item when this information becomes available.
  • The CRID is not restricted to broadcast transmissions of content. It could also refer to a location on the Internet, or to any other source. The purpose of content resolution is to allow acquisition of a specific instance of a specific item of content. For example a user may want to record an episode of a television series, but he does not necessarily know when and where that episode will become available. He can then use his personal digital recorder (PDR) or similar device to enter a reference to the episode or series by means of the CRID. Note that a CRID may refer to an entire series or to an individual episode thereof.
  • Having received a CRID for a content item, the PDR tries to obtain the location of the content item. This information is called a locator and it contains the date, time and channel on which the content item will be broadcast. The user however does not need to be aware of this. Once the PDR has obtained the locator of the content item, the PDR waits for the specified date and time and then records the episode as it is broadcast on the specified channel. Of course, if the locator indicates a location on the Internet or the like, the PDR can simply retrieve the content from the indicated location as soon as it becomes available.
  • The TV-Anytime standardization body provides a standardized Content Reference ID. See TV-Anytime Forum, www.tv-anytime.org, Specification Series: S-4, on Content Referencing (Normative), Document SP004V11, 14 Apr. 2001, later version SP004V12, 28 Jun. 2002, ETSI TS 102 822-4. This document specifies that the CRID contains an <authority> field indicating the body that created the CRID. An authority will also provide the ability for the CRID to be resolved into locators or other CRIDs. A locator is the name for locations in time and space of content. The CRID further contains a <data> field which is a free format string that is compliant with the definition of Uniform Resource Identifiers (URIs) as given in “RFC2396, Uniform Resource Identifiers (URI): Generic Syntax.” This string should be meaningful to the authority given by the <authority> field.
  • The CRID is used for location resolution, which can be defined as the process of translating a CRID into other CRID(s) or locators. For instance, a CRID for an entire TV series could be translated into a series of CRIDs for the individual episodes of that series. Location resolution may be done in the recording device (typically a Personal Digital Recorder or PDR) or remotely. A resolution provider does location resolution. Resolution providers use resolving authority records (RARs) to be identified and located. A RAR includes at least an <authority> field, corresponding to a body that creates CRIDs.
  • A RAR also contains a URL and the resolution provider name. The URL points to the location where resolution information can be found. The resolution provider name contains the name of the body that is providing location resolution. These RARs are made available to PDRs.
  • TV-Anytime information and services are valuable so protection of this information is important. Protection includes the issue of source authentication and spoofing; the integrity of the data is to be protected. When TVA data is received from a source, the receiver may want to check if the data is indeed coming from the expected source and hasn't been changed by a third party.
  • There is an incentive for a third party to try this. If a third party can change the metadata or CRID table, it can make the PDR record other information then was intended including commercials, trailers or just other content. This is also very annoying for a user and may lower the trust the user has in the system. The PDR may therefore want to check whether the content came from a trusted source. If the data can be authenticated to originate from one source even when it is distributed using different channels, the PDR can use this to make a choice when confronted with multiple sources of the same content. An example of this is when the data of a certain BBC show can be authenticated as being generated by the BBC, this raises the likelihood that this information is correct.
  • The source of the TV-Anytime data and metadata is not always the creator of the data. The source could be a service provider gathering and grouping information from different sources. It could be useful to check who created the data and whether the data has been changed. In this case, the data that is received will hold parts provided by different sources.
  • The standard cryptographic approach to protection of data integrity is to sign the data using cryptographic techniques. As all TVA metadata is expressed in XML, a transport neutral way of expressing signatures that allows the signatures to be carried in the same data structure would be to include the signatures in the TVA schema, and an obvious choice would be xmldsig (“RFC3275, (Extensible Markup Language) XML-Signature Syntax and Processing.”). However, this standard uses the XPath data model (“XML Path Language (XPath) Version 1.0, W3C recommendation, J. Clar, S. DeRose, October 1999, http://www.w3.org/TR/1999/REC-xpath-19991116”) to define the evaluation of an XPath expression for every node of the XML parse tree, which is a transform which can be difficult to implement efficiently.
  • An attempt to overcome this problem has been described in “XML-signature XPath Filter” (W3C recommendation, latest revision 8 Nov. 2002, htp://www.w3.org/TR/xmldsig-filter) which defines a XML signature transform to facilitate the development of efficient document subsetting. However, this recommendation is not adopted by the W3C consortium.
  • From this discussion, it is clear that there is an incentive for service providers and box manufacturers to efficient integrity checking mechanism for metadata.
  • It is an object of the invention to provide metadata integrity and source authentication to efficiently protect data fragments, enabling the protection of data fragments originating from different sources and enabling the protection of data fragments by multiple authenticators. This will allow validation whether the data has not been changed during transport between (resolution) provider and the client. It will further allow validation whether the data has not been changed during the subsequent storage and handling of the data.
  • The object of the invention is achieved by a method according to the invention characterized in that each data fragment of the set comprises its own unique identifier, the signature comprises references to the respective unique identifiers of the data fragments of the set. The invention describes a system in which signatures will be provided separately and references to unique identifiers will indicate which data fragments are covered by the signature. The at least one identifier uniquely identifies a data fragment in order to enable the linking between data fragments and the signature. This is done by providing an (optional) field that is added to each data fragment for identification of that data fragment. An existing field could be used if all data fragments have such a field that uniquely identifies each data fragment. Otherwise, a special signature identifier could be added to each data fragment as an optional field. When this field is present it is a unique identification of that data fragment instance within the data. A signature may refer to multiple data fragments, such that sets of data fragments are signed instead of individual data fragments. This has the further advantage that it is more efficient.
  • An embodiment of the method according to the invention is described in claim 2. During distribution, when data changes hands, more than one party may apply their signature to the same data fragment. These signatures may apply to different subsets of data fragments i.e., totally disjunct subsets, partially overlapping subsets, or equal subsets.
  • An embodiment of the method according to the invention is described in claim 3. An advantage is that only the hashes are needed to compute or verify a signature. This is especially advantageous (reduction of computation time) if the same data fragments are being used in multiple signatures.
  • An embodiment of the method according to the invention is described in claim 4. XML clearly separates individual data fragments enabling the identification of data fragments in a standardized way. Data fragments can be collected in one or more XML documents.
  • An embodiment of the method according to the invention is described in claim 5. As described before, TV-Anytime metadata requires protection from unauthorized manipulating of metadata. The invention can therefore be advantageously be applied in the TV-Anytime environment.
  • An embodiment of the method according to the invention is described in claim 6. A suitable choice for data expressed in XML would be to use the xmldsig definition of a signature, with the references to the unique identifiers added.
  • An embodiment of the method according to the invention is described in claim 7. Data fragments to be signed can be approached by the use of a transform function according to RFC3275) that removes the data fragments that are not considered for this signature. The transform function refers to the data fragments using the unique identifier.
  • An embodiment of the method according to the invention is described in claim 8. As is also explained in the aforementioned xmldsig specification, the same text can be coded in multiple ways using different encodings. In order to calculate the signature, one defined representation of the document has to be defined. This process is called cannolization. Indication which cannolization function is used, allows the calculation of the signature values without the need of extracting the data first.
  • An embodiment of the method according to the invention is described in claim 9. In order to protect the integrity of the references, the references themselves might either implicitly or explicitly be included in the data to be signed.
  • An embodiment of the method according to the invention is described in claim 10. More elaborate search options could be provided by adding signature index files.
  • Such an index file would then link references to the appropriate signature files using the unique identifier to support a search option. This table provides a grouping between the data that is signed and the list of signatures.
  • An embodiment of the method according to the invention is described in claim 11. In order to ensure that the identifier is unique among data fragments of the same type within this instance of data it is suggested to start the unique identifier with a unique identification of the organization responsible for generating the data fragment. This would also allow the client to detect what organization published the data.
  • An embodiment of the method according to the invention is described in claim 12. The DNS name is an easy and understandable choice for the unique identification of the organization.
  • An embodiment of the method according to the invention is described in claim 13. Although the unique identifier identifies a data fragment, it does not define where this data fragment can be found within the total data. In order to facilitate the searching of the correct data fragment within the data, the reference should preferably also be accompanied by a location indicator.
  • An embodiment of the method according to the invention is described in claim 14. An implementation indicates the path through the data that has to be taken in order to locate the data fragment.
  • An embodiment of the method according to the invention is described in claim 15. It is possible and efficient to include the signature information within the data document.
  • An embodiment of the method according to the invention is described in claim 16. A different approach is to define a wrapper around the data document that further includes the signature information and possibly some other elements that need signing. In this way, the original data is included in the wrapper without changes, except for the addition of possibly missing unique identifiers. A suitably defined wrapper may be extended to allow additional data to be included in the signed data.
  • An embodiment of the method according to the invention is described in claim 17. A different approach is to define a separate data document comprising the signature information, referring to the data fragments in the original data document. In this way, the original data document remains unchanged, except for the addition of possibly missing unique identifiers.
  • The system according to the invention is characterized in that the system comprises means to receive and handle data fragments of the subset, each data fragment identified by a unique identifier, the system further comprises at least one of -means for associating a signature with the protected data fragments of the set using their unique identifiers, -means for verifying a signature associated with the set using the unique identifiers of the protected data fragments, and -means for generating a signature that references the protected data fragments by their unique identifiers.
  • The signature device according to the invention is characterized in that the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and the device is arranged to generate signature information comprising the unique identifiers to refer to the data fragments of the set.
  • The verification device according to the invention is characterized in that the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and the device is arranged to verify signature information comprising the unique identifiers to refer to the data fragments of the set.
  • The signal according to the invention is characterized in that each data fragment of the set comprises its own unique identifier, and the signature comprises references to the unique identifiers of the data fragments of the set.
  • The invention is further characterized by a computer program product for implementing the method of claim 1.
  • These and other aspects of the invention will be further described by way of example and with reference to the schematic drawings, wherein:
  • FIG. 1 schematically illustrates the process of content resolution,
  • FIG. 2 shows the different fragments as defined by TV-Anytime,
  • FIG. 3 a, 3 b, and 3 c show XML definitions and examples related to the unique identifier,
  • FIG. 4 a, 4 b, and 4 c show XML definitions and examples related to the signature information, and
  • FIG. 5 shows XML definitions and examples related to the key information.
  • As an illustration of the collection and handling of data, handling of metadata will be described by a device such as a personal digital recorder or PDR in the TV-Anytime environment. FIG. 1 schematically illustrates the process of content resolution. The PDR 10 is instructed to record a content item identified by a Content Reference Identifier CRID. Instructing the PDR to record a content item, or in other words scheduling that content item for recording can be done in a variety of ways. A presently common way is that the user manually indicates, e.g. by selecting the content item in the EPG, that the content item is to be recorded. It will be readily understood that part or all of the functionality ascribed to the PDR below could also be incorporated into one or more other devices, such as television receivers, set-top boxes or personal computers. The computer program product 12 with the computer-readable instructions in a suitable format such as a optical disc or solid state memory can be used to store or distribute the program instructions implementing the invention.
  • The PDR, or another device to which the PDR is connected, may be equipped to determine kinds of content items that the consumer may be interested in. This is known as user profiling or recommender systems. By keeping track of content items which the consumer views, and employing an implicit and/or explicit rating system for such content items, it becomes possible to predict with varying degrees of accuracy which other content items the consumer may be interested in. It then becomes possible to automatically record content items which are likely to be of interest to the consumer. Such content items could then be recorded by the PDR. Many techniques for user profiling are known in the art. When the PDR determines, using user profiling, that a particular content item may be of interest, it schedules the content item for recording.
  • The CRID for the content item is used to facilitate automatic recording of the content item. The CRID could be entered manually by the user, or be the result of selecting a content item through an Electronic Program Guide. This second option assumes that the CRID is somehow provided to the PDR together with other metadata used in the EPG by a CRID provider entity 13. Alternatively, if the CRID is not known by the user or by the PDR, the user could perform a search using for example the title of the content item in a metadata database, and select the desired content item from the search results. The CRID is then supplied to the PDR by the search engine.
  • There are many other ways to provide the CRID to the PDR. For example, a trailer or preview for a movie could be broadcast with the CRID embedded in the content of the commercial in some way (e.g. a watermark). The user could then press a button on his remote control, television or PDR. The PDR or television then extracts the CRID from the content of the commercial.
  • Once the CRID for the desired content item is known, the PDR tries to obtain locator information for the content item, using the CRID as input. This locator information is not necessarily always available. For example, the CRID may refer to a movie that has only recently been released in movie theaters. This movie is not likely to be broadcast on television in the near future, so it cannot be scheduled using EPG information. In such a case, the PDR should regularly try to obtain the locator, as the locator may become available later (e.g. a year later, when the movie is going to be broadcast on TV). The CRID could also refer to a TV series, which is then resolved into a number of CRIDs for individual episodes of that series. It is possible that no locator information is available for some episodes. Here the PDR should also regularly retry to obtain the locator(s) for those episodes.
  • The process of translating a CRID into locator information is known in TV-Anytime as location resolution. Location resolution involves mapping a location-independent content reference (the CRID) to its location in time (e.g. scheduled transmission time in a broadcast system) and space (e.g. TV channel, IP address). As explained above, these locations in time and space are referred to as “locators.” The process of location resolution may happen inside the PDR or by using a physically remote server, such as a server on the Internet.
  • To the PDR, the CRID essentially contains opaque information, which it cannot resolve to a location without external assistance. A Resolution Provider (RP) which provider locator information for CRIDs is provided to solve this problem. Usually multiple RPs are available, and the PDR must know which RP to use for a particular CRID. Often, this is the same body that created the CRID. The name of the authority is present in the CRID in the <authority> field, as explained above. This name is present in the form of a registered Internet domain name. It is possible for an Resolution Authority (RA) 15 to be found on the Internet using the domain name resolution process specified in the TV-Anytime specification SP004.
  • Each RA will require one or more Resolving Authority Records (RAR) to exist in the PDR for location resolution to take place. Each resolving authority record will need to be placed inside some sort of transport specific container which allows the PDR to know that this is a RAR. In the case of multiple records for the same authority, the PDR can choose to just use one of them, or try them all in turn. The Resolving Authority Record (RAR) contains the information that identifies the RAs where content reference resolution information can be found.
  • Using the RAR, the PDR determines which RP to use to resolve a particular CRID. The PDR then submits a request for a location accompanied by a CRID to the Resolution Provider in question. In response to this request, the Resolution Provider returns the locator information (assuming this information is available in that RP, of course). The PDR can then access the content source and obtain the content item. A content item may have more than one locator, for example if it is broadcast multiple times or available from multiple providers. The PDR may then choose which locator to use, or prompt the user to make a selection.
  • Once the locator information has been obtained, the PDR waits for the specified date and time and then records the episode as it is broadcast on the specified channel. Of course, if the locator indicates a location on the Internet or the like, the PDR can simply retrieve the content from the indicated location as soon as it becomes available.
  • Content items for which locator information is available can be recorded by the PDR at the appropriate moment. To this end, the PDR may comprise local storage such as a sufficiently large hard disk, and/or a device such as a DVD+RW writer. The storage on which content items are stored needs not be local to the PDR, but may also be an external device such as a hard disk or a file server connected to the PDR via a home network. Once the content items have been recorded, they can be played back at any time until they have been erased.
  • Using the above approach, anyone knowing the location of content could act as a resolution provider. Content and service providers, however, may desire that only authorized resolution providers perform content resolution for their content, for example to be able to protect their reputation. On the other hand, for consumers and PDRs it is important to be able to rely on/trust the CRID authority and resolution provider, so that they can obtain the correct content.
  • If the PDR operates in accordance with a Digital Rights Management (DRM) system, then a content item may be erased when the rights associated with the content item require such erasure. Also, some content items may not come with a right to record the item at all, or with a right that permits viewing only for a limited amount of time, or for a limited number of times. The PDR should then erase the content item when the limit is exceeded, or refuse further access to the content until further rights are obtained that permit further access. The content as received in the client box can be protected during transport by encryption. Before the content can be accessed, the content has to be decrypted. This process is controlled by the DRM or conditional access (CA) system.
  • The TV-Anytime specification distinguishes between two different distribution methods: unidirectional and bidirectional. In the unidirectional situation, TV-Anytime data is another stream in the broadcast stream with the normal signaling in place. Access to this stream can be protected using traditional conditional access systems, such as scrambling. Using the normal signaling methods defined for the transport mechanism, the conditional access system is identified and the messages carrying the conditional access information related to this stream are indicated. Most digital broadcast systems use the MPEG-2 transport stream format (ISO/IEC 13818-1:1996(E), Information technology—Generic coding of moving pictures and associated audio information: Systems, First Edition, 1996-04-15).
  • In the bidirectional case, a point to point connection is made between client and server. This process is described in TV-Anytime document SP004v1.2, Specification series S-4 on Content Referencing, Version 1.2, Final Specification, 28 Jun. 2002, ETSI TS 108 822-4. The DRM system will open a secure channel to the service provider and tunnel the communication through this channel. In this way it will ensure that only authorized TV-Anytime clients can access the content.
  • Although existing CRC mechanisms in the broadcast system will deal with transmission errors, it remains wishful to detect intentional changes and to authenticate that the information was generated by the claimed source.
  • The source of the TV-Anytime data is not always the creator of the data. The source could be a service provider gathering and grouping information from different sources. Data can also be retrieved by the PDR from different sources. Thus, data that is received will hold parts provided by different sources. It could be useful to check who created to data and whether the data has been changed. This is done using signatures.
  • All TVA metadata is provided as TVA fragments. In TVA, according to the metadata specification (TV-Anytime document WD647/SP003v1.3 Part A, Specification series S-3 on Metadata: Part A Metadata Schemas, version 1.3, 15 Dec. 2002, ETSI TS 102 822-3), a TVA fragment is “a self contained atomic portion of the metadata”. In this document, it is assumed that the smallest TVA metadata element that can be signed is a fragment.
  • The invention includes the definition of a label that is used to uniquely identify a TV-Anytime fragment in order to link the fragment to the signature. This is done by providing an optional field that is added to each TV-Anytime fragment. When present, this unique identifier is a unique identification of that fragment instance within this instance of metadata. The unique identifier should allow for easy tracing of the fragment within the metadata. This is required in order to find the different fragments that are needed to calculate a signature.
  • FIG. 2 shows the different fragments as defined by TV-Anytime. In order to support signatures, all fragments have an optional or compulsory unique identifier for identification of a fragment. Within the TV-Anytime specification, a field called TVAID is used in these fragments. According to the above-identified metadata specification TVAIDs are used to “indicate uniqueness within a metadata description”. Although they seem to match the requirement for an identifier, they're only unique for a particular type of TVAID. e.g. a serviceID and segmentID could be the same within a particular metadata description.
  • Several variations to implement the concept of a unique identifier are possible.
  • In a first variation of the invention, the TVAID is used as reference identifier. This provides a unique identifier if the reference used in the signature indicates the context (e.g. service or segment). The TVAID can be used if all fragments have one (or one is added) and it is determined that using the TVAID a unique reference to the fragment can be made within this instance of the TVA metadata.
  • In a second variation, a special TVA signature identifier is added to all fragments as an optional field. Either the TVAID or a new identifier is defined for this purpose. The XML definition for an example identifier added to each TVA fragment that uniquely identifies a fragment among other fragments of the same type within the metadata (or within the relevant instance of the metadata) is shown in FIG. 3 a. In order to be able to reference each fragment (or set of fragments), an example of a format for all TV-Anytime fragments could be to add a TVASignatureId attribute, formally defined as shown in FIG. 3 b.
  • A further advantageous variation of the invention ensures that the identifier is unique among fragments of the same type within the metadata by starting the identifier with the DNS name (or another unique identification) of the organization responsible of generating the fragment. This would also allow the client to detect what organization published the data. An example TVASignatureId of a fragment published by company MyCompany could look as shown in FIG. 3 c.
  • Labeling each individual fragment or set of fragments and signing using references has the advantage that, when properly chosen, the reference would provide a link from the signature file to the fragment. Furthermore, the unique identifier provides a link between the fragment(s) and the data containing the signature.
  • As all TVA metadata is expressed in XML, a transport neutral way of expressing signatures that allows the signatures to be carried in the same data structure could be to include the signatures in the TVA schema. As TV-Anytime metadata is expressed in XML a suitable choice would be xmldsig, but other XML-based signature schemes can of course be defined as well.
  • The signature can be stored according to the xmldsig standard. Additionally, references to the unique identifier indicate which fragments are used to calculate a signature. Although the unique identifier identifies a fragment, it does not define where this fragment can be found within the total TVAMain. In order to facilitate the searching of the correct fragment within the metadata, the reference (defined in URI format according to RFC2396) should preferably also indicate the location. An extension of the invention therefore adds an optional location indicator to indicate the path through the metadata that has to be taken in order to locate the fragment.
  • A compliant example definition of the fragment URI including the unique identifier according to the invention can be defined as “tva://<path>/<TVASignatureId>” where <path> is the path from the start of the metadata towards the fragment, and TVAID is the identifier of the fragment.
  • Some examples are “tva://TVAMain/aap.org;132423”, “tva://TVAMain/ClassificationTable/CSAlias/publisher.com;122314”, and “tva://TVAMain/ProgramDescription/ProgramLocationTable/Schedule/metwt.org;320984”. The first example illustrates that it is also possible to sign the complete TVAMain metadata document. In this case, all of TVAMain without the certificate and signature parts should be considered.
  • Because in this embodiment the unique identifier (such as TVASignatureId) is used in URIs to refer to a fragment, the identifier should be compatible with the formatting restrictions placed upon URIs as described in RFC2396. Furthermore, in order to ease the parsing of the URI no slashes (“/”) are used in the TVASignatureId.
  • The TVASignatureTable will provide a grouping between the data that is signed and the list of signatures; an example definition of such a table is shown in FIG. 4 a and FIG. 4 b. In this definition, there is an option to include other TV-anytime metadata documents such as the ContentReferencingTable and ResolvingAuthorityRecordTable in this table. This has the advantage that, as they can only occur once, no unique identifier is needed for that metadata in the table and in the URI.
  • A TVASignatureTable is defined as shown in FIG. 4 c. Zero or more signatures can be present. As data may not, not yet, or not anymore be available in a system, not all signatures available for the data indicated in TVASignatureWrapper are always included and not all fragments that are protected by the various signatures are always present. The implementation of the delivery system will have to take care that the relevant fragments and signature are present when needed. In the bi-directional delivery system missing fragments or missing signatures can be downloaded.
  • A different way to define the fragments that need to be signed is by defining a transform function (according to RFC3275) that removes some or all elements from the metadata that are not considered for a signature.
  • In order to check a signature, the corresponding public key of the party that applied the signature(s) is needed. Distribution of these keys can be done in several ways. They can be hard coded in the device, but as this would raise problems if new keys are used or when current keys are compromised, the most common way of distribution of the keys is by incorporating them into a so-called certificate-chain (“Applied Cryptography Second Edition: protocols, algorithms, and source code in C, Bruce Schneier, Wiley, 1996”). So in order to check the signature, in addition to the signatures data, also the certificates of the parties providing signatures are required. TVASignature allows the inclusion of one or more ds:KeyInfo objects in order to support the carriage of such certificates within the TVASignature wrapper. A XML complex type indicating a list of KeyInfo objects with accompanying identifiers is shown in FIG. 5.
  • In order to be able to refer from a signature to KeyInfo elements in the KeyInfoWrapperTable from the Signatures, the reference URI is defined as “tva://KeyInfoListTable/<Identifier>”, where <Identifier> is the identifier indicated in the KeyInfoWrapperType. Some examples are therefore “tva://KeyInfoListTable/132423”, “tva://KeyInfoListTable/435432h”, and “tva://KeyInfoListTable/MyKeyInfo”.
  • This allows the inclusion of certificates and other options of communicating KeyInfo objects. It also indicates how they are linked to signatures.
  • (Public) keys can also be stored using X509 certificates, where the subject field in the 509 certificate may too contain the organization name or a different unique identification identifying the key source. This provides an additional way to make sure the data is really signed by the organization that claims to have signed it.
  • Signatures can be generated using a suitable algorithm, such as DSA or RSA signature generation algorithms.
  • As is explained in the xmldsig specification, text can be coded in many ways. In order to calculate the signature, one defined representation of the document has to be defined. This process is called cannolization. Within TV-Anytime, BiM is used as a binary codex for the binary encoding of TV-Anytime data. When BiM encoding is used, BiM should be indicated as the cannolization function. This allows the client to use the BiM encoded files to calculate the signature values without the need of extracting the data first. The transform and cannolization function are used to process the content so a unique, always the same, set of bytes is produced over which a signature is calculated.
  • In order to also protect the integrity of the references to the unique identifier, they can either implicitly or explicitly be included in the data to be signed. As described above and relating to FIG. 5, signatures can also be used to protect different tables used in a system.
  • More elaborate search options could be provided by adding signature index files. Such an index file would than link unique identifiers to the appropriate signature files.
  • As is explained in “ISO/IEC 13818-6:1998, Information technology—Generic coding of moving pictures and associated audio information: Extensions for Digital Storage Media Command and Control, 1998.” and “ETSI TS 102 812 V1.1.1 (2001-11), Digital Video Broadcasting (DVB); Multimedia Home Platform (MHP) Specification 1.1, 28 Jun. 20digital signatures can be implemented by calculating a hash over the content and signing the hash using public key cryptography.
  • There are two variations of the invention with respect to the location of the signatures.
  • In a first variation of the invention, the metadata object (such as TVAMain) is expanded with the signature fragments so it will include the signature information. This is advantageous if the signatures are distributed and accessed within the normal distribution system as is indicated by TV-Anytime.
  • In a second variation of the invention signatures are provided separately, for example by definition of a wrapper that includes the TVAMain and possibly some other elements that need signing. This is advantageous as this would not change the current metadata specification and it would also allow to include other TV-Anytime documents (e.g. ContentReferencingTable and ResolvingAuthorityRecordTable).
  • The system according to the invention supports signatures over single or multiple fragments. This has the advantage that it enables to sign a set of fragments, which is more efficient than signing each individual fragment. It has the further advantage that it remains as much as possible compatible with the unidirectional as well as the bidirectional distribution system, while minimizing the level of change upon the existing metadata specification.
  • The measures used in the above embodiments can be used individually, but these measures could also be combined to provide for better protection, or for protection against multiple threats.
  • It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
  • In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word “comprising” does not exclude the presence of elements or steps other than those listed in a claim. The word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.
  • In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
  • Of course, the techniques above can also be used both inside and outside the scope of TV anytime.

Claims (22)

1. A method of providing data integrity authentication and data protection, in which a set of data fragments is protected by a signature characterized in that
each data fragment of the set comprises its own unique identifier,
the signature comprises references to the respective unique identifiers of the data fragments of the set.
2. The method according to claim 1, in which the set is protected by multiple signatures, and in which the multiple signatures can originate from different sources.
3. The method according to claim 1, in which for each data fragment a hash is generated and the hashes of the data fragments of the set are used to compute the signature.
4. The method according to claim 1, in which the data fragments are expressed in XML.
5. The method according to claim 1, in which the data fragments constitute TV-Anytime metadata.
6. The method according to claim 1, in which the signature is stored according to the xmldsig standard.
7. The method according to claim 1, in which the set of data fragments is defined by a transform function on a superset of data fragments.
8. The method according to claim 1, in which a cannolization function is used before generating the signature.
9. The method according to claim 1, in which the references are also protected by the signature.
10. The method according to claim 1, in which at least one signature index file is added.
11. The method according to claim 1, in which the unique identifier in a particular data fragment starts with a unique identification of an organization that generated the particular data fragment.
12. The method according to claim 11, in which the unique identification is the DNS name of the organization.
13. The method according to claim 1, in which the reference is accompanied by a location indicator that indicates the location of the data fragment the reference refers to.
14. The method according to claim 13, in which the location indicator indicates the path through the data to the referenced data fragment.
15. The method according to claim 4, in which the signature is included in an XML document.
16. The method according to claim 4, in which the signature is provided in a wrapper XML document, comprising the original XML data document.
17. The method according to claim 4, in which the signature is provided in a separate XML document, referring to the original XML data document.
18. System (20) for providing data integrity authentication and data protection,
the system being arranged to receive and handle data fragments, of which a set of data fragments can be protected by a signature, characterized in that
the system comprises means to receive and handle data fragments of the set, each data fragment identified by a unique identifier,
the system further comprises at least one of
means for associating a signature with the protected data fragments of the set using their unique identifiers,
means for verifying a signature associated with the set using the unique identifiers of the protected data fragments, and
means for generating a signature that references the protected data fragments by their unique identifiers.
19. Signature device (13-15) for providing data integrity authentication and data protection,
the device being arranged to handle data fragments,
the device being arranged to generate a signature to protect a set of data fragments, characterized in that
the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and
the device is arranged to generate signature information comprising the unique identifiers to refer to the data fragments of the set.
20. Verification device (10) for verifying data integrity authentication and data protection,
the device being arranged to handle data fragments,
the device being arranged to verify a signature to protect a set of data fragments, characterized in that
the device is arranged to address each data fragment to be protected by a unique identifier included in the data fragment, and
the device is arranged to verify signature information comprising the unique identifiers to refer to the data fragments of the set.
21. Signal (11) comprising data fragments, of which a set of data fragments is protected by a signature, characterized in that
each data fragment of the set comprises its own unique identifier, and
the signature comprises references to the unique identifiers of the data fragments of the set.
22. Computer program product (12) for implementing the method of claim 1.
US10/531,616 2002-10-18 2003-10-17 Method, system, device , signal and computer program product for metadata protection in tv-anytime Abandoned US20060047952A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP02257275.4 2002-10-18
EP02257275 2002-10-18
PCT/IB2003/004608 WO2004036870A2 (en) 2002-10-18 2003-10-17 Method and system for metadata protection in tv-anytime

Publications (1)

Publication Number Publication Date
US20060047952A1 true US20060047952A1 (en) 2006-03-02

Family

ID=32104005

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/531,616 Abandoned US20060047952A1 (en) 2002-10-18 2003-10-17 Method, system, device , signal and computer program product for metadata protection in tv-anytime
US12/732,623 Active 2024-05-23 US8869298B2 (en) 2001-11-27 2010-03-26 Enhanced content resolution method

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/732,623 Active 2024-05-23 US8869298B2 (en) 2001-11-27 2010-03-26 Enhanced content resolution method

Country Status (10)

Country Link
US (2) US20060047952A1 (en)
EP (1) EP1557023A2 (en)
JP (1) JP2006503367A (en)
KR (1) KR20050061545A (en)
CN (1) CN1706169A (en)
AU (1) AU2003269360A1 (en)
BR (1) BR0315403A (en)
PL (1) PL376310A1 (en)
RU (1) RU2005115106A (en)
WO (1) WO2004036870A2 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040123318A1 (en) * 2002-09-18 2004-06-24 Lee Hee Kyung Personal channel service providing method and apparatus for providing preferred program at user preferred time
US20070156726A1 (en) * 2005-12-21 2007-07-05 Levy Kenneth L Content Metadata Directory Services
US20070233701A1 (en) * 2006-03-29 2007-10-04 Greg Sherwood System and method for securing content ratings
US20070300269A1 (en) * 2006-06-27 2007-12-27 Verizon Data Services Inc. Snippet access systems and methods
US20080141308A1 (en) * 2005-01-07 2008-06-12 Kyoung-Ro Yoon Apparatus And Method For Providing Adaptive Broadcast Service Using Usage Environment Description Including Biographic Information And Terminal Information
KR100837721B1 (en) 2006-08-04 2008-06-13 한국전자통신연구원 Encoding/Decoding Apparatus and Encoding Method of Binding Format for Consuming Personalized Digital Broadcasting Contents
US20080281592A1 (en) * 2007-05-11 2008-11-13 General Instrument Corporation Method and Apparatus for Annotating Video Content With Metadata Generated Using Speech Recognition Technology
US20090164726A1 (en) * 2007-12-20 2009-06-25 Advanced Micro Devices, Inc. Programmable Address Processor for Graphics Applications
WO2010143088A1 (en) * 2009-06-08 2010-12-16 Nds Limited Secure association of metadata with content
US20110131520A1 (en) * 2009-12-02 2011-06-02 Osama Al-Shaykh System and method for transferring media content from a mobile device to a home network
US20130031539A1 (en) * 2011-07-28 2013-01-31 Fletcher Liverance Signature-based update management
US8798777B2 (en) 2011-03-08 2014-08-05 Packetvideo Corporation System and method for using a list of audio media to create a list of audiovisual media
US9462232B2 (en) 2007-01-03 2016-10-04 At&T Intellectual Property I, L.P. System and method of managing protected video content
US20180146378A1 (en) * 2016-11-23 2018-05-24 Fasetto, Llc Systems and methods for streaming media
US9984369B2 (en) 2007-12-19 2018-05-29 At&T Intellectual Property I, L.P. Systems and methods to identify target video content
US10558735B2 (en) 2009-06-26 2020-02-11 Seagate Technology Llc System and method for using an application on a mobile device to transfer internet media content
US10983565B2 (en) 2014-10-06 2021-04-20 Fasetto, Inc. Portable storage device with modular power and housing system
US11647243B2 (en) 2009-06-26 2023-05-09 Seagate Technology Llc System and method for using an application on a mobile device to transfer internet media content
US11854019B2 (en) 2018-07-10 2023-12-26 Sicpa Holding Sa Article anti-forgery protection

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7280737B2 (en) 2004-02-23 2007-10-09 Warner Bros. Entertainment Inc. Method and apparatus for discouraging commercial skipping
WO2005091133A1 (en) * 2004-03-23 2005-09-29 Electronics And Telecommunications Research Institute Component identification method and targeting method using the same
GB0411861D0 (en) * 2004-05-27 2004-06-30 Koninkl Philips Electronics Nv Authentication of applications
WO2006008847A1 (en) * 2004-07-20 2006-01-26 Fujitsu Limited Electronic document management system
CN101015213B (en) 2004-07-23 2011-03-23 韩国电子通信研究院 Package identification method and location resolution method
US20070078775A1 (en) * 2005-09-14 2007-04-05 Huapaya Luis M System and method for preventing unauthorized use of digital works
US20070168671A1 (en) * 2006-01-16 2007-07-19 Fujitsu Limited Digital document management system, digital document management method, and digital document management program
KR100829858B1 (en) * 2006-04-28 2008-05-19 한국전자통신연구원 System and Method for Receiving TV-Anytime Metadata through Digital Broadcasting Channel in ATSC
US20070283404A1 (en) * 2006-05-18 2007-12-06 Samsung Electronics Co., Ltd. Method and apparatus for transmitting/receiving encrypted electronic service guide in dvb-h cbms system
US8229355B2 (en) 2006-08-25 2012-07-24 Tp Vision Holding B.V. Storing TV-anytime CRIDs in objects
WO2008126050A2 (en) * 2007-04-17 2008-10-23 Koninklijke Philips Electronics N.V. Embedding tv-anytime data in content
EP2423831A1 (en) 2010-08-27 2012-02-29 Axel Springer Digital TV Guide GmbH Recommender system with consistent profile application
US20140208105A1 (en) * 2013-01-23 2014-07-24 GILBARCO, S.r.I. Automated Content Signing for Point-of-Sale Applications in Fuel Dispensing Environments
US9536059B2 (en) * 2014-12-15 2017-01-03 Palo Alto Research Center Incorporated Method and system for verifying renamed content using manifests in a content centric network
US10715498B2 (en) 2017-07-18 2020-07-14 Google Llc Methods, systems, and media for protecting and verifying video files

Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5162325A (en) * 1991-05-07 1992-11-10 Merck & Co., Inc. Angiotensin ii antagonists incorporating a substituted benzyl element
US5204354A (en) * 1992-02-14 1993-04-20 Merck & Co., Inc. Substituted quinazolinones as neurotensin antagonists useful in the treatment of CNS disorders
US5236927A (en) * 1985-05-30 1993-08-17 National Research Development Corporation Anti-cancer quinazoline derivatives
US5238942A (en) * 1991-05-10 1993-08-24 Merck & Co., Inc. Substituted quinazolinones bearing acidic functional groups as angiotensin ii antagonists
US5240928A (en) * 1989-07-03 1993-08-31 Merck & Co., Inc. Substituted quinazolinones as angiotensin II antagonists
US5290780A (en) * 1991-01-30 1994-03-01 American Cyanamid Co. Angiotensin II receptor blocking 2,3,6 substituted quinazolinones
US5304565A (en) * 1990-03-07 1994-04-19 Takeda Chemical Industries, Ltd. Nitrogen containing heterocyclic compounds, their production and use
US5385894A (en) * 1991-03-06 1995-01-31 Merck & Co., Inc. Disubstituted 6-aminoquinazolinones
US20020038352A1 (en) * 2000-09-23 2002-03-28 Koninklijke Philips Electronics N.V. Handling broadcast data tokens
US6367013B1 (en) * 1995-01-17 2002-04-02 Eoriginal Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US20020091753A1 (en) * 2000-08-15 2002-07-11 I2 Technologies, Inc. System and method for remotely monitoring and managing applications across multiple domains
US20030014503A1 (en) * 2001-07-12 2003-01-16 Arnaud Legout Method and apparatus for providing access of a client to a content provider server under control of a resource locator server
US6601102B2 (en) * 1998-09-30 2003-07-29 Xerox Corporation Secure token-based document server
US20030182579A1 (en) * 2000-08-24 2003-09-25 David Leporini Transmitting and processing protected content
US20030204609A1 (en) * 2002-04-30 2003-10-30 Anderson Andrew V. Method and apparatus for bandwidth-efficient and storage-efficient backups
US20030217163A1 (en) * 2002-05-17 2003-11-20 Lambertus Lagerweij Method and system for assessing a right of access to content for a user device
US20040123109A1 (en) * 2002-09-16 2004-06-24 Samsung Electronics Co., Ltd. Method of managing metadata
US6757699B2 (en) * 2000-10-06 2004-06-29 Franciscan University Of Steubenville Method and system for fragmenting and reconstituting data
US20040165724A1 (en) * 2002-09-16 2004-08-26 Samsung Electronics Co., Ltd. Method for encrypting and decrypting metadata and method for managing metadata and system thereof
US6807632B1 (en) * 1999-01-21 2004-10-19 Emc Corporation Content addressable information encapsulation, representation, and transfer
US20050177602A1 (en) * 2001-10-16 2005-08-11 Microsoft Corporation Scoped metadata
US6990585B2 (en) * 2000-08-31 2006-01-24 International Business Machines Corporation Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium
US7117371B1 (en) * 2000-06-28 2006-10-03 Microsoft Corporation Shared names
US7120675B1 (en) * 2000-09-26 2006-10-10 Microsoft Corporation Information location service

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BR9714592A (en) * 1997-03-21 2005-04-12 Canal & Sa Empresa De Telecomu Data download process for an mpeg receiver / decoder set and an mpeg transmission system for implementation
JPH11242626A (en) * 1998-02-24 1999-09-07 Fuji Electric Co Ltd Data managing method and storage medium storing the same
EP0940960A1 (en) 1998-03-02 1999-09-08 Hewlett-Packard Company Authentication between servers
EP0946019A1 (en) * 1998-03-25 1999-09-29 CANAL+ Société Anonyme Authentification of data in a digital transmission system
JP3868171B2 (en) * 1999-12-07 2007-01-17 株式会社日立製作所 Document digital signature management method and document management apparatus
FR2797548A1 (en) * 2000-01-24 2001-02-16 Thomson Multimedia Sa Data broadcast method segments and labels data to allow receiver storage of latest versions.
AU2001271704A1 (en) * 2000-06-29 2002-01-14 Cachestream Corporation Digital rights management
JP3730498B2 (en) * 2000-09-19 2006-01-05 株式会社東芝 Signature storage medium
US6826699B1 (en) 2000-10-19 2004-11-30 Sony Corporation Method and apparatus for performing authentication and key exchange protocols with multiple sink devices
US7861082B2 (en) 2002-05-24 2010-12-28 Pinder Howard G Validating client-receivers
US20040098312A1 (en) 2002-11-19 2004-05-20 American Express Travel Related Service Co., Inc. System and method for facilitating interaction between consumer and merchant

Patent Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5236927A (en) * 1985-05-30 1993-08-17 National Research Development Corporation Anti-cancer quinazoline derivatives
US5240928A (en) * 1989-07-03 1993-08-31 Merck & Co., Inc. Substituted quinazolinones as angiotensin II antagonists
US5304565A (en) * 1990-03-07 1994-04-19 Takeda Chemical Industries, Ltd. Nitrogen containing heterocyclic compounds, their production and use
US5290780A (en) * 1991-01-30 1994-03-01 American Cyanamid Co. Angiotensin II receptor blocking 2,3,6 substituted quinazolinones
US5385894A (en) * 1991-03-06 1995-01-31 Merck & Co., Inc. Disubstituted 6-aminoquinazolinones
US5162325A (en) * 1991-05-07 1992-11-10 Merck & Co., Inc. Angiotensin ii antagonists incorporating a substituted benzyl element
US5238942A (en) * 1991-05-10 1993-08-24 Merck & Co., Inc. Substituted quinazolinones bearing acidic functional groups as angiotensin ii antagonists
US5204354A (en) * 1992-02-14 1993-04-20 Merck & Co., Inc. Substituted quinazolinones as neurotensin antagonists useful in the treatment of CNS disorders
US6367013B1 (en) * 1995-01-17 2002-04-02 Eoriginal Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6601102B2 (en) * 1998-09-30 2003-07-29 Xerox Corporation Secure token-based document server
US6807632B1 (en) * 1999-01-21 2004-10-19 Emc Corporation Content addressable information encapsulation, representation, and transfer
US7117371B1 (en) * 2000-06-28 2006-10-03 Microsoft Corporation Shared names
US20020091753A1 (en) * 2000-08-15 2002-07-11 I2 Technologies, Inc. System and method for remotely monitoring and managing applications across multiple domains
US20030182579A1 (en) * 2000-08-24 2003-09-25 David Leporini Transmitting and processing protected content
US6990585B2 (en) * 2000-08-31 2006-01-24 International Business Machines Corporation Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium
US20020038352A1 (en) * 2000-09-23 2002-03-28 Koninklijke Philips Electronics N.V. Handling broadcast data tokens
US7120675B1 (en) * 2000-09-26 2006-10-10 Microsoft Corporation Information location service
US6757699B2 (en) * 2000-10-06 2004-06-29 Franciscan University Of Steubenville Method and system for fragmenting and reconstituting data
US20030014503A1 (en) * 2001-07-12 2003-01-16 Arnaud Legout Method and apparatus for providing access of a client to a content provider server under control of a resource locator server
US20050177602A1 (en) * 2001-10-16 2005-08-11 Microsoft Corporation Scoped metadata
US20030204609A1 (en) * 2002-04-30 2003-10-30 Anderson Andrew V. Method and apparatus for bandwidth-efficient and storage-efficient backups
US20030217163A1 (en) * 2002-05-17 2003-11-20 Lambertus Lagerweij Method and system for assessing a right of access to content for a user device
US20040123109A1 (en) * 2002-09-16 2004-06-24 Samsung Electronics Co., Ltd. Method of managing metadata
US20040165724A1 (en) * 2002-09-16 2004-08-26 Samsung Electronics Co., Ltd. Method for encrypting and decrypting metadata and method for managing metadata and system thereof

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040123318A1 (en) * 2002-09-18 2004-06-24 Lee Hee Kyung Personal channel service providing method and apparatus for providing preferred program at user preferred time
US20080141308A1 (en) * 2005-01-07 2008-06-12 Kyoung-Ro Yoon Apparatus And Method For Providing Adaptive Broadcast Service Using Usage Environment Description Including Biographic Information And Terminal Information
US10685061B2 (en) 2005-12-21 2020-06-16 Digimarc Corporation Content metadata directory services
US20070156726A1 (en) * 2005-12-21 2007-07-05 Levy Kenneth L Content Metadata Directory Services
US20070192352A1 (en) * 2005-12-21 2007-08-16 Levy Kenneth L Content Metadata Directory Services
US8364720B2 (en) * 2005-12-21 2013-01-29 Digimarc Corporation Content metadata directory services
US9275157B2 (en) 2005-12-21 2016-03-01 Digimarc Corporation Content metadata directory services
US9218429B2 (en) 2005-12-21 2015-12-22 Digimarc Corporation Content metadata directory services
US9892206B2 (en) 2005-12-21 2018-02-13 Digimarc Corporation Content metadata directory services
US20070233701A1 (en) * 2006-03-29 2007-10-04 Greg Sherwood System and method for securing content ratings
US9918043B2 (en) 2006-06-27 2018-03-13 Verizon Patent And Licensing Inc. Snippet access systems and methods
WO2008002729A3 (en) * 2006-06-27 2008-05-08 Verizon Data Services Inc Snippet access systems and methods
WO2008002729A2 (en) * 2006-06-27 2008-01-03 Verizon Data Services Inc. Snippet access systems and methods
US20070300269A1 (en) * 2006-06-27 2007-12-27 Verizon Data Services Inc. Snippet access systems and methods
KR100837721B1 (en) 2006-08-04 2008-06-13 한국전자통신연구원 Encoding/Decoding Apparatus and Encoding Method of Binding Format for Consuming Personalized Digital Broadcasting Contents
US9462232B2 (en) 2007-01-03 2016-10-04 At&T Intellectual Property I, L.P. System and method of managing protected video content
US8793583B2 (en) 2007-05-11 2014-07-29 Motorola Mobility Llc Method and apparatus for annotating video content with metadata generated using speech recognition technology
US10482168B2 (en) 2007-05-11 2019-11-19 Google Technology Holdings LLC Method and apparatus for annotating video content with metadata generated using speech recognition technology
US8316302B2 (en) 2007-05-11 2012-11-20 General Instrument Corporation Method and apparatus for annotating video content with metadata generated using speech recognition technology
US20080281592A1 (en) * 2007-05-11 2008-11-13 General Instrument Corporation Method and Apparatus for Annotating Video Content With Metadata Generated Using Speech Recognition Technology
US11195171B2 (en) 2007-12-19 2021-12-07 At&T Intellectual Property I, L.P. Systems and methods to identify target video content
US9984369B2 (en) 2007-12-19 2018-05-29 At&T Intellectual Property I, L.P. Systems and methods to identify target video content
US20090164726A1 (en) * 2007-12-20 2009-06-25 Advanced Micro Devices, Inc. Programmable Address Processor for Graphics Applications
WO2010143088A1 (en) * 2009-06-08 2010-12-16 Nds Limited Secure association of metadata with content
US11647243B2 (en) 2009-06-26 2023-05-09 Seagate Technology Llc System and method for using an application on a mobile device to transfer internet media content
US10558735B2 (en) 2009-06-26 2020-02-11 Seagate Technology Llc System and method for using an application on a mobile device to transfer internet media content
US20110131520A1 (en) * 2009-12-02 2011-06-02 Osama Al-Shaykh System and method for transferring media content from a mobile device to a home network
US8798777B2 (en) 2011-03-08 2014-08-05 Packetvideo Corporation System and method for using a list of audio media to create a list of audiovisual media
US20130031539A1 (en) * 2011-07-28 2013-01-31 Fletcher Liverance Signature-based update management
US8843915B2 (en) * 2011-07-28 2014-09-23 Hewlett-Packard Development Company, L.P. Signature-based update management
US10983565B2 (en) 2014-10-06 2021-04-20 Fasetto, Inc. Portable storage device with modular power and housing system
US20180146378A1 (en) * 2016-11-23 2018-05-24 Fasetto, Llc Systems and methods for streaming media
US10956589B2 (en) * 2016-11-23 2021-03-23 Fasetto, Inc. Systems and methods for streaming media
US20210173951A1 (en) * 2016-11-23 2021-06-10 Fasetto, Inc. Systems and methods for streaming media
US11854019B2 (en) 2018-07-10 2023-12-26 Sicpa Holding Sa Article anti-forgery protection

Also Published As

Publication number Publication date
US20100178033A1 (en) 2010-07-15
JP2006503367A (en) 2006-01-26
RU2005115106A (en) 2005-10-10
AU2003269360A1 (en) 2004-05-04
PL376310A1 (en) 2005-12-27
WO2004036870A3 (en) 2004-07-29
BR0315403A (en) 2005-08-16
KR20050061545A (en) 2005-06-22
WO2004036870A2 (en) 2004-04-29
EP1557023A2 (en) 2005-07-27
US8869298B2 (en) 2014-10-21
AU2003269360A8 (en) 2004-05-04
CN1706169A (en) 2005-12-07

Similar Documents

Publication Publication Date Title
US20060047952A1 (en) Method, system, device , signal and computer program product for metadata protection in tv-anytime
US8015237B2 (en) Processing of metadata content and media content received by a media distribution system
US8880712B2 (en) Submission of metadata content and media content to a media distribution system
US7725876B2 (en) Original contents creation apparatus, derived contents creation apparatus, derived contents using apparatus, original contents creation method, derived contents creation method, and derived contents using method and verification method
JP4898849B2 (en) Enhanced content resolution
US8505043B2 (en) Method and apparatus for providing metadata of content, and method and apparatus for limiting content usage authority
US10198559B2 (en) Media content feed format for management of content in a content hosting website
KR100927352B1 (en) Method and apparatus for providing conditional access
TW200407857A (en) Digital video recorder and methods for digital recording
US8819091B2 (en) Information processing apparatus, information processing system, information recording medium, information processing method, and program
US20100169347A1 (en) Systems and methods for communicating segments of media content
JP5350021B2 (en) File generation device, file reproduction device, and computer program
KR20090118307A (en) Method and apparatus for providing and using content advisory for internet contents
US7730303B2 (en) Enhanced content resolution method
US20050203848A1 (en) Testing content in a conditional access system
EP1771004A2 (en) Enhanced content acquisition device
McParland et al. MyTV: A practical implementation of TV-Anytime on DVB and the Internet
US20070233747A1 (en) Meta Data Conversion Device, Meta Data Conversion Method, And Meta Data Conversion System
Rodríguez Luna Standardisation of the protection and governance of multimedia content
Pereira et al. Future MPEG developments

Legal Events

Date Code Title Description
AS Assignment

Owner name: KONINKLIJKE PHILIPS ELECTRONICS, N.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VAN DEN HEUVEL, SEBASTIAAN ANTONIUS FRANSISCUS ARNOLDUS;ASHLEY, ALEXIS STEPHEN RICHARD;REEL/FRAME:017329/0602;SIGNING DATES FROM 20040512 TO 20040524

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION