I 1111111111111111 11111 1111111111 11111 1111111111 lllll 111111111111111 11111111
`US007151832Bl
`
`c12) United States Patent
`Fetkovich et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,151,832 Bl
`Dec. 19, 2006
`
`9/1998 Nardone et al ............. 380/217
`5,805,700 A *
`8/1999 Leppek ....................... 380/259
`5,933,501 A *
`5,991,403 A * 11/1999 Aucsmith et al. ........... 380/217
`6,157,719 A * 12/2000 Wasilewski et al ......... 380/210
`
`OTHER PUBLICATIONS
`
`Chiariglione, Leonardo; "Digital Television Achieves Maturity";
`copyrighted 1998, pp. 2-3.*
`
`* cited by examiner
`
`Primary Examiner-Jacques Louis-Jacques
`Assistant Examiner-Matthew Heneghan
`(74) Attorney, Agent, or Firm-William H. Steinberg, Esq.;
`Kevin P. Radigan, Esq.; Heslin Rothenberg Farley & Mesiti,
`P.C.
`
`(57)
`
`ABSTRACT
`
`Dynamic varying of encrypting of a stream of data at an
`encryption unit based on data content is disclosed. The
`dynamic varying of the encrypting, which can be responsive
`to passage of a predefined number of units of physical data
`or passage of a predefined number of conceptual units of
`data, is accomplished by changing at least one encryption
`parameter over different portions of the data. The at least one
`encryption parameter can comprise one or more of an
`encryption key, an encryption granularity, an encryption
`density scale, an encryption density, an encryption delay, an
`encryption key update variable, and an encryption key
`update data trigger. The change in encryption parameter is
`signaled to a receiver's decryption unit and used by the
`decryption unit in decrypting the dynamically varied
`encrypted stream of data. The stream of data may comprise,
`e.g., MPEG compressed video or audio.
`
`24 Claims, 2 Drawing Sheets
`
`7-_s--12
`I
`I
`
`24
`
`DATA
`MULTIPLEXER
`(OPTIONAL)
`
`(54) DYNAMIC ENCRYPTION AND
`DECRYPTION OF A STREAM OF DATA
`
`(75)
`
`Inventors: John Edward Fetkovich, Endicott, NY
`(US); Wai Man Lam, Moheganlake,
`NY (US); George William Wilhelm,
`Jr., Endwell, NY (US)
`
`(73) Assignee: International Business Machines
`Corporation, Armonk, NY (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 352 days.
`
`(21) Appl. No.: 09/443,204
`
`(22) Filed:
`
`Nov. 18, 1999
`
`(51)
`
`(52)
`(58)
`
`(56)
`
`Int. Cl.
`H04L 9/16
`(2006.01)
`H04N 71167
`(2006.01)
`(2006.01)
`H04L 9/00
`U.S. Cl. ......................... 380/210; 380/260; 725/31
`Field of Classification Search ................ 380/210,
`380/160; 725/31
`See application file for complete search history.
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,747,050 A
`5,412,730 A *
`5,416,840 A
`5,504,816 A
`5,638,445 A
`5,719,937 A *
`5,787,169 A
`
`5/ 1988 Bracht! et al. .............. 364/408
`5/1995 Jones .......................... 380/46
`5/1995 Cane et al ..................... 380/4
`4/1996 Hamilton et al. ............. 380/20
`6/1997 Spelman et al ............... 380/21
`2/1998 Warren et al.
`.............. 380/203
`7/1998 Eldridge et al.
`............... 380/4
`
`I
`
`-
`
`22
`
`-SENDER
`
`-
`
`-
`
`-
`
`DYNAMIC
`KEY
`GENERATOR
`
`20
`
`UNENCRYPTED ___ ~
`MPEG STREAM
`
`ENCRYPTION
`UNIT
`
`ENCRYPTED
`MPEG
`STREAM
`
`L
`
`ENCRYPTION KEY AND/OR
`ENCRYPTION PARAMETERS
`
`RECEIVER
`
`DATA
`DEMULTIPLEXER
`(OPTIONAL)
`
`ENCRYPTION
`KEY AND/OR
`PARAME l'ERS
`
`;:=========~~
`L __ _ 30_ STREA~
`
`ENCRYPTED
`MPEG
`
`DECRYPTER
`
`32
`
`_J
`
`16
`
`UNENCRYPTED
`MPEG
`STREAM
`
`14
`
`__±, 7
`I
`MPEG
`DECODER
`......._...___, I
`34 j
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0001
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`0 ....
`....
`.....
`rJJ =(cid:173)
`
`('D
`('D
`
`N
`
`~ ....
`c ('D
`
`O'I
`0
`0
`N
`'-"\,Ci
`
`~ = ~
`
`~
`~
`~
`~
`~
`
`N = "'""'
`"'""' 00 w
`"'""' UI
`'-"--...l
`r.F1
`d
`
`34 j
`
`32
`
`1
`
`STREAM __
`
`MPEG
`
`c._30
`
`DECRYPTER
`
`DEMULTIPLEXER t=-=-=-~ -~~-;i=,~n-~L-~, -(cid:173)
`
`L _ -----Jig.
`-.-/1 (OPTIONAL) I ENCRYPTED
`
`PARAMETERS
`KEY ANO/OR
`ENCRYPTION
`
`RECEIVER
`
`DATA
`
`I
`I
`_07
`
`DECODER
`
`MPEG
`
`14
`
`UNENCRYPTED
`
`STREAM
`
`MPEG
`
`I
`
`16
`
`MPEG STREAM
`
`DYNAMICALLY
`
`ENCRYPED
`
`10
`
`_J
`
`I
`I
`
`(OPTIONAL)
`MULTIPLEXER
`
`DATA
`
`24
`
`ENCRYPTION PARAMETERS
`ENCRYPTION KEY ANO/OR
`
`L
`
`ENCRYPTED
`
`STREAM
`
`MPEG
`
`ENCRYPTION
`
`UNIT
`
`»1
`
`MPEG STREAM
`UNENCRYPTED
`
`20
`-....., _.-22--SENDER--
`
`ENCRYPTION
`
`KEY
`
`GENERATOR
`
`KEY
`
`DYNAMIC
`
`I
`
`7_s-12
`
`-
`
`-
`
`-
`
`-
`
`-
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0002
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`U.S. Patent
`
`Dec. 19, 2006
`
`Sheet 2 of 2
`
`US 7,151,832 Bl
`
`DETERMINE APPROPRIATE ENCRYPTION
`PARAMETERS BASED ON THE SENSITIVITY
`OF THE TRANSMISSION (GRANULARITY,
`DENSITY, DELAY, KEY UPDATE UNIT,
`KEY UPDATE DAT A TRIGGER}
`
`100
`
`ESTABLISH AN INITIAL
`ENCRYPTION KEY
`
`110
`
`ENCRYPT THE NEXT PORTION
`OF THE MPEG STREAM
`
`120
`
`130
`
`MULTIPLEX THE KEY {AND OTHER
`PARAMETERS, IF AT THE STREAM"S
`BEGINNING} INTO DAT A STREAM
`
`TRANSMIT THE PORTION
`OF THE MPEG STREAM
`
`140
`
`160
`
`N
`
`UPDATE THE
`ENCRYPTION KEY
`
`180
`
`fig. 2
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0003
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`US 7,151,832 Bl
`
`1
`DYNAMIC ENCRYPTION AND
`DECRYPTION OF A STREAM OF DATA
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`This application is related to connnonly assigned, co(cid:173)
`pending patent application Ser. No. 08/881,139, filed Jun.
`24, 1997 by Ciacelli et al. and entitled "Apparatus, Method
`And Computer Program Product For Protecting Copyright
`Data Within A Computer System," which is hereby incor(cid:173)
`porated herein by reference in its entirety.
`
`TECHNICAL FIELD
`
`The present invention is directed in general to protection
`of digital data and, more particularly, to techniques for
`dynamically encrypting and decrypting compressed digital
`video or audio for secure digital transmission of the data.
`
`BACKGROUND OF THE INVENTION
`
`2
`ing, and thus, desire to encrypt the compressed data
`wherever it may be available.
`As digital transmissions (and storage) become more
`prevalent, the security of these transmissions becomes more
`important. The owners and distributors of any digital signal,
`such as a video conferencing signal or a direct-satellite
`transmission, may wish the signal to be unintelligible to
`unauthorized parties. A digital transmission of video (such
`as MPEG compressed data) can be protected by encrypting
`10 the data. Various encryption techniques exist in the literature
`for protecting a data stream. Decryption of the stream is then
`performed on the receiving end. Encryption and decryption
`might depend on a numerical key. Such a scheme, depending
`on the thoroughness of the encryption, may be secure for a
`15 time, but the stream is still susceptible to being intercepted
`and reverse engineered.
`Thus, a more secure approach to encrypting a digital
`transmission, either within a system or between systems is
`deemed desirable.
`
`20
`
`DISCLOSURE OF THE INVENTION
`
`To briefly sunnnarize, provided herein in one aspect is a
`The advent of world-wide electronic connnunications
`method for protecting a stream of data to be transferred
`systems has enhanced the way in which people can send and
`25 between an encryption unit and a decryption unit. The
`receive information. For example, the capabilities of real(cid:173)
`method includes: encrypting the stream of data at the
`time video and audio systems have greatly improved in
`encryption unit for transfer thereof from the encryption unit
`recent years. In order to provide services such as video-on(cid:173)
`to the decryption unit; dynamically varying the encrypting
`demand, video conferencing, and motion picture playback,
`of the stream of data at the encryption unit by changing at
`to name but a few, an enormous amount of bandwidth is
`30 least one encryption parameter and signaling the change in
`required. In fact, bandwidth is often the main inhibitor in the
`encryption parameter to the decryption unit, wherein the
`effectiveness of such systems.
`dynamically varying is responsive to occurrence of a pre(cid:173)
`In order to overcome the constraints imposed by existing
`defined condition in the stream of data; and decrypting the
`technology, compression systems have emerged. These(cid:173)
`encrypted data at the decryption unit, the decrypting
`systems reduce the amount of video and audio data which
`35 accounting for the dynamic varying of the encrypting by the
`must be transmitted by removing redundancy in the picture
`encryption unit using the changed encryption parameter. In
`sequence. At the receiving end, the picture sequence is
`an enhanced embodiment, changing of the encryption
`uncompressed and may be displayed in real time.
`parameter to accomplish the dynamically varying includes
`One example of a video compression standard is the
`changing at least one of an encryption key, an encryption
`Moving Picture Expert's Group (MPEG) standard. Within
`40 granularity, an encryption density scale, an encryption den(cid:173)
`the MPEG standard (known as ISO/IEC 13818), video
`sity, an encryption delay, an encryption key update variable,
`compression is defined within a picture and between pic(cid:173)
`and an encryption key update data trigger.
`tures. Video compression within a picture is accomplished
`In another aspect, a system for protecting a stream of data
`by conversion of the digital image from the time domain to
`is provided which includes an encryption unit for encrypting
`the frequency domain by a discrete cosine transform, quan(cid:173)
`45 the stream of data for transfer to a decryption unit, as well
`titization, variable length coding, and Huffman coding.
`as means for dynamically varying the encrypting of the
`Compression between pictures is accomplished by a process
`stream of data by the encryption unit by changing at least
`referred as "motion estimation", in which a motion vector
`one encryption parameter and signaling the change to the
`plus difference data is used to describe the translation of a set
`decryption unit. The means for dynamically varying the
`of picture elements from one picture to another. The ISO
`50 encrypting of the stream is responsive to occurrence of a
`MPEG2 standard specifies only the syntax of a bit stream
`predefined condition in the stream of data. The decryption
`and semantics of the decode process. The particular choice
`unit is adapted to decrypt the encrypted data accounting for
`of coding parameters and trade-offs in performance versus
`the dynamic varying of the encrypting by the encryption unit
`complexity are left to the system developers.
`using the changed encryption parameter.
`In a further aspect, provided herein is at least one program
`There is substantial interest in the computer and enter- 55
`tainment industries in incorporating video data in multime(cid:173)
`storage device readable by a machine, tangibly embodying
`dia and related applications for use on processor-based video
`at least one program of instructions executable by the
`systems. Potential growth in this area has been enabled by
`machine to perform a method for protecting a stream of data
`development of video compression schemes, such as the
`to be transferred between an encryption unit and a decryp-
`above-sunnnarized MPEG standard that reduce the amount 60 tion unit. The method includes: encrypting the stream of data
`of digital data required to display high quality video images,
`at the encryption unit for transfer thereof to the decryption
`and by the development of storage media, such as digital
`unit; dynamically varying the encrypting of the stream of
`data at the encryption unit by changing an encryption
`video discs (DVDs) which can acconnnodate data in com(cid:173)
`parameter and signaling the change in encryption parameter
`pressed form for an entire movie on a single compact disc.
`With the compressed data of an entire movie readily avail(cid:173)
`65 to the decryption unit, wherein the dynamically varying is
`able on a single compact disc, content providers are natu(cid:173)
`responsive to occurrence of a predefined condition in the
`rally concerned with the possibility of unauthorized copy-
`stream of data; and decrypting the encrypted data at the
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0004
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`US 7,151,832 Bl
`
`3
`decryption unit, the decrypting accounting for the dynamic
`varying of the encrypting by the encryption unit using the
`changed encryption parameter.
`To restate, provided herein is a technique for more
`securely encrypting a stream of digital data for transmission
`using a relatively small, yet flexible set of encryption
`parameters. The set of encryption parameters is employed to
`dynamically vary the encryption of the stream of data, such
`as a stream of MPEG compressed data. The set of encryption
`parameters may comprise one or more of an encryption key,
`an encryption granularity, an encryption density scale, an
`encryption density, an encryption delay, an encryption key
`update variable, and an encryption key update data trigger.
`The encryption parameter set employed is easily extensible.
`In addition to enhancing security of a digital transmission,
`dynamic encryption in accordance with the present inven(cid:173)
`tion allows for only partial encryption of the data stream,
`which is especially useful for video and audio data since the
`stream can be rendered almost impossible to comfortably
`view or listen to by encrypting relatively small fractions of
`the overall data. Further, the ability to partially encrypt a
`transmission allows a system to control the amount of
`resources, for example, CPU cycles if the encryption or
`decryption is performed by software, used in the encryption
`or decryption of a data stream. And, "overhead" of trans(cid:173)
`mitting encryption parameters may be controlled by updat(cid:173)
`ing the one or more parameters less frequently if bandwidth
`is a concern. By providing an encryption parameter set,
`different levels of "thoroughness" can be achieved in
`encrypting the data. For example, where a digital data 30
`transmission is of high priority, a large percentage of the
`transmission may be encrypted, and further, the encryption
`key ( or other encryption parameter) may be changed fre(cid:173)
`quently with the content of the data. If desired, encryption
`parameters may be multiplexed (i.e., joined) with the actual 35
`payload data when transmitted. In addition to helping to
`disguise the fact that the data is encrypted, no additional data
`paths for transmission of the encryption parameters would
`be required in such an implementation.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`4
`the key might be hidden in some unused bits in the stream.
`Alternatively, a predetermined transformation might be
`applied to the encryption parameter, for example, by incre(cid:173)
`menting it, or running the parameter through a hardware
`circuit.
`A change in encryption method or encryption parameter
`may be signaled by an external signal, or the presence of
`something within the stream itself, or the occurrence of a
`pre-specified number of events. For example, an encryption
`10 key might be altered based on a certain number of bits or
`bytes that have been transmitted and received, or based on
`a certain number of structures having been transmitted and
`received. Using an MPEG video data stream, this might
`mean that after a certain number of macroblocks, slices,
`15 fields, frames, pictures, groups of pictures (GOPs), or
`sequences have been sent and received, an encryption
`parameter (such as an encryption key) is automatically
`updated. Many digital compression schemes allow for the
`inclusion of timing information (i.e., timestamps), often
`20 used for synchronization purposes.
`Another scheme might be that sender and receiver change
`their encryption scheme, or update encryption keys, based
`upon timestamps passing certain prespecified thresholds, or
`upon passing certain thresholds as designated by an external
`25 clock to which both sender and receiver have access. Rec-
`ognition of signals indicating that the encryption scheme or
`key should be updated can be performed by dedicated
`hardware, or by software running on a host processor, as will
`be apparent to those skilled in the art.
`In addition to dynamically encrypting a digital transmis(cid:173)
`sion, such as an MPEG video stream, encryption in accor(cid:173)
`dance with the present invention can be partial or complete
`depending upon the importance of the data itself. For
`example, MPEG video consists of several "layers" of data,
`the largest of these might be an entire program, such as a
`movie, video-phone transmission, etc., and the smallest a
`macroblock of data. From the largest to the smallest, an
`MPEG stream can be described as including the following
`units: program, sequence, group of pictures (GOPs), picture,
`40 slice, and macroblock. Thus, in accordance with the prin(cid:173)
`ciples of the present invention, the dynamic encrypting can
`occur at any one of these levels. Obviously, the amount of
`bandwidth required may vary with the level of encryption
`selected.
`In addition, the MPEG standard allows for several
`optional types of "private" data, allows for many optional
`fields and extensions, and contains routine audio/video
`synchronization data known as "timestamps" (for example,
`presentation timestamps and decoding timestamps). Further-
`50 more, MPEG streams are commonly divided and packaged
`into discrete packets known as "transport" packets, which
`may be joined to create a transport stream. The transport
`stream architecture also allows for private data transmis(cid:173)
`sions, and allows for optional fields and contains timestamp
`55 data as well. Any of these types of private data could be
`employed in forwarding a dynamically modified encryption
`parameter from a sender to a receiver in a system employing
`the dynamic encrypting of the present invention.
`Advantageously, dynamic encryption as presented herein
`60 provides a more secure transmission of data, while still
`being flexible. For example, an MPEG stream may be
`transmitted using varying levels of encryption depending
`upon the sensitivity of the video material. A highly sensitive
`conference call, therefore, might be fully or almost fully
`65 encrypted, while a public access program, or a non-confi(cid:173)
`dential phone call might have a relatively low degree of
`encryption. Particularly where encryption and/or decryption
`
`The above-described objects, advantages and features of
`the present invention, as well as others, will be more readily
`understood from the following detailed description of cer- 45
`tain preferred embodiments of the invention, when consid(cid:173)
`ered in conjunction with the accompanying drawings in
`which:
`FIG. 1 depicts one embodiment of a system employing
`dynamic encryption and decryption in accordance with the
`principles of the present invention; and
`FIG. 2 is a flowchart of one embodiment for implement(cid:173)
`ing dynamic encryption in accordance with the principles of
`the present invention by varying an encryption key from a
`set of established encryption parameters.
`
`BEST MODE FOR CARRYING OUT THE
`INVENTION
`
`Generally stated, presented herein is a more secure
`method to encrypt a digital transmission by varying one or
`more encryption parameters over different portions the
`stream of data. At certain data intervals, the encryption
`scheme is changed, or more particularly, an encryption
`parameter such as an encryption key is modified. A next key
`in an evolving sequence of keys might be transmitted
`explicitly in the data stream by inserting it into the stream or
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0005
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`5
`involves software, the present invention allows the number
`of processor cycles needed for the encryption/decryption to
`be controlled.
`Note that a compressed audio stream (for example,
`MPEG audio, Dolby AC-3 audio, etc.) can be treated analo(cid:173)
`gously to video as pertains to the use of the present inven(cid:173)
`tion. An audio stream might be said to consist of, from
`largest to smallest units, a program, a frame, and a sample.
`As one detailed example, dynamic encryption in accor(cid:173)
`dance with the present invention may involve a set encryp(cid:173)
`tion parameters which includes:
`
`Initial Encryption Key
`This might be a key agreed upon in advance by the
`encryption and decryption units. Alternatively, the key might
`be randomly chosen then transmitted independently of the
`stream, or multiplexed into the stream, using private data
`packets or one or more fields of unused or reserved bits
`according to the MPEG architecture. Further, some portion
`of the stream itself might serve as the initial key, with data
`beginning at, for example, some fixed offset of the payload,
`or the offset itself could be transmitted. The initial key, if
`transmitted more than once, may be accompanied by
`"dummy" data designed
`to mislead an unauthorized
`observer attempting to decrypt the transmission. The initial
`key might itself be encrypted, and need to be decrypted
`before use.
`
`10
`
`15
`
`20
`
`25
`
`Granularity
`Granularity refers to the sub-units of MPEG data which
`are to be encrypted (also referred to herein as the "encryp- 30
`tion units" or "units of encryption"). As mentioned above, a
`set of granularities for MPEG video data might be: program,
`sequence, group of pictures, picture, slice, and macro block.
`Once again, the granularity might be transmitted indepen(cid:173)
`dently of the stream, or multiplexed into the stream, either
`as "private" data, or embedded in one or more unused
`MPEG fields.
`
`Density Scale
`This is a number which will denote 100% encryption of
`encryption units. For example, suppose the density scale is
`1024. Then a density (see below) of 1024 would indicate
`100% encryption. A density of less than 1024 indicates that
`not all encryption units are to be encrypted. The density
`scale may be transmitted in any of the manners described
`above, or simply agreed upon in advance.
`
`Density
`This refers to the fraction of the total units of encryption
`which will be encrypted. This might be communicated in
`terms of a predefined scale; for example, the number 1024
`might indicate 100% encryption. Then a density of 512
`would imply that every other encryption unit is to be
`encrypted. Similarly, a density of 1 would indicate that only
`one encryption unit out of each group of 1024 encryption
`units is to be encrypted. The density may be transmitted in
`any of the manners described above.
`
`Delay
`This refers to the number of encryption units to wait
`before encrypting the first one. This number is zero-origin.
`
`Key Update Unit
`This refers to the unit which is to be tabulated in order to
`determine when the encryption key is to be updated. This
`unit might be one of the granularities described above
`(picture, slice, etc.). For example, the key is to be updated
`every n slices. Alternatively, the key update unit might be
`bytes of data, for instance, the key is to be updated every n
`
`60
`
`US 7,151,832 Bl
`
`6
`bytes of transmission, or the key update unit might be
`seconds (or milliseconds, etc.).
`
`Key Update Data Trigger
`This refers to the data interval at which the key is to be
`refreshed. As noted above, The key might be newly trans(cid:173)
`mitted, independently of the stream, or multiplexed into it.
`Alternatively, the existing key may be operated on in some
`fashion, for example, to clock it through a linear feedback
`shift register (LFSR), or to add a delta to the existing key.
`Further, the key might be newly acquired from the payload
`of the stream itself, at some predetermined offset, or at some
`communicated offset. In the case in which the key update
`unit is, for example, a number of milliseconds, the stream's
`timestamps may be examined, and the key updated at any
`picture whose timestamp indicates that the key update
`interval has been reached.
`Any of the parameters described above may have default
`values, in which case they do not need to be established
`explicitly. The parameters may be communicated separately,
`or combined into one number before transmission. Dynami(cid:173)
`cally encrypting in accordance with the present invention
`can easily be extended to dynamically changing encryption
`parameters other than the encryption key.
`As one specific example, the following encryption param-
`eters may be established:
`granularity=slice
`density sale= 1024
`density=256
`delay=!
`key update unit=picture
`key update frequency= 16
`These parameters imply the following. The unit which
`will be encrypted is the picture slice. One fourth of the slices
`35 (256/1024) (i.e., every fourth slice) will be encrypted. Fur(cid:173)
`ther, the first slice will be unencrypted; encryption will begin
`with the second slice ( delay of 1) and continue with every
`fourth slice thereafter. The encryption key, after having been
`initialized, will be updated at the start of every sixteenth
`40 picture (key update frequency).
`Refer now to FIG. 1, where one example of a system,
`generally denoted 10, incorporating dynamic encryption in
`accordance with the principles of the present invention is
`depicted. System 10 includes a sender 12 and a receiver 14.
`45 Dynamically encrypted data is transmitted between sender
`and receiver across any conventional transmission medium
`16. In this example, the data to be encrypted is assumed to
`comprise a stream of MPEG data.
`Sender 12 includes an encryption unit 20 which (in this
`50 example) receives as inputs an encryption key from a
`dynamic key generator 22, and the unencrypted, but encoded
`MPEG data stream. Any conventional encryption technique
`can be employed within encryption unit 20, provided that the
`encryption can be modified dynamically as presented herein
`55 by changing an encryption key or one or more other encryp(cid:173)
`tion parameters as discussed above. Output from encryption
`unit 20 is an encrypted MPEG stream. In this example, the
`encrypted MPEG stream is fed to a data multiplexer 24
`which multiplexes into the stream the encryption key
`employed to encrypt the stream and the encryption param(cid:173)
`eters employed by the encryption unit. Data multiplexer 24
`is optional since the encryption key and encryption param(cid:173)
`eters could be forwarded independent from the encrypted
`stream of data, for example, on a dedicated line (not shown)
`65 to the receiver 14.
`Receiver 14 receives the dynamically encrypted stream of
`data at a data demultiplexer 30, which again assumes that the
`
`Netflix, Inc. and Hulu, LLC - Ex. 1005, Page 0006
`IPR2020-00614 (Netflix, Inc. and Hulu, LLC v. DivX, LLC)
`
`

`

`US 7,151,832 Bl
`
`7
`encryption key or encryption parameters have been multi(cid:173)
`plexed into the stream. Output from demultiplexer 30 is the
`encryption key and/or parameters, as well as the encrypted
`MPEG stream. This data is forwarded to a decryption unit 32
`which then decrypts the data using the encryption informa(cid:173)
`tion and provides an unencrypted MPEG stream to a con(cid:173)
`ventional MPEG decoder 34.
`FIG. 2 is a flowchart of one embodiment of a dynamic
`encryption routine in accordance with the principles of the
`present invention. Processing begins by determining appro- 10
`priate encryption parameters based on sensitivity of the
`transmitted data 100. As one example, the set of encryption
`parameters may include encryption granularity, density,
`delay, key update unit, and key update data trigger, as the
`terms are defined herein. An initial encryption key is estab- 15
`lished 110 and a first or next portion of the MPEG data
`stream is encrypted 120 using the encryption parameters and
`key. Assuming the existence of a system such as depicted in
`FIG. 1, the key (and other parameters if at the stream's
`beginning) is multiplexed into the data stream 130 and 20
`transmitted 140 to a receiver. Processing then determines
`whether the end of the stream has been reached 150, and if
`so, dynamic encryption processing is complete 160. Other(cid:173)
`wise, processing determines whether the encryption key
`needs to be updated 170. If yes, then the encryption key is 25
`updated 180 and processing encrypts the next portion of the
`MPEG stream 120.
`Note that, while decryption may be performed entirely
`independently of and before MPEG decoding ( as depicted in
`FIG. 1), the decryption unit and MPEG decoder may be
`integrated as a single unit. Such a discrete unit could be
`designed to function properly for "normal" (i.e., unen(cid:173)
`crypted) MPEG streams, but to recognize encrypted streams
`and to decrypt them before decoding is performed.
`Note also, that in the case in which a key varies according
`to content of the transmission, or according to events in a
`transmission, a data error or loss can have consequences
`since not only is a portion of the compressed MPEG data
`potentially in error, but the decryption mechanism may now
`be out of synchronization with the transmitter's encrypter.
`One mechanism for dealing with such a problem is to return
`to using the initial key at a certain predefined interval
`(similar to the MPEG notion of sequence headers). For
`example, at every sequence header, or every GOP, the
`encrypter and decrypter both return to using the initial key,
`which evolves from there. This means that a data loss or
`error would be limited to affecting only that sequence or
`group, after which synchronization would be resumed. This
`would also facilitate random access; that is, jumping from
`one place in an MPEG stream to another.
`Another mechanism, in a scenario in which keys are
`delivered in the stream itself, is to simply deliver the keys
`redundantly, that is, more often than they are needed or
`updated.
`A mechanism for determining that encryption/decryption 55
`synchronization has been lost might be to place a signal in
`the first unit of encryption (whether encrypted or not) after
`a key change. If the decrypter sees such a signal, and has not
`updated its key since the last such signal, then the decrypter
`knows that synchronization has been lost. Likewise, if the 60
`decrypter updates its key and fails to see such a signal in the
`next unit of encryption, it also knows that synchronization
`has been lost, and can take appropriate action (for example,
`notify the transmitter, or wait for the next point at which the
`encryption key can be reliably re-established). This would 65
`only require the use of a single spare bit in an encryption
`unit.
`
`8
`When transm1ttmg "elementary" MPEG video data,
`parameters may, for example, be stored in any combination
`of the following structures:
`One or more "user_data" field(s).
`The "copyright_extension" construct, specifically by set(cid:173)
`ting the "copyright_flag" to O and using fields "copy(cid:173)
`right_number_l", "copyright_number_2", and "copy(cid:173)
`right_number_3".
`The "time_code" field in a "group of pictures header"
`(this field is not used during decoding).
`When transmitting MPEG in "program stream" form,
`parameter data may be conveyed by any of the methods
`above, or further, in "PES" packets (PES denoting "pack(cid:173)
`etized elementary stream") of a specific type. The content
`type of PES packets is defined by the PES packet's "stream_
`id" field. The MPEG 2 specification defines a "stream_id"
`value denoting a "private_stream_l" packet, and another
`denoting a "private_stream_2" packet. These types are
`slightly different, but can contain anything the user wishes.
`Of course, the more overtly parameters and keys are trans(cid:173)
`mitted, the less overall security.
`When transmitting MPEG data in "transport stream"
`format, parameter data may be conveyed by any of the above
`methods, or further, such data may be stored as "private_
`data bytes" in the "adaption_field" structure.
`To restate, provided herein is a secure technique for
`encrypting a digital data stream by dynamically varying one
`or more encryption parameters employed in encrypting the
`30 data. Varying of the encryption parameter(s) is preferably
`responsive to data content. For example, one trigger might
`be the passage of a certain number of units, where units are
`specific to the format in which the data is stored. For a digital
`stream, units would typically be bits, bytes, words, blocks,
`35 etc. (and in the distant future, such units, in a biological
`computer, would be cells, tissue, organs, organism). Alter(cid:173)
`natively, the trigger for changing the encryption pa