`
`UNITED STATES PATENT AND TRADEMARK OFFIGE
`
`UNITTED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIONER FOR PATENTS
`Q. Box 1450
`Alexandria, Virginia 22313-1450
`www.uspto.gov
`
`APPLICATION
`NUMBER
`
`FILING or
`371(c) DATE
`
`GRP ART
`UNIT
`
`
`
`
`
`FIL
`
`61/500,316
`
`06/23/2011
`
`FEE REC'D
`
`110
`
`47654
`BAINWOOD HUANG & ASSOCIATES LLC
`
`2 CONNECTOR ROAD
`
`WESTBOROUGH, MA 01581
`
`ATTY.DOCKET.NO
`
`ITOT CLAIMSJIND CLAIMS
`
`1082-018
`
`CONFIRMATION NO. 7568
`
`FILING RECEIPT
`
`AE000000048585270
`
`Date Mailed: 07/07/2011
`
`It will not be examined for patentability and will
`Receipt is acknowledged of this provisional patent application.
`become abandonednotlater than twelve monthsafter its filing date. Any correspondence concerning the application
`mustinclude the following identification information: the U.S. APPLICATION NUMBER, FILING DATE, NAME OF
`APPLICANT, and TITLE OF INVENTION. Feestransmitted by checkor draft are subject to collection. Please verify
`the accuracy of the data presented on this receipt. If an error is noted on this Filing Receipt, please submit
`a written request for a Filing Receipt Correction. Please provide a copy of this Filing Receipt with the
`changes noted thereon. If you received a "Notice to File Missing Parts" for this application, please submit
`any corrections to this Filing Receipt with your reply to the Notice. When the USPTO processesthe reply
`to the Notice, the USPTO will generate another Filing Receipt incorporating the requested corrections
`
`Applicant(s)
`
`Kevin J. Ma, Nashua, NH;
`Robert Hickey, Bedford, MA;
`Paul Tweedale, Andover, MA;
`Powerof Attorney:
`James Thompson--36699
`
`If Required, Foreign Filing License Granted: 07/05/2011
`The country code and number of your priority application, to be usedfor filing abroad under the Paris Convention,
`is US 61/500,316
`Projected Publication Date: None, application is not eligible for pre-grant publication
`Non-Publication Request: No
`Early Publication Request: No
`** SMALL ENTITY **
`Title
`
`METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY
`
`PROTECTING YOUR INVENTION OUTSIDE THE UNITED STATES
`
`Since the rights granted by a U.S. patent extend only throughoutthe territory of the United States and have no
`effect in a foreign country, an inventor who wishes patent protection in another country must apply for a patent
`in a specific country or in regional patent offices. Applicants may wish to consider the filing of an international
`application under the Patent Cooperation Treaty (PCT). An international (PCT) application generally has the same
`effect as a regular national patent application in each PCT-member country. The PCT process simplifies the filing
`page 1 of 3
`
`

`

`of patent applications on the same invention in member countries, but does notresult in a grantof "an international
`patent" and doesnoteliminate the needof applicantsto file additional documents and fees in countries where patent
`protection is desired.
`
`Almost every country has its own patent law, and a person desiring a patent in a particular country must make an
`application for patent in that country in accordancewith its particular laws. Since the laws of many countries differ
`in various respects from the patent law of the United States, applicants are advised to seek guidance from specific
`foreign countries to ensure that patent rights are not lost prematurely.
`
`Applicants also are advised that in the case of inventions madein the United States, the Director of the USPTO must
`issue a license before applicants can apply for a patent in a foreign country. Thefiling of a U.S. patent application
`serves as a request for a foreign filing license. The application's filing receipt contains further information and
`guidance asto the status of applicant's license for foreign filing.
`
`Applicants may wish to consult the USPTO booklet, "General Information Concerning Patents”(specifically, the
`section entitled "Treaties and Foreign Patents") for more information on timeframes and deadlinesfor filing foreign
`patent applications. The guide is available either by contacting the USPTO Contact Center at 800-786-9199, or it
`can be viewed on the USPTO website at http://“www.uspto.gov/web/offices/pac/doc/general/index.html.
`
`For information on preventing theft of your intellectual property (patents, trademarks and copyrights), you may wish
`to consult the U.S. Government website, http:/Avww.stopfakes.gov. Part of a Department of Commerceinitiative,
`this website includes self-help "toolkits" giving innovators guidance on how to protectintellectual property in specific
`countries such as China, Korea and Mexico. For questions regarding patent enforcementissues, applicants may
`call the U.S. Governmenthotline at 1-866-999-HALT (1-866-999-4158).
`
`LICENSE FOR FOREIGN FILING UNDER
`
`Title 35, United States Code, Section 184
`
`Title 37, Code of Federal Regulations, 5.11 & 5.15
`
`GRANTED
`
`if the phrase "IF REQUIRED, FOREIGN FILING
`The applicant has been granted a license under 35 U.S.C. 184,
`LICENSE GRANTED"followed by a date appears on this form. Such licenses are issuedin all applications where
`the conditions for issuance of a license have been met, regardless of whether or not a license may be required as
`set forth in 37 CFR 5.15. The scope andlimitations of this license are set forth in 37 CFR 5.15(a) unless an earlier
`license has been issued under 37 CFR 5.15(b). The license is subject to revocation upon written notification. The
`date indicatedis the effective date of the license, unless an earlier license of similar scope has been granted under
`37 CFR 5.13 or 5.14.
`
`This licenseis to be retained by the licensee and maybe usedat any time onor after the effective date thereof unless
`it is revoked. This license is automatically transferred to any related applications(s) filed under 37 CFR 1.53(d). This
`license is not retroactive.
`
`The grantof a license doesnot in any way lessen the responsibility of a licensee for the security of the subject matter
`as imposed by any Governmentcontract or the provisions of existing laws relating to espionage and the national
`security or the export of technical data. Licensees should apprise themselvesof current regulations especially with
`respect to certain countries, of other agencies, particularly the Office of Defense Trade Controls, Department of
`page 2 of 3
`
`

`

`State (with respect to Arms, Munitions and Implements of War (22 CFR 121-128)); the Bureau of Industry and
`Security, Department of Commerce (15 CFR parts 730-774); the Office of Foreign AssetsControl, Department of
`Treasury (31 CFR Parts 500+) and the Department of Energy.
`
`NOT GRANTED
`
`No license under 35 U.S.C. 184 has been granted at this time, if the phrase "IF REQUIRED, FOREIGN FILING
`LICENSE GRANTED" DOESNOTappear on this form. Applicant maystill petition for a license under 37 CFR 5.12,
`if a license is desired before the expiration of 6 months from thefiling date of the application. If 6 months has lapsed
`from thefiling date of this application and the licensee has not received any indication of a secrecy order under 35
`U.S.C. 181, the licensee mayforeign file the application pursuant to 37 CFR 5.15(b).
`
`page 3 of 3
`
`

`

`TITLE:
`
`Method and System for Secure Over-the-Top Live Video Delivery
`
`Attorney Docket No. 1082-018
`
`ABSTRACT:
`
`A methodis provided for managing key rotation and secure key distribution in over-the-top
`delivery of content. The method provided supports supplying a first content encryption key to a
`content packaging engine for encryption ofa first portion of a video stream. Oncethefirst
`content encryption key has expired, a second content encryption key is provided to the content
`packaging engine for encryption of a second portion of a video stream. The method further
`providesfor notification of client devices of imminent key changes, as well as support for secure
`retrieval of new keys by client devices. A system is also specified for implementing a client and
`server infrastructure in accordance with the provisions of the method.
`
`CLAIMS:
`
`1. A method for managingthe secure distribution of content, the method comprising the
`following steps: generating a first content encryption key; providinga first encryption
`key to a packaging server; encrypting content using the first encryption key; providing
`the first content encryption key to a license server; expiring the first content encryption
`key, generating a second content encryption key; providing the second content encryption
`key to the packaging server; encrypting subsequent content with the new content
`encryption key; providing the second content encryption key to the license server;
`notifying client devices of the content encryption key expiration; and providing the
`appropriate content encryption keysto the client.
`2. The method of claim 1, wherein the contentis audio/video content.
`3. The method of claim 1, wherein the encryption algorithms include AES128, HC128, and
`RC4.
`4. The method of claim 1, wherein the content encryption keys are generated using strong
`entropy sources.
`5. The method of claim 1, wherein the content encryption key is provided to the packaging
`server through a secure interface.
`6. The method of claim 5, further comprising: using SSL to secure the interface.
`7. The method of claim 5, further comprising: pushing a content encryption keyto the
`packaging server whenthe license server determines expiration of the previous key is
`
`necessary.
`8. The method of claim 5, further comprising: pushing a content encryption key and
`predetermined expiration time to the packaging server.
`
`

`

`Attorney Docket No. 1082-018
`
`The methodof claim 8, further comprising: pushing the content encryption key and
`predetermined expiration time only in response to a request for a new content encryption
`key from the packaging server.
`The methodof claim 9, further comprising: the packaging server requesting a new key in
`anticipation of the expiration of its current key.
`The method of claim 1, wherein the client is notified at session initiation of the fixed
`period for content key expiration.
`The method of claim 1, wherein the client is notified in real-time content key expiration.
`The method of claim 12, further comprising: the packaging serverinserting a key change
`notification into a content encryption metadata headeras part of the unencrypted portion
`of the encryptedfile.
`The method of claim 13, further comprising: the header being a PlayReady header.
`The method of claim 12, further comprising: the packaging serverinserting a key change
`notification into a content manifestfile.
`The method of claim 15, further comprising: the manifest file being an m3u8file.
`The method of claim 15, further comprising: the manifest file being an IIS Smooth
`Streaming manifestfile.
`The method of claim 12, further comprising: the packaging serverinserting a key change
`notification into the file name of the segmentfiles being generated.
`The method of claim 1, wherein the content encryption key is provided to the license
`server through a secure interface.
`The method of claim 19, further comprising: using SSL to secure the interface.
`The method of claim 1, wherein, content encryption keys for a given media are versioned
`The method of claim 21, further comprising: using monotonically increasing integer
`values.
`The method of claim 22, further comprising: maintaining a direct correlation between the
`version and the content segment numberor duration
`The method of claim 1, wherein the license server distributes content encryption keys and
`content encryption key expiration information to clients using a secure channel.
`The methodof claim 24, further comprising: using SSL to secure the interface.
`The method of claim 21, further comprising: providing the client with the two most
`recently generated content encryption keys.
`The method of claim 26, further comprising: returning content encryption keys and
`expiration information only whenthe client requestsit.
`The methodof claim 27, further comprising: verifying client identity and content rights
`before returning content encryption key or expiration information.
`The method of claim 21, further comprising: allowing clients to request any previous
`content encryption key and expiration information.
`
`10.
`
`11.
`
`12.
`
`13.
`
`14.
`
`15.
`
`16.
`
`17.
`
`18.
`
`19.
`
`20.
`
`21.
`
`22.
`
`23.
`
`24.
`
`25.
`
`26.
`
`27.
`
`28.
`
`29.
`
`

`

`Attorney Docket No. 1082-018
`
`30. The method of claim 21, further comprising: allowing clients to only request a fixed
`numberof most recently generated content encryption keys and expiration information.
`31. The method of claim 3, further comprising: resetting the initialization vector when the
`content encryption key is rotated.
`32. [insert apparatus claims here].
`
`BACKGROUND:
`
`This invention relates in general to over-the-top (OTT) media delivery and morespecifically to
`encryption key rotation for live streaming media.
`
`Ascontent delivery models move away from streamingdistribution over private networksto
`Web-based delivery of files over the public Internet, referred to as over-the-top (OTT) delivery,
`traditional content protection paradigms must be modified to support new delivery protocols,
`e.g., HTTP Live Streaming. Forlive streaming content with long or indefinite durations, use of a
`single encryption key for the entire duration increases the probability that the key may be
`compromised. Traditional key rotation schemesusedin private multiple system operator (MSO)
`and mobile network operator (MNO)distribution networks, where physical security protects the
`key distribution path, do not extend to use over the public Internet, where communications
`channels are more susceptible to attack. Furthermore, the encryption used with nascent segment-
`based HTTPdistribution protocols (e.g., HTTP Live Streaming, Silverlight Smooth Streaming,
`MPEG/3GP Dynamic Adaptive Streaming over HTTP (DASH), etc.) also differs from traditional
`streaming techniques. Encryption of non-segmented contentis typically performed using a
`single encryption key using a single continuous passover the content, from start to finish. For
`segment-based formats, each segment may use the same content encryption key. Though the
`content encryption key may be salted with a unique initialization vector (IV) for each segment,
`the IV is not random and doesnot provide the samesecurity as key rotation. New methodsare
`required for the managementof key rotation and key distribution to ensure security for OTT
`content delivery.
`
`SUMMARY:
`
`Methods and apparatus are disclosed for managing the distribution of a plurality of content
`encryption keys for use in the protection oflive streaming content. A workflow management
`system, referred to herein as a workflow manager,is responsible for managing the acquisition of
`source content from a content management system, preparation of the content, including, but not
`limited to, transcoding of the content into different encodings(e.g., different bitrates, frame rates,
`resolutions, sample rates, codecs, etc.), storing the transcoded contentin different formats(e.g.,
`3GP, segmented 3GP, MP4, fragmented MP4, MPEG-TS, segmented MPEG-TS, RTP, etc.), and
`encrypting the different formats, so that the content is suitable for delivery to a plurality of client
`devices over a plurality of network infrastructures. The prepared contentis then uploaded to a
`
`

`

`Attorney Docket No. 1082-018
`
`CDNfor delivery to clients. The invention includes provisions for managing when content
`encryption keys expire, distributing content encryption keys to packaging engines, and
`distributing content encryption keysto clients.
`
`In the preparation and distribution of content, specifically video content, modern protocols(e.g.,
`HTTPLive Streaming, Silverlight Smooth Streaming, MPEG/3GP Dynamic Adaptive Streaming
`over HTTP (DASH), etc.) employ segment-based rate adaptation to deal with fluctuations in
`bandwidth, whereby segment boundaries provide natural demarcation points for switching
`bitrates. Another example of a protocol andfile format suitable for segment-basedrate
`adaptation is described in PCT Application No. PCT/US2010/027893 filed March 19, 2010, and
`entitled, Method for Scalable Live Streaming Delivery for Mobile Audiences. Yet another
`example of a protocol and file format suitable for segment-based rate adaptation is described in
`PCT Application No. PCT/US2010/028309 filed March 23, 2010, and entitled, Method and
`System for Efficient Streaming Video Dynamic Rate Adaptation. There are many protocols and
`methods for generating segmented content, as should be knownto those skilled in the art. Any
`of these segmentation methodsare suitable for use in accordance with provisionsofthe
`invention. For segment-based formats (e.g., segmented 3GP, fragmented MP4, segmented
`MPEG-TS, etc.), each segmentis independently playable, and therefore needs to be
`independently encrypted and decryptable. Segmentsare typically of a fixed duration and, in the
`case of video content, begin with a key-frame and contain no inter-segmentreferences.
`Segmentation is performed on each ofthe different encoding generated by the transcoder, by
`parsing the resultant encoding and determining segment boundaries. In one embodiment
`segment boundaries are based on a fixed numberof bytes of data. In another embodiment
`segment boundaries are based on a fixed number of video key frames.
`
`Segments are encrypted on segment boundaries using the current content encryption key and
`current initialization vector (IV). In one embodiment, the IV maybe a simple incrementing
`integer value. In another embodiment, the IV may be a pseudo-random stream of bits produced
`by a pseudo-random numbergenerator or stream cipher. Though the IV provides some
`additional cryptographic strength, it is not random. The generation of new strongly random
`values for use as content encryption keys and the rotation of content encryption keys provides
`protection from content encryption keys being compromisedin long lived streams. In one
`embodiment, IVsare reinitialized whenever a content encryption key is rotated. In another
`embodiment, IVsare not reinitialized when content encryption keysare rotated.
`
`In one embodimentthe workflow manager generates content encryption keys with a fixed
`duration lifespan on a fixed periodic basis. In one embodiment, the content encryption keys may
`be generated using weak sources of entropy (e.g., processor or wall clock time, /dev/urandom,
`etc). In another embodiment, the content encryption keys may be generated using strong sources
`of entropy (e.g., hardware sources whichrely on electrical static or radioactive decay,
`/dev/random/, etc.). There are many waysto generate random numbers, as should be knownto
`
`-4-
`
`

`

`Attorney Docket No. 1082-018
`
`those skilled in the art. Any method for generating random numbers maybe used in accordance
`with provisions of this method. The workflow managerdistributes the content encryption keys
`and content encryption key lifespan to both a license server and content packaging engine,
`referred to herein as a packager. Thefixed duration lifespan is directly correlated to a fixed
`period of the live content. The changing of content encryption keys based on the fixed period of
`the live content is referred to herein as rotation. A history of individual content encryption keys
`and the order in which they were generated is maintained. Each content encryption key in the
`history is assigned a unique identifier which is referred to herein as the content encryption key
`identifier. In one embodiment, the content encryption key identifiers are selected based on the
`wall clock time offset from the beginning ofthe live stream. In another embodiment, the content
`encryption key identifiers are selected based on a segment numberof the prepared content. In
`one embodimentthe segment boundaries are based on a fixed numberofbytes of data. In
`another embodimentthe segment boundaries are based on a fixed numberof video key frames.
`The content packaging engineis responsible for encrypting the associated content using the
`content encryption key. In one embodiment, the packager recognizes the imminentend to the
`fixed duration lifespan and requests a new content encryption key from the workflow manager.
`The license server is responsible for distributing content encryption keys to clients. In one
`embodiment, the license server also distributes fixed duration lifespan information to clients. In
`one embodiment, wheninitiating playback of the stream, the client requests the current content
`encryption key, the next future content encryption key, and the fixed duration lifespan ofthe
`keys. The client uses the content encryption keys to decrypt the associated content.
`
`In one embodiment, the workflow manager mayinitiate content encryption key rotation at any
`time, outside of the fixed duration lifespan of the existing key. The workflow manageris
`responsible for notifying the packager of the key rotation request. The packageris responsible
`for selecting when the new keyshall be applied and notifying the workflow manager. In one
`embodiment, the point at which the keyis applied is based on the wall clock time offset from the
`beginning ofthe live stream. In another embodiment, the point at which the keyis applied is
`based on a segment numberof the prepared content. In one embodiment the segment boundaries
`are based on a fixed numberofbytes of data. In another embodiment the segment boundaries are
`based on a fixed number of video key frames. The workflow manageris then responsible for
`notifying the license server of the new content encryption key, the content encryption key
`identifier of the new content encryption key, and the lifespan of the new content encryption key.
`In one embodiment, content encryption key identifiers are selected based on the fixed period of
`the live content. In one embodiment, the content encryption key identifiers are selected based on
`the wall clock time offset from the beginning ofthe live stream. In another embodiment, the
`content encryption key identifiers are selected based on a segment numberof the prepared
`content. In one embodiment the segment boundaries are based on a fixed numberofbytes of
`data. In another embodiment the segment boundaries are based on a fixed numberof video key
`frames. The packageris responsible for providing in-bandnotification to the client for the key
`
`

`

`Attorney Docket No. 1082-018
`
`change. In one embodiment,the notification is embedded in a manifestfile that describes the
`encrypted content. In another embodiment, the notification is embedded in the segmentfile
`nameof the encrypted content. In another embodiment, the notification is embeddedin a header
`prepended to the encrypted content. In one embodiment, the header may be a Microsoft
`PlayReady header. In another embodiment, the header may be an MPEG/3GP DASHheader. In
`another embodiment, the header may be a proprietary segment format header.
`
`These provisions together with the various ancillary provisions and features which will become
`apparentto those artisans possessing skill in the art as the following description proceedsare
`attained by devices, assemblies, systems and methods of embodiments of the present invention,
`various embodiments thereof being shown with reference to the accompanying drawings, by way
`of example only, wherein:
`
`FIGURES:
`
`e
`
`e
`
`FIG. 1 is a block diagram of a system which is capable of conducting content encryption
`key rotations procedures, in accordance with various embodiments of the invention;
`FIG. 2 is a flow chart showing a method for performing content encryption key rotation,
`in accordance with an embodimentof the present invention; and
`e FIG. 3 isaflow chart showing another method for detecting content encryption key
`rotation, in accordance with an embodimentof the present invention.
`
`
`
`DETAILED DESCRIPTION:
`
`In the description herein for embodiments of the present invention, numerousspecific details are
`provided, such as examples of components and/or methods, to provide a thorough understanding
`of embodiments of the present invention. One skilled in the relevant art will recognize, however,
`that an embodimentofthe invention can be practiced without one or moreofthe specific details,
`or with other apparatus, systems, assemblies, methods, components, materials, parts, and/or the
`like. In other instances, well-knownstructures, materials, or operations are not specifically
`shownordescribed in detail to avoid obscuring aspects of embodiments of the present invention.
`
`In FIG. 1 is a block diagram 100 for one embodimentofthe present invention. The workflow
`manager (WFM)102 is responsible for initiating ingestion and preparation oflive content. In
`one embodiment, preparation includes transcoding audio and videointo a plurality of encodings
`using different codecs, bitrates ,frame rates, sample rates, and resolutions. The transcoded
`content is then written into a plurality of output files. In one embodiment,a plurality of output
`files contain the same transcoded content encapsulated in different container formats (e.g., 3GP,
`MP4, MPEG-TS, WMV, MOV,etc.). In one embodiment, the prepared output files are
`segmentedinto fixed duration segmentfiles (e.g., MPEG-TS segments, fragmented MP4
`segments, 3GP DASH segments, etc.). In one embodiment, the outputfiles, both segmented and
`un-segmented, are encrypted using standard encryption protocols (e.g., AES-128, HC-128, RC4,
`
`-6-
`
`

`

`Attorney Docket No. 1082-018
`
`etc.) . In one embodiment, IVs for the encryption protocolare reinitialized by the packager 104
`whenevera content encryption key is rotated. In another embodiment, IVs for the encryption
`protocol are not reinitialized when content encryption keysare rotated. In one embodiment,all
`preparation steps are performed by a single content packaging server 104, referred to herein as a
`packager. In another embodiment, individual preparation steps (e.g., transcoding, segmentation,
`encryption, etc.) may be performed acrossdifferent physical content packaging servers 104. The
`packager 104 which performsencryption acquires content encryption keys from the workflow
`manger 102. In one embodiment the WFM 102 and packager 104 reside in the same physical
`server. In another embodiment, the WFM 102 and packager 104 reside in different physical
`servers in the same data center. In another embodiment, the WFM 102 and packager 104 reside
`in different physical servers in remote data centers.
`
`It will be appreciated that the term "server" used herein refers to a general-purpose or special-
`purpose computer, generally including memory,input/output circuitry, and instruction
`processing logic along with interconnections such as one or more high-speed data buses
`connecting those components together. Many aspects of the disclosed techniques can be
`embodiedas software executing on one or more server computers. Similarly, a "client" herein is
`a computerized device (also including the above components) capable of receiving content from
`a network connection and decoding and rendering the content on a display or similar output
`device. So-called smartphonesare specifically included within the definition of client as used
`herein.
`
`The WFM 102 receives an ingestion request from the content management system (CMS) 112.
`The CMSspecifies a security profile. In one embodiment, the security profile includes content
`encryption information, including cipher specification and content encryption key expiration
`policies. The WFM 102 generates an initial content encryption key and assignsit a content
`encryption key identifier. In one embodiment, the content encryption key identifieris initially set
`to zero andall future content encryption key identifiers are based onarelative offset to the initial
`content encryption key identifier. In one embodiment, the content encryption key identifiers are
`based off the wall clock time offset from the time the initial content encryption key identifier was
`generated. In another embodiment, the content encryption key identifiers are based off of
`segment numbers, as produced by the packager 104 during segmentation.
`In one embodiment
`the segment boundaries are based on a fixed numberof bytes of data. In another embodimentthe
`segment boundaries are based on a fixed numberof video key frames.
`
`The WFM 102 then initiates content preparation by assigning a packager 104 to begin acquiring
`the source content and performing transcoding and segmentation as required. The WFM 102
`providesthe initial content encryption key and lifespan of the key to the packager 104
`responsible for encryption of the prepared outputs. The packager 104 encrypts the content using
`the initial content encryption key until it expires. In one embodiment, the expiration timeis
`based on a relative wall clock time offset to the time preparation was started. In another
`
`-7-
`
`

`

`Attorney Docket No. 1082-018
`
`embodiment, the content encryption key identifiers are based off of segment numbers,as
`producedby the packager 104 during segmentation. As described above, segmentation detects
`segment boundaries and assignsa fixed amountof data to each individual segment. In one
`embodiment the segment boundaries are based on a fixed numberof bytes of data. In another
`embodiment the segment boundaries are based on a fixed numberof video key frames. In one
`embodiment, before the content encryption key expires, the packager 104 requests a new key
`from the WFM 102. In one embodiment, the new content encryption key has the same lifespan
`as the previous content encryption key. The new content encryption key is made available by the
`WFM 102to the packager 104 before the previous content encryption key has expired to allow
`for uninterrupted encryption.
`
`Encrypted content is uploaded by the packager 104 to a content delivery network (CDN) 108,
`from which it mayberetrieved by clients 110. In one embodiment, manifestfiles are also
`uploaded by the packager 104 to the CDN 108. The clients 110 mustfirst obtain the content
`encryption keys from the license server 106, before they may decrypt and render encrypted
`content. In one embodiment, clients 110 retrieve content encryption keys using HTTPS. In one
`embodiment, clients 110 are verified by the license server 106 using client certificate
`verification. In another embodiment, clients 110 are verified using login credentials. The
`license server 106 is notified of new content encryption keys by the WFM 102asthey are
`generated. In one embodiment, the license server 106 stores the content encryption key, content
`encryption key identifier, content encryption key lifespan (or expiration), and the location ofthe
`encrypted content. In one embodiment, the information is stored as an encrypted token in a
`database. In one embodiment the WFM 102 andlicense server 106 reside in the same physical
`server. In another embodiment, the WFM 102 andlicense server 106 reside in different physical
`servers in the same data center. In another embodiment, the WFM 102 and license server 106
`reside in different physical servers in remote data centers. In one embodiment, the license server
`106 registers client devices 110 and verifies the right of each client device 110 to view the
`content. If the client 110 has the right to view the content, the license server 106 provides the
`content encryption key, content encryption key lifespan (or expiration), and the location ofthe
`encrypted content.
`
`In one embodiment, the WFM 102 mayissue a new unsolicited content encryption key to the
`packager 104. In one embodiment, the WFM 102 pushes the new content encryption key to the
`packager 104 when the current content encryption key is nearing the endofits lifespan. The new
`content encryption key is pushed aheadofthe current content key expiration and the packager
`104 waits until the current content encryption key has expired before applying the new content
`encryption key. In another embodiment, the WFM 102 pushes the new content encryption key to
`the packager 104 when the current content encryption key is deemedto be no longersecure(e.g.,
`if the content encryption key has been compromised). The packager 104 waits until the next
`available encryption boundary before applying the new content encryption key, and then notifies
`
`

`

`Attorney Docket No. 1082-018
`
`the WFM 102 ofthe exact boundary at whichit expired the previous content encryption key. In
`one embodiment, the encryption boundary is a segment boundary. In one embodimentthe
`segment boundaries are based on a fixed numberof bytes of data. In another embodimentthe
`segment boundaries are based on a fixed numberof video key frames.
`
`In one embodiment, the lifespan of the new content encryption keyis aligned to the periodic
`boundaries of the previous content encryption keys. In one embodiment, the expi