法国专利FR3050090A1 EXTRACTION OF VIDEO STREAM

专利PDF首页>>法国专利

专利附录

专利说明

权利要求

类似技术

同族专利

引用文献

法律状态

优先权

专利摘要:
The description relates in particular to a method of selective extraction, by a terminal (TRM, TRM1, TRM2), of at least one image to extract contained in an encrypted video stream stored on a server (BRC_S) unable to decrypt said stream encrypted video, said encrypted video stream being divided into encrypted blocks (L1, L2, L3, LN). The description also relates to a computer program, a storage medium, a terminal and a broadcast server.
公开号:FR3050090A1
申请号:FR1653150
申请日:2016-04-08
公开日:2017-10-13
发明作者:Nicolas Delahaye；Francois Martin；Ludovic Piquet；Frederic Pasquet；David Grondin
申请人:Squadeo；
IPC主号:

专利说明:

EXTRACTION OF VIDEO STREAM
The description relates to the field of video content distribution.
VCRs (which recorded and played back tapes) included a fast-forward or fast-back feature. This required turning an electric motor driving the magnetic tape at a higher speed, and if necessary reverse the direction of rotation of the electric motor. Nowadays, videos are often stored on servers connected to terminals (fixed or portable personal computers, tablets, mobile phones, etc.). These terminals make it possible to visualize videos in streaming (term of English language sometimes translated in French by the expression "continuous flow"). Terminals and servers can have significant storage and compute capabilities. But the bandwidth available between a terminal and a server is often a bottleneck.
Servers storing video streams are usually distribution servers, which essentially store encrypted video streams and transmit them on demand, but are unable to decrypt these video streams themselves and let alone extract information from them. targeted. Indeed, they do not have (on purpose, for security reasons) cryptographic keys required to operate such decryption. The decryption cryptographic keys are usually provided directly to the terminals by other servers (known as DRM servers) which, after authentication of a terminal and verification of its access rights, communicate to this terminal the information required to enable it to decrypt the video stream received from a distribution server. This required information is not necessarily the cryptographic key itself, but may be information from which the terminal is able to compute the cryptographic key.
In such a scheme, in order to operate a fast forward, it would seem natural to download the video stream at a faster rate, but often the available bandwidth does not allow it. Even when the bandwidth makes it possible, for example, to triple the download speed in order to perform an accelerated reading by a factor of three, this is unsatisfactory since this represents a waste of bandwidth.
In addition, another difficulty arises. In order to move in an enlightened and relevant way within a video stream, it is useful to have an approximate representation of the content of this video stream. But to build this approximated representation, it is necessary to access elements distributed over the entire video stream (from the beginning to the end of this video stream).
It has been proposed to provide a banner containing scenes representative of the complete video, for example an image taken every minute, in order to allow a user to find his way in the video stream and to click directly on the image corresponding to the video. scene that interests him. This is what the Google company does, for example, for its Youtube® service. The server is then adapted to generate an image containing a series of miniature images corresponding to different moments of the video stream. Apple® has developed a technology called HLS (acronym for the English expression "HTTP live streaming", meaning: live HTTP broadcast). This technology enables the server to generate representative images from a video stream and transmit them on demand. But in either case, it is necessary to have sufficient control over the distribution server (which must be modified to add the required features). Above all, if the video stream is encrypted, it must be able to decrypt the video stream at this server, which often is not possible, and is often not desirable for security reasons.
It might have seemed conceivable to transmit only part of the video stream (for example every third image), but this solution is not considered because the distribution server does not know how to access the images of the video stream, which are encrypted. In addition, it is not enough to identify one image in three and transmit it because the images are compressed, and some images are not self-sufficient (can not be decompressed without additional information).
Specifically, it is common for videos to include three types of images, called I-frames, B-frames, and P-frames.
I images are self-supporting images, in the sense that they are compressed (for example with an algorithm such as the JPEG algorithm), without worrying about the images that surround them. Such images I are particularly useful for video streams that can be viewed during the journey (without starting from the beginning), such as for example video streams relating to live events. For example, there is generally one or two I frames per second in an H264 type video.
The P pictures are defined by difference from the previous picture. Since consecutive images are generally similar, this increases the compression ratio. However, an image can then be decompressed only in the presence of the previous image, which must be intact (failing that, the uncompressed image is badly restored).
Finally, the B images are even more compressed (at equivalent quality) because they can take advantage not only of the previous image but also of the next image. This imposes a latency since the decompression of an image B imposes to have received the following image also. This also requires keeping three images in memory (the previous one, the current one and the next one).
In practice, a video stream comprises a sequence of images alternating these different types of images I, P, B, for example according to the order: IBBPBBPBBPBBI. Other types of images and alternations of images are possible, but in most implementations, any image of the video stream is not self-sufficient from the point of view of decompression (only some are).
In addition, the size of the images fluctuates. Some images are easier to compress than others, and a highly compressed image is, by definition, smaller in size than a low compression image.
The structure of a video stream being complex and this video stream being encrypted, it did not seem possible to make relevant extractions.
Various techniques have been proposed to solve similar or related problems, and are described in particular in patent applications US 2006/0288392 A1, US 2013/0097508 A1, US 2014/0282262 A1 and US 2002/0075572 A1, or in "Swift: Reducing the Effects of Latency in Online Video Scrubbing", Justin Matejka, Tovi Grossman, George Fitzmaurice, ΟΗΓ12, May 5-10, 2012, Austin, Texas, USA. However, none solves the above problems satisfactorily. The invention aims to improve the situation.
One aspect of the invention relates to a method of selective extraction, by a terminal, of at least one image to be extracted contained in an encrypted video stream stored on a server incapable of decrypting said encrypted video stream, said encrypted video stream being divided into encrypted blocks, each encrypted block containing a plurality of encrypted images, said method comprising: - a selection of an encrypted block of the encrypted video stream, said encrypted block containing an image to be extracted; a selection of a subset of said encrypted block containing said image to be extracted; a transmission, by the server to the terminal, of said subset; a decryption of said subset by the terminal; an extraction by the terminal of said image to be extracted from said decrypted subset.
Such a method is particularly advantageous in that it makes it possible to extract from an encrypted video stream stored on a distribution server the relevant parts of this stream in order to proceed with a fast forward (or a fast return), and in order to build a set of thumbnails (small images) representative of the entire video stream, in the manner of an automatically generated table of contents. Extraction makes it possible to download only a small proportion of the entire video stream, and thus to require only a small bandwidth.
The method according to the invention may comprise one or more of the following characteristics taken alone or in combination.
One aspect of the invention relates to a selective extraction method comprising, after extracting said image to be extracted from said decrypted subset, a transmission from the terminal to the server of the size of the encrypted image to be extracted. .
One aspect of the invention relates to a selective extraction method comprising a selection by the terminal of all the encrypted blocks of the encrypted video stream.
One aspect of the invention relates to a selective extraction method comprising, for each selected encrypted block, a selection of a single subset containing a single image to be extracted for said selected encrypted block.
One aspect of the invention relates to a selective extraction method in which the single subset selected for a selected encrypted block begins at the beginning of said selected encrypted block.
One aspect of the invention relates to a selective extraction method in which the size of said selected subset is by default a predetermined size.
One aspect of the invention relates to a selective extraction method in which each selected encrypted block comprises only two images to be extracted.
One aspect of the invention relates to a selective extraction method comprising a concatenation, by the server, of several selected subsets, and a transmission of said subsets concatenated by the server to the terminal within a same packet .
One aspect of the invention relates to a computer program comprising a series of instructions which, when executed by at least one processor, implement a method according to an embodiment of the invention.
One aspect of the invention relates to a non-transitory computer readable storage medium storing a computer program according to an embodiment of the invention.
An aspect of the invention relates to a terminal arranged to selectively extract at least one image to be extracted contained in an encrypted video stream stored on a server unable to decrypt said encrypted video stream, said encrypted video stream being divided into encrypted blocks, each an encrypted block containing a plurality of encrypted images, said terminal comprising: an electronic circuit for selecting an encrypted block of the encrypted video stream, said encrypted block containing an image to be extracted; an electronic circuit for selecting a subset of said encrypted block containing said image to be extracted; an electronic circuit for receiving said subset from the server; an electronic circuit for decrypting said subset; an electronic circuit for extracting said image to be extracted from said deciphered subset.
One aspect of the invention relates to a server arranged to store an encrypted video stream that it is not able to decrypt, said encrypted video stream being divided into encrypted blocks, each encrypted block containing a plurality of encrypted images, said server comprising: an electronic circuit for selecting an encrypted block of the encrypted video stream, said encrypted block containing an image to be extracted; an electronic circuit for selecting a subset of said encrypted block containing said image to be extracted; an electronic circuit for transmitting said subset to a terminal. Other characteristics and advantages of the invention will appear on reading the description which follows. This is purely illustrative and should be read with reference to the accompanying drawings in which: FIGS. 1 to 4 show broadcast servers according to various embodiments of the invention cooperating with a management server of law as well as with a terminal according to different embodiments of the invention; FIG. 5 represents a method according to one embodiment of the invention; FIG. 6 represents a terminal according to one embodiment of the invention; FIG. 7 represents a broadcast server according to one embodiment of the invention.
The following achievements are examples. Although the description refers to one or more embodiments, this does not necessarily mean that each element mentioned in the context of an embodiment relates only to this same embodiment, or that features of this embodiment apply only to this embodiment.
FIG. 1 represents an embodiment according to the invention in which a streaming video server BRC_S stores a multitude of video streams, only one of which is represented. The broadcast server BRC_S is represented schematically and functionally. The video stream represented is stored in three versions, respectively of high quality (for example with a resolution of 1920 by 1080 pixels per image), of average quality (for example with a resolution 640 by 480 pixels per image) and of low quality ( for example with a resolution of 320 by 200 pixels per image). The three streams are identical, to their quality. Resolution is often the most important parameter for quality. But the quality of the streams can result in particular from their resolution (examples mentioned above), their depth (each pixel being coded on more or less bits before compression, for example in 4294967296 colors is 32 bits, in 16777216 colors or 24 bits, or in 65536 colors or 16 bits), their frequency (number of images plus or minus per second), their compression ratio, or a combination of two or more of the aforementioned parameters (resolution, depth, frequency and compression ratio). A lower quality stream in return has a lower bit rate, and is therefore faster to transmit (it can be transmitted with a lower available bandwidth than would be required for a higher quality transmission). This makes it possible to implement an algorithm called ABR (acronym for the English language expression Adaptive Bit Rate, which means adaptive bit rate), according to which the transmitted stream is adapted to the available bandwidth. The quality transmitted is less good when the bandwidth decreases and better when it improves, which avoids any interruption in the broadcast (with a quality punctually degraded). The high resolution stream is composed of Hi, H2, H3 ... Hn blocks. The flow of medium resolution is composed of blocks Mi, M2, M3 ... Mn. The low resolution stream is composed of blocks Li, L2, L3 ... Ln. Each block (Hi ... Hn, Mi ... Mn, Li ... Ln) of each of the three streams comprises for example about 10 seconds of video, ie, for example about 250 images. The 250 images of the L1 block take much less memory than the 250 images of the H1 block.
Each block (Hi ... Hn, Mi ... Mn, Li ... Ln) of each of the three streams is encrypted. The broadcast server BRC_S does not have access to the cryptographic keys for decrypting the blocks (Hi ... Hn, Mi ... Mn, Li ... Ln).
A TRM terminal on which the video stream is to be played must therefore obtain a decryption key from a DRM_S rights management server (or even several decryption keys if this key changes during the broadcast of the stream). It can then download the video stream (preferably all the blocks Hi, H2, H3 ... Hn, but possibly lower resolution blocks when the bandwidth is insufficient), which it does for example as and as it plays said video stream.
In order to allow navigation within the video stream, the terminal requires as soon as possible the transmission of the beginning of each block Li, L2, L3 ... Ln. For example, it requests the broadcast server to transmit the first 5% of each block. In principle, the first image of the block is a Type I image, and it occupies about 2% of the block. Thus, to obtain 5% of the block ensures to be able to decode this image even if the image occupies a little more than 2%. The TRM terminal can decipher the received 5% as if it were the deciphering of the entire block, and then stop as soon as it has succeeded in extracting the type I image. The percentages indicated may vary according to the algorithms and protocols used.
Thus, even though the BRC_S broadcast server can not decipher, even partially, the contents of the blocks, we obtain a relevant image by having downloaded only 5% of this block, moreover a low resolution version, faster to download only the high resolution version. This allows you to quickly get an approximate representation of all the video and move around in this video in a relevant way.
The BRC_S broadcast server does not need to implement substantial additional processing (in terms of computing time) compared to a state-of-the-art BRC_S server.
FIG. 2 represents an embodiment according to the invention in which a streaming video server BRC_S stores a multitude of video streams, only one of which is represented. The video stream shown is, as in Figure 1, stored in three versions, respectively of high resolution, medium resolution and low resolution.
Instead of transmitting the beginning of each of the blocks Li, L2, L3 ... Ln as they are requested, the broadcast server BRC_S groups these block starts into a single packet which it transmits in one packet. times. According to one possible implementation, in addition to concatenating the beginnings of blocks, the broadcast server BRC_S adds metadata in the packet in order to help the terminal to find each start of block considered in the packet. Alternatively, the terminal TRM knows by construction where are the beginning of blocks, without it being necessary to provide metadata. For example, block starts can have a predefined size.
According to one possible implementation, the broadcast server BRC_S stores the packet containing the concatenated block starts in a file, which it references in a main playlist file. Thus, this file can be pre-calculated and then immediately available for download when a TRM terminal selects the video stream considered.
This concatenation avoids the decreases in efficiency experienced by the transmission of multiple packets (which increase the bandwidth required), in return, if necessary (but not necessarily, as indicated below), a somewhat increased latency. The concatenation is indeed possible only from the moment when all the elements to be concatenated are available, which is likely to delay the transmission of the elements available first.
It is nevertheless possible to generate the concatenation once and for all. Thus the latency is then noticeable only during the initial concatenation, or is not noticeable at all if the concatenation is performed during a preliminary initialization phase (for example when recording the flow on the server ).
This embodiment generally requires modifying the broadcast server, but does not require the ability to access the decryption keys stored video streams, which would be unacceptable in many cases.
FIG. 3 represents an embodiment according to the invention in which a streaming video server BRC_S stores a multitude of video streams, only one of which is represented. The video stream shown is, as in Figures 1 and 2, stored in three versions, respectively of high resolution, medium resolution and low resolution.
Instead of transmitting only the beginning of each of the blocks Li, L2, L3 ... Ln, the broadcast server BRC_S is arranged to identify an image in the middle of each encrypted block in order to transmit two images per encrypted block. By transmitting an image that is approximately in the middle of the encrypted block (in addition to the encrypted block start image), the method provides a temporal equidistance of all the images.
Locating an image I in the middle of the block (and more generally anywhere else than at the very beginning of the block) is a more complex task than extracting the first image I of the block. Indeed, the beginning of the first image I can be estimated with great precision since it is (in general) the first image of the block. But the further one moves away from the beginning of the ciphered block, the more the uncertainty grows as to the position of the successive images, each of which has a variable size according to the video stream considered.
It is nonetheless possible to statistically estimate a window in which the image I (or the two images I, in case of equidistance) closest to the middle of the encrypted block (or to another targeted position of the encrypted block) necessarily find. It is then possible to request transmission of the entirety of this window, to look for the image I considered (or one of the two images I considered, or the two images I considered). For example, it is possible to request the transmission of a window (or subset) corresponding to 10% of the encrypted block, centered on the middle of the encrypted block (or any other relevant targeted position).
In some cases, it is possible to estimate analytically a window in which the image I (or the two images I, in case of equidistance) closest to a given position in the encrypted block is necessarily. For example, in some encrypted video streams, the blocks are not encrypted in their entirety: a block header can be transmitted in clear (and contain more or less precise indices on the positions of the images I), or even parts in clear can be present in a block between encrypted elements, these parts in clear being, for example, image markers I.
However, according to one possible implementation, the blocks are fully encrypted (no part of the video stream is transmitted in clear-the entire video stream is encrypted), and the analytical method is not applicable.
This is particularly advantageous for video streams of about 10 to 20 minutes duration (and even more so for shorter video streams), for which only extracting one picture per block is generally equivalent to extracting only about one hundred images, which corresponds to a low limit of what is necessary to allow a satisfactory comfort.
According to one possible implementation, instead of transmitting the beginning and the middle of each of the encrypted blocks Li, L2, L3 ... Ln as and when they are requested, the broadcast server BRC_S groups these beginnings and the backgrounds of blocks in a single packet that it transmits at one time. According to one possible implementation, in addition to concatenating the beginnings and backgrounds of encrypted blocks, the broadcast server BRC_S adds metadata in the packet in order to help the terminal to find each beginning and middle of the encrypted block considered in the packet. Alternatively, the terminal TRM knows by construction where the beginnings and backgrounds of blocks, without it is necessary to provide metadata. For example, beginnings and backgrounds of blocks can have a predefined size.
FIG. 4 represents an embodiment according to the invention in which a streaming video server BRC_S stores a multitude of video streams, only one of which is represented. The video stream shown is, as in Figures 1 to 3, stored in three versions, respectively of high resolution, medium resolution and low resolution.
The broadcasting server BRC_S and the terminals which connect to it (in particular the TRMi terminals, represented TRM2) are arranged so that each terminal, by what one could qualify of loop of feedback, inform the diffusion server BRC_S of the size and position of extracted images. Thus, once a terminal (in FIG. 4, the TRMi terminal) has decoded the beginnings of encrypted blocks, it knows where each image starts and ends in each beginning of the encrypted block. It can therefore inform the broadcast server, which, the next time it must transmit the images considered, transmits only the portions of encrypted block corresponding to these images. Thus, if an image occupies 2% of the block, and if initially 5% of the block are transmitted to be sure of recovering the whole image, the next time it is enough to transmit the 2% of the block corresponding exactly to the image considered. . In the case in point, when the terminal TRM2 requests the transmission of the same information that the terminal TRMi has previously solicited, the beginnings of encrypted blocks are all, except that of the encrypted block Ln (but it is specific to the video stream considered ) shortcuts. The beginning of the encrypted block Li is slightly shortened, that of the encrypted block L2 is a little more, and that of the encrypted block L3 is much more. That of the encrypted block Ln is, in the example considered, having exactly the required size, it is not shortened.
FIG. 5 represents a method according to one embodiment of the invention. More specifically, it illustrates steps S1, S2, T, D and E of a method according to the first embodiment below.
Figure 6 shows a terminal according to one embodiment of the invention. It shows the circuits Si_C, S2_C, R_C, D_C and E_C of the eleventh embodiment below. These circuits are actually not visible without opening the terminal.
FIG. 7 represents a broadcast server according to one embodiment of the invention. It shows the Si_SC, S2_SC, T_C circuits of the twelfth embodiment below. It also illustrates an FDB_C circuit for receiving from the terminals information on the sizes of the images contained in the transmitted subsets, in order to transmit subsets of minimum size in the future. These circuits are actually not visible without opening the terminal.
A first embodiment relates to a selective extraction method, by a terminal (for example one of the terminals TRM, TRMi and TRM2 shown in the figures), of at least one image to be extracted contained in a stored encrypted video stream. on a BRC_S server. By server is meant physical server (as opposed to a purely software server). The server is unable to decrypt said encrypted video stream. For example, the relevant keys are not communicated to him for security reasons. Alternatively, this is simply due to a division of tasks that does not confer this prerogative of decryption. According to one possible implementation, when several qualities of the same encrypted video stream are available, the lowest quality is selected. This makes it possible to limit the bandwidth requirements, and does not present any significant disadvantage because, in the context of the method under consideration, a low quality is in principle acceptable (since it is necessary to construct an approximate representation of the video stream to enable easier navigation in this video stream).
The encrypted video stream is divided into ciphered blocks Li, L2, L3, Ln. Each encrypted block contains multiple encrypted images. By "contains several encrypted images" is meant that the encrypted block comprises data which, after being decrypted, are equal to a digital representation of said images. According to one possible implementation, the method is provided for extracting, for each encrypted block, only slightly fewer images than the number of images contained in this encrypted block. According to one possible implementation, each block is conventionally encrypted using a symmetrical session key. This symmetrical session key is for example a DES key, a 3DES key, an AES key, a RCS key, and so on. The session key is unknown to the BRC_S broadcast server. This session key is for example calculated (or randomly generated) by a rights management server DRM_S. The DRM_S rights management server encrypts this session key, for example using an asymmetric encryption algorithm, such as an RSA algorithm, an algorithm based on elliptic curves, and so on. The rights management server DRM_S then transmits this session key in encrypted form to the terminal TRM. Alternatively, the DRM_S rights management server transmits not the session key but elements allowing the TRM terminal to calculate the session key. Any other session key exchange mechanism is possible.
According to one possible implementation, each block of video stream has the size of a multiple of an input block of the symmetric encryption algorithm used. For example, an AES session key operates on blocks of 128 bits or 16 bytes. Each block of video stream can then have a size multiple of 16 bytes. Alternatively, the encrypted block includes additional metadata whose size is not multiple of the size of the blocks used by the symmetric encryption algorithm used.
The method comprises a selection Si of an encrypted block Li (or even of several encrypted blocks) of the encrypted video stream, said encrypted block containing an image to be extracted. According to one implementation, this selection is explicit (for example, the selection is performed by indicating a sequence number of the encrypted block in the video stream in question). According to an alternative implementation, this selection is implicit. For example, by requesting from the server BRC_S a file comprising information located in the encrypted block Li, the terminal can make an implicit selection of the block Li. According to one possible implementation, the selection (implicit or explicit) of the block is operated by the terminal and communicated to the server. According to another possible implementation, the selection (implicit or explicit) of the block is operated by the server.
The method comprises a selection S2 of a subset of said encrypted block Li containing said image to be extracted. According to one implementation, this selection is explicit. According to an alternative implementation, this selection is implicit. For example, by requesting from the server BRC_S a file comprising information located in the considered subset of the encrypted block Li, the terminal can make an implicit selection of this subset of the encrypted block Li. possible, the subset is defined by its size (expressed for example in number of bytes). This information may be sufficient when the subset starts at the beginning of the encrypted block, or at a fixed position in the encrypted block. According to an alternative implementation, the subset is defined by its start position (expressed for example in number of bytes starting from the beginning of the ciphered block considered) and by its size (expressed for example in number of bytes) . According to an alternative implementation, the subset is defined by its start position (expressed for example in number of bytes starting from the beginning of the ciphered block considered) and by its end position (expressed for example in number of bytes from the beginning of the cipher block considered). According to one possible implementation, an explicit selection of the subset consists in transmitting from the terminal to the server the definition element or elements of the subset concerned (for example its size and possibly its position). According to one possible implementation, the selection (implicit or explicit) of the subset is made by the terminal and communicated to the server. According to another possible implementation, the selection (implicit or explicit) of the subset is operated by the server.
The method comprises a transmission T, by the server to the terminal, of said subset. According to one possible implementation, the terminal explicitly requests the transmission T. According to an alternative implementation, the transmission T is automatically performed by the server BRC_S.
The method comprises a decryption D of said subset by the terminal. To be able to decrypt, the terminal must know the encryption mode. Block ciphering, regardless of the symmetric algorithm used, operates for example in ECB mode (acronym for Electronic Code Book, meaning electronic code book), or, more frequently (because is more secure) in CBC mode (acronym for the English Cipher Block Chaining expression meaning block cipher chaining). In ECB mode, each block in the encrypted block is encrypted independently of the others. Any block can therefore be decrypted if the encryption / decryption key is known. In CBC mode, more secure, each block of the encrypted block has been encrypted taking into account the immediately preceding block of the encrypted block. To decipher, it is necessary to know the value of this previous block of the encrypted block. In order to proceed with the decryption D, it is therefore necessary, in the case of CBC mode, to obtain the 16 bytes (in the case of the AES) directly preceding the subset to be deciphered within the block considered, except for the first block of the encrypted block (which can be decrypted autonomously). The subset integrates, if necessary, the previous 16 bytes (for the AES), and more generally the number of bytes on which operates the symmetric encryption algorithm used (if it is not a question of AES).
The method comprises an extraction E, by the terminal, of said image to be extracted from said decrypted subset. Once the subset decrypted, it is indeed necessary to extract the desired image. This can be done by attempting to decompress the beginner file at the beginning of the decrypted subset. In case of failure, start again by setting the start one byte further, and so on until the decompression works. Alternatively, metadata indicate the beginning of the image.
According to a second embodiment, a selective extraction method according to the first embodiment, comprises, after the extraction of said image to be extracted from said decrypted subset, a transmission of the terminal to the server BRC_S the size of the encrypted image to extract. According to one variant, a selective extraction method according to the first embodiment, comprises, after the extraction of said image to be extracted from said decrypted subset, a transmission of the terminal to the BRC_S server of the size of the image. encrypted to extract as well as the position of this image (when this position is not known in advance or easily deductible) within the encrypted block. Thus, the BRC_S server can later memorize the sizes and locations of the different images. When they are needed again, it is no longer necessary to transmit a subset of estimated size (usually much larger than reality to account for the possible margin of error). It is possible to transmit a subset of the smallest possible size.
Alternatively, it is possible to install a terminal software emulation on the broadcast server BRC_C, so as to have access to the keys. Thus, it is the server itself which is updated thanks to an emulated terminal.
According to a third embodiment, a selective extraction method according to one of the first and second embodiments comprises a selection, by the terminal, of all the encrypted blocks of the encrypted video stream. At least one encrypted block image is then intended to be extracted from the stream.
According to a fourth embodiment, a selective extraction method according to one of the first to the third embodiments, comprises, for each selected encrypted block, a selection of a single subset containing a single image to be extracted for said Encrypted block selected. This is sufficient for video streams of a duration of at least 10-20 minutes, for which sufficient and spaced images are thus guaranteed. Thus, only one image is extracted by encrypted block.
According to a fifth embodiment, the single subset of a selective extraction method according to the fourth embodiment, selected for a selected encrypted block, begins at the beginning of said selected encrypted block.
Indeed, this is advantageous because one of the images of the encrypted block is easier to locate: the first, whose position is generally known (this is the very beginning of the encrypted block), only the remaining size if necessary to be determined .
According to a sixth embodiment, the size of the subset selected by a terminal according to a selective extraction method according to the fifth embodiment is by default a predetermined size (for example 5% of the size of the selected block, or a constant size, identical for all the blocks of the stream).
According to one possible implementation, this predetermined size is constant and is equal to the maximum possible size of an encrypted image in the encrypted video stream. The maximum size, in bytes, of an encrypted image is the size of the unencrypted image, rounded up to the nearest multiple (greater than or equal to) the block size of the symmetric encryption algorithm used, plus one time or twice the block size of the symmetric encryption algorithm used (once in case of ECB mode, twice in case of CBC mode). For example, for an image size of up to 200 bytes and a block size of 16 bytes, the maximum size of the image is: 13 * 16 + 16 + 16 = 208 + 16 + 16 = 240 bytes (in CBC mode, if the image is not at the very beginning of the video stream).
However, the maximum size of an image can be very large, and have a very low probability of occurrence (or even negligible), which is often the case in practice.
According to one possible implementation, instead of using as a predetermined size a constant size equal to the maximum possible size of the encrypted image, it is a probable maximum size that is used. For example, this may be the maximum size of a certain percentage (eg 99.95%) of the least heavy images (i.e., having the smallest size) of the possible images. In the example considered, the size is the size of the image having the largest size among the 99.95% of the images having the smallest size. According to one possible implementation, in the event that an image corresponds to one of the heaviest images (that is to say, in the above example, to one of the 0.05% of images the heavier), the retransmission of a larger portion of the block is solicited to obtain the entire image. According to one possible implementation, the percentage (for example the 99.95% above) is measured not only on the images of the stream in question, but on all the possible images. Thus, for very many streams, no image needs to be retransmitted because of a predetermined constant size too small.
According to one possible implementation, the size of the subset selected by a terminal according to a selective extraction method according to the fifth embodiment is by default a fixed size according to a characteristic of the selected block. The size can be different from one block to another. For example, the size of the selected subset is set to a percentage of the size of the selected block (for example 5% of the size of the selected block). According to one possible implementation, the size of the selected subset is set according to the quality of the extract of the flow contained in the block (which is another possible characteristic). Thus, if the quality makes it possible to conclude that the block contains 240 images including 20 images I (for example an image I every half second, the block having for example a duration of ten seconds), and to conclude also that each image I should to represent on average 2% of the size of the block, then it can be envisaged to extract 4% of the flow which guarantees the extraction of an image I that can be up to twice the estimated average size of an image I of the block. This is obviously only one possible example.
In all cases, this default value (predetermined size) may apply only when there is no size known in advance received for example from another terminal having previously filed a request on the same block selected (as envisaged in particular in the second embodiment).
According to a seventh embodiment, each selected encrypted block of a selective extraction method according to one of the first to third embodiments comprises only two images to extract. This may include the image I at the beginning of the identified encrypted block, as well as an image I of the middle of the encrypted block.
Advantageously, the extraction of a second image per block is triggered only for video streams of a total duration less than a determined threshold (for example a threshold between 10 and 20 minutes). According to one possible implementation, the selective extraction process extracts three, four, or even five images per block. This can be useful in the case of very short video streams (less than ten minutes for example).
According to an eighth embodiment, a selective extraction method according to one of the first to seventh embodiments comprises a concatenation, by the server, of several selected subsets, and a transmission of said concatenated subsets by the server. to the terminal within the same package. According to one possible implementation, the server is arranged to concatenate as many subsets as there is room for subsets in an optimally sized packet (for example a packet having the maximum size allowed on the network of communication used). The MTU of an Ethernet network 2 is 1500 bytes (maximum packet size, at least without fragmentation), which is very short for the process envisaged. If there are more subsets than this implementation allows (not all subsets within a single packet), it is convenient to divide the communication into multiple packets. Alternatively, it is possible to create a larger packet and rely on fragmentation mechanisms of the network in question. An IPv4 packet can only be up to 64K, which is again quite short in the context of the envisaged process. However, other protocols allow larger packets. For example, IPv6 allows very large packets (up to 4GB) called "jumbograms".
According to a ninth embodiment, a computer program comprises a series of instructions which, when executed by at least one processor, implement a method according to one of the preceding claims. According to one possible implementation. This program is for example written in a low-level language (such as an assembler language). It can also be written in a higher level language, such as C language. This program can be separated into components recorded on separate media. For example, a component can be registered on a mobile phone or on a personal computer, and one or more other component (s) can be registered on a broadcast server. Each component can be written in a different language.
According to a tenth embodiment, computer-readable non-transitory storage media store a computer program according to the ninth embodiment. These supports are for example a rewritable memory (such as a Flash or EEPROM memory) of a mobile phone and / or a computer server memory (for example a hard disk type magnetic memory).
According to an eleventh embodiment, a terminal TRM, TRMi, TRM2 is arranged to selectively extract at least one extracted image contained in an encrypted video stream stored on a BRC_S server unable to decrypt said encrypted video stream. The terminal is for example a mobile phone, a tablet, a laptop, a digital music player, etc. The encrypted video stream is divided into ciphered blocks Li, L2, L3, Ln. Each encrypted block contains multiple encrypted images.
The terminal comprises an electronic selection circuit Si_C of an encrypted block of the encrypted video stream, said encrypted block containing an image to be extracted. According to one possible implementation, this electronic selection circuit is a dedicated electronic circuit, or an FPGA. According to another embodiment, this electronic selection circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the electronic circuit functions. Selection. This electronic circuit may comprise an emitter such as a network card or be connected to such an emitter.
The terminal comprises an electronic selection circuit S2_C of a subset of said encrypted block containing said image to be extracted. According to one possible implementation, this other electronic selection circuit is a dedicated electronic circuit, or an FPGA. According to another embodiment, this other electronic selection circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the circuit functions. electronic selection. This electronic circuit may comprise an emitter such as a network card or be connected to such an emitter.
The terminal comprises an electronic reception circuit R_C of said subset from the server. According to one possible implementation, this electronic reception circuit is a dedicated electronic circuit, or an FPGA. According to another embodiment, this electronic reception circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the electronic circuit functions. reception. This electronic circuit may comprise a receiver such as a network card or be connected to such a receiver.
The terminal comprises an electronic decryption circuit D_C of the selected subset. According to one possible implementation, this electronic decryption circuit is a dedicated electronic circuit, or an FPGA. According to another implementation, this electronic decryption circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the electronic circuit functions. decryption.
The terminal comprises an electronic extraction circuit E_C of said image to be extracted from said decrypted subset. According to another embodiment, this extraction electronic circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the circuit functions. electronic extraction. Extraction can consist of attempting to decompress the decrypted data, and, as long as the decompression fails, retry decompressing by repeating an octet later in the decrypted data.
According to one possible implementation, the five preceding electronic circuits (Si_C, S2_C, R_C, D_C, E_C) are five separate circuits. According to another implementation, there are five circuits comprising a processor shared between the five circuits.
According to a twelfth embodiment, a BRC_S server is arranged to store an encrypted video stream that it is not able to decrypt. The encrypted video stream is divided into encrypted blocks (Li, L2, L3, Ln). Each encrypted block contains multiple encrypted images.
The server comprises an electronic circuit Si_SC selection of an encrypted block of the encrypted video stream, said encrypted block containing an image to extract. According to one implementation, this selection electronic circuit is arranged to cooperate with an electronic terminal selection circuit, which sends a selection command to implement it. According to one possible implementation, this electronic selection circuit is a dedicated electronic circuit, or an FPGA. According to another embodiment, this other electronic selection circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the circuit functions. electronic selection. This electronic circuit may comprise a receiver such as a network card or be connected to such a receiver.
The server comprises an electronic selection circuit S2_SC of a subset of said encrypted block containing said image to be extracted. According to one implementation, this other electronic selection circuit is arranged to cooperate with an electronic terminal selection circuit, which sends a selection command to implement. According to one possible implementation, this other electronic selection circuit is a dedicated electronic circuit, or an FPGA. According to another embodiment, this other electronic selection circuit is an association of a processor and a memory storing a suitable computer program, when it is executed by the processor, to implement the circuit functions. electronic selection. This electronic circuit may comprise a receiver such as a network card or be connected to such a transmitter.
The server comprises an electronic transmission circuit T_C of said subset to a terminal.
According to one possible implementation, the three preceding electronic circuits (Si_SC, S2_SC, T_C) are three separate circuits. According to another implementation, there are three circuits comprising a processor shared between the three circuits.
According to a possible embodiment, a video stream distribution system comprises a terminal according to the eleventh embodiment and a server according to the twelfth embodiment. The invention is not limited to the embodiments described above as examples. Usable memories cover any type of memory.
The embodiments described in connection with the method according to embodiments of the invention can be transposed to the terminals and / or the server BRC_S according to embodiments of the invention, as well as computer programs and program storage media according to embodiments of the invention, and vice versa.

权利要求:
Claims (12)
[1" id="c-fr-0001]
1. A method for selective extraction, by a terminal (TRM, TRMi, TRM2), of at least one image to extract contained in an encrypted video stream stored on a server (BRC_S) incapable of decrypting said encrypted video stream, said stream encrypted video being divided into encrypted blocks (Li, L2, L3, Ln), each encrypted block containing a plurality of encrypted images, said method comprising: - a selection (Si) of an encrypted block (Li) of the encrypted video stream, said block encrypted containing an image to extract; a selection (S2) of a subset of said encrypted block (Li) containing said image to be extracted; a transmission (T), by the server to the terminal, of said subset; a decryption (D) of said subset by the terminal; an extraction (E), by the terminal, of said image to be extracted from said decrypted subset.
[2" id="c-fr-0002]
2. Selective extraction method according to claim 1, comprising, after extraction of said image to be extracted from said decrypted subset, a transmission from the terminal to the server of the size of the encrypted image to be extracted.
[3" id="c-fr-0003]
3. Selective extraction method according to one of the preceding claims, comprising a selection by the terminal of all the encrypted blocks of the encrypted video stream.
[4" id="c-fr-0004]
4. Selective extraction method according to one of the preceding claims, comprising, for each selected encrypted block, a selection of a single subset containing a single image to be extracted for said selected encrypted block.
[5" id="c-fr-0005]
The selective retrieval method of claim 4, wherein the single subset selected for a selected encrypted block begins at the beginning of said selected encrypted block.
[6" id="c-fr-0006]
The selective extraction method according to claim 5, wherein the size of said selected subset is by default a predetermined size.
[7" id="c-fr-0007]
7. Selective extraction method according to one of claims 1 to 3, wherein each selected encrypted block comprises only two images to extract.
[8" id="c-fr-0008]
8. Selective extraction method according to one of the preceding claims, comprising a concatenation, by the server, of several selected subsets, and a transmission of said subsets concatenated by the server to the terminal within a single packet .
[9" id="c-fr-0009]
9. Computer program comprising a series of instructions which, when executed by at least one processor, implement a method according to one of the preceding claims.
[10" id="c-fr-0010]
A computer-readable, non-transitory storage medium storing a computer program according to claim 9.
[11" id="c-fr-0011]
11. Terminal (TRM, TRMi, TRM2) arranged to selectively extract at least one extracted image contained in an encrypted video stream stored on a server (BRC_S) unable to decrypt said encrypted video stream, said encrypted video stream being divided into encrypted blocks (Li, L2, L3, Ln), each encrypted block containing a plurality of encrypted images, said terminal comprising: an electronic selection circuit (Si_C) of an encrypted block of the encrypted video stream, said encrypted block containing at least one image to be extracted ; an electronic selection circuit (S2_C) of a subset of said encrypted block containing said image to be extracted; an electronic reception circuit (R_C) of said subset from the server; an electronic decryption circuit (D_C) of said subset; an electronic extraction circuit (E_C) of said image to be extracted from said decrypted subset.
[12" id="c-fr-0012]
A server (BRC_S) arranged to store an encrypted video stream that it is not able to decrypt, said encrypted video stream being divided into encrypted blocks (Li, L2, L3, Ln), each encrypted block containing a plurality of images encrypted, said server comprising: an electronic selection circuit (Si_SC) of an encrypted block of the encrypted video stream, said encrypted block containing an image to be extracted; an electronic selection circuit (S2_SC) of a subset of said encrypted block containing said image to be extracted; an electronic transmission circuit (T_C) of said subset to a terminal.

类似技术:

公开号 | 公开日 | 专利标题

US10123059B2|2018-11-06|Fast start of streaming digital media playback with deferred license retrieval

EP1890493A1|2008-02-20|Method for revocating security modules used to secure broadcast messages

EP3229483A1|2017-10-11|Extraction of video streams

US20130322628A1|2013-12-05|Apparatus and method for transceiving content in a digital broadcast system

FR2888355A1|2007-01-12|METHOD FOR CONTROLLING CONSUMER RIGHTS OF THE "N AUTHORIZED CONSUMPTION" TYPE OF AUDIO AND / OR VIDEO DIGITAL CONTENT AND DEVICE USING THE SAME

WO2004056114A1|2004-07-01|Synchronisation of secure audiovisual streams

EP3114598B1|2017-11-22|Method for providing protected multimedia content to a terminal

KR101472032B1|2014-12-16|Method of treating representation switching in HTTP streaming

EP1621009A1|2006-02-01|Method and device for securing transmission, recording and viewing of digital audiovisual packet flows

EP1798975A1|2007-06-20|Verschlüsselungs- und entschlüsselungs-Verfahren für Inhalt mit bedingtem Zugang.

FR2970134A1|2012-07-06|METHOD FOR TRANSMITTING AND RECEIVING MULTIMEDIA CONTENT

EP1964404A1|2008-09-03|Method for transmitting conditional access content

EP3818659A1|2021-05-12|Method for obtaining a sequence of cryptographic keys

EP3317799B1|2019-03-27|Method for providing protected multimedia content

FR3069996B1|2019-09-13|METHOD FOR READING A DIGITAL MULTIMEDIA STREAM WITH QUICK ACCESS TO THE CLEAR CONTENT AND USE DEVICE

FR3054765B1|2019-08-23|METHOD FOR READING EQUIPMENT OF MULTIMEDIA CONTENT WITH TARGET DELAY IN RELATION TO DIRECT LESS THAN MAXIMUM DELAY GIVES

EP3329686B1|2020-06-10|Device and method for modifying an encrypted multimedia data stream

EP3248379B1|2018-10-24|Method for broadcasting protected multimedia contents

FR3005386A1|2014-11-07|METHOD AND DEVICE FOR PROVIDING A PART ALREADY DIFFUSED FROM A MULTIMEDIA STREAM, USER TERMINAL, CORRESPONDING COMPUTER PROGRAM AND MEDIUM STORAGE MEDIUM

FR3101503A1|2021-04-02|Management of the adaptive progressive download of digital content over the mobile network with selection of a maximum encoding rate allowed according to a bucket of data

FR3093605A1|2020-09-11|A method of accelerated browsing of digital content obtained by adaptive progressive download |, manager, media player and corresponding computer program.

FR3110263A1|2021-11-19|Method and system for authenticating a computer application, or a function of the application, executed by a media receiver

EP2328316B1|2013-09-11|Access control to digital content

WO2016009140A1|2016-01-21|Method of access to a multimedia content protected by a terminal

FR2846831A1|2004-05-07|Pseudo on-demand broadcast system, e.g. for video, transmitting information elements to all receivers for encrypted storage after filtering according to individual selection criteria

同族专利:

公开号 | 公开日

FR3050090B1|2018-03-23|

US20170295398A1|2017-10-12|

EP3229483A1|2017-10-11|

US10477264B2|2019-11-12|

引用文献:

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

US20130007223A1|2006-06-09|2013-01-03|Qualcomm Incorporated|Enhanced block-request streaming system for handling low-latency streaming|

US20140359679A1|2013-05-30|2014-12-04|Sonic Ip, Inc.|Content streaming with client device trick play index|

US7401351B2|2000-12-14|2008-07-15|Fuji Xerox Co., Ltd.|System and method for video navigation and client side indexing|

AU2005202356B2|2005-05-31|2008-01-10|Canon Kabushiki Kaisha|Frame scattering for video scrubbing|

US10277956B2|2007-10-01|2019-04-30|Cabot Communications|Method and apparatus for streaming digital media content and a communication system|

US8472783B2|2010-11-30|2013-06-25|Echostar Technologies L.L.C.|Systems and methods for digital video high accuracy fast forward, rewind and skip|

CN102594773B|2011-01-10|2017-03-29|中兴通讯股份有限公司|A kind of method and system for realizing data acquisition|

US8909922B2|2011-09-01|2014-12-09|Sonic Ip, Inc.|Systems and methods for playing back alternative streams of protected content protected using common cryptographic information|

US20180129407A9|2011-10-14|2018-05-10|Autodesk, Inc.|Real-time scrubbing of online videos|

US9197685B2|2012-06-28|2015-11-24|Sonic Ip, Inc.|Systems and methods for fast video startup using trick play streams|

US9226007B2|2013-02-15|2015-12-29|Cox Communications, Inc.|Cloud-enabled network-based digital video recorder|

US9317188B2|2013-03-15|2016-04-19|Arris Enterprises, Inc.|Devices and methods for providing navigation images associated with adaptive bit rate video content|

ES2611160T3|2013-12-11|2017-05-05|Squadeo S.A.S.|Apparatus and method for decoding compressed video|

US9918040B2|2014-12-05|2018-03-13|Comcast Cable Comunications Magagement, Llc|Video preview during trick play|

US10375452B2|2015-04-14|2019-08-06|Time Warner Cable Enterprises Llc|Apparatus and methods for thumbnail generation|

US10652594B2|2016-07-07|2020-05-12|Time Warner Cable Enterprises Llc|Apparatus and methods for presentation of key frames in encrypted content|US10432589B1|2015-07-31|2019-10-01|Symphony Communication Services Holdings Llc|Secure end-to-end communications|

US10237246B1|2015-07-31|2019-03-19|Symphony Communication Services Holdings Llc|Secure message search|

US10819709B1|2016-09-26|2020-10-27|Symphony Communication Services Holdings Llc|Authorizing delegated capabilities to applications in a secure end-to-end communications system|

法律状态:
2017-09-06| PLFP| Fee payment|Year of fee payment: 2 |

2017-10-13| PLSC| Publication of the preliminary search report|Effective date: 20171013 |

2018-04-27| PLFP| Fee payment|Year of fee payment: 3 |

2019-02-20| PLFP| Fee payment|Year of fee payment: 4 |

2020-02-26| PLFP| Fee payment|Year of fee payment: 5 |

2021-04-24| PLFP| Fee payment|Year of fee payment: 6 |

优先权:

申请号 | 申请日 | 专利标题

FR1653150A|FR3050090B1|2016-04-08|2016-04-08|EXTRACTION OF VIDEO STREAM|

FR1653150|2016-04-08|FR1653150A| FR3050090B1|2016-04-08|2016-04-08|EXTRACTION OF VIDEO STREAM|

EP17165587.1A| EP3229483A1|2016-04-08|2017-04-07|Extraction of video streams|

US15/481,668| US10477264B2|2016-04-08|2017-04-07|Extraction of video streams|

[返回顶部]