Title of Invention	MOTION PICTURE FILE ENCRYPTION METHOD AND DIGITAL RIGHTS MANAGEMENT METHOD USING THE SAME
Abstract	A method of encrypting a motion picture file and a method of digital rights management using the same, wherein encryption method includes: extracting information on the location of at least one video sample, which is a real-time streaming unit, from meta-data of the motion picture file; extracting the video samples based on the location information; encrypting the extracted video samples, excluding a start code within a video sample header of each extracted video sample, based on predetermined encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples. Since the file is encrypted in units of video object planes (VOPs) while maintaining an MEPG-4 file format, the encryption method can be easily applied to a completed file format and streaming service is also possible.

Title of Invention

MOTION PICTURE FILE ENCRYPTION METHOD AND DIGITAL RIGHTS MANAGEMENT METHOD USING THE SAME

Abstract

A method of encrypting a motion picture file and a method of digital rights management using the same, wherein encryption method includes: extracting information on the location of at least one video sample, which is a real-time streaming unit, from meta-data of the motion picture file; extracting the video samples based on the location information; encrypting the extracted video samples, excluding a start code within a video sample header of each extracted video sample, based on predetermined encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples. Since the file is encrypted in units of video object planes (VOPs) while maintaining an MEPG-4 file format, the encryption method can be easily applied to a completed file format and streaming service is also possible.

Full Text	ABSTRACT [Abstract of the Disclosure] A method of encrypting an MPEG file and a method of digital rights management 5 using the same are provided. The encryption method includes: extracting information on the location of at least one video sample from a plurality of video samples; extracting a corresponding video sample based on the extracted location information; encrypting the extracted video sample, excluding a video sample identifying information identifying the extracted video sample among the extracted video sample, based on predetermined 10 encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples. Since the file is encrypted in units of video object planes (VOPs) while maintaining an MEPG-4 file format, the encryption method can be easily applied to a completed file format and streaming service is also possible. 15 [Representative Drawing] FIG. 2 1 SPECIFICATION [Title of the Invention] 5 Motion picture file encryption method and digital rights management method using the same [Brief Description of the Drawings] FIG. 1 is a diagram of a motion picture file format; 10 FIG. 2 is a schematic diagram of digital rights management according to the present invention; FIG. 3 is a flowchart of an MPEG-4 file encryption method according to the present invention; FIG. 4 is a structural diagram of a media data atom of an MPEG-4 file; 15 FIG. 5A is a structural diagram of a moov atom of an MPEG-4 file; FIG. 5B is a diagram of the inner structure of a chunk size atom, a sample number atom, and a sample size atom; FIGS. 6A through 6C are reproduced images of an MPEG file encrypted in various ways; 20 FIG. 7 is a diagram of the inner structure of transmission packets that are packetized by a streaming module; FIG. 8 is a flowchart of a method of a contents client 300 playing an MPEG-4 file after receiving a transmission packet 241; FIG. 9 is a diagram of the inner structure of transmitted video object planes 25 (VOPs); FIG. 10 is a diagram of the inner structure of a digital rights management atom according to the present invention; and FIG. 11 is a diagram of an example of an application program interface code that produces an atom. 2 [Detailed Description of the Invention] [Object of the Invention] [Technical Field of the Invention and Related Art prior to the Invention] 5 The present invention relates to a method of encrypting a motion picture file and a method of managing digital rights using the same, and more particularly, to a method of encrypting a motion picture file while maintaining the format of the motion picture file so that a streaming service under digital rights management is possible, and a method of digital rights management. 10 Currently, service providers provide multi-media data to users in the form of download service or streaming service. Download service enables an entire multi-media file to be downloaded from a service provider's computer to a user's computer and then reproduced. Streaming service is when a service provider segments a file into real-time refreshable segments and transmits the segments to a 15 user who reproduces the segments in real-time. Whichever service is provided by the service provider, the user has to complete a process of acquiring legitimate rights for relevant multi-media data before being able to reproduce the files. A user who attempts to access the files without acquiring legal rights to the files should be blocked. To facilitate such selective provision and denial of 20 access, multi-media files are encrypted. Digital rights management (DRM) is a solution for all sorts of systems that only allows users with legal rights to access encrypted files. Generally, a DRM system includes a contents provider, a user, a DRM server, and so on, and can include an electronic payment process, a user authentication process, and a public key 25 infrastructure (PKI). The most basic DRM method used is encrypting a Motion Picture Experts Group (MPEG) file, transmitting the encrypted MPEG file to a user, and then providing a key that can decrypt the encrypted file to the user if it is confirmed through a user authentication process that the user has legal rights. The user authentication process 3 can include an electronic payment process and a PKI can be used for transmitting the key. However, such an encryption method cannot be used for streaming service because decryption is possible only after downloading the entire file. That is, even if a 5 user key is transmitted from the DRM server, reproduction of the corresponding file is not possible until the entire encrypted file is downloaded. Another encryption method involves encrypting discrete cosine transform coefficients, for example, AC or DC values, during a motion picture file encoding process. 10 This method, however, does not encrypt a completed motion picture file but adds an additional encryption process to a motion picture file encoding process. As a result, this method cannot be easily applied to a completed motion picture file. In addition, if a contents provider has to apply an encryption algorithm that is specifically designated for the contents provider in a motion picture file production process, the contents provider 15 has the disadvantage of having to depend on a motion picture file provider to provide the service. This inhibits the growth and development of the on-line contents industry. [Technical Goal of the Invention] The present invention provides an encryption method that can be applied to 20 streaming service and at the same time easily applied to a complete motion picture file without taking part in a motion picture file production process, and ?i digital rights management method using the encryption method. [Structure and Operation of the Invention] 25 According to an aspect of the present invention, there is provided a method of encrypting a motion picture file that includes a plurality of video samples, the encryption method comprising: extracting information on the location of at least one video sample among the video samples; extracting a corresponding video sample based on the extracted location information; encrypting the extracted video samples, excluding video 4 sample identifying information indicating the extracted video sample among the extracted video sample, based on predetermined encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples. According to another aspect of the present invention, there is provided a method 5 of decrypting a motion picture file encrypted in units of video samples based on predetermined encryption information, the decryption method comprising: detecting video sample identifying information which identifies each video sample in the motion picture file; extracting each video sample based on the video sample identifying information; extracting encrypted video samples among the extracted video samples 10 based on encryption information; decrypting the encrypted video samples based on decryption information that corresponds to the encryption information; and reproducing the motion picture file by recombining the decrypted video samples. Preferably, the video sample is encoded such that the rest of the video sample, excluding the video sample identifying information, is encrypted. 15 According to another aspect of the present invention, there is provided a method of a digital rights management using a contents server and a contents client. The method comprises: receiving encryption and decryption information by carrying out a user authentication process for a predetermined motion picture file through the contents server and the contents client; selectively encrypting a relevant motion picture file in 20 units of video samples based on the received encryption information; transmitting the encrypted motion picture file via a streaming server; extracting the encrypted video sample from the transmitted motion picture file; decrypting the extracted video sample, excluding the video sample identifying information that identifies the video sample, using the received decryption information; and reproducing the decrypted motion picture 25 file in real-time by recombining the decrypted video samples. Preferred embodiments of the present invention will now be described with reference to the attached drawings. FIG. 1 is a diagram of a motion picture file format. 5 The motion picture file includes MPEG-1, -2, and -4 file formats. Each motion picture file is divided into a media data region which includes user data, and a meta-data region which stores meta-data needed for reproducing the file, such as the location and size of the user data. Below, the present invention applied to an MPEG-4 5 file format will be described. An MPEG-4 file 10 includes a number of atoms 20, 21, 22, 30, 31, and 32. Each atom 20, 21, 22, 30, 31, and 32 has lower level atoms, thus forming a layered structure. Here, a higher atom is called a container atom and a lower atom is called a leaf atom. The two top-level atoms are: a moov atom 20 and a media data atom mdat 30. User 10 media data, i.e., audio or video data that is saved inside an MPEG file, is saved in the media data atom 30. Information regarding media data, i.e., meta-data, is saved in the moov atom 20. The media data atom 30 includes a number of video object planes VOP 31, 32, and so on, and audio data 33 and 34. FIG. 2 is a schematic diagram for explaining digital rights management according 15 to the present invention. A solution for digital rights management (DRM) includes a contents server 200, a contents client 300, and a DRM server 100. The contents server 200 provides media data to a user and includes a DRM server module 210, a contents database 220, a contents encryption unit 230, and a streaming module 240. The contents client 300 20 receives contents from the contents server 200 and reproduces the contents, and includes a DRM client module 310, a packet receiving unit 320, a contents decryption unit 330, and a media reproduction unit 340. The DRM server 100 carries out user authentication and transmission of a key between the contents server 200 and the contents client 300. When the DRM client 25 module 310, within the contents client 300, sends a request for user authentication 101 to the DRM server 100, the DRM server 100 carries out the user authentication process using an electronic payment system (not shown). After the user authentication is completed, the DRM server 100 produces DRM authentication information 102 using, 6 for example, user information that has been used to perform user authentication. Then, the produced DRM authentication information is transmitted to the contents server 200. The DRM server module 210, within the contents server 200, produces an encryption key from DRM authentication information 102 that is transmitted from the 5 contents server 200, and sends the encryption key and optional encryption information 213 input by the user to the encryption unit 230 as encrypted information 211. The optional encryption information 213 includes a type of encryption method, a VOP ID, which is the object of encryption, an encryption mode, and so on. The DRM server module 210 within the contents server 200 and the DRM client 10 module 310 within the contents client 300 carry out the user authentication process with the DRM server 100. The DRM server module 210 receives the DRM authentication information 102 from the DRM server 100 and uses the DRM authentication information 102 to produce the encryption key. Also, the DRM server module 210 sends the encryption information 211, which includes the encryption key and the optional 15 encryption information 213 input by the user, to the contents encryption unit 230. In addition, the DRM server module 210 produces DRM encryption information 103 using the encryption information 211 and other information needed for the DRM service, and sends the DRM encryption information 103 to the DRM server 100. The DRM server 100 produces DRM decryption information 104 by adding 20 various information received from the user authentication process to the DRM encryption information 103 received from the DRM server module 210, and sending the DRM decryption information 104 to the DRM client module 310. If the DRM service uses a symmetrical key structure, the encryption key included in the DRM encryption information 103 and a decryption key included in the DRM decryption information 104 25 are the same. If the DRM service uses an asymmetrical key structure, however, the encryption key and the decryption key differ. Thus, the DRM encryption information 103 and the DRM decryption information 104 are different. The DRM client module 310 receives the DRM decryption information 104 from the DRM server 100 and extracts decryption information 311 from the DRM decryption 7 information 104. The decryption unit 330 decrypts the motion picture file using the decryption information 311. In FIG. 2, the encryption unit 230 within the contents server 200 produces encrypted contents 231 by receiving contents 221 from a contents database 220 and 5 encrypting the contents 221. According to the characteristics of the present invention, the contents 221 and the encrypted contents 231 have the same MPEG-4 file format illustrated in FIG. 1. FIG. 3 is a flowchart of an MPEG-4 file encryption method according to the present invention. 10 It is a characteristic of the present invention that an MPEG-4 file is encrypted in units of VOPs, rather than encrypting the MPEG-4 file as a whole. A VOP that is to be encrypted can be selected through the optional encryption information 213. The encryption method is a block encryption method like data encryption standard (DES) or a 128-bit type standard Korean encryption algorithm (SEED). Since the encryption 15 method is a block encryption method, it does not change the size and form of the original MPEG-4 file. In other words, the size and format of the MPEG-4 file before and after encryption are the same. Therefore, a reproduction algorithm of the original MPEG-4 file can be used without any modification. Also, although encryption is carried out in units of VOPs, the first 4 bytes of each VOP are not encrypted because the first 4 20 bytes are a start code used to extract the VOP from the contents client 300. An offset of each VOP is extracted from the moov atom of the MPEG-4 file received from the contents database (step 301). The offset of a VOP refers to location information of the VOP within the MPEG-4 file. With offset of each VOP as a basis, VOPs selected by the optional encryption information 213 are extracted (step 302). 25 Extracted VOPs are encrypted using DES or SEED (step 303). An encrypted MPEG-4 file is produced by combining the encrypted VOPs and non-encrypted VOPs (step 304). Below, an offset extraction process for each VOP of the MPEG-4 file will be described with reference to FIGS. 4 through 6. FIG. 4 is a structural diagram of a media data atom of an MPEG-4 file. 8 Depending on an MPEG-4 file format, a media data atom includes a chunk where actual media data exists and an unused portion where media data does not exist. The chunk includes a video chunk and an audio chunk, and each chunk is divided into a number of samples. When the media data included in the chunk is video data, the 5 sample is a VOP. FIG. 5A is a structural diagram of a moov atom of an MPEG-4 file. A moov atom 510 includes a number of track atoms (Track 1) 520 and each track atom (Track 1) 520 includes a media atom 530 as a lower level atom, the media atom 530 includes a media information atom 540 as a lower level atom, and the media 10 information atom 540 includes a sample table atom 550 as a lower level atom. The first 4 bytes of each atom have information on the size of the atom, the next 4 bytes have information on the type of the atom, and the rest of the region has meta-data information which the atom shows. The media information atom 540 also has a video information atom 541 as a lower level atom. The video information atom 15 541 shows that corresponding media data is video data. The sample table atom 550 has a chunk size atom 551, a sample number atom 552, and a sample size atom 553, as lower level atoms. FIG. 5B is a diagram of the inner structure of the chunk size atom 551, the sample number atom 552, and the sample size atom 553. 20 In the first diagram of FIG. 5B, information on the number of samples in each chunk is included in a meta-data region of the chunk size atom 551. This diagram shows that the first and fourth chunks 611 and 612 each have 14 video samples and the tenth chunk 613 has 13 video samples. In the second diagram of FIG. 5B, information on the location of each chunk is included in a meta-data region of the sample number 25 atom 552. This diagram shows that the first chunk 614 is shown from 40 bits and the tenth chunk 615 from 607848 bits. In the third diagram of FIG. 5B, the sample size atom 553 shows information on the size of each sample. This diagram shows that the first sample 617 has a size of 12604 bits. 9 A process of extracting the offset of each VOP within the MPEG-4 file is carried out through parsing the meta-data. First, whether or not the video media information atom 541 exists within the media information atom 540 is determined by confirming that the corresponding media data is video data. If the media data is video data, the media 5 data is parsed to the sample table atom 550, which is the next lower level atom, to extract the meta-data. From the combination of information saved in the above-mentioned three atoms, offset information of the samples, that is, the VOPs, can be extracted. In the first diagram of FIG. 5B, the size of the first chunk, that is, the number of samples included 10 in the first chunk, is 14. In the second diagram of FIG. 5B, the offset of the first chunk is 40 bits. In the third diagram of FIG. 5B, the size of the first chunk is 12604 bits. Therefore, the offset of the second chunk is 40 + 12604 = 12644 bits. Offsets of all the samples (VOPs) can be extracted using the same method. FIGS. 6A through 6C are reproduced images of an encrypted MPEG file that was 15 encrypted in various ways. A VOP that is to be encrypted can be selected through the optional encryption information. The optional encryption information is input to the DRM server module by the user, transmitted together with the encryption key to the encryption unit, and used for encryption. 20 Optional encryption information includes an encryption mode or an encryption identification ID. The encryption mode is divided into a first mode that encrypts all l-VOPs, a second mode that encrypts all B-VOPs and P-VOPs, and a third mode that encrypts all I-, P-, and B-VOPs. If an encryption ID is selected, only VOPs that correspond to an encryption number input as the optional encryption information are 25 encrypted. The VOPs that are encrypted are selected regardless of their types. In FIG. 6A, the image on the left is an image before encryption and the image on the right is an MPEG image after encryption using the first mode. Since the l-VOP is an intra-coated VOP, all information on pictorial images is included within a macroblock. Thus, it can be seen that intra-block information is completely lost. In addition, a totally 10 different image is reproduced because reference locations of the I-, P-, and B-VOPs change. In FIG. 6B, the image on the left is an original image before encryption and the image on the right is an MPEG image encrypted using the second mode. Information 5 on an intra-coated macroblock and a motion vector coexist in the B-VOP and P-VOP. Therefore, the encrypted MPEG image in the second mode is more similar to the original image than the first mode. The motion vector in the P-VOP is encrypted but due to the influence of the intra-block in the l-VOP, an entire frame between continuous frames can occasionally be shown. It can be seen that only a movement path of each 10 object becomes irregular because the motion vector is encrypted. In FIG. 6C, the image on the left is the original image before encryption and the image on the right is an MPEG image encrypted using the third mode. The third mode produces the most complete encrypted motion picture because the third mode encrypts all of the VOPs. As the number of VOPs that are encrypted increases, encryption 15 performance increases, but more resources are required for decryption. After encryption, by recombining encrypted VOPs, a new encrypted MPEG-4 file is produced. The produced encrypted MPEG-4 file is streamed to the contents client 300 by the streaming module. In order for the MPEG-4 file to be streamed, it needs to be packetized. 20 FIG. 7 is a diagram of the inner structure of transmission packets that are packetiezed by a streaming module. Referring back to FIG. 2, the streaming module 240 produces a transmission packet 241 by packetizing the received encrypted MPEG-4 file. FIG. 7 shows 4 transmission packets that are transmitted in chronological order. Each transmission 25 packet 710, 720, 730, and 740 includes transmission protocol headers 711, 712, 721, 722, 731, 732, 741, and 742, and transmission data 713, 723, 724, 733, 743, and 744. The transmission protocol headers differ according to a transmission path, and generally a user data program protocol 711 and a real-time transmission protocol 712 are used. 11 The first transmission packet 710 includes a part of the first VOP as the transmission data 713 and the second transmission packet 720 includes the rest of the first VOP as the transmission data 723 and a part of the second VOP as the transmission data 724. The third transmission packet 730 includes another part of the 5 second VOP as the transmission data 733, and the fourth transmission packet 740 includes the rest of the second VOP as the transmission data 743 and a part of the third VOP as the transmission data 744. The reason why each transmission packet has a part of the VOP as the transmission data is because the size of the VOP is different, and the length of the transmission packet and the size of the transmitted VOP do not 10 match. In FIG. 7, the hatched portions of the transmission data 724, 733, and 743 show the encrypted VOP. The streaming module 240 can be constructed as an independent server and not placed within the contents server. In this case, transmission of an MPEG-4 file from the encryption unit 230 to a streaming server 234 is carried out over a communications 15 network like the Internet. FIG. 8 is a flowchart of a method of the contents client 300 playing an MPEG-4 file after receiving the transmission packet 241. The packet receiving unit 320 within the contents client 300 receives the transmission packet 241 and extracts a VOP. The VOP extraction process is carried 20 out by monitoring the packets that enter a buffer within the packet receiving unit 320. First, the packet receiving unit 320 performs decapsulizaation by removing the transmission protocol headers 711, 712, etc. from the received transmission packet 241 (step 801). Next, it is checked whether a start code within the VOP headers in each VOP is 25 receivable (step 802). FIG. 9 is a diagram of the inner structure of transmitted VOPs. Each VOP 910, 920, and so on, includes a VOP header 911 and VOP data 912, and has a start code 913 which is the first 4 bytes of each VOP header 911. 12 A start code is the first 4 bytes of each VOP and has a predetermined value. When the start code of a next VOP is detected, the present VOP is extracted and sent to the contents decryption unit 330 (step 803). Using the DRM decryption information 311 received from the contents server 200 5 through the DRM server 100, the contents decryption unit 330 decrypts the relevant VOP (step 804.) The DRM encryption information 311 includes an encryption type, an encrypted VOP ID, information on an encryption mode, and an encryption key, and is sent to the contents decryption unit 330 through the DRM server module 210, the DRM server 100, and the DRM client module 310, respectively. 10 The media reproduction unit 340 creates and reproduces a decrypted MPEG-4 file after receiving decrypted VOPs from the contents decryption unit 330 and recombining the decrypted VOPs (step 805). FIG. 10 is a diagram of the inner structure of a digital rights management atom according to the present invention. 15 In another embodiment of the present invention, a new atom that is meta-data of a conventional MPEG-4 file is included. In FIG. 2, the encryption information 211 is included in the DRM encryption information 103 and is sent to the DRM server 100, but in the present embodiment, the encryption information 211 is included in a DRM atom 1000. The encryption information 211 can include an encryption key, an encryption 20 type, an encryption mode, and an encrypted VOP ID. The DRM atom 1000 illustrated in FIG. 10 includes an atom size 1010, an atom type 1020, an encryption mode 1030, an encryption flag 1040, a number of entries 1050, and an entry table 1060. When the encryption flag 1040 is set as 1, it means all VOPs are encrypted and when the encryption flag 1040 is set as 0, it means only a portion of 25 VOPs are encrypted. The VOP IDs of the portion of the VOPs that are encrypted are saved in the entry table 1060, and the number of encrypted VOPs is saved in the entry number 1050. In order not to change the conventional MPEG-4 file format, the DRM atom 1000 is located as a top level atom within the moov atom. If the DRM atom 1000 was 13 located at a lower level within the moov atom, the size of all of the higher level DRM atoms would have to be changed. The present embodiment has an effect of alleviating the need for the contents client 300 to manage a separate file system on the decryption information 311 that 5 corresponds to the encryption information 211, because the encryption information 211 is transmitted along with the MPEG-4 file. FIG. 11 is a diagram of an example of an application program interface (API) code that produces an atom. Apple Computers, Inc. provides QuickTime as an API to produce MPEG-4 file format atoms. FIG. 10 is an example of atom production using 10 QuickTime. According to FIG. 10, it can be seen that an atom is named "drma" and its size is set as "100." While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without 15 departing from the spirit and scope of the present invention as defined by the following claims and their equivalents. [Effect of the Invention] As described above, because a file is encrypted in units of VOPs while 20 maintaining a format of a motion picture file, the motion picture file encryption method and the digital rights management method using the same according to the present invention are easily applicable to a completed form of a file format and streaming service is also possible. In addition, because a file can be encrypted without taking part in a motion 25 picture file production process, independent encryption by a contents provider is possible, which will help to advance the contents providing industry. 14 What is claimed is: 1. A method of encrypting a motion picture file including a plurality of video samples, the method comprising: extracting location information of at least one video sample among the video 5 samples; extracting video samples corresponding to the extracted location information based on the extracted location information; excluding video sample identifying information that identifies the extracted video samples, encrypting a remaining part of the extracted video samples on the basis of 10 predetermined encryption information; and reproducing an encrypted motion picture file by recombining the encrypted video samples into the motion picture file. 2. The encryption method of claim 1, wherein the encryption information 15 includes an encryption key and an encryption type. 3. The encryption method of claim 2, wherein the encryption key is transmitted using a digital rights management service. 20 4. The encryption method of claim 2, wherein encryption is performed such that a message word before encryption has the same number of bits as a corresponding codeword after encryption. 5. The encryption method of claim 4, wherein the encryption method is one of a 25 data encryption standard (DES) and a standard Korean encryption algorithm (SEED). 6. The encryption method of claim 1, wherein the motion picture file follows the MPEG standard. 15 7. The encryption method of claim 1, wherein the motion picture file follows the MPEG standard, and the video sample is a video object plane (VOP) which shows streaming units and which is included in a chunk. 5 8. The encryption method of claim 7, wherein extracting of the location information of the at least one video sample comprises: extracting a chunk size, a chunk offset, and a sample size from meta-data within a sample table atom among lower level atoms within a moov atom where meta-data of VOPs is saved; and 10 calculating location information of each VOP based on the extracted chunk size, the chunk offset, and the sample size. 9. The encryption method of claim 8, wherein the encryption information further comprises an encryption mode which is one of a first mode which encrypts only l-VOPs 15 among the VOPs, a second mode which encrypts only B-VOPs and P-VOPs among the VOPs, and a third mode which encrypts all the VOPs. 10. The encryption method of claim 8, wherein the encryption information further comprises a VOP ID to identify a VOP that is to be encrypted. 20 11. The encryption method of claim 8, wherein the moov atom comprises a digital rights management atom, and the digital rights management atom comprises the encryption information as meta-data. 25 12. The encryption method of claim 11, wherein the digital rights management atom is saved as a top lower level atom of the moov atom. 13. The encryption method of claim 11, wherein the digital rights management atom comprises an encryption flag and an entry table, and the encrypting stage includes 16 encrypting all VOPs when the encryption flag is set as a first type and encrypting only VOPs that are relevant to VOP ID included within the entry table when the encryption flag is set as a second type. 5 14. A method of decrypting a motion picture file that is selectively encrypted in units of video samples based on predetermined encryption information, the decryption method comprising: detecting video sample identifying information which identifies each video sample in the motion picture file; 10 extracting each video sample based on the video sample identifying information; extracting encrypted video samples among the extracted video samples based on encryption information; decrypting the encrypted video samples based on decryption information that corresponds to the encryption information; and 15 reproducing the motion picture file by recombining the decrypted video samples, wherein the encrypted video sample is encoded such that the rest of the video sample, excluding the video sample identifying information, is encrypted. 15. The decryption method of claim 14, wherein the encryption information 20 comprises an encryption key and an encryption type. 16. The decryption method of claim 14, wherein the decryption information is transmitted using a digital rights management service. 25 17. The decryption method of claim 15, wherein encryption is performed such that a message word before encryption has the same number of bits as a corresponding codeword after encryption. 17 18. The decryption method of claim 17, wherein an encryption method is one of data encryption standard (DES) and a standard Korean encryption algorithm (SEED). 19. The decryption method of claim 15, wherein the encryption information 5 further comprises an encryption mode which is one of a first mode which encrypts only l-VOPs among the VOPs, a second mode which encrypts only B-VOPs and P-VOPs among the VOPs, and a third mode which encrypts all the VOPs. 20. The decryption method of claim 15, wherein the encryption information 10 further comprises a VOP ID to identify a VOP that is to be encrypted. 21. A method of a digital rights management DRM using a contents server and a contents client, the method comprising: receiving encryption and decryption information by carrying out a user 15 authentication process for a predetermined motion picture file through the contents server and the contents client; selectively encrypting a relevant motion picture file in units of video samples based on the received encryption information; transmitting the encrypted motion picture file via a streaming server; 20 extracting the encrypted video sample from the transmitted motion picture file; decrypting the extracted video sample, excluding the video sample identifying information that identifies the video sample, using the received decryption information; and reproducing the decrypted motion picture file in real-time by recombining the 25 decrypted video samples. 22. The method of claim 21, wherein receiving of the encryption and decryption information comprises: 18 the contents client transmitting a user authentication request about a predetermined motion picture file to a DRM server; the DRM server carrying out a user authentication process and transmitting DRM authentication information which includes information on user authentication to the 5 contents server; the contents server producing an encryption key based on the DRM authentication information and producing the encryption information based on the encryption key and optional encryption information input by the user; the contents server transmitting the encryption information to the DRM server; 10 and the DRM server transmitting the decryption information corresponding to the encryption information to the contents client. 23. The method of claim 22, wherein the motion picture file follows the MPEG 15 standard. 24. The method of claim 22, wherein the motion picture file comprises a file that follows the MPEG standard, and the video samples are VOPs which are streaming units and are included in a chunk, the encrypting stage includes: 20 producing information on the location of each VOP by parsing a moov atom of a relevant MPEG-4 file; extracting each VOP within a media data atom, mdat, of the MPEG-4 file based on the information on the location of each VOP; excluding a start code within a VOP header, encrypting the rest of each of the 25 extracted VOPs based on predetermined encryption information; and producing an encrypted MPEG-4 file by recombining the encrypted VOPs. 25. The method of claim 24, wherein producing of the information on the location of each VOP comprises: 19 extracting a chunk size, a chunk offset, and a sample size from a sample table atom among lower level atoms within the moov atom; and calculating the information on the location of each VOP based on the extracted chunk size, the chunk offset, and the sample size. 5 26. The method of claim 21, wherein the encryption information includes an encryption key and an encryption type. 27. The method of claim 26, wherein encryption is performed such that a 10 message word before encryption has the same number of bits as a corresponding codeword after encryption. 28. The method of claim 27, wherein an encryption method is one of data encryption standard (DES) and a standard Korean encryption algorithm (SEED). 15 29. The method of claim 21, wherein the extracting of the encrypted VOPs comprises: extracting only a data portion of a packet by decapsulating a transmission protocol header of the transmitted packet; 20 producing a combined data stream by recombining the data portion of the packet; checking VOP identifying information that identifies each VOP within the combined data stream; extracting each VOP based on the VOP identifying information; and extracting encrypted VOPs among the extracted VOPs based on the encryption 25 information. 20

Full Text

ABSTRACT
[Abstract of the Disclosure]
A method of encrypting an MPEG file and a method of digital rights management
5 using the same are provided. The encryption method includes: extracting information
on the location of at least one video sample from a plurality of video samples; extracting
a corresponding video sample based on the extracted location information; encrypting the extracted video sample, excluding a video sample identifying information identifying the extracted video sample among the extracted video sample, based on predetermined
10 encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples. Since the file is encrypted in units of video object planes (VOPs) while maintaining an MEPG-4 file format, the encryption method can be easily applied to a completed file format and streaming service is also possible.
15 [Representative Drawing] FIG. 2
1

SPECIFICATION
[Title of the Invention]
5 Motion picture file encryption method and digital rights management method
using the same
[Brief Description of the Drawings]
FIG. 1 is a diagram of a motion picture file format;
10 FIG. 2 is a schematic diagram of digital rights management according to the
present invention;
FIG. 3 is a flowchart of an MPEG-4 file encryption method according to the present invention;
FIG. 4 is a structural diagram of a media data atom of an MPEG-4 file;
15 FIG. 5A is a structural diagram of a moov atom of an MPEG-4 file;
FIG. 5B is a diagram of the inner structure of a chunk size atom, a sample number atom, and a sample size atom;
FIGS. 6A through 6C are reproduced images of an MPEG file encrypted in
various ways;
20 FIG. 7 is a diagram of the inner structure of transmission packets that are
packetized by a streaming module;
FIG. 8 is a flowchart of a method of a contents client 300 playing an MPEG-4 file after receiving a transmission packet 241;
FIG. 9 is a diagram of the inner structure of transmitted video object planes 25 (VOPs);
FIG. 10 is a diagram of the inner structure of a digital rights management atom according to the present invention; and
FIG. 11 is a diagram of an example of an application program interface code that produces an atom.
2

[Detailed Description of the Invention] [Object of the Invention]
[Technical Field of the Invention and Related Art prior to the Invention]
5 The present invention relates to a method of encrypting a motion picture file and
a method of managing digital rights using the same, and more particularly, to a method of encrypting a motion picture file while maintaining the format of the motion picture file so that a streaming service under digital rights management is possible, and a method of digital rights management.
10 Currently, service providers provide multi-media data to users in the form of
download service or streaming service. Download service enables an entire multi-media file to be downloaded from a service provider's computer to a user's computer and then reproduced. Streaming service is when a service provider segments a file into real-time refreshable segments and transmits the segments to a
15 user who reproduces the segments in real-time.
Whichever service is provided by the service provider, the user has to complete a process of acquiring legitimate rights for relevant multi-media data before being able to reproduce the files. A user who attempts to access the files without acquiring legal rights to the files should be blocked. To facilitate such selective provision and denial of
20 access, multi-media files are encrypted.
Digital rights management (DRM) is a solution for all sorts of systems that only allows users with legal rights to access encrypted files. Generally, a DRM system includes a contents provider, a user, a DRM server, and so on, and can include an electronic payment process, a user authentication process, and a public key
25 infrastructure (PKI).
The most basic DRM method used is encrypting a Motion Picture Experts Group (MPEG) file, transmitting the encrypted MPEG file to a user, and then providing a key that can decrypt the encrypted file to the user if it is confirmed through a user authentication process that the user has legal rights. The user authentication process
3

can include an electronic payment process and a PKI can be used for transmitting the
key.
However, such an encryption method cannot be used for streaming service
because decryption is possible only after downloading the entire file. That is, even if a 5 user key is transmitted from the DRM server, reproduction of the corresponding file is
not possible until the entire encrypted file is downloaded.
Another encryption method involves encrypting discrete cosine transform
coefficients, for example, AC or DC values, during a motion picture file encoding
process.
10 This method, however, does not encrypt a completed motion picture file but adds
an additional encryption process to a motion picture file encoding process. As a result,
this method cannot be easily applied to a completed motion picture file. In addition, if a
contents provider has to apply an encryption algorithm that is specifically designated for
the contents provider in a motion picture file production process, the contents provider
15 has the disadvantage of having to depend on a motion picture file provider to provide
the service. This inhibits the growth and development of the on-line contents industry.
[Technical Goal of the Invention]
The present invention provides an encryption method that can be applied to
20 streaming service and at the same time easily applied to a complete motion picture file without taking part in a motion picture file production process, and ?i digital rights management method using the encryption method.
[Structure and Operation of the Invention]
25 According to an aspect of the present invention, there is provided a method of
encrypting a motion picture file that includes a plurality of video samples, the encryption method comprising: extracting information on the location of at least one video sample among the video samples; extracting a corresponding video sample based on the extracted location information; encrypting the extracted video samples, excluding video
4

sample identifying information indicating the extracted video sample among the extracted video sample, based on predetermined encryption information; and producing an encrypted motion picture file by recombining the encrypted video samples.
According to another aspect of the present invention, there is provided a method
5 of decrypting a motion picture file encrypted in units of video samples based on predetermined encryption information, the decryption method comprising: detecting video sample identifying information which identifies each video sample in the motion picture file; extracting each video sample based on the video sample identifying information; extracting encrypted video samples among the extracted video samples
10 based on encryption information; decrypting the encrypted video samples based on decryption information that corresponds to the encryption information; and reproducing the motion picture file by recombining the decrypted video samples. Preferably, the video sample is encoded such that the rest of the video sample, excluding the video sample identifying information, is encrypted.
15 According to another aspect of the present invention, there is provided a method
of a digital rights management using a contents server and a contents client. The method comprises: receiving encryption and decryption information by carrying out a user authentication process for a predetermined motion picture file through the contents server and the contents client; selectively encrypting a relevant motion picture file in
20 units of video samples based on the received encryption information; transmitting the encrypted motion picture file via a streaming server; extracting the encrypted video sample from the transmitted motion picture file; decrypting the extracted video sample, excluding the video sample identifying information that identifies the video sample, using the received decryption information; and reproducing the decrypted motion picture
25 file in real-time by recombining the decrypted video samples.
Preferred embodiments of the present invention will now be described with reference to the attached drawings.
FIG. 1 is a diagram of a motion picture file format.
5

The motion picture file includes MPEG-1, -2, and -4 file formats. Each motion picture file is divided into a media data region which includes user data, and a meta-data region which stores meta-data needed for reproducing the file, such as the location and size of the user data. Below, the present invention applied to an MPEG-4
5 file format will be described.
An MPEG-4 file 10 includes a number of atoms 20, 21, 22, 30, 31, and 32. Each atom 20, 21, 22, 30, 31, and 32 has lower level atoms, thus forming a layered structure. Here, a higher atom is called a container atom and a lower atom is called a leaf atom. The two top-level atoms are: a moov atom 20 and a media data atom mdat 30. User
10 media data, i.e., audio or video data that is saved inside an MPEG file, is saved in the media data atom 30. Information regarding media data, i.e., meta-data, is saved in the moov atom 20. The media data atom 30 includes a number of video object planes VOP 31, 32, and so on, and audio data 33 and 34.
FIG. 2 is a schematic diagram for explaining digital rights management according
15 to the present invention.
A solution for digital rights management (DRM) includes a contents server 200, a contents client 300, and a DRM server 100. The contents server 200 provides media data to a user and includes a DRM server module 210, a contents database 220, a contents encryption unit 230, and a streaming module 240. The contents client 300
20 receives contents from the contents server 200 and reproduces the contents, and includes a DRM client module 310, a packet receiving unit 320, a contents decryption unit 330, and a media reproduction unit 340.
The DRM server 100 carries out user authentication and transmission of a key between the contents server 200 and the contents client 300. When the DRM client
25 module 310, within the contents client 300, sends a request for user authentication 101 to the DRM server 100, the DRM server 100 carries out the user authentication process using an electronic payment system (not shown). After the user authentication is completed, the DRM server 100 produces DRM authentication information 102 using,
6

for example, user information that has been used to perform user authentication. Then, the produced DRM authentication information is transmitted to the contents server 200.
The DRM server module 210, within the contents server 200, produces an encryption key from DRM authentication information 102 that is transmitted from the
5 contents server 200, and sends the encryption key and optional encryption information 213 input by the user to the encryption unit 230 as encrypted information 211. The optional encryption information 213 includes a type of encryption method, a VOP ID, which is the object of encryption, an encryption mode, and so on.
The DRM server module 210 within the contents server 200 and the DRM client
10 module 310 within the contents client 300 carry out the user authentication process with the DRM server 100. The DRM server module 210 receives the DRM authentication information 102 from the DRM server 100 and uses the DRM authentication information
102 to produce the encryption key. Also, the DRM server module 210 sends the
encryption information 211, which includes the encryption key and the optional
15 encryption information 213 input by the user, to the contents encryption unit 230. In addition, the DRM server module 210 produces DRM encryption information 103 using the encryption information 211 and other information needed for the DRM service, and sends the DRM encryption information 103 to the DRM server 100.
The DRM server 100 produces DRM decryption information 104 by adding
20 various information received from the user authentication process to the DRM
encryption information 103 received from the DRM server module 210, and sending the DRM decryption information 104 to the DRM client module 310. If the DRM service uses a symmetrical key structure, the encryption key included in the DRM encryption information 103 and a decryption key included in the DRM decryption information 104
25 are the same. If the DRM service uses an asymmetrical key structure, however, the encryption key and the decryption key differ. Thus, the DRM encryption information
103 and the DRM decryption information 104 are different.
The DRM client module 310 receives the DRM decryption information 104 from the DRM server 100 and extracts decryption information 311 from the DRM decryption
7

information 104. The decryption unit 330 decrypts the motion picture file using the decryption information 311.
In FIG. 2, the encryption unit 230 within the contents server 200 produces encrypted contents 231 by receiving contents 221 from a contents database 220 and
5 encrypting the contents 221. According to the characteristics of the present invention, the contents 221 and the encrypted contents 231 have the same MPEG-4 file format illustrated in FIG. 1.
FIG. 3 is a flowchart of an MPEG-4 file encryption method according to the
present invention.
10 It is a characteristic of the present invention that an MPEG-4 file is encrypted in
units of VOPs, rather than encrypting the MPEG-4 file as a whole. A VOP that is to be encrypted can be selected through the optional encryption information 213. The encryption method is a block encryption method like data encryption standard (DES) or a 128-bit type standard Korean encryption algorithm (SEED). Since the encryption
15 method is a block encryption method, it does not change the size and form of the original MPEG-4 file. In other words, the size and format of the MPEG-4 file before and after encryption are the same. Therefore, a reproduction algorithm of the original MPEG-4 file can be used without any modification. Also, although encryption is carried out in units of VOPs, the first 4 bytes of each VOP are not encrypted because the first 4
20 bytes are a start code used to extract the VOP from the contents client 300.
An offset of each VOP is extracted from the moov atom of the MPEG-4 file received from the contents database (step 301). The offset of a VOP refers to location information of the VOP within the MPEG-4 file. With offset of each VOP as a basis, VOPs selected by the optional encryption information 213 are extracted (step 302).
25 Extracted VOPs are encrypted using DES or SEED (step 303). An encrypted MPEG-4 file is produced by combining the encrypted VOPs and non-encrypted VOPs (step 304).
Below, an offset extraction process for each VOP of the MPEG-4 file will be described with reference to FIGS. 4 through 6.
FIG. 4 is a structural diagram of a media data atom of an MPEG-4 file.
8

Depending on an MPEG-4 file format, a media data atom includes a chunk where actual media data exists and an unused portion where media data does not exist. The chunk includes a video chunk and an audio chunk, and each chunk is divided into a number of samples. When the media data included in the chunk is video data, the
5 sample is a VOP.
FIG. 5A is a structural diagram of a moov atom of an MPEG-4 file.
A moov atom 510 includes a number of track atoms (Track 1) 520 and each track atom (Track 1) 520 includes a media atom 530 as a lower level atom, the media atom 530 includes a media information atom 540 as a lower level atom, and the media
10 information atom 540 includes a sample table atom 550 as a lower level atom.
The first 4 bytes of each atom have information on the size of the atom, the next 4 bytes have information on the type of the atom, and the rest of the region has meta-data information which the atom shows. The media information atom 540 also has a video information atom 541 as a lower level atom. The video information atom
15 541 shows that corresponding media data is video data. The sample table atom 550 has a chunk size atom 551, a sample number atom 552, and a sample size atom 553, as lower level atoms.
FIG. 5B is a diagram of the inner structure of the chunk size atom 551, the
sample number atom 552, and the sample size atom 553.
20 In the first diagram of FIG. 5B, information on the number of samples in each
chunk is included in a meta-data region of the chunk size atom 551. This diagram shows that the first and fourth chunks 611 and 612 each have 14 video samples and the tenth chunk 613 has 13 video samples. In the second diagram of FIG. 5B, information on the location of each chunk is included in a meta-data region of the sample number
25 atom 552. This diagram shows that the first chunk 614 is shown from 40 bits and the tenth chunk 615 from 607848 bits. In the third diagram of FIG. 5B, the sample size atom 553 shows information on the size of each sample. This diagram shows that the first sample 617 has a size of 12604 bits.
9

A process of extracting the offset of each VOP within the MPEG-4 file is carried out through parsing the meta-data. First, whether or not the video media information atom 541 exists within the media information atom 540 is determined by confirming that the corresponding media data is video data. If the media data is video data, the media
5 data is parsed to the sample table atom 550, which is the next lower level atom, to extract the meta-data.
From the combination of information saved in the above-mentioned three atoms, offset information of the samples, that is, the VOPs, can be extracted. In the first diagram of FIG. 5B, the size of the first chunk, that is, the number of samples included
10 in the first chunk, is 14. In the second diagram of FIG. 5B, the offset of the first chunk is 40 bits. In the third diagram of FIG. 5B, the size of the first chunk is 12604 bits. Therefore, the offset of the second chunk is 40 + 12604 = 12644 bits. Offsets of all the samples (VOPs) can be extracted using the same method.
FIGS. 6A through 6C are reproduced images of an encrypted MPEG file that was
15 encrypted in various ways.
A VOP that is to be encrypted can be selected through the optional encryption
information. The optional encryption information is input to the DRM server module by
the user, transmitted together with the encryption key to the encryption unit, and used
for encryption.
20 Optional encryption information includes an encryption mode or an encryption
identification ID. The encryption mode is divided into a first mode that encrypts all l-VOPs, a second mode that encrypts all B-VOPs and P-VOPs, and a third mode that encrypts all I-, P-, and B-VOPs. If an encryption ID is selected, only VOPs that correspond to an encryption number input as the optional encryption information are
25 encrypted. The VOPs that are encrypted are selected regardless of their types.
In FIG. 6A, the image on the left is an image before encryption and the image on the right is an MPEG image after encryption using the first mode. Since the l-VOP is an intra-coated VOP, all information on pictorial images is included within a macroblock. Thus, it can be seen that intra-block information is completely lost. In addition, a totally
10

different image is reproduced because reference locations of the I-, P-, and B-VOPs change.
In FIG. 6B, the image on the left is an original image before encryption and the image on the right is an MPEG image encrypted using the second mode. Information
5 on an intra-coated macroblock and a motion vector coexist in the B-VOP and P-VOP. Therefore, the encrypted MPEG image in the second mode is more similar to the original image than the first mode. The motion vector in the P-VOP is encrypted but due to the influence of the intra-block in the l-VOP, an entire frame between continuous frames can occasionally be shown. It can be seen that only a movement path of each
10 object becomes irregular because the motion vector is encrypted.
In FIG. 6C, the image on the left is the original image before encryption and the image on the right is an MPEG image encrypted using the third mode. The third mode produces the most complete encrypted motion picture because the third mode encrypts all of the VOPs. As the number of VOPs that are encrypted increases, encryption
15 performance increases, but more resources are required for decryption.
After encryption, by recombining encrypted VOPs, a new encrypted MPEG-4 file is produced. The produced encrypted MPEG-4 file is streamed to the contents client 300 by the streaming module. In order for the MPEG-4 file to be streamed, it needs to be packetized.
20 FIG. 7 is a diagram of the inner structure of transmission packets that are
packetiezed by a streaming module.
Referring back to FIG. 2, the streaming module 240 produces a transmission packet 241 by packetizing the received encrypted MPEG-4 file. FIG. 7 shows 4 transmission packets that are transmitted in chronological order. Each transmission
25 packet 710, 720, 730, and 740 includes transmission protocol headers 711, 712, 721, 722, 731, 732, 741, and 742, and transmission data 713, 723, 724, 733, 743, and 744. The transmission protocol headers differ according to a transmission path, and generally a user data program protocol 711 and a real-time transmission protocol 712 are used.
11

The first transmission packet 710 includes a part of the first VOP as the transmission data 713 and the second transmission packet 720 includes the rest of the first VOP as the transmission data 723 and a part of the second VOP as the transmission data 724. The third transmission packet 730 includes another part of the
5 second VOP as the transmission data 733, and the fourth transmission packet 740 includes the rest of the second VOP as the transmission data 743 and a part of the third VOP as the transmission data 744. The reason why each transmission packet has a part of the VOP as the transmission data is because the size of the VOP is different, and the length of the transmission packet and the size of the transmitted VOP do not
10 match. In FIG. 7, the hatched portions of the transmission data 724, 733, and 743 show the encrypted VOP.
The streaming module 240 can be constructed as an independent server and not placed within the contents server. In this case, transmission of an MPEG-4 file from the encryption unit 230 to a streaming server 234 is carried out over a communications
15 network like the Internet.
FIG. 8 is a flowchart of a method of the contents client 300 playing an MPEG-4 file after receiving the transmission packet 241.
The packet receiving unit 320 within the contents client 300 receives the transmission packet 241 and extracts a VOP. The VOP extraction process is carried
20 out by monitoring the packets that enter a buffer within the packet receiving unit 320. First, the packet receiving unit 320 performs decapsulizaation by removing the transmission protocol headers 711, 712, etc. from the received transmission packet 241 (step 801).
Next, it is checked whether a start code within the VOP headers in each VOP is
25 receivable (step 802).
FIG. 9 is a diagram of the inner structure of transmitted VOPs. Each VOP 910, 920, and so on, includes a VOP header 911 and VOP data 912, and has a start code 913 which is the first 4 bytes of each VOP header 911.
12

A start code is the first 4 bytes of each VOP and has a predetermined value. When the start code of a next VOP is detected, the present VOP is extracted and sent to the contents decryption unit 330 (step 803).
Using the DRM decryption information 311 received from the contents server 200
5 through the DRM server 100, the contents decryption unit 330 decrypts the relevant
VOP (step 804.) The DRM encryption information 311 includes an encryption type, an
encrypted VOP ID, information on an encryption mode, and an encryption key, and is
sent to the contents decryption unit 330 through the DRM server module 210, the DRM
server 100, and the DRM client module 310, respectively.
10 The media reproduction unit 340 creates and reproduces a decrypted MPEG-4
file after receiving decrypted VOPs from the contents decryption unit 330 and recombining the decrypted VOPs (step 805).
FIG. 10 is a diagram of the inner structure of a digital rights management atom
according to the present invention.
15 In another embodiment of the present invention, a new atom that is meta-data of
a conventional MPEG-4 file is included. In FIG. 2, the encryption information 211 is included in the DRM encryption information 103 and is sent to the DRM server 100, but in the present embodiment, the encryption information 211 is included in a DRM atom 1000. The encryption information 211 can include an encryption key, an encryption
20 type, an encryption mode, and an encrypted VOP ID.
The DRM atom 1000 illustrated in FIG. 10 includes an atom size 1010, an atom type 1020, an encryption mode 1030, an encryption flag 1040, a number of entries 1050, and an entry table 1060. When the encryption flag 1040 is set as 1, it means all VOPs are encrypted and when the encryption flag 1040 is set as 0, it means only a portion of
25 VOPs are encrypted. The VOP IDs of the portion of the VOPs that are encrypted are saved in the entry table 1060, and the number of encrypted VOPs is saved in the entry number 1050.
In order not to change the conventional MPEG-4 file format, the DRM atom 1000 is located as a top level atom within the moov atom. If the DRM atom 1000 was
13

located at a lower level within the moov atom, the size of all of the higher level DRM atoms would have to be changed.
The present embodiment has an effect of alleviating the need for the contents client 300 to manage a separate file system on the decryption information 311 that
5 corresponds to the encryption information 211, because the encryption information 211 is transmitted along with the MPEG-4 file.
FIG. 11 is a diagram of an example of an application program interface (API) code that produces an atom. Apple Computers, Inc. provides QuickTime as an API to produce MPEG-4 file format atoms. FIG. 10 is an example of atom production using
10 QuickTime. According to FIG. 10, it can be seen that an atom is named "drma" and its size is set as "100."
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without
15 departing from the spirit and scope of the present invention as defined by the following claims and their equivalents.
[Effect of the Invention]
As described above, because a file is encrypted in units of VOPs while
20 maintaining a format of a motion picture file, the motion picture file encryption method and the digital rights management method using the same according to the present invention are easily applicable to a completed form of a file format and streaming service is also possible.
In addition, because a file can be encrypted without taking part in a motion
25 picture file production process, independent encryption by a contents provider is possible, which will help to advance the contents providing industry.
14

What is claimed is:
1. A method of encrypting a motion picture file including a plurality of video
samples, the method comprising:
extracting location information of at least one video sample among the video
5 samples;
extracting video samples corresponding to the extracted location information based on the extracted location information;
excluding video sample identifying information that identifies the extracted video samples, encrypting a remaining part of the extracted video samples on the basis of
10 predetermined encryption information; and
reproducing an encrypted motion picture file by recombining the encrypted video samples into the motion picture file.
2. The encryption method of claim 1, wherein the encryption information
15 includes an encryption key and an encryption type.
3. The encryption method of claim 2, wherein the encryption key is transmitted
using a digital rights management service.
20 4. The encryption method of claim 2, wherein encryption is performed such that
a message word before encryption has the same number of bits as a corresponding codeword after encryption.
5. The encryption method of claim 4, wherein the encryption method is one of a
25 data encryption standard (DES) and a standard Korean encryption algorithm (SEED).
6. The encryption method of claim 1, wherein the motion picture file follows the
MPEG standard.
15

7. The encryption method of claim 1, wherein the motion picture file follows the MPEG standard, and the video sample is a video object plane (VOP) which shows streaming units and which is included in a chunk.
5 8. The encryption method of claim 7, wherein extracting of the location
information of the at least one video sample comprises:
extracting a chunk size, a chunk offset, and a sample size from meta-data within
a sample table atom among lower level atoms within a moov atom where meta-data of
VOPs is saved; and
10 calculating location information of each VOP based on the extracted chunk size,
the chunk offset, and the sample size.
9. The encryption method of claim 8, wherein the encryption information further
comprises an encryption mode which is one of a first mode which encrypts only l-VOPs
15 among the VOPs, a second mode which encrypts only B-VOPs and P-VOPs among the VOPs, and a third mode which encrypts all the VOPs.
10. The encryption method of claim 8, wherein the encryption information
further comprises a VOP ID to identify a VOP that is to be encrypted.
20
11. The encryption method of claim 8, wherein the moov atom comprises a
digital rights management atom, and the digital rights management atom comprises the
encryption information as meta-data.
25 12. The encryption method of claim 11, wherein the digital rights management
atom is saved as a top lower level atom of the moov atom.
13. The encryption method of claim 11, wherein the digital rights management atom comprises an encryption flag and an entry table, and the encrypting stage includes
16

encrypting all VOPs when the encryption flag is set as a first type and encrypting only VOPs that are relevant to VOP ID included within the entry table when the encryption flag is set as a second type.
5 14. A method of decrypting a motion picture file that is selectively encrypted in
units of video samples based on predetermined encryption information, the decryption method comprising:
detecting video sample identifying information which identifies each video sample
in the motion picture file;
10 extracting each video sample based on the video sample identifying information;
extracting encrypted video samples among the extracted video samples based on encryption information;
decrypting the encrypted video samples based on decryption information that
corresponds to the encryption information; and
15 reproducing the motion picture file by recombining the decrypted video samples,
wherein the encrypted video sample is encoded such that the rest of the video sample, excluding the video sample identifying information, is encrypted.
15. The decryption method of claim 14, wherein the encryption information
20 comprises an encryption key and an encryption type.
16. The decryption method of claim 14, wherein the decryption information is
transmitted using a digital rights management service.
25 17. The decryption method of claim 15, wherein encryption is performed such
that a message word before encryption has the same number of bits as a corresponding codeword after encryption.
17

18. The decryption method of claim 17, wherein an encryption method is one of data encryption standard (DES) and a standard Korean encryption algorithm (SEED).
19. The decryption method of claim 15, wherein the encryption information
5 further comprises an encryption mode which is one of a first mode which encrypts only l-VOPs among the VOPs, a second mode which encrypts only B-VOPs and P-VOPs among the VOPs, and a third mode which encrypts all the VOPs.
20. The decryption method of claim 15, wherein the encryption information
10 further comprises a VOP ID to identify a VOP that is to be encrypted.
21. A method of a digital rights management DRM using a contents server and
a contents client, the method comprising:
receiving encryption and decryption information by carrying out a user
15 authentication process for a predetermined motion picture file through the contents
server and the contents client;
selectively encrypting a relevant motion picture file in units of video samples based on the received encryption information;
transmitting the encrypted motion picture file via a streaming server;
20 extracting the encrypted video sample from the transmitted motion picture file;
decrypting the extracted video sample, excluding the video sample identifying information that identifies the video sample, using the received decryption information; and
reproducing the decrypted motion picture file in real-time by recombining the
25 decrypted video samples.
22. The method of claim 21, wherein receiving of the encryption and decryption
information comprises:
18

the contents client transmitting a user authentication request about a predetermined motion picture file to a DRM server;
the DRM server carrying out a user authentication process and transmitting DRM authentication information which includes information on user authentication to the
5 contents server;
the contents server producing an encryption key based on the DRM authentication information and producing the encryption information based on the encryption key and optional encryption information input by the user;
the contents server transmitting the encryption information to the DRM server;
10 and
the DRM server transmitting the decryption information corresponding to the encryption information to the contents client.
23. The method of claim 22, wherein the motion picture file follows the MPEG
15 standard.
24. The method of claim 22, wherein the motion picture file comprises a file that
follows the MPEG standard, and the video samples are VOPs which are streaming units
and are included in a chunk, the encrypting stage includes:
20 producing information on the location of each VOP by parsing a moov atom of a
relevant MPEG-4 file;
extracting each VOP within a media data atom, mdat, of the MPEG-4 file based on the information on the location of each VOP;
excluding a start code within a VOP header, encrypting the rest of each of the
25 extracted VOPs based on predetermined encryption information; and
producing an encrypted MPEG-4 file by recombining the encrypted VOPs.
25. The method of claim 24, wherein producing of the information on the
location of each VOP comprises:
19

extracting a chunk size, a chunk offset, and a sample size from a sample table atom among lower level atoms within the moov atom; and
calculating the information on the location of each VOP based on the extracted chunk size, the chunk offset, and the sample size.
5
26. The method of claim 21, wherein the encryption information includes an
encryption key and an encryption type.
27. The method of claim 26, wherein encryption is performed such that a
10 message word before encryption has the same number of bits as a corresponding
codeword after encryption.
28. The method of claim 27, wherein an encryption method is one of data
encryption standard (DES) and a standard Korean encryption algorithm (SEED).
15
29. The method of claim 21, wherein the extracting of the encrypted VOPs
comprises:
extracting only a data portion of a packet by decapsulating a transmission
protocol header of the transmitted packet;
20 producing a combined data stream by recombining the data portion of the packet;
checking VOP identifying information that identifies each VOP within the combined data stream;
extracting each VOP based on the VOP identifying information; and extracting encrypted VOPs among the extracted VOPs based on the encryption 25 information.
20

Documents:

767-MUMNP-2006-ABSTRACT 29-7-2008.pdf

767-mumnp-2006-abstract(29-7-2008).doc

767-mumnp-2006-abstract(29-7-2008).pdf

767-mumnp-2006-abstract.doc

767-mumnp-2006-abstract.pdf

767-MUMNP-2006-CANCELLD PAGES 29-7-2008.pdf

767-mumnp-2006-cancelled pages(29-7-2008).pdf

767-MUMNP-2006-CLAIMS 29-7-2008.pdf

767-mumnp-2006-claims(granted)-(29-7-2008).doc

767-mumnp-2006-claims(granted)-(29-7-2008).pdf

767-mumnp-2006-claims.doc

767-mumnp-2006-correspondance-others.pdf

767-mumnp-2006-correspondance-received.pdf

767-MUMNP-2006-CORRESPONDENCE 29-7-2008.pdf

767-mumnp-2006-correspondence(29-7-2008).pdf

767-mumnp-2006-correspondence(ipo)-(29-7-2008).pdf

767-mumnp-2006-description (complete).pdf

767-MUMNP-2006-DESCRIPTION(COMPLETE) 29-7-2008.pdf

767-MUMNP-2006-DRAWING 29-7-2008.pdf

767-mumnp-2006-drawing(29-7-2008).pdf

767-mumnp-2006-drawings.pdf

767-MUMNP-2006-FORM 1 29-7-2008.pdf

767-mumnp-2006-form 1(2-1-2007).pdf

767-mumnp-2006-form 1(30-6-2006).pdf

767-mumnp-2006-form 18(30-6-2006).pdf

767-mumnp-2006-form 2 29-7-2008.pdf

767-mumnp-2006-form 2(granted)-(29-7-2008).doc

767-mumnp-2006-form 2(granted)-(29-7-2008).pdf

767-MUMNP-2006-FORM 2(TITLE PAGE) 29-7-2008.pdf

767-mumnp-2006-form 26(10-4-2006).pdf

767-mumnp-2006-form 26(28-6-2006).pdf

767-mumnp-2006-form 26(30-6-2006).pdf

767-mumnp-2006-form 3(2-1-2007).pdf

767-mumnp-2006-form 5(28-6-2006).pdf

767-mumnp-2006-form-1.pdf

767-mumnp-2006-form-2.doc

767-mumnp-2006-form-2.pdf

767-mumnp-2006-form-26.pdf

767-mumnp-2006-form-3.pdf

767-mumnp-2006-form-5.pdf

767-mumnp-2006-form-pct-isa-210(13-4-2005).pdf

767-mumnp-2006-form-pct-isa-210.pdf

767-mumnp-2006-form-pct-isa-220.pdf

767-mumnp-2006-form-pct-isa-237.pdf

767-mumnp-2006-petition of under rule 137(30-7-2008).pdf

767-mumnp-2006-petition of under rule 138(30-7-2008).pdf

767-MUMNP-2006-PETITION UNDER RULE 137 30-7-2008.pdf

767-MUMNP-2006-PETITION UNDER RULE 138 30-7-2008.pdf

abstract1.jpg

« Previous Patent

Next Patent »

Patent Number

224096

Indian Patent Application Number

767/MUMNP/2006

PG Journal Number

06/2009

Publication Date

06-Feb-2009

Grant Date

29-Sep-2008

Date of Filing

30-Jun-2006

Name of Patentee

DAEYANG FOUNDATION

Applicant Address

1) 98 KUNJA-DONG, KWANGJIN-GU, SEOUL, REPUBLIC OF KOREA 2) 416, MAETAN-DONG, YEONGTONG-GU, SUWON-SI, GYEONGGI-DO, REPUBLIC OF KOREA

Inventors:

#	Inventor's Name	Inventor's Address
1	SHIN DONG KYOO	705-1403 SHINDONGA RIVERPARK APT., NORANGJIN 1-DONG DONGJAK-GU, SEOUL, REPUBLIC OF KOREA
2	KIM,Jun-II	109-1003 Kukdong Apt.,Hoecheon-eup,Yangju-si,Gyeonggi-do,
3	SHIN,Dong-II	2-401 Jamgmi 3-cha Apt.,Shincheon-dong,Songpa-gu,Seoul,Republic of Korea
4	KIM,Yong-Bin	1806 Samchang Tower Plaza,Junggye 4-dong,Nowon-gu,Seoul,Republic of Korea
5	CHOI, Soon-Yong	32 Dongsomun-dong 7-ga, Seoul

PCT International Classification Number

G06F17/00

PCT International Application Number

PCT/KR2004/003213

PCT International Filing date

2004-12-08

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	10-2003-0088795	2003-12-08	Republic of Korea
2	10-2004-0006471	2004-01-31	Republic of Korea