SYSTEM AND METHOD FOR STORING, DELIVERING AND SCREENING VISUAL MEDIA

Abstract

In a computer system connected to Internet and operative for storing, delivering and screening a visual media one or more database services are provided, one or more graphical user interfaces are served, one or more application programming interfaces are provided, and the graphical user interfaces are formed so that identification of an uploaded content and a proxy storage are made possible by serving the graphical user interface.

Claims

1. A computer system connected to internet and operative for storing, delivering and screening a visual media, comprising means providing one or more database services; means serving one or more graphical user interfaces; and means serving one or more application programming interfaces, wherein the graphical user interfaces are formed so that identification of an uploaded content and a proxy storage are made possible by serving the graphical user interface.

2. A computer system according to claim 1, wherein the graphical user interfaces are formed so that specifying rights of right holders are offering including a time period and a territory by serving a graphical user interface.

3. A computer system according to claim 1, wherein the computer system has a part formed so that it is communicating only in one direction and so that no incoming connections to the computer system are possible so that the computer system is formed as an isolated system.

4. A computer system according to claim 3, the isolated system is formed so that an ingest, a storage, drm, and a proxy storage are carried out in the isolated system.

5. A computer system according to claim 1, wherein a desktop application or a mobile application is connected to the application programming interfaces and is polling for available downloads downloading an encrypted or an unencrypted content immediately or with a delay after receiving a download link with no user interaction needed.

6. A computer system according to claim 5, wherein the desktop application or the mobile application connected to the application programming interfaces is configured so that it is requesting a description key or a part of the description key for the downloaded encrypted content.

7. A computer system according to claim 5, wherein the desktop application or the mobile application connected to the application programming interfaces is configured so that after a partial and/or a complete playback it notarizes a use of a license in a blockchain transaction to make it immutable and inspectable by a public and a rights holder third party.

8. A computer system according to claim 1, further comprising a part which is inaccessible from the internet and in which an encryption key is generated and an encryption of a content by the encryption key is carried out.

9. A method of storing, delivering and screening a visual media by a computer system connected to internet, comprising the steps of providing one or more database services; serving one or more graphical user interfaces; serving one or more application programming interfaces; and forming the graphical user interfaces so that identification of an uploaded content and a proxy storage are made possible by serving the graphical user interface.

10. A method according to claim 9, wherein the forming of the graphical user interfaces is provided so that specifying rights of right holders are offering including a time period and a territory by serving a graphical user interface.

11. A method according to claim 9, further comprising forming in the computer system a part such that it is communicating only in one direction and so that no incoming connections to the computer system are possible so that the computer system is formed as an isolated system.

12. A method according to claim 11, further comprising forming the isolated system so that an ingest, a storage, drm, and a proxy storage are carried out in the isolated system.

13. A method according to claim 9, further comprising connecting a desktop application or a mobile application connected to the application programming interfaces and polling by the desktop application or the mobile application for available downloads downloading an encrypted or an unencrypted content immediately or with a delay after receiving a download link with no user interaction needed.

14. A method according, to claim 13, further comprising requesting by the desktop application or the mobile application connected to the application programming interfaces a description key or a part of the description key for the downloaded encrypted content.

15. A method according to claim 13, further comprising configuring the desktop application or the mobile application so that after a partial and/or a complete playback it—notarizes a use of a license in a blockchain transaction to make it immutable and inspectable by a public and a rights holder third party.

16. A method according to claim 9, further comprising providing a part which is inaccessible from the internet and in which an encryption key is generated and an encryption of a content by the encryption key is carried out.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0019] FIG. 1 of the drawings is a simplified view of stakeholders interacting with a system according to the present invention; and

[0020] FIG. 2 of the drawings is a view showing a block diagram of the system according to the present invention and illustrating how the system works towards reducing the complexity visible from the point of view of a rightsholder and a customer.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0021] As can be seen from FIG. 1 in the computer system for storing, delivering and screening of a visual media a rightsholder 1—submits a movie to a catalog, i.e. creates a new record in the catalog. The rightsholder 2—gets signed an upload link, such that only the current rightsholder can put the blob into a proxy—temporarily with the link having set expiration, and no one excepted a non-public cluster can read the file.

[0022] The rightsholder 3—uses a signed upload link to upload a file to a proxy storage. Since no one can access the non-public cluster, the only way is through the proxy storage. 4—the non-public processing cluster downloads the submitted blob from the proxy storage, and preprocesses the movie. Since it constantly polling the catalog service, it knows about the new record and the location of the submitted blob.

[0023] A customer 5—places a new order (plus notarization of order in blockchain). 6—after personalization a processing cluster uploads the blob to the proxy storage. The personalization means that every order item guide gets its own unique and identifiable set of watermarks and an encryption/decryption key. 7—post process info (download a link and one part of the decryption key) to public services. 8—authenticated player asks for a signed down link. No one except the authenticated player can access the info about the location of the blob and the authentication details to download it. 9—a player downloads the blob. 10—the player asks for one part of the key to decrypt and play the AV content.

[0024] The player uses the requested part of the key together with the other part of the key to decrypt the movie-on-the fly, in the memory during the playback. There is no on-disc cache or buffer containing unencrypted content. 11—submit playback metadata (plus notarization of playback in blockchain), i.e. report license usage.

[0025] In the system according to the present invention, to mitigate the need for thrust between the stakeholders, the security architecture plays an important role. Strict secret management and service competence need to be laid out. There are at least three access zones: the public zone, the proxy zone, the nonpublic zone.

[0026] As can be seen from FIG. 2 the present invention is incorporated in a computer system, more precisely the computer system which is a system of services in server dusters. Each duster represents an access zone.

[0027] In the public zone there is the location of services (their http servers) which need to be accessible from the internet, they have IP addresses, domain names, etc. They are used by clients (frontend, desktop or mobile applications) through authenticated http requests, user and role based permission control. There is a strict role based access in communication of services in this part, especially in regard to secret management, e.g. no actor (service or human operator) except authentication service can access a private key used to sign Json Web Tokens (JWT) used for authentication and authorization between clients and services and between services themselves.

[0028] In the non-public zone there is a location of the services and storages which must not be accessible from the Internet for security reasons. Services here cannot accept any communication from outside. These do not have any public IP, nor the duster itself does not have a public P. Services and workers inside this zone do not have any http API to accept http requests—communicating via a message broker.

[0029] In the proxy zone there are storages as an intermediary between public and non-public zones so that the non-public part of the system can accept media files from outside, yet can be completely invisible from the Internet. Storing files in this zone has two main rules: files get deleted immediately after successful transfer from public to non-public, and vice versa. Only there is only one actor which can give a time constrained write only access to a variable and unique part on the proxy storage, i.e. create a signed url which accepts only http PUT method.

[0030] Moreover ail sides are checking the file content via cryptographic hashes—any inconsistency results in an exception and the process needs to be started over again. The above measures are mitigating an unauthorized access to RHs assets, allowing only controlled (encrypted and watermarked with DRM on top) content exit the cluster where storages are accessible from.

[0031] The present invention is not limited to the details shown since various modifications and structural changes are possible without departing from the spirit of the invention.

[0032] What is desired to be protected by Letters Patent is set forth in particular in the appended claims.