US 11,711,555 B1
Protecting media content integrity across untrusted networks
Selvanayagam Sendurpandian, Livermore, CA (US); Ross Engers, San Francisco, CA (US); Luke Curley, El Cerrito, CA (US); Nikhil Purushe, San Francisco, CA (US); Andrew Francis, San Francisco, CA (US); Daniel Lin, Oakland, CA (US); Tarek Amara, Pleasanton, CA (US); Shuhan Jin, Foster City, CA (US); Levi Lovelock, San Francisco, CA (US); Berk Taner, San Mateo, CA (US); Yann Landry, San Francisco, CA (US); Neeraj Satish Joshi, Newark, CA (US); and Jean-Sebastien Royer, San Francisco, CA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Mar. 31, 2021, as Appl. No. 17/219,585.
Int. Cl. H04N 21/2347 (2011.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01)
CPC H04N 21/2347 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0825 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more processors; and
one or more memories, wherein the one or more memories have stored thereon instructions, which when executed by the one or more processors, cause the one or more processors to implement at least one service of a provider network, wherein the at least one service is configured to, for individual clients of the provider network:
receive an indication of media content to be streamed from a broadcaster;
in response to the indication of the media content to be streamed, generate a public key and a corresponding private key;
receive the media content from the broadcaster, wherein the media content comprises a plurality of content portions streamed from the broadcaster;
for individual ones of the plurality of content portions streamed from the broadcaster, subsequent to reception of the content portion by the service from the broadcaster:
process the content portion, wherein the content portion is modified as a result of the processing;
apply a hashing algorithm to the processed content portion to generate a hash of the processed content portion;
sign the hash of the processed content portion using the private key generated by the service to generate a digital signature;
add the digital signature to the processed content portion; and
send the processed content portion to an edge network external to the provider network, wherein at least the edge network or one or more networks between the provider network and the edge network that transmit the content portion are untrusted networks;
receive, from a media player at a remote network, a request for a manifest associated with the media content; and
in response to the request:
generate the manifest, wherein the manifest comprises at least the public key and an indication of a location at the edge network from which the media content is available for retrieval;
send the manifest to the media player over a secure connection in accordance with a security communication protocol.