| CPC H04L 63/0435 (2013.01) [H04L 67/1097 (2013.01)] | 20 Claims |
|
1. A method for encrypting data in a distributed storage environment, the method comprising:
dividing a media item into segments, the segments including a first segment and a subsequent segment;
encoding the at least first and subsequent segments as at least a first representation and a second representation, wherein the first representation and the second representation are encoded at different bitrates;
generating a content encryption key, a raw initialization value, and a first continuity reference;
generating from the first continuity reference and the raw initialization value, a first master initialization vector for the first segment and a first segment continuity reference;
generating a first representation-specific initialization vector for the first representation of the first segment, and a second representation-specific initialization vector for the second representation of the first segment, each based upon the first master initialization vector;
encrypting the first representation of the first segment with the first representation-specific initialization vector and the content encryption key, and the second representation of the first segment with the second representation-specific initialization vector and the content encryption key, to generate an encrypted first segment;
generating from the first segment continuity reference a second master initialization vector for the subsequent segment and a subsequent segment continuity reference;
generating a third representation-specific initialization vector for the first representation of the subsequent segment and a fourth representation-specific initialization vector for the second representation of the subsequent segment, each based upon the second master initialization vector;
encrypting at least the first representation of the subsequent segment with the third representation-specific initialization vector and the content encryption key, and the second representation of the subsequent segment with the fourth representation-specific initialization vector and the content encryption key, to generate an encrypted subsequent segment;
generating a segment reference list of the encrypted segments into which the media item has been divided and information about the representations into which each segment has been encoded;
publishing, to a secure storage location, the segment reference list, the content encryption key, the raw initialization value, and the continuity reference; and
outputting, to the distributed storage environment at least the encrypted first segment and the encrypted subsequent segment.
|