3D asset protection system and method for streaming

The system secures 3D assets in real-time streaming by using an object and container encryption server to encrypt and integrate them into a digital container format with DRM decryption, addressing unauthorized access and maintaining performance.

WO2026127398A1PCT designated stage Publication Date: 2026-06-18DIGICAPS
View PDF 0 Cites 0 Cited by

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
DIGICAPS
Filing Date
2025-11-11
Publication Date
2026-06-18

Smart Images

  • Figure KR2025018476_18062026_PF_FP_ABST
    Figure KR2025018476_18062026_PF_FP_ABST
Patent Text Reader

Abstract

A 3D asset protection system for streaming according to one aspect of the present invention comprises: an object encryption server for encrypting geometric information included in a 3D asset at an object level by using an encryption algorithm used for content protection in a streaming environment according to an encryption target; and a container encryption server for parsing the encrypted 3D asset to extract encryption application information included in metadata, transmitting the extracted encryption application information to a DRM server to obtain DRM release-related information in response thereto, and integrating the encrypted 3D asset and the DRM release-related information to package the integrated information in a digital container format.
Need to check novelty before this filing date? Find Prior Art

Description

3D Asset Protection System and Method for Streaming

[0001] The present invention relates to a technology for protecting 3D assets, and in particular to a technology for protecting 3D assets when transmitting 3D assets in real time over a network.

[0002] 3D graphics are being utilized in various industries, including virtual reality (VR), augmented reality (AR), games, and web applications. Consequently, the use of 3D assets is increasing rapidly. 3D assets are essential for visualizing products or constructing virtual environments in digital settings, and high-quality 3D assets significantly enhance the user experience.

[0003] As the development and spread of 3D content and related technologies continue across various industries, the demand and use of 3D assets are increasing, and consequently, the unauthorized copying, alteration, and illegal distribution of 3D assets are emerging as serious problems. Existing protection methods for 3D assets mainly rely on simple encryption of file formats, but this has limitations in completely preventing copying and alteration.

[0004] 3D assets possess complex data structures, such as geometric information, textures, meshes, and animations, requiring new methods to protect them efficiently and securely. Furthermore, 3D assets can be used across various devices and platforms and must be securely protected in diverse situations, including transmission over networks and cloud-based processing.

[0005] The present invention aims to provide a method and system capable of protecting multilayered data of 3D assets, such as mesh data, texture files, and animation data, either wholly or selectively, when transmitting 3D assets in real time over a network in a streaming manner.

[0006] In addition, another objective of the present invention is to provide a method and system that can maintain high performance while protecting assets in real time by avoiding the repetition of encryption and decryption for asset protection during the streaming process of 3D assets.

[0007] A 3D asset protection system for streaming according to one aspect of the present invention includes an object encryption server and a container encryption server.

[0008] The object encryption server encrypts geometric information corresponding to attributes designated as encryption targets according to the configured encryption policy among the geometric information included in the 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment, adds encryption application information including the encryption method, encryption target, encryption key identifier, and key information to the metadata included in the 3D asset, and then stores it as an encrypted 3D asset.

[0009] The container encryption server parses encrypted 3D assets obtained from the object encryption server to extract encryption application information included in the metadata, transmits the extracted encryption application information to the DRM server to obtain DRM decryption information in response, and integrates the encrypted 3D assets and DRM decryption information to package them into a digital container format.

[0010] Specifically, the object encryption server includes a policy management unit, a first 3D asset processing unit, an encryption unit, and a 3D asset storage unit.

[0011] The Policy Management Department establishes and manages an encryption policy that includes encryption targets and encryption algorithms, wherein the encryption algorithm is set to the first encryption algorithm used for content protection in a streaming environment.

[0012] The first 3D asset processing unit parses the input 3D asset to analyze its structure and requests the encryption unit to encrypt the 3D asset.

[0013] The encryption unit performs encryption on the encryption target of the 3D asset according to the encryption policy and stores it in the 3D asset storage.

[0014] The 3D asset store stores encrypted 3D assets and provides 3D assets upon request.

[0015] Specifically, the container encryption server includes a 3D asset receiving unit, a second 3D asset processing unit, a DRM processing unit, and a digital container packaging unit.

[0016] The 3D asset receiving unit requests and obtains encrypted 3D assets from the object encryption server.

[0017] The second 3D asset processing unit parses the encrypted 3D asset and extracts encryption application information included in the metadata.

[0018] The DRM processing unit transmits encryption application information extracted from encrypted 3D assets to the DRM server and receives DRM decryption information related to encrypted 3D assets from the DRM server.

[0019] The digital container packaging department integrates encrypted 3D assets and DRM unlocking information and packages them into a digital container format.

[0020] A 3D asset protection method for streaming, comprising an object encryption server and a container encryption server according to one aspect of the present invention, includes an object encryption step and a container encryption step.

[0021] The object encryption step is a step in which the object encryption server encrypts geometric information corresponding to attributes designated as encryption targets according to a set encryption policy among the geometric information included in the 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment, and adds encryption application information including the encryption method, encryption target, encryption key identifier, and key information to the metadata included in the 3D asset to store it as an encrypted 3D asset.

[0022] The container encryption step is a step in which the container encryption server parses the encrypted 3D asset received from the object encryption server to extract encryption application information included in the metadata, transmits the extracted encryption application information to the DRM server to obtain DRM decryption information in response, and integrates the encrypted 3D asset and DRM decryption information to package it into a digital container format.

[0023] Specifically, the object encryption step includes a first 3D asset processing step, an encryption step, and an encrypted 3D asset storage step.

[0024] The first 3D asset processing step is to parse the input 3D asset to analyze its structure and request encryption of the 3D asset.

[0025] The encryption step is a step that performs encryption on the encryption target of the 3D asset according to the set encryption policy.

[0026] The encrypted 3D asset storage step is a step of adding encryption application information to the metadata included in the 3D asset and storing it in the 3D asset storage.

[0027] At this time, the encryption policy, including the encryption target and the encryption algorithm, is pre-configured and managed, and the encryption algorithm is set to the first encryption algorithm used for content protection in a streaming environment.

[0028] Specifically, the container encryption step includes a 3D asset receiving step, a second 3D asset processing step, a DRM processing step, and a digital container packaging step.

[0029] The 3D asset reception step is the step of requesting and obtaining encrypted 3D assets from an object encryption server.

[0030] The second 3D asset processing step is to parse the encrypted 3D asset and extract encryption application information included in the metadata.

[0031] The DRM processing step is a step of transmitting encryption application information extracted from encrypted 3D assets to the DRM server and receiving DRM decryption information related to encrypted 3D assets from the DRM server.

[0032] The digital container packaging step is a step of integrating encrypted 3D assets and DRM unlocking information into a DRM digital container format.

[0033] According to the present invention, when transmitting 3D assets in real time over a network in a streaming manner, multilayer data of 3D assets, such as mesh data, texture files, and animation data, can be protected in whole or selectively.

[0034] Additionally, according to the present invention, encryption and decryption are not repeated to protect assets during the streaming process of 3D assets, thereby protecting assets in real time while maintaining high performance.

[0035] FIG. 1 illustrates the configuration of a 3D asset protection system according to one aspect of the present invention.

[0036] FIG. 2 specifically illustrates the configuration of a 3D asset protection system according to one aspect of the present invention.

[0037] Figure 3 illustrates an example of a container encryption server connected to a pipeline that packages glTF 3D assets into ISOBMFF.

[0038] FIG. 4 is a flowchart according to a 3D asset protection method in one aspect of the present invention.

[0039] The foregoing and additional aspects are embodied in the embodiments described with reference to the attached drawings. It is understood that the components of each embodiment may be combined in various ways within the embodiment unless otherwise stated or contradictory. Each block in the block diagram may represent a physical part in some cases, but in others, it may be a logical representation of a part of the function of a single physical part or a function spanning multiple physical parts. Sometimes, the entity of a block or part thereof may be a set of program instructions. These blocks may be implemented in whole or in part by hardware, software, or a combination thereof.

[0040]

[0041] A 3D asset is a digital file that represents an object or element in three-dimensional space. 3D assets consist of data that defines the shape, texture, etc., of an object, allowing them to be rendered and animated in various software applications.

[0042] 3D assets can be broadly classified into geometric data and material data. Since geometric data (vertices, faces, normal vectors, etc.) is large in size, it is generally stored as binary data to maintain fast loading and capacity efficiency, whereas material data (color, reflectance, texture paths, etc.) is relatively small and is stored as text. Additionally, material data may contain location information for multiple texture data (images, etc.) used in the model. Depending on their different characteristics and purposes, various 3D formats represent 3D assets as text data (e.g., obj, fbx, maya) that provides readability and ease of modification, binary data (e.g., 3ds, fbx, maya, etc.) that prioritizes processing speed and capacity, or mixed data (e.g., gltf, etc.) that combines binary data and text to balance efficiency and readability.

[0043] Based on these characteristics of 3D assets, this specification describes material data and texture data as text data and geometric data as binary buffer data, and for convenience, glTF (gl Transmission Format) is used as an example among the structures of 3D assets generalized in this way.

[0044] FIG. 1 illustrates the configuration of a 3D asset protection system according to one aspect of the present invention, and FIG. 2 specifically illustrates the configuration of a 3D asset protection system according to one aspect of the present invention. A 3D asset protection system (10) for streaming according to one aspect of the present invention includes an object encryption server (11) and a container encryption server (15).

[0045] The 3D asset protection system (10) of the present invention performs object-level encryption to encrypt 3D assets in advance for efficient protection of 3D assets for 3D asset streaming services, and container-level encryption to protect 3D assets encrypted at the object level when streaming. Object-level encryption is performed at an object encryption server (11), and container-level encryption is performed at a container encryption server (15).

[0046] The object encryption server (11) and the container encryption server (15) are computing devices that include a processor and memory that is connected to the processor and contains program instructions that can be executed by the processor. The object encryption server (11) and the container encryption server (15) may be computer devices that additionally include a storage device, a network device, a display, an input device, etc., in addition to the processor and memory.

[0047] The object encryption server (11) encrypts geometric information corresponding to attributes designated as encryption targets according to the set encryption policy among the geometric information included in the 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment.

[0048] A 3D asset includes buffer data that stores geometric information separated by attribute, material information, location information of one or more texture data, metadata that stores composition information of geometric information, and one or more texture data referenced in the metadata.

[0049] The encryption target may be at least one of the buffer data and texture data included in the 3D asset.

[0050] In particular, the object encryption server (11) can set some attributes of geometric information as encryption targets through an encryption policy, and if only some attributes of geometric information are set as encryption targets, the 3D asset protection system (10) encrypts only a portion of the buffer data corresponding to some attributes.

[0051] As described above, the encryption method uses a first encryption algorithm used for content protection in a streaming environment. For example, when Common Encryption (CENC) is used for 3D asset streaming, the first encryption algorithm can be set to AES-128 CTR mode.

[0052] When the object encryption server (11) sets all attributes of geometric information as the encryption target, it encrypts the entire buffer data in which geometric information is separated and stored by attribute using the first encryption algorithm, and when only some attributes of geometric information are set as the encryption target, it encrypts only the data corresponding to the corresponding attributes in the buffer data. That is, when encrypting at the object level, the object encryption server (11) can set the encryption target to a variety of ranges by considering various aspects such as service scenarios, security requirements, and service flexibility, and can encrypt the geometric information that is set as the encryption target (the entire geometric information if all attributes of geometric information are set as the encryption target).

[0053] The object encryption server (11) adds encryption application information, including encryption method, encryption target, encryption key identifier, and key information, to metadata included in the 3D asset, and then stores it as an encrypted 3D asset.

[0054] In the case of glTF, 3D assets can be divided into metadata containing material information, buffer data containing geometric information, and texture data referenced by the metadata. Buffer data, which stores geometric data, can include various properties by classifying geometric information according to their roles, such as vertex data, normal vectors, and scale data (position, rotation, etc.), and these properties can be selectively protected. 3D assets with a glTF structure specify the data type (vertex, normal vector, etc.), offset information within the buffer data, and binary size information for these properties through a bufferview.

[0055] To encrypt 3D assets, particularly buffer data containing geometric data, at the object level, it is first necessary to be able to select the targets for encryption. To achieve this, the metadata of the 3D assets must be parsed to identify the composition of the geometric data within the buffer data. Geometric data of 3D assets (e.g., vertices, normal vectors, etc.) is stored in the buffer data, and information such as the location or size of these attributes within the buffer data is referenced in the metadata. Additionally, since the metadata includes URI information indicating the location of image data (textures) in the image array (images), it is possible to identify the location and size information of the geometric data or texture images that are the targets for encryption.

[0056] In addition, the encryption algorithm at the object level follows the standard encryption algorithm method of the content protection mechanism (e.g., Common Encryption) in preparation for integration with the content protection mechanism of the streaming environment in the future.

[0057] Furthermore, in object-level encryption, if the encryption target is set to the entire geometric data, the entire buffer data is encrypted; if the target is set to only some attributes of the geometric data, only a portion of the buffer data can be encrypted by identifying the location and size information of those attributes within the buffer data. Additionally, related encryption information, specifically encryption application information, is added to and stored in the metadata. If necessary, encryption application information can be added as extension information.

[0058] In the case of glTF, functionality can be extended through extensions, which are defined as an extension mechanism that can extend new features. Therefore, to protect glTF 3D assets, metadata information related to protection is defined using glTF extensions.

[0059] For encryption-related extension attributes for glTF protection, depending on the information contained, there are the `encryption` extension, which includes the encryption method, target, and encryption key identifier, and the `key_info` extension, which includes key information. Additionally, the `cp_system` extension, which contains information related to the content protection system to be applied for content protection in future streaming environments, may be added. The encryption-related extension attributes are configured in JSON format to match the format of the glTF JSON Document, and each extension may exist at the location of the encryption target attribute depending on the scope of encryption. Furthermore, the name of the extension used for encryption is specified in the top-level `extensionUsed` array to explicitly indicate that the model uses an extension related to the protection of 3D assets. The `encryption`, `key_info`, and `cp_system` extensions contain information such as content protection systems (e.g., DRM systems) used for glTF protection, encryption-related schemas, and encryption keys. This information is defined considering compatibility with the encryption signaling methods of the content protection system to be applied for content protection in future streaming environments. Therefore, the information included in the extension attributes is designed to allow for easy linkage with the encryption method of the streaming environment when the 3D asset is actually streamed. When encrypting the entire buffer data, add encryption-related extensions only to the buffer property; when selectively encrypting only some properties based on the encryption range, add encryption-related extensions to each property individually.

[0060] The encryption extension includes information such as the encryption method, encryption target, and encryption key identifier. It is added to the attributes to be protected, but when protecting the entire buffer data, it is added only to the buffer attribute. In other words, when encrypting the entire buffer data, the encryption extension is added as a sub-attribute of the `extensions` attribute of the buffer attribute; when encrypting only parts of the data, specifically buffer segments, it may be added as a sub-attribute of the `extensions` attribute of the buffer segment attribute. Considering compatibility with content protection systems in streaming environments, the encryption extension includes encryption information necessary for applying encryption, such as `scheme_type`, `default_kid`, `iv`, and `kid`.

[0061] The `key_info` extension temporarily adds and stores encryption keys within 3D assets to protect them without registering them on a specific server during encryption. The encryption key information is structured in the form of JWE JSON Serialization and consists of a list of KIDs and {KID, Key value} pairs. This information includes details for all KIDs used for protection within 3D assets and must be encrypted. When integrated into digital container formats used in streaming environments in the future, it is deleted from the metadata all at once in conjunction with the content protection mechanism.

[0062] The object encryption server (11) encrypts all or part of the buffer data of a 3D asset, and this is called an encrypted 3D asset.

[0063] The container encryption server (15) parses the encrypted 3D asset obtained from the object encryption server (11) to extract encryption application information included in the metadata, transmits the extracted encryption application information to the DRM server (20) to obtain DRM decryption information in response, and integrates the encrypted 3D asset and DRM decryption information to package it into a digital container format. The DRM server (20) may exist for each streaming service.

[0064] If you intend to stream pre-encrypted 3D assets, you must be able to signal to the receiving end that the 3D assets are encrypted. To this end, you must be able to signal encryption information by applying a standard encryption mechanism (e.g., Common Encryption) used for content protection in a streaming environment. Standard encryption mechanisms are essentially standards designed to provide interoperability among various content protection systems and support common encryption algorithms and encryption signaling methods.

[0065] In the case of pre-encrypted 3D assets, they are encrypted without linkage with a content protection system, but when integrating them into a digital container format in a streaming environment, it is necessary to apply a standard encryption mechanism at the container level and link them with a content protection system.

[0066] Since content protection systems in streaming environments support common encryption algorithms and encryption signaling methods, in order to efficiently link pre-encrypted 3D assets with the content protection system, it is necessary to apply a standard encryption algorithm when pre-encrypting 3D assets so that the 3D assets are not re-encrypted when integrated into a digital container format (e.g., ISOBMFF) and the content protection system's standard encryption is applied. This eliminates the inefficiency of having to decrypt the encrypted 3D assets and re-encrypt them using the standard encryption method of the content protection system when packaging them into a digital container format, because the encryption algorithm of the pre-encrypted 3D assets differs from the content protection system's standard encryption method.

[0067] Since the encryption key used when encrypting 3D assets is included in the extended attribute of the 3D asset (key_info extension in the case of glTF), a procedure is required to extract the encryption key and register it with the content protection system. Content protection information is a message exchanged between the content protection system and the container encryption server (15). The container encryption server (15) extracts the encryption application information of the 3D asset that was previously encrypted (encryption, key_info extension in the case of glTF) and provides it to the content protection system, and receives the content protection system-specific data (information related to DRM unlocking) from each content protection system in response. The content protection system-specific data received in this way is finally added to or updated in the extended attribute of the 3D asset (cp_system_info extension in the case of glTF). This information is included in the digital container format to help ensure that the key is provided only to users with appropriate authority in the future.

[0068] For example, if the 3D asset is glTF, the digital container format is ISOBMFF, and the streaming protocol is MPEG-DASH, the encryption extension information is of the MPEG-DASH MPD <contentprotection>Descriptor element information may be linked, and this information may include scheme type information, which is an identifier for the encryption method, default_kid information used as an identifier for the Content Key, and in addition, if the initialization vector (iv) value and buffer data are encrypted by some attribute, kid, iv, encryption offset, encryption data length, etc., to identify the encryption key by some attribute are transmitted to a content protection system (e.g., DRM server) and used by each content protection system to create related data.

[0069] Specifically, the object encryption server (11) includes a policy management unit (111), a first 3D asset processing unit (113), an encryption unit (115), and a 3D asset storage unit (117).

[0070] The policy management unit (111) manages encryption policies that include encryption targets and encryption algorithms. The encryption policy may be set by an administrator according to the streaming service. The encryption algorithm included in the encryption policy is set to a first encryption algorithm used for content protection in a streaming environment.

[0071] The first 3D asset processing unit (113) receives a 3D asset, parses the input 3D asset to analyze its structure, and requests the encryption unit (115) to encrypt the 3D asset.

[0072] The encryption unit (115) performs encryption on the encryption target of the 3D asset according to the encryption policy and stores it in the 3D asset storage (117). The encryption unit (115) adds encryption application information, which is information related to encryption, as an extended attribute to the metadata of the 3D asset, and performs encryption on the encryption target using a first encryption algorithm.

[0073] The 3D asset storage (117) stores encrypted 3D assets and provides 3D assets when there is a request for 3D assets. The 3D asset storage (117) is a file system or a database.

[0074] Specifically, the container encryption server (15) includes a 3D asset receiving unit (151), a second 3D asset processing unit (153), a DRM processing unit (155), and a digital container packaging unit (157).

[0075] The 3D asset receiving unit (151) retrieves encrypted assets from the object encryption server (11) in response to a request from the scene composer. That is, the 3D asset receiving unit (151) receives URI information of the 3D assets from the scene composer and requests and obtains encrypted 3D assets from the object encryption server (11). The scene composer is a device that composes a scene and may exist within the container encryption server (15) or in a separate client device.

[0076] The second 3D asset processing unit (153) parses the 3D asset to determine the structure of the encrypted 3D asset received by the 3D asset receiving unit (151). The second 3D asset processing unit (153) parses the encrypted 3D asset and extracts encryption application information included in the metadata. The second 3D asset processing unit (153) can add content protection system-specific data (DRM unlocking related information) obtained in conjunction with the content protection system to the 3D asset as an extension attribute (cp_system_info extension in the case of glTF).

[0077] The DRM processing unit (155) is linked with the DRM server (20), which is a content protection system. The DRM processing unit (155) transmits encryption application information extracted from the encrypted 3D asset to the DRM server (20) and receives DRM decryption information related to the encrypted 3D asset from the DRM server (20). The DRM processing unit (155) receives DRM specific data, which is information related to DRM decryption, an address (URL) for DRM authentication, and an address (URL) to request a license from the DRM server (20). These information are transmitted to the second 3D asset processing unit (153).

[0078] The digital container packaging unit (157) integrates encrypted 3D assets and DRM unlocking information and packages them into a digital container format. When the digital container format is ISOBMFF, the 3D assets are integrated into the meta box in the form of an item for non-timed media according to the Scene Description specification, and into the mdat under the trak box for time media.

[0079] FIG. 3 illustrates an example in which a container encryption server for packaging glTF 3D assets into ISOBMFF is connected via a pipeline. The procedure for packaging into a digital container format by the container encryption server (15) can be processed sequentially or in parallel by connecting the 3D asset receiving unit (151), 3D asset processing unit, DRM processing unit (155), and digital container packaging unit (157) into a pipeline.

[0080] The texture data to be encrypted may be provided in the form of a separate file. In this case, the location information (URL) of the texture data is stored in the metadata. At least one of the location information of the texture data stored in the metadata may be a DataURL. A DataURL is a URL prefixed with "data:" and includes a binary file converted into an ASCII string format by encoding it in base64.

[0081] If the encryption target includes texture data and the location information of the texture data to be encrypted is a DataURL, the data portion of the DataURL is encrypted using an encryption method that uses a first encryption algorithm.

[0082] FIG. 4 is a flowchart according to a 3D asset protection method according to one aspect of the present invention. A 3D asset protection method for streaming according to one aspect of the present invention includes an object encryption step and a container encryption step.

[0083] The 3D asset protection method of the present invention includes an object encryption step for encrypting 3D assets in advance for efficient protection of 3D assets for a streaming service of 3D assets, and a container encryption step for protecting 3D assets encrypted at the object level when streaming. The object encryption step is performed at an object encryption server (11), and the container encryption step is performed at a container encryption server (15).

[0084] The object encryption step encrypts geometric information corresponding to attributes designated as encryption targets according to the set encryption policy among the geometric information included in the 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment.

[0085] A 3D asset includes buffer data that stores geometric information separated by attribute, material information, location information of one or more texture data, metadata that stores composition information of geometric information, and one or more texture data referenced in the metadata.

[0086] The encryption target may be at least one of the buffer data and texture data included in the 3D asset.

[0087] In particular, the object encryption server (11) can set some attributes of geometric information as encryption targets as encryption policies during the object encryption stage, and if only some attributes of geometric information are set as encryption targets, the 3D asset protection system (10) encrypts only a portion of the buffer data corresponding to some attributes.

[0088] As described above, the encryption method uses a first encryption algorithm used for content protection in a streaming environment. For example, when Common Encryption (CENC) is used for 3D asset streaming, the first encryption algorithm can be set to AES-128 CTR mode.

[0089] When the entire set of geometric information attributes is set as the encryption target in the object encryption stage, the object encryption server (11) encrypts the entire buffer data, which stores geometric information by attribute, using the first encryption algorithm, and when only some attributes of the geometric information are set as the encryption target, it encrypts only the data corresponding to the corresponding attributes in the buffer data. That is, when encrypting at the object level, the object encryption server (11) can set the encryption target to a range by considering various aspects such as service scenarios, security requirements, and service flexibility, and can encrypt the geometric information that is the encryption target set in the object encryption stage (the entire geometric information if the entire set of geometric information attributes is set as the encryption target).

[0090] The object encryption step adds encryption application information, including the encryption method, encryption target, encryption key identifier, and key information, to the metadata included in the 3D asset, and then saves it as an encrypted 3D asset.

[0091] In the case of glTF, 3D assets can be divided into metadata containing material information, buffer data containing geometric information, and texture data referenced by the metadata. Buffer data, which stores geometric data, can include various properties by classifying geometric information according to their roles, such as vertex data, normal vectors, and scale data (position, rotation, etc.), and these properties can be selectively protected. 3D assets with a glTF structure specify the data type (vertex, normal vector, etc.), offset information within the buffer data, and binary size information for these properties through a bufferview.

[0092] In order to encrypt 3D assets, particularly buffer data containing geometric data, during the object encryption step, the object encryption server (11) must first be able to select the target for encryption. To this end, the object encryption server (11) must parse the metadata of the 3D assets during the object encryption step to identify the composition of the geometric data within the buffer data. Geometric data of the 3D assets (e.g., vertices, normal vectors, etc.) are stored in the buffer data, and information such as the location or size of the corresponding attributes in the buffer data is referenced in the metadata. Additionally, since URI information indicating the location of image data (texture) is included in the image array (images) in the metadata, the location and size information of the geometric data or texture images to be encrypted can be identified.

[0093] In addition, the encryption algorithm in the object encryption stage follows the standard encryption algorithm method of the content protection mechanism (e.g., Common Encryption) in preparation for integration with the content protection mechanism of the streaming environment in the future.

[0094] Additionally, in the object encryption step, if the encryption target is set to the entire geometric data, the entire buffer data is encrypted, and if the encryption target is set to only some attributes of the geometric data, only a part of the buffer data is encrypted by identifying the location and size information of the corresponding attributes within the buffer data. Additionally, in the object encryption step, the object encryption server (11) adds and stores related encryption information, namely encryption application information, to metadata. If necessary, the encryption application information may be added as extension information.

[0095] In the case of glTF, functionality can be extended through extensions, which are defined as an extension mechanism that can extend new features. Therefore, to protect glTF 3D assets, metadata information related to protection is defined using glTF extensions.

[0096] For encryption-related extension attributes for glTF protection, depending on the information contained, there are the `encryption` extension, which includes the encryption method, target, and encryption key identifier, and the `key_info` extension, which includes key information. Additionally, the `cp_system` extension, which contains information related to the content protection system to be applied for content protection in future streaming environments, may be added. The encryption-related extension attributes are configured in JSON format to match the format of the glTF JSON Document, and each extension may exist at the location of the encryption target attribute depending on the scope of encryption. Furthermore, the name of the extension used for encryption is specified in the top-level `extensionUsed` array to explicitly indicate that the model uses an extension related to the protection of 3D assets. The `encryption`, `key_info`, and `cp_system` extensions contain information such as content protection systems (e.g., DRM systems) used for glTF protection, encryption-related schemas, and encryption keys. This information is defined considering compatibility with the encryption signaling methods of the content protection system to be applied for content protection in future streaming environments. Therefore, the information included in the extension attributes is designed to allow for easy linkage with the encryption method of the streaming environment when the 3D asset is actually streamed. When encrypting the entire buffer data, add encryption-related extensions only to the buffer property; when selectively encrypting only some properties based on the encryption range, add encryption-related extensions to each property individually.

[0097] The encryption extension includes information such as the encryption method, encryption target, and encryption key identifier. It is added to the attributes to be protected, but when protecting the entire buffer data, it is added only to the buffer attribute. In other words, when encrypting the entire buffer data, the encryption extension is added as a sub-attribute of the `extensions` attribute of the buffer attribute; when encrypting only parts of the data, specifically buffer segments, it may be added as a sub-attribute of the `extensions` attribute of the buffer segment attribute. Considering compatibility with content protection systems in streaming environments, the encryption extension includes encryption information necessary for applying encryption, such as `scheme_type`, `default_kid`, `iv`, and `kid`.

[0098] The `key_info` extension temporarily adds and stores encryption keys within 3D assets to protect them without registering them on a specific server during encryption. The encryption key information is structured in the form of JWE JSON Serialization and consists of a list of KIDs and {KID, Key value} pairs. This information includes details for all KIDs used for protection within 3D assets and must be encrypted. When integrated into digital container formats used in streaming environments in the future, it is deleted from the metadata all at once in conjunction with the content protection mechanism.

[0099] In the object encryption step, the entire or part of the buffer data of a 3D asset that has been encrypted is called an encrypted 3D asset.

[0100] The container encryption step involves the container encryption server (15) parsing the encrypted 3D asset obtained from the object encryption server (11) to extract encryption application information included in the metadata, transmitting the extracted encryption application information to the DRM server (20) to obtain DRM decryption information in response, and integrating the encrypted 3D asset and DRM decryption information to package it into a digital container format. At this time, the DRM server (20) may exist for each streaming service.

[0101] A container encryption server (15) must be able to signal to the receiving end that the 3D asset is encrypted when streaming a pre-encrypted 3D asset. To do this, it must be able to signal encryption information by applying a standard encryption mechanism (e.g., Common Encryption) used for content protection in a streaming environment. A standard encryption mechanism is basically a standard to provide interoperability between various content protection systems and supports common encryption algorithms and encryption signaling methods.

[0102] In the case of pre-encrypted 3D assets, they are encrypted without linkage with a content protection system, but when integrating them into a digital container format in a streaming environment, it is necessary to apply a standard encryption mechanism during the container encryption stage and link them with a content protection system.

[0103] Since content protection systems in streaming environments support common encryption algorithms and encryption signaling methods, in order to efficiently link pre-encrypted 3D assets with the content protection system, it is necessary to apply a standard encryption algorithm when pre-encrypting 3D assets so that the 3D assets are not re-encrypted when integrated into a digital container format (e.g., ISOBMFF) and the content protection system's standard encryption is applied. This eliminates the inefficiency of having to decrypt the encrypted 3D assets and re-encrypt them using the standard encryption method of the content protection system when packaging them into a digital container format, because the encryption algorithm of the pre-encrypted 3D assets differs from the content protection system's standard encryption method.

[0104] Since the encryption key used when encrypting 3D assets is included in the extended attribute of the 3D asset (key_info extension in the case of glTF), a procedure is required to extract the encryption key and register it with the content protection system. Content protection information is a message exchanged between the content protection system and the container encryption server (15). The container encryption server (15) extracts the encryption application information of the 3D asset that was previously encrypted (encryption, key_info extension in the case of glTF) and provides it to the content protection system, and receives the content protection system-specific data (information related to DRM unlocking) from each content protection system in response. The content protection system-specific data received in this way is finally added to or updated in the extended attribute of the 3D asset (cp_system_info extension in the case of glTF). This information is included in the digital container format to help ensure that the key is provided only to users with appropriate authority in the future.

[0105] For example, if the 3D asset is glTF, the digital container format is ISOBMFF, and the streaming protocol is MPEG-DASH, the information in the encryption extension is of the MPEG-DASH MPD. <contentprotection>Descriptor element information may be linked, and this information may include scheme type information, which is an identifier for the encryption method, default_kid information used as an identifier for the Content Key, and in addition, if the initialization vector (iv) value and buffer data are encrypted by some attribute, kid, iv, encryption offset, encryption data length, etc., to identify the encryption key by some attribute are transmitted to a content protection system (e.g., DRM server) and used by each content protection system to create related data.

[0106] Specifically, the object encryption step includes a first 3D asset processing step, an encryption step, and an encrypted 3D asset storage step.

[0107] The object encryption server (11) manages an encryption policy that includes an encryption target and an encryption algorithm. The encryption policy may be set by an administrator according to the streaming service. The encryption algorithm included in the encryption policy is set to a first encryption algorithm used for content protection in a streaming environment.

[0108] In the first 3D asset processing step, the object encryption server (11) receives a 3D asset, parses the input 3D asset to analyze its structure, and requests the encryption unit (115) to encrypt the 3D asset (S1000).

[0109] In the encryption step, the object encryption server (11) performs encryption on the encryption target of the 3D asset according to the encryption policy. At this time, the object encryption server (11) encrypts the encryption target using a first encryption algorithm (S1001).

[0110] The encrypted 3D asset storage step involves the object encryption server (11) adding encryption application information, which is information related to encryption, as an extended attribute to the metadata of the 3D asset and storing it in the 3D asset storage (117) (S1002).

[0111] The 3D asset storage (117) stores encrypted 3D assets and provides 3D assets when there is a request for 3D assets. The 3D asset storage (117) is a file system or a database.

[0112] Specifically, the container encryption step includes a 3D asset receiving step, a second 3D asset processing step, a DRM processing step, and a digital container packaging step.

[0113] The 3D asset receiving step involves the container encryption server (15) retrieving encrypted assets from the object encryption server (11) in response to a request from the scene composer (Scene Composer) (S1003). That is, the 3D asset receiving step involves the container encryption server (15) receiving URI information of the 3D assets from the scene composer and requesting the encrypted 3D assets from the object encryption server (11) to obtain them. The scene composer is a device that composes a scene and may exist within the container encryption server (15) or in a separate client device.

[0114] In the second 3D asset processing step, the container encryption server (15) parses the 3D asset to determine the structure of the encrypted 3D asset received by the 3D asset receiving unit (151). In the second 3D asset processing step, the container encryption server (15) parses the encrypted 3D asset to extract encryption application information included in the metadata (S1004). In the second 3D asset processing step, the container encryption server (15) can add the content protection system-specific data (DRM unlocking information) obtained in conjunction with the content protection system to the 3D asset as an extension attribute (cp_system_info extension in the case of glTF).

[0115] The DRM processing step is a step in which the container encryption server (15) links with the DRM server (20), which is a content protection system. In the DRM processing step, the container encryption server (15) transmits encryption application information extracted from the encrypted 3D asset to the DRM server (20) and receives DRM decryption information related to the encrypted 3D asset from the DRM server (20) (S1005). In the DRM processing step, the container encryption server (15) receives DRM specific data, which is information related to DRM decryption, an address (URL) for DRM authentication, and an address (URL) to request a license from the DRM server (20). These information are transmitted to the second 3D asset processing unit (153).

[0116] The digital container packaging step is a step in which a container encryption server (15) integrates encrypted 3D assets and DRM unlocking information to package them into a digital container format (S1006). In the digital container packaging step, if the digital container format is ISOBMFF, the 3D assets are integrated into the meta box in the form of 'item' for non-timed media according to the Scene Description specification, and into the mdat under the trak box for time media.

[0117] The container encryption method allows the 3D asset receiving step, 3D asset processing step, DRM processing step, and digital container packaging step to be bundled into a pipeline and processed sequentially or in parallel.

[0118] The texture data to be encrypted may be provided in the form of a separate file. In this case, the location information (URL) of the texture data is stored in the metadata. At least one of the location information of the texture data stored in the metadata may be a DataURL. A DataURL is a URL prefixed with "data:" and includes a binary file converted into an ASCII string format by encoding it in base64.

[0119] If the encryption target includes texture data and the location information of the texture data to be encrypted is a DataURL, the data portion of the DataURL is encrypted using an encryption method that uses a first encryption algorithm.

[0120]

[0121] Although the present invention has been described above with reference to embodiments with reference to the accompanying drawings, it is not limited thereto and should be interpreted to encompass various modifications that can be obviously derived from them by those skilled in the art. The claims are intended to encompass such modifications.< / contentprotection> < / contentprotection>

Claims

1. An object encryption server that encrypts geometric information corresponding to an attribute designated as an encryption target according to a configured encryption policy among geometric information included in a 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment, adds encryption application information including the encryption method, encryption target, encryption key identifier, and key information to metadata included in the 3D asset, and saves it as an encrypted 3D asset; and A container encryption server that parses encrypted 3D assets retrieved from an object encryption server to extract encryption application information included in metadata, transmits the extracted encryption application information to a DRM server to obtain DRM decryption information in response, and integrates the encrypted 3D assets and DRM decryption information to package them into a digital container format; A 3D asset protection system for streaming, including 2. In Paragraph 1, the object encryption server is: A policy management unit that manages an encryption policy including an encryption target and an encryption algorithm, wherein the encryption algorithm is set to a first encryption algorithm used for content protection in a streaming environment; A first 3D asset processing unit that parses an input 3D asset, analyzes its structure, and requests encryption of the 3D asset; An encryption unit that performs encryption on the encryption target of a 3D asset according to an encryption policy and stores it in a 3D asset repository; and A 3D asset store that stores encrypted 3D assets and provides 3D assets upon request; A 3D asset protection system for streaming, including 3. In Paragraph 1, the container encryption server is: A 3D asset receiving unit that requests and obtains encrypted 3D assets from an object encryption server; A second 3D asset processing unit that parses encrypted 3D assets and extracts encryption application information included in metadata; A DRM processing unit that transmits encryption application information extracted from an encrypted 3D asset to a DRM server and receives DRM decryption information related to the encrypted 3D asset from the DRM server; A digital container packaging unit that integrates encrypted 3D assets and DRM unlocking information to package them into a digital container format; A 3D asset protection system for streaming, including 4. In Paragraph 1 or 2, A 3D asset includes buffer data that stores geometric information separated by attribute, material information, location information of one or more texture data, metadata that stores composition information of geometric information, and one or more texture data referenced by the metadata, and The encryption target is at least one of the buffer data and texture data included in the 3D asset. 3D asset protection system for streaming.

5. In Paragraph 4, When some attributes of geometric information are set as encryption targets, only a portion of the buffer data corresponding to those attributes is encrypted, 3D asset protection system for streaming.

6. In Paragraph 4, At least one of the location information of texture data stored in metadata is a DataURL, 3D asset protection system for streaming.

7. In Paragraph 6, Encrypting the data portion of the DataURL using an encryption method that uses a first encryption algorithm when the encryption target includes texture data and the location information of the texture data to be encrypted is a DataURL, 3D asset protection system for streaming.

8. A 3D asset protection system comprising an object encryption server and a container encryption server in a 3D asset protection method for streaming, An object encryption step in which an object encryption server encrypts geometric information corresponding to an attribute designated as an encryption target according to a configured encryption policy among geometric information included in a 3D asset using an encryption method that uses a first encryption algorithm used for content protection in a streaming environment, and adds encryption application information including the encryption method, encryption target, encryption key identifier, and key information to metadata included in the 3D asset to store it as an encrypted 3D asset; and A container encryption step in which a container encryption server parses an encrypted 3D asset received from an object encryption server to extract encryption application information included in the metadata, transmits the extracted encryption application information to a DRM server to obtain DRM decryption information in response, and integrates the encrypted 3D asset and DRM decryption information to package it into a digital container format; A 3D asset protection method for streaming, including 9. In Clause 8, the object encryption step is: A first 3D asset processing step that parses the input 3D asset to analyze its structure and requests encryption of the 3D asset; An encryption step that performs encryption on the encryption target of the 3D asset according to the configured encryption policy; and An encrypted 3D asset storage step that adds encryption application information to the metadata included in the 3D asset and stores it in a 3D asset repository; including, An encryption policy including encryption targets and encryption algorithms is pre-configured and managed, wherein the encryption algorithm is set to a first encryption algorithm used for content protection in a streaming environment, 3D asset protection method for streaming.

10. In Clause 8, the container encryption step is: A 3D asset receiving step of obtaining encrypted 3D assets by requesting them from an object encryption server; A second 3D asset processing step that parses encrypted 3D assets to extract encryption application information included in metadata; A DRM processing step that transmits encryption application information extracted from an encrypted 3D asset to a DRM server, and receives DRM decryption information related to the encrypted 3D asset from the DRM server; A digital container packaging step that integrates encrypted 3D assets and DRM unlocking information and packages them into a digital container format; A 3D asset protection method for streaming, including 11. In Paragraph 8 or 9, A 3D asset includes buffer data that stores geometric information separated by attribute, material information, location information of one or more texture data, metadata that stores composition information of geometric information, and one or more texture data referenced by the metadata, and The encryption target is at least one of the buffer data and texture data included in the 3D asset. 3D asset protection method for streaming.

12. In Paragraph 11, When some attributes of geometric information are set as encryption targets, only a portion of the buffer data corresponding to those attributes is encrypted, 3D asset protection method for streaming.

13. In Paragraph 11, At least one of the location information of texture data stored in metadata is a DataURL, 3D asset protection method for streaming.

14. In Paragraph 13, Encrypting the data portion of the DataURL using an encryption method that uses a first encryption algorithm when the encryption target includes texture data and the location information of the texture data to be encrypted is a DataURL, 3D asset protection method for streaming.