TECHNICAL FIELD

The invention relates to the authentication of media data, and related systems and methods.

BACKGROUND

With the advent of electronic media and social networks and the widespread use of smartphones, the distribution of media data (e.g. in the form of image data, video, audio, etc.) by individuals and entities has become easier and as a result a large amount of media data is made available for consumption by the public through electronic media and social networks every day. At the same time, techniques for the manipulation of media data are becoming increasingly sophisticated, and widespread in use. This leads to the problem of data authentication or ascertaining the trustworthiness of media data available for consumption by the public.

Addressing false or misleading media data in electronic media and social networks after its publication is usually not sufficient to slow or prevent the spread of false media data. While fact-checking can be performed after the media data is made available, the checking itself takes time and does not efficiently slow or prevent the spread of false media data. Steps could be taken to correct, label or remove false media data after its publication, but corrections or the outcome of authentication may not reach the same audience as the false media data does. At the heart of this problem is the asymmetry between the simplicity and speed by which false media data can be produced and mass-distributed electronically versus the complexity and time required to fact-check and rectify falsehoods.

There is thus a need to address one or more of the above problems using electronic technologies, in particular computer-based technologies, to ensure that media data made available for consumption is trustworthy (for instance, that media data is as originally recorded, and has not been edited or otherwise tampered with). SUMMARY

In a first aspect, there is provided a method for operating a media recorder of a media authentication system. The method comprises: performing a media recording operation by recording media data using the media recorder; at or during the recording, obtaining one or more sets of sensed data from one or more sensors associated with the media recorder; and determining a unique identifier associated with the recorded media data. The unique identifier associated with the recorded media data and the one or more sets of sensed data are for facilitating authentication of the media data. The media recorder may be in the form of a mobile phone, a tablet computer, a camera (digital camera), an imager, a smart glass, etc. The media recorder may be portable and optionally wearable (i.e., can be worn by a user). The obtaining and the determining may be performed at the media recorder. The media recorder may be installed with one or more media recording and/or authentication programs or applications for performing the method of this aspect. The media recording and/or authentication programs or applications may be stored in the media recorder at the time of manufacture, or installed in the media recorder (e.g. downloaded from server) after manufacture.

Optionally, the media recording operation comprises an image recording operation and the media data comprises image data (pictures, graphs, text, etc.). In one example, for media recording operation comprising image recording operation, only one set of sensed data is obtained at or during the recording.

Optionally, the media recording operation comprises a video recording operation and the media data comprises video data. In one example, for media recording operation comprising video recording operation, multiple sets of sensed data are obtained, each at a respective time during the recording.

Optionally, the media recording operation comprises an audio recording operation and the media data comprises audio data. In one example, for media recording operation comprising audio recording operation, multiple sets of sensed data are obtained, each at a respective time during the recording.

Optionally, the media recording operation comprises a multimedia recording operation and the media data comprises multimedia data. The one or more sensors associated with the media recorder may be one or more sensors operably connected with the media recorder. The one or more sensors associated with the media recorder may be one or more sensors of (i.e., integrated with) the media recorder. Optionally, the one or more sensors of the media recorder comprises one or more or all of: a proximity sensor, a location sensor, a motion sensor, a light sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc.

The one or more sets of sensed data may include one or more sets of sensed value(s) or sensed change(s) in values. Optionally, each set of sensed data may include one or more or all of: a measurement of proximity or change in proximity of a user of the media recorder with respect to the media recorder; a measurement of location (absolute or relative) or change in location of the media recorder; a measurement of orientation or change in orientation of the media recorder; and/or a measurement of light condition or change in light condition associated with an environment in which the media recorder is arranged.

Optionally, the media recorder comprises: the one or more sensors, and means for recording media data. The means for recording media data includes at least one of: a camera for capturing image and/or video, and a microphone for capturing sound.

Optionally, the media recording operation comprises a video recording operation and the media data comprises video data, and the obtaining of the one or more sets of sensed data comprises obtaining multiple sets of sensed data at different times during the recording. In one example, the obtaining of the sets of sensed data comprises, at least: obtaining a first set of sensed data during the recording; and obtaining a second set of sensed data during the recording. The obtaining of the sets of sensed data may be performed at predetermined, optionally regular, time intervals. In one example, one set of sensed data may be obtained every half second or every second. The different sets of sensed data obtained at different times may include the same type of measurement(s), to facilitate tracking of variation(s) of specific measurement(s) during the recording. This may be useful for media data that changes with time (e.g., video, audio), as a stream of the sensed data can facilitate the determination of a continuity of the recording and optionally be matched with the change in media data captured (e.g., video captured by a moving camera should be matched with sensed data that shows the corresponding movement).

Optionally, determining the unique identifier associated with the recorded media data comprises computing a hash associated with the recorded media data. The hash may be computed using a cryptographic hash function, e.g., by processing the media data using the cryptographic hash function. The determining may be performed at the media recorder.

Optionally, the method further comprises: performing a clock synchronization operation. The clock synchronization operation may include: transmitting a heartbeat signal to a server operably connected with the media recorder; in response to the transmitting, receiving from the server a clock signal indicative of clock or time information of a clock of the server; based on the received clock signal, determining whether a clock of the media recorder and the clock of the server are synchronized; and if the clock of the media recorder and the clock of the server are not synchronized, adjusting the clock of the media recorder to match the clock of the server. These steps may be performed at the media recorder. The clock signal may include a timestamp.

Optionally, the clock synchronization operation is repeated, e.g., the clock synchronization operations are performed at predetermined, optionally regular, time intervals. For example, the clock of every few seconds or minutes. The time interval(s) of the clock synchronization operation are longer than the time interval(s) of the obtaining of the sets of sensed data. Preferably, the clock synchronization operation is performed at least once during the recording of the media data by the media recorder.

Optionally, the method further comprises: transmitting the unique identifier associated with the recorded media data from the media recorder to the server and/or transmitting the one or more sets of sensed data from the media recorder to the server. The transmission of the sensed data and the transmission of the sensed data may be performed simultaneously or separately, optionally along with other information.

Optionally, the method further comprises: determining a digital certificate for the media data based on, at least, the unique identifier associated with the recorded media data (e.g., a computed hash), a unique identifier of the media recorder, and a unique identifier of a user of the media recorder; and transmitting the digital certificate to the server for validation. The determining may be performed at the media recorder.

Optionally, the method further comprises: determining a digital certificate for the media data based on, at least, the unique identifier associated with the recorded media data (e.g., a computed hash), a unique identifier of the media recorder, a unique identifier of a user of the media recorder, and information associated with a or the latest clock signal received from the server during the recording; and transmitting the digital certificate to the server for validation. The determining may be performed at the media recorder.

Optionally, the digital certificate is digitally signed using, at least, a private key of the media recorder.

Optionally, the digital certificate is digitally signed using, at least, a private key of the media recorder and a private key of the user.

Optionally, the determining of the digital certificate further comprises: digitally signing the digital certificate using, at least, a private key of the media recorder and/or a private key of the user. The private key of the media recorder may be stored at the media recorder. The private key of the user may be stored at the media recorder. The digitally signing may be performed at the media recorder.

Optionally, the method further comprises: transmitting the media data or a compressed version (e.g., thumbnails, lower resolution, lower sampling rate, only portion(s) of, etc.) of the media data from the media recorder to the server if the validation of the digital certificate is successful.

Optionally, the media recorder has been validated, e.g., by the server, prior to the recording of the media data.

Optionally, the method further comprises: performing a media recorder validation operation prior to the recording of the media data. In one example, the media recorder validation operation may include: transmitting hardware information of the media recorder to the server; and in response to the transmitting, receiving a unique identifier of the media recorder from the server if the validation of the media recorder is successful. In another example, the media recorder validation operation may include: transmitting a unique identifier of the media recorder to the server for validation of the media recorder; and in response to the transmitting, receiving an indication that the validation of the media recorder is successful. These steps may be performed by the media recorder, and the validation may be performed by the server.

Optionally, the method further comprises: prior to determining the unique identifier associated with the recorded media data, removing an end portion of the media data, e.g., based on user input to obtain edited media data. The determining of the unique identifier associated with the recorded media data may include determining a unique identifier associated with the edited media data. The editing may be performed at the media recorder.

In a second aspect, there is provided a non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors, the one or more programs including instructions for performing of the method of the first aspect.

In a third aspect, there is provided a computer program comprising instructions which, when the program is executed by a computer, cause the computer to perform the method of the first aspect.

In a fourth aspect, there is provided a media recorder. The media recorder includes one or more sensors, and means for recording media data. The means for recording media data includes at least one of: a camera for capturing image and/or video, and a microphone for capturing sound. The media recorder further includes one or more processors, and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for: performing a media recording operation by recording media data using the media recorder; at or during recording of media data, obtaining one or more sets of sensed data from the one or more sensors; and determining a unique identifier associated with the recorded media data. The unique identifier associated with the recorded media data and the one or more sets of sensed data are for facilitating authentication of the media data. The media recorder may be in the form of a mobile phone, a tablet computer, a smart glass, a camera (digital camera), an imager, a smart glass, etc. The media recorder may be portable and optionally wearable (i.e., can be worn by a user).

Optionally, the instructions for performing the media recording operation comprises instructions for performing an image recording operation and the media data comprises image data (pictures, graphs, text, etc.). In one example, for image recording operation, the instructions for obtaining include instructions for obtaining only one set of sensed data at or during the recording.

Optionally, the instructions for performing the media recording operation comprises instructions for performing a video recording operation and the media data comprises video data. In one example, for video recording operation, the instructions for obtaining include instructions for obtaining multiple sets of sensed data each at a respective time during the recording.

Optionally, the instructions for performing the media recording operation comprises instructions for performing an audio recording operation and the media data comprises audio data. In one example, for audio recording operation, the instructions for obtaining include instructions for obtaining multiple sets of sensed data are obtained each at a respective time during the recording.

Optionally, the instructions for performing the media recording operation comprises instructions for performing a multimedia recording operation and the media data comprises multimedia data.

Optionally, the one or more sensors comprise one or more or all of: a proximity sensor, a location sensor, a motion sensor, a light sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc.

The one or more sets of sensed data may include one or more sets of sensed value(s) or sensed change(s) in values. Optionally, each set of sensed data may include one or more or all of: a measurement of proximity or change in proximity of a user of the media recorder with respect to the media recorder; a measurement of location (absolute or relative) or change in location of the media recorder; a measurement of orientation or change in orientation of the media recorder; and/or a measurement of light condition or change in light condition associated with an environment in which the media recorder is arranged.

Optionally, the instructions for performing the media recording operation comprises instructions for performing a video recording operation (the media data comprises video data), and the instructions for obtaining multiple sets of sensed data at different times during the recording. In one example, the instructions for obtaining comprises, instructions for, at least: obtaining a first set of sensed data during the recording; and obtaining a second set of sensed data during the recording. The instructions for obtaining may include instruction for obtaining the sets of sensed data at predetermined, optionally regular, time intervals. In one example, one set of sensed data may be obtained every half second or every second. The different sets of sensed data obtained at different times may include the same type of measurement(s), to facilitate tracking of variation(s) of specific measurement(s) during the recording. This may be useful for media data that changes with time (e.g., video, audio), as a stream of the sensed data can facilitate the determination of a continuity of the recording.

Optionally, the instructions for determining the unique identifier associated with the recorded media data comprises instructions for computing a hash associated with the recorded media data. The hash may be computed using a cryptographic hash function, e.g., by processing the media data using the cryptographic hash function.

Optionally, the one or more programs further include instructions for performing a clock synchronization operation. The instructions for the clock synchronization operation may include instructions for: transmitting a heartbeat signal to a server operably connected with the media recorder; in response to the transmitting, receiving from the server a clock signal indicative of clock or time information of a clock of the server; based on the received clock signal, determining whether a clock of the media recorder and the clock of the server are synchronized; and if the clock of the media recorder and the clock of the server are not synchronized, adjusting the clock of the media recorder to match the clock of the server. The clock signal may include a timestamp. Optionally, the instructions for performing a clock synchronization operation include instructions for repeating the clock synchronization operation, e.g., for performing clock synchronization operations at predetermined, optionally regular, time intervals. For example, the clock synchronization operation is repeated every few seconds or minutes. The time interval(s) of the clock synchronization operation may be longer than the time interval(s) of the obtaining of the sets of sensed data. Preferably, the clock synchronization operation is performed at least once during the recording of the media data by the media recorder.

Optionally, the one or more programs further include instructions for: transmitting the unique identifier associated with the recorded media data from the media recorder to the server and/or transmitting the one or more sets of sensed data from the media recorder to the server. The transmission of the sensed data and the transmission of the sensed data may be performed simultaneously or separately, optionally along with other information.

Optionally, the one or more programs further include instructions for: determining a digital certificate for the media data based on, at least, the unique identifier associated with the recorded media data (e.g., a computed hash), a unique identifier of the media recorder, a unique identifier of a user of the media recorder, and information associated with a or the latest clock signal received from the server; and transmitting the digital certificate to the server for validation.

Optionally, the digital certificate is digitally signed using, at least, a private key of the media recorder.

Optionally, the digital certificate is digitally signed using, at least, a private key of the media recorder and a private key of the user.

Optionally, the instructions for determining of the digital certificate further comprises instructions for: digitally signing the digital certificate using, at least, a private key of the media recorder and/or a private key of the user. The private key of the media recorder may be stored at the media recorder. The private key of the user may be stored at the media recorder.

Optionally, the one or more programs further include instructions for: transmitting the media data or a compressed version (e.g., thumbnails, lower resolution, only portion(s) of, etc.) of the media data from the media recorder to the server if the validation of the digital certificate is successful.

Optionally, the media recorder has been validated, e.g., by the server, prior to the recording of the media data.

Optionally, one or more programs further include instructions for: performing a media recorder validation operation prior to the recording of the media data. In one example, the media recorder validation operation may include: transmitting hardware information of the media recorder to the server; and in response to the transmitting, receiving a unique identifier of the media recorder from the server if the validation of the media recorder is successful. In another example, the media recorder validation operation may include: transmitting a unique identifier of the media recorder to the server for validation of the media recorder; and in response to the transmitting, receiving an indication that the validation of the media recorder is successful. The validation may be performed by the server.

Optionally, one or more programs further include instructions for facilitating removal of an end portion of the media data to obtain edited media data, prior to determining the unique identifier associated with the recorded media data. The instructions for determining the unique identifier associated with the recorded media data may include instructions for determining a unique identifier associated with the edited media data.

In a fifth aspect, there is provided a method for operating a server of a media authentication system. The method comprises: receiving, from a media recorder, a digital certificate associated with media data recorded by the media recorder. The digital certificate is determined based on, at least, a unique identifier associated with the media data, a unique identifier of the media recorder, and a unique identifier of a user of the media recorder. The method further comprises determining a validity of the digital certificate. The receiving and the determining of the validity are performed at the server. The digital certificate may be determined at the media recorder.

Optionally, the media recorder is the media recorder of the fourth aspect or the media recorder in the method of the first aspect. The media recorder may be in the form of a mobile phone, a tablet computer, a smart glass, a camera (digital camera), an imager, a smart glass, etc. The media recorder may be portable and optionally wearable (i.e., can be worn by a user). Optionally, the media recorder comprises: one or more sensors, and means for recording media data. The means for recording media data comprises at least one of: a camera for capturing image and/or video, and a microphone for capturing sound. The one or more sensors may include one or more or all of: a proximity sensor, a location sensor, a motion sensor, a light sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc.

Optionally, the media data comprises image data (pictures, graphs, text, etc.), video data, audio data, multimedia data, etc.

Optionally, the unique identifier associated with the media data comprises a hash associated with the recorded media data. The hash may be computed at the media recorder using a cryptographic hash function, e.g., by processing the media data at the media recorder using the cryptographic hash function.

Optionally, the method further comprises performing a clock synchronization operation. The clock synchronization operation may include: receiving a heartbeat signal from the media recorder; and in response to the receiving, transmitting to the media recorder a clock signal indicative of clock or time information of a clock of the server for synchronizing the clock of the media recorder with the clock of the server. These steps may be performed at the server. The clock signal may include a timestamp.

Optionally, the clock synchronization operation is repeated, e.g., the clock synchronization operations are performed at predetermined, optionally regular, time intervals. That is, heartbeat signal is repeatedly received from the media recorder e.g., at predetermined, optionally regular, time intervals. For example, the clock synchronization operation is repeated every few seconds or minutes. Preferably, the clock synchronization operation is performed at least once during the recording of the media data by the media recorder. Optionally, the method further comprises: receiving, at the server, the unique identifier associated with the media data and/or receiving, at the server, one or more sets of sensed data obtained from one or more sensors of the media recorder. The one or more sets of sensed data are obtained at or during the recording of the media data. The one or more sensors may include one or more or all of: a proximity sensor, a location sensor, a motion sensor, a tight sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc. The one or more sets of sensed data may include one or more sets of sensed value(s) or sensed change(s) in values. Optionally, each set of sensed data may include one or more or all of: a measurement of proximity or change in proximity of a user of the media recorder with respect to the media recorder; a measurement of location (absolute or relative) or change in location of the media recorder; a measurement of orientation or change in orientation of the media recorder; and/or a measurement of tight condition or change in tight condition associated with an environment in which the media recorder is arranged. The obtaining of the sets of sensed data may be performed by the media recorder at different times during the recording. The obtaining of the sets of sensed data may be performed at predetermined, optionally regular, time intervals. In one example, one set of sensed data may be obtained every half second or every second. The different sets of sensed data obtained at different times may include the same type of measurement(s), to facilitate tracking of variation(s) of specific measurement(s) during the recording. This may be useful for media data that changes with time (e.g., video, audio), as a stream of the sensed data can facilitate the determination of a continuity of the recording.

Optionally, the digital certificate of the media data is determined further based on information associated with a or the latest clock-signal received by the media recorder (e.g., as part of the clock synchronization operation) from the server. The determination is performed at the media recorder.

Optionally, the digital certificate has been digitally signed using, at least, a private key of the media recorder.

Optionally, the digital certificate has been digitally signed using, at least, a private key of the media recorder and a private key of the user. Optionally, the determining of the validity of the digital certificate comprises: determining validity of the digital signature of the digital certificate using at least a public key of the media recorder and/or a public key of the user; and, optionally, determining whether the information associated with the latest clock signal received from the server is acceptable. The determining of whether the information associated with the latest clock signal is acceptable may comprise: determining whether the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and optionally, if they match, determining whether a time difference between a time of the latest clock signal and a time at which the determining of the validity is performed reaches or exceeds a time threshold. The information associated with the latest clock signal is acceptable if the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and optionally, the time difference does not reach or exceed the time threshold (which reduces the time allowed of tampering the media data).

Additionally or alternatively, the determining of the validity of the digital certificate may further comprise: determining validity of the unique identifier of the media recorder; and/or determining validity of the unique identifier of the user of the media recorder. The determining of validity of the unique identifier of the media recorder may include determining whether the unique identifier is a known identifier (e.g., by comparing with identifier records). The determining of validity of the unique identifier of the user may include determining whether the unique identifier is a known identifier (e.g., by comparing with identifier records).

Optionally, the method further comprises after successful validation of the digital certificate, receiving, from the media recorder, the media data or a compressed version (e.g., thumbnails, lower resolution, lower sampling rate, only portion(s) of, etc.) of the media data. Optionally, the media data or the compressed version of the media data is received at the server only after successful validation of the digital certificate.

Optionally, the method further comprises performing a media recorder validation operation prior to the receiving of the digital certificate. In one example, the media recorder validation operation includes: receiving from the media recorder hardware information of the media recorder; validating the media recorder based on the received hardware information; and transmitting the unique identifier of the media recorder to the media recorder if the validation of the media recorder is successful. The validating may include determining, based on the received hardware information, whether the media recorder comprises the one or more sensors.

In another example, the media recorder validation operation includes: receiving from the media recorder a unique identifier of the media recorder for validation of the media recorder; validating the media recorder based on the received unique identifier of the media recorder; and transmitting an indication that the validation of the media recorder is successful if the validation of the media recorder is successful. The validating may include determining, based on the received unique identifier, whether the media recorder is a certified/registered media recorder that has been certified by/registered with the server.

Optionally, the media data is edited media data with an end portion of an original media data removed. For example, the media data is video data representative of a video with the first or last few milliseconds or seconds removed.

In a sixth aspect, there is provided a non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors, the one or more programs including instructions for performing of the method of the fifth aspect.

In an seventh aspect, there is provided a computer program comprising instructions which, when the program is executed by a computer, cause the computer to perform the method of the fifth aspect.

In an eighth aspect, there is provided a server, comprising: one or more processors; and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for: receiving, from a media recorder, a digital certificate associated with media data recorded by the media recorder; and determining a validity of the digital certificate. The digital certificate is determined based on, at least, a unique identifier associated with the media data, a unique identifier of the media recorder, and a unique identifier of a user of the media recorder. The digital certificate may be determined at the media recorder. The receiving and the determining of the validity are performed at the server. The server may be implemented using various computer architectures. For example, the server may be a cloud-based computing server.

Optionally, the media recorder is the media recorder of the fourth aspect or the media recorder in the method of the first aspect.

The media recorder may be in the form of a mobile phone, a tablet computer, a smart glass, a camera (digital camera), an imager, a smart glass, etc. The media recorder may be portable and optionally wearable (i.e., can be worn by a user). Optionally, the media recorder comprises: one or more sensors, and means for recording media data. The means for recording media data comprises at least one of: a camera for capturing image and/or video, and a microphone for capturing sound. The one or more sensors may include one or more or all of: a proximity sensor, a location sensor, a motion sensor, a light sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc.

Optionally, the media data comprises image data (pictures, graphs, text, etc.), video data, audio data, multimedia data, etc.

Optionally, the unique identifier associated with the media data comprises a hash associated with the recorded media data. The hash may be computed at the media recorder using a cryptographic hash function, e.g., by processing the media data at the media recorder using the cryptographic hash function.

Optionally, the one or more programs further include instructions for performing a clock synchronization operation. The instructions for performing the clock synchronization operation include instructions for: receiving a heartbeat signal from the media recorder; and in response to the receiving, transmitting to the media recorder a clock signal indicative of clock or time information of a clock of the server for synchronizing the clock of the media recorder with the clock of the server. The clock signal may include a timestamp. Optionally, the one or more programs further include instructions for repeating the clock synchronization operation, e.g., the clock synchronization operations are performed at predetermined, optionally regular, time intervals. For example, the clock synchronization operation is repeated every few seconds or minutes. Preferably, the clock synchronization operation is performed at least once during the recording of the media data by the media recorder.

Optionally, the one or more programs further include instructions for: receiving the unique identifier associated with the media data and/or receiving one or more sets of sensed data obtained from one or more sensors of the media recorder. The one or more sets of sensed data are obtained at or during the recording of the media data. The one or more sensors may include one or more or all of: a proximity sensor, a location sensor, a motion sensor, a tight sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc. The motion sensor may include an IMU, a magnetometer, an accelerometer, a gyroscope, etc. The location sensor may include GPS sensor, etc. The proximity sensor may be an inductive sensor, a capacitive sensor, etc. The one or more sets of sensed data may include one or more sets of sensed value(s) or sensed change(s) in values. Optionally, each set of sensed data may include one or more or all of: a measurement of proximity or change in proximity of a user of the media recorder with respect to the media recorder; a measurement of location (absolute or relative) or change in location of the media recorder; a measurement of orientation or change in orientation of the media recorder; and/or a measurement of light condition or change in light condition associated with an environment in which the media recorder is arranged. The obtaining of the sets of sensed data may be performed at different times during the recording. The obtaining of the sets of sensed data may be performed at predetermined, optionally regular, time intervals. In one example, one set of sensed data may be obtained every half second or every second. The different sets of sensed data obtained at different times may include the same type of measurement(s), to facilitate tracking of variation(s) of specific measurement(s) during the recording. This may be useful for media data that changes with time (e.g., video, audio), as a stream of the sensed data can facilitate the determination of a continuity of the recording.

Optionally, the digital certificate of the media data is determined further based on information associated with a or the latest clock signal received by the media recorder (e.g., as part of the clock synchronization operation) from the server. The determination is performed at the media recorder.

Optionally, the digital certificate has been digitally signed using, at least, a private key of the media recorder.

Optionally, the digital certificate has been digitally signed using, at least, a private key of the media recorder and a private key of the user.

Optionally, the instructions for determining of the validity of the digital certificate comprises instructions for: determining validity of the digital signature of the digital certificate using at least a public key of the media recorder and/or a public key of the user; and optionally, determining whether the information associated with the latest clock signal received from the server is acceptable. The instructions for determining whether the information associated with the latest clock signal is acceptable may comprise instructions for: determining whether the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and optionally, if they match, whether a time difference between a time of the latest clock signal and a time at which the determining of the validity is performed reaches or exceeds a time threshold. The information associated with the latest clock signal is acceptable if the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and optionally, the time difference does not reach or exceed the time threshold (which reduces the time allowed for tampering the media data).

Optionally, the one or more programs further include instructions for: after successful validation of the digital certificate, receiving, from the media recorder, the media data or a compressed version (e.g., thumbnails, lower resolution, lower sampling rate, only portion(s) of, etc.) of the media data. Optionally, the media data or the compressed version of the media data is received at the server only after successful validation of the digital certificate.

Optionally, the one or more programs further include instructions for performing a media recorder validation operation prior to the receiving of the digital certificate. In one example, the instructions for the media recorder validation operation includes instructions for: receiving from the media recorder hardware information of the media recorder; validating the media recorder based on the received hardware information; and transmitting the unique identifier of the media recorder to the media recorder if the validation of the media recorder is successful. The instructions for the validating may include instructions for determining, based on the received hardware information, whether the media recorder comprises the one or more sensors.

In another example, the instructions for the media recorder validation operation includes instructions for: receiving from the media recorder a unique identifier of the media recorder for validation of the media recorder; validating the media recorder based on the received unique identifier of the media recorder; and transmitting an indication that the validation of the media recorder is successful if the validation of the media recorder is successful. The instructions for the validating may include instructions for determining, based on the received unique identifier, whether the media recorder is a certified/registered media recorder that has been certified by/registered with the server.

Optionally, the media data is edited media data with an end portion of an original media data removed. For example, the media data is video data representative of a video with the first or last few milliseconds or seconds removed.

In a ninth aspect, there is provided a method for operating a server of a media authentication system. The method includes: receiving, at the server, a request to publish a media file containing media data at a media publisher. The media file includes media data recorded by a media recorder. The method further includes: in response to the request, authenticating the media file; and if the media file is successfully authenticated, creating a file for publishing, the file containing the media file and an authentication marker that indicates that the media file has been authenticated.

Optionally, the media recorder is the media recorder of the fourth aspect or the media recorder in the method of the first aspect.

Optionally, the server is the server of the eighth aspect or the server in the method of the fifth aspect. Optionally, authenticating the media file includes computing a hash for the media file and determining whether the computed hash correspond to a known hash.

Optionally, authenticating the media file includes validating a digital certificate of the media file or media data.

Optionally, the method further comprises enabling access of the file. In one example, the method further comprises enabling access of the file by a media publisher, e.g., by a server of the media publisher.

Optionally, the method further comprises transmitting the file to a media publisher, e.g., to a server of the media publisher.

Optionally, the method further comprises: receiving, at the server, a selection of one or more media publishers from a plurality of media publishers; and transmitting the file to one or more of the selected media publisher(s), e.g., to server(s) of the media publisher(s).

Optionally, the method further comprises: receiving, at the server, a selection of one or more media publishers from a plurality of media publishers; and enabling access of the file by the selected media publisher(s), e.g., by server(s) of the media publisher(s).

Optionally, the media file comprises an image file representative of an image, the media data comprises image data representative of the image, and the authentication marker comprises information arranged to be presented along with the image. The information may include one or more or all of: a barcode arranged to be presented along with the image; date information indicative of date the image is recorded; time information indicative of time the image is recorded; and measurement(s) associated with sensed data obtained from one or more sensors at or during which the image is recorded.

The barcode may be associated with a webpage link to a webpage containing authentication information of the media file. The barcode may be a ID bar code, a 2D barcode (e.g., QR code), etc. Optionally, the media file comprises a video file representative of a video, the media data comprises video data representative of the video, and the authentication marker comprises information arranged to be presented along with the video. Optionally, the authentication marker comprises a widget containing information arranged to be presented along with the video. The information may include, for each frame of the video, one or more or all of: date information indicative of date the frame of the video is recorded; time information indicative of time the frame of the video is recorded; and information (measurements) associated with sensed data obtained from one or more sensors of the media recorder by which the video is recorded. The values of the measurements at different frames of the video may be different.

In a tenth aspect, there is provided a non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors, the one or more programs including instructions for performing of the method of the ninth aspect.

In an eleventh aspect, there is provided a computer program comprising instructions which, when the program is executed by a computer, cause the computer to perform the method of the ninth aspect.

In a twelfth aspect, there is provided a server, comprising: one or more processors; and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for: receiving, at the server, a request to publish a media file (including media data recorded by a media recorder) at a media publisher; authenticating the media file; and if the media file is successfully authenticated, creating a file for publishing, the file containing the media file and an authentication marker that indicates that the media file has been authenticated.

Optionally, the media recorder is the media recorder of the fourth aspect or the media recorder in the method of the first aspect.

Optionally, the server is the server of the eighth aspect or the server in the method of the fifth aspect. Optionally, the one or more programs further include instructions for enabling access of the file. In one example, the one or more programs further include instructions for enabling access of the file by a media publisher, e.g., by a server of the media publisher.

Optionally, the one or more programs further include instructions for transmitting the file to a media publisher, e.g., to a server of the media publisher.

Optionally, the one or more programs further include instructions for: receiving, at the server, a selection of one or more media publishers from a plurality of media publishers; and transmitting the file to one or more of the selected media publisher(s), e.g., to server(s) of the media publisher(s).

Optionally, the one or more programs further include instructions for: receiving, at the server, a selection of one or more media publishers from a plurality of media publishers; and enabling access of the file by the selected media publisher(s), e.g., by server(s) of the media publisher(s).

Optionally, the media file comprises an image file representative of an image, the media data comprises image data representative of the image, and the authentication marker comprises information arranged to be presented along with the image. The information may include one or more or all of: a barcode arranged to be presented along with the image; date information indicative of date the image is recorded; time information indicative of time the image is recorded; and measurement(s) associated with sensed data obtained from one or more sensors at or during which the image is recorded.

The barcode may be associated with a webpage link to a webpage containing authentication information of the media file. The barcode may be a ID bar code, a 2D barcode (e.g., QR code), etc.

Optionally, the media file comprises a video file representative of a video, the media data comprises video data representative of the video, and the authentication marker comprises information arranged to be presented along with the video. Optionally, the authentication marker comprises a widget containing information arranged to be presented along with the video. The information may include, for each frame of the video, one or more or all of: date information indicative of date the frame of the video is recorded; time information indicative of time the frame of the video is recorded; and information (measurement) associated with sensed data obtained from one or more sensors of the media recorder by which the video is recorded. The values of the measurements at different frames of the video may be different.

In a thirteenth aspect, there is provided a media authentication system comprising the media recorder of the fourth aspect and one or both of: the server of the eighth aspect and the server of the twelfth aspect. In some examples, the server of the eighth aspect and the server of the twelfth aspect may be the same server or different servers.

In a fourteenth aspect, there is provided a media authentication method comprising two or more of: the method of the first aspect, the method of the fifth aspect, and the method of the ninth aspect.

Other features and aspects of the invention will become apparent by consideration of the detailed description and accompanying drawings. Any feature(s) described herein in relation to one aspect or embodiment may be combined with any other feature(s) described herein in relation to any other aspect or embodiment as appropriate and applicable.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will now be described, by way of example, with reference to the accompanying drawings in which:

Figure 1 is a flowchart illustrating a method for operating a media recorder of a media authentication system in one embodiment;

Figure 2 is a flowchart illustrating a method for operating a server of a media authentication system in one embodiment;

Figure 3 is a schematic diagram illustrating a media authentication system in one embodiment; Figure 4 is a flowchart illustrating a media recorder validation operation performed by a media authentication system in one embodiment;

Figure 5 is a flowchart illustrating a media recorder validation operation performed by a media authentication system in one embodiment;

Figure 6 is a flowchart illustrating a clock synchronization operation performed by a media authentication system in one embodiment;

Figure 7 is a flowchart illustrating a method for operating a server of a media authentication system in one embodiment;

Figure 8A is a schematic diagram illustrating a presentation of an authenticated video in one embodiment;

Figure 8B is a schematic diagram illustrating a presentation of an authenticated image in one embodiment;

Figure 9 is a functional block diagram of a media recorder of a media authentication system in one embodiment;

Figure 10 is a functional block diagram of an information handling system operable as a server of a media authentication system in one embodiment;

Figure 11 is a flowchart illustrating a method for operating a media authentication system in one embodiment;

Figure 12 is a flowchart illustrating a method for operating a media authentication system in one embodiment;

Figure 13 is a flowchart illustrating a method for operating a media authentication system in one embodiment;

Figure 14 is a flowchart illustrating a method for operating a media authentication system in one embodiment; Figure 15 is a flowchart illustrating a method for operating a media authentication system in one embodiment;

Figure 16 is a flowchart illustrating a method for operating a media authentication system in one embodiment; and

Figure 17 is a flowchart illustrating a method for operating a media authentication system in one embodiment.

DETAILED DESCRIPTION

Figure 1 shows a media authentication system 100 in one embodiment of the invention. The system 100 includes a media recorder 102 and a server 104 operably connected with each other. The media recorder 102 may be a mobile phone 102 A, a digital camera 102B, a computer 102C, etc., which can be used by a user U to record media data (sound, image, video, etc.). The media recorder 102 may be installed with one or more media recording and/or authentication programs or applications for performing the various method embodiments of the invention. The server 104 may be implemented using any suitable computer architectures, with a single computing device or multiple computing devices. The server 104 is arranged to facilitate registration of the user and the media recorder 102 to the media authentication system 100, and to operate to perform the various method embodiments of the invention. The media recorder 102 and the server 104 may be in data communication through one or more wired or wireless communication links 106.

Figure 2 shows a method 200 for operating a media recorder of a media authentication system in one embodiment. The media recorder in method 200 may be the media recorder 102 of Figure 1 and/or the media authentication system in method 200 may be the media authentication system 100 of Figure 1.

The method 200 begins in step 202, in which the media data is recorded using the media recorder. The media data may include image data (pictures, graphs, text, etc.), video data, audio data, multimedia data, etc., and the media recorder is one that includes necessary components (e.g., camera, microphone, etc.) for obtaining the media data. In method 200, step 204, at or during the recording of the media data, one or more sets of sensed data are obtained from sensor(s) associated with the media recorder. The sensed data can be used to facilitate authentication of the media data. For media data that is static, e.g., image data, only one set of sensed data may be obtained at the recording. For media data that is dynamic, e.g., video/audio data, multiple sets of sensed data may be obtained at different times during the recording. In some embodiments, the obtaining of the different sets of sensed data are performed at predetermined time intervals, regularly or irregularly. In one example, the different sets of sensed data are obtained every 0.5 second during the recording. The different sets of sensed data preferably include the same type(s) of sensed data. The sensed data obtained at different times form a data stream.

In step 204, the sensor(s) associated with the media recorder may be sensor(s) operably connected with the media recorder, such as sensor(s) of (i.e., integrated with) the media recorder. In this embodiment, the sensor(s) include a proximity sensor, a location sensor, a motion sensor (IMU, magnetometer, accelerometer, gyroscope, etc.), and a light sensor for measuring, respectively, a measurement of proximity or change in proximity of a user of the media recorder with respect to the media recorder, a measurement of location or change in location of the media recorder, a measurement of orientation or change in orientation of the media recorder, and a measurement of light condition or change in light condition associated with an environment in which the media recorder is arranged. In some other embodiments, the sensor(s) include any number of sensors, not limited to these specific sensors, each respectively arranged for measuring specific parameter(s) or changes in parameter(s).

After steps 202 and 204, the method 200 then proceeds to step 206, to determine a unique identifier associated with the recorded media data. The determination of the unique identifier may include computing a hash associated with the recorded media data, e.g. by processing the media data using a cryptographic hash function. In this embodiment, the determination of the unique identifier is performed at the media recorder. The unique identifier associated with the recorded media data and the sensed data can be used for facilitating authentication of the media data. In some embodiments in which the media data includes video or audio data, the recorded video or audio data can be edited by removing a portion of video or audio from the beginning of the recording or at the end of the recording (not in the middle of the recording), prior to the determination of the unique identifier. As a result the unique identifier determined will be associated with the edited media data.

After step 206, in step 208, a digital certificate for the media data is determined. In this embodiment, the determination of the digital certificate is performed at the media recorder. The digital certificate may be determined based on the unique identifier associated with the recorded media data (e.g., the computed hash) along with a unique identifier of the media recorder that records the media data, a unique identifier of a user of the media recorder, and information associated with the latest clock signal received from a server of the media authentication system during the recording. In this embodiment, the digital certificate is determined based on all the above unique identifiers and information. However, in some embodiments, only one or some of the above unique identifiers and information may be used. In some embodiments, additional or alternative information or identifier(s) may be used to determine the digital certificate. The determining of the digital certificate may include digitally signing it using one or more keys, e.g., a private key of the media recorder and a private key of the user. The one or more keys may be stored at the media recorder or may be retrieved by the media recorder from other source (e.g., database, server, etc.). In this embodiment, the digitally signing is performed at the media recorder. Preferably, complementary private/public keys of the media recorder and complementary private/public keys of the user are only available to media recorders and users that have been registered with, and optionally validated by the media authentication system. For example, the complementary private/public keys may be generated for the media recorders and users after successfully registration of the media recorders and users.

After the digital certificate for the media data is determined in step 208, in step 210, the digital certificate is transmitted to the server of the media authentication system for validation. Details of some examples of such validation by the server will be described in further detail below.

If the validation is successful, the server provides an indication that the validation is successful, and in response, in step 212, the media data or a compressed version (e.g., thumbnails, lower resolution, lower sampling rate, only part of, etc.) of the media data can be transmitted from the media recorder to the server. In some embodiments, the unique identifier associated with the recorded media data, the one or more sets of sensed data, information associated with the latest clock signal received by the media recorder from the server, etc., may also be transmitted to the server.

Figure 3 shows a method 300 for operating a server of a media authentication system. The server in method 300 may be the server 104 of Figure 1 and/or the media authentication system in method 300 may be the media authentication system 100 of Figure 1.

The method 300 begins in step 302, in which a digital certificate associated with media data recorded by the media recorder is received by the server, e.g., from the media recorder, e.g., as a result of step 210 in method 200. The digital certificate may be one that has been determined, e.g., by the media recorder, based on step 208 in method 200 described above.

After the digital certificate is received, in step 304, the method 300 proceeds to determine the validity of the digital certificate. In this embodiment, the determination is performed by the server. The determination of the validity of the digital certificate may include determining validity of the digital signature of the digital certificate using one or more keys, e.g., a public key of the media recorder and a public key of the user, depending on how the digital certificate is digitally signed. The one or more keys may be stored at the server or may be retrieved by the server from other source (e.g., media recorder, database, etc.). The determination of the validity of the digital certificate may additionally include determining whether the information associated with the latest clock signal received by the media recorder from the server is acceptable, e.g., by determining whether the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and if they match, determining whether a time difference between a time of the latest clock signal and a time at which step 304 is performed reaches or exceeds a time threshold. The information associated with the latest clock signal is acceptable if the latest clock signal received from the server by the media recorder matches with the latest clock signal sent by the server to the media recorder, and the determined time difference does not reach or exceed the time threshold. This ensures that the determination and transmission of the digital certificate for validation of the the media data occurs within a limited period of time, which potentially reduces the amount of time available for editing or tampering the media data after the recording. In some embodiments, the determining of the validity of the digital certificate may include determining validity of the unique identifier of the media recorder, the unique identifier of the user, etc., e.g., by determining whether the media recorder and/or the user have been registered with the media authentication system.

If the digital certificate is determined to be valid, then the server provides an indication to the media recorder that the validation is successful, and in response, in step 306, the server receives the media data or a compressed version (e.g., thumbnails, lower resolution, lower sampling rate, only part of, etc.) of the media data from the media recorder.

In some embodiments, the unique identifier associated with the recorded media data, the one or more sets of sensed data, information associated with the latest clock signal received by the media recorder from the server, etc., may also be received at the server.

Figure 4 shows media recorder validation operation 400 performed by a media authentication system, with media recorder and server operably connected with each other, in one embodiment. The media authentication system that performs the operation 400 may be the media authentication system 100 of Figure 1. The media recorder validation operation 400 is used to determine whether the media recorder is suitable for implementing the various method embodiments of the invention. The media recorder validation operation 400 can be performed during registration of the media recorder to the media authentication system, or it may be performed every time before the media recorder is used to record media data using one or more installed media recording and/or authentication programs or applications.

Operation 400 begins in step 402, in which the media recorder transmits its hardware information to the server. In one example, the media recorder may transmit its model number or identifier to the server. In another example, the media recorder may transmit a file or signal indicative of its hardware configuration to the server.

Then, in step 404, the server receives the hardware information. In one example, the server may receive, from the media recorder, a model number or identifier of the media recorder. The server then determines the hardware information or configuration of the media recorder based on the received model number or identifier. In another example, the server reads the hardware configuration information included in a file or signal received from the media recorder. In step 406, the server validates the media recorder based on the received hardware information. The server determines whether the media recorder is suitable for (e.g., has the necessary hardware for) performing the various method embodiments of the invention. In one example, the validation includes determining whether the media recorder includes one or more predetermined sensors, e.g., for use in obtaining one or more sets of sensed data during recording of the media data, as described in method 200. In one example, the validation further includes determining whether the one or more predetermined sensors are in a condition suitable for performing the various method embodiments of the invention.

In step 408, the server determines whether the validation is successful. If the validation is not successful, then the operation ends and optionally the server informs the media recorder that the validation fails. The one or more media recording and/or authentication programs or applications installed on the media recorder may disable a media recording and/or authentication function. If the validation is successful, then in step 410, the server transmits a unique identifier for the media recorder to the media recorder. In one example, the server may generate a new unique identifier for the media recorder every time a validation is completed. In another example, the server may retrieve an existing unique identifier associated with the media recorder and transmits it to the media recorder.

In step 412, the media recorder receives the unique identifier, which can be used in the digital certificate determination as described in method 200. In some examples, in response to the receipt of the unique identifier, the one or more media recording and/or authentication programs or applications installed on the media recorder may enable a media recording and/or authentication function.

Figure 5 shows media recorder validation operation 500 performed by a media authentication system, with media recorder and server operably connected with each other, in one embodiment. The media authentication system that performs the operation 500 may be the media authentication system 100 of Figure 1. The media recorder validation operation 500 is used to determine whether the media recorder is suitable for implementing the various method embodiments of the invention. The media recorder validation operation 500 can be performed after registration of the media recorder to the media authentication system, or it may be performed every time before the media recorder is used to record media data using one or more installed media recording and/or authentication programs or applications. Operation 500 begins in step 502, in which the media recorder transmits its unique identifier to the server. In one example, the unique identifier of the media recorder may be one that is generated for the media recorder at its initial registration with the media authentication system.

Then, in step 504, the server receives the unique identifier.

In step 506, the server validates the media recorder based on the received unique identifier. The server determines whether the received unique identifier correspond to a known unique identifier associated with a media recorder, and optionally determines whether the media recorder that sends the unique identifier is the media recorder with the known unique identifier.

In step 508, the server determines whether the validation is successful. In one embodiment, if the validation is not successful, then the operation 500 ends and optionally the server informs the media recorder that the validation fails. In another embodiment, if the validation is not successful, then the operation 500 ends and proceeds to perform operation 400. The one or more media recording and/or authentication programs or applications installed on the media recorder may disable a media recording and/or authentication function. If the validation is successful, then in step 510, the server transmits an indication to the media recorder indicating that the validation of the media recorder is successful.

In step 512, the media recorder receives the indication. In some examples, in response to the receipt of the indication, the one or more media recording and/or authentication programs or applications installed on the media recorder may enable a media recording and/or authentication function.

Figure 6 shows a clock synchronization operation 600 performed by a media authentication system, with media recorder and server operably connected with each other, in one embodiment. The media authentication system that performs the operation 600 may be the media authentication system 100 of Figure 1. The clock synchronization operation 600 is used to ensure that the clock of the media recorder and the clock of the server match, to facilitate the authentication of the media data. The clock synchronization operation 600 is preferably repeated at predetermined, regular or irregular, time intervals (e.g., every few seconds or minutes). Preferably the clock synchronization operation 600 is performed at least once during the media recording. Preferably, the clock synchronization operation 600 is performed less frequently than the obtaining of the sensed data during recording.

Operation 600 begins in step 602, in which the media recorder transmits a heartbeat signal to the server. In step 604, the heartbeat signal is received by the server. In step 606, in response to the receipt of the heartbeat signal, the server transmits to the media recorder a clock signal indicative of clock or time information of a clock of the server. The clock signal may include a timestamp or time information (absolute or relative time). In step 608, the clock signal is received by the media recorder, which then in step 610, compares its clock with the clock of the server based on the clock signal. The media recorder may take into account the time difference incurred by the time for the clock signal to reach the media recorder. In one example, the media recorder may transmit back to the server a clock signal indicative of clock or time information of a clock of the media recorder, to account for the time difference due to time of flight. In step 612, the media recorder determines whether the clocks (e.g., absolute time, clock rate, etc.) are synchronized. If the media recorder determines that the clocks are synchronized, then the operation 600 ends. Otherwise, if the media recorder determines that the clocks do not match, in step 614, the media recorder adjust its clock to match the clock of the server.

Figure 7 illustrates a method 700 for operating a server of a media authentication system in one embodiment. The server in method 700 may be the server 104 of Figure 1, the server of the method 300 of Figure 3, and/or the media authentication system in method 700 may be the media authentication system 100 of Figure 1. Method 700 can be used to facilitate publication of media fde based on the media data obtained from the methods 200, 300.

Method 700 begins in step 702, in which a request to publish a media fde containing media data is received at the server. In response to the request, in step 704, the server authenticates the media fde prior to publishing. In one example the authentication may include computing a hash for the media fde / data using a cryptographic hash function and determining whether the computed hash corresponds to a known hash stored in the server. In another example the authentication may include validating a digital certificate of the media fde or media data. This may include determining whether the digital certificate corresponds to a known digital certificate stored in the server. If the authentication fails, then the media fde is prevented from publishing. On the other hand, if the media fde is successfully authenticated, then in step 706, a fde containing the media fde and an authentication marker that indicates that the media fde has been authenticated is created for publishing.

In an example in which the media fde is a video fde representative of a video, the authentication marker includes information arranged to be presented along with the video. The authentication marker includes a widget 800A (Figure 8A) containing information arranged to be presented along with (e.g., embedded into) the video. The information may include, for each frame of the video information (measurements) associated with sensed data obtained from one or more sensors of the media recorder by which the video is recorded. The information may further include date/time information indicative of date/time the frame of the video is recorded. The presentation of the video along with the sensed data provides two stream of information that vary with time and are correlated with each other, which makes tampering of the video difficult.

In an example in which the media file is an image file representative of an image, the authentication marker includes information arranged to be presented along with the image. The information may include a barcode (e.g., QR code 800B, Figure 8B) arranged to be presented along with the image. The barcode may be associated with a webpage link to a webpage containing authentication information of the image file. The information may further include: date/time information indicative of date/time the image is recorded and measurement(s) associated with sensed data obtained from one or more sensors at or during which the image is recorded.

In some embodiments, the method 700 may further include enabling access of the file by a media publisher, e.g., by a server of the media publisher, after step 706. In some embodiments, the method 700 may further include transmitting the file to a media publisher, e.g., to a server of the media publisher. In some embodiments, the method 700 may further include receiving selection of publisher(s) and the access of the file is enabled to the selected media publisher(s) and/or the file is transmitted to the selected media publisher(s). In some embodiments, if the media file is a video file representative of a video, the authentication marker includes additionally or alternatively a barcode (e.g., like the one in Figure 8B) associated with a webpage link to a webpage containing authentication information of the video file. Figure 9 shows a media recorder 900 of a media authentication system in one embodiment. The media recorder may be used as the media recorder 102 in Figure 1 and the media recorder in one or more of the methods in Figures 2-7. It should be noted that the media recorder 900 can be used to implement other method embodiments of the invention.

In this embodiment the media recorder 900 is operable to record image, sound, and video. The media recorder 900 includes a camera 902 for obtaining images or video. The camera may be a visible-light digital camera, thermal/IR camera, etc. The media recorder 900 also includes a microphone 904 for collecting sound. The media recorder 900 further includes a processor 906 and a memory (storage) 908. The processor 906 may include one or more: CPU(s), MCU(s), logic circuit(s), Raspberry Pi chip(s), digital signal processor(s) (DSP), application-specific integrated circuit(s) (ASIC), field-programmable gate array(s) (FPGA), and/or any other digital or analog circuitry/circuitries configured to interpret and/or to execute program instructions and/or to process signals and/or information and/or data. The memory 908 may include one or more volatile memory (such as RAM, DRAM, SRAM), one or more non-volatile memory (such as ROM, PROM, EPROM, EEPROM, FRAM, MRAM, FLASH, SSD, NAND, NVDIMM), or any of their combinations. Appropriate computer instructions, commands, codes, information and/or data may be stored in the memory 908. In some embodiments, unique identifier of the media recorder 900, unique identifier of the user of the media recorder 900, the recorded media data, the sensed data obtained during the recording, the unique identifier associated with the recorded media data, the digital certificate for the media data, complementary private/public keys of the user of the media recorder, complementary private/public keys of the media recorder, public key of the server, etc., can be stored in the memory 908. One or more media recording and/or authentication programs or applications can also be stored in the memory 908.

The media recorder 900 further includes sensor(s) 910 for obtaining one or more sets of sensed data during recording of the media. The sensor(s) may include a proximity sensor (inductive sensor, capacitive sensor, etc.), a location sensor (e.g., GPS sensor), amotion sensor (IMU, magnetometer, accelerometer, gyroscope, etc.), a light sensor, a temperature sensor, a weather sensor, a humidity sensor, a pressure sensor, a sound sensor, etc., each respectively arranged for measuring corresponding parameter(s) or changes in parameter(s). The media recorder 900 further includes a communication device 912 for establishing one or more communication links with one or more other computing devices such as servers (e.g., server(s) of the media authentication system), personal computers, terminals, tablets, phones, watches, loT devices, etc. The communication device 912 may include one or more of: a modem, a Network Interface Card (NIC), an integrated network interface, a NFC transceiver, a ZigBee transceiver, a Wi-Fi transceiver, a Bluetooth® transceiver, a radio frequency transceiver, a cellular communication transceiver, an optical port, an infrared port, a USB connection, or other wired or wireless communication interfaces. The transceiver may be implemented by one or more devices (integrated transmitter(s) and receiver(s), separate transmitter(s) and receiver(s), etc.). The communication link(s) may be wired or wireless for communicating commands, instructions, information and/or data.

Figure 10 shows an example information handling system 1000 in one embodiment. The information handling system 1000 may be used as the server 104 in Figure 1 and the server (of the media authentication system, of the media publisher, etc.) in one or more of the methods in Figures 2-7. It should be noted that the information handling system 1000 can be used to implement other method embodiments of the invention.

The information handling system 1000 generally includes suitable components necessary to receive, store, and execute appropriate computer instructions, commands, or codes. The information handling system 1000 include a processor 1002 and a memory (storage) 1004. The processor 1002 may include one or more: CPU(s), MCU(s), logic circuit(s), Raspberry Pi chip(s), digital signal processor(s) (DSP), application-specific integrated circuit(s) (ASIC), field-programmable gate array(s) (FPGA), and/or any other digital or analog circuitry/circuitries configured to interpret and/or to execute program instructions and/or to process signals and/or information and/or data. The memory 1004 may include one or more volatile memory (such as RAM, DRAM, SRAM), one or more non-volatile memory (such as ROM, PROM, EPROM, EEPROM, FRAM, MRAM, FLASH, SSD, NAND, NVDIMM), or any of their combinations. Appropriate computer instructions, commands, codes, information and/or data may be stored in the memory 1004. For example, unique identifiers of all registered users of the system, unique identifiers of all registered/certified media recorders of the system, recorded media data (or its compressed version) from different media recorders and the associated sensed data obtained during the recording, the digital certificate for the media data from different media recorders, public keys of the users of the media recorders, public keys of the media recorders, complementary private/public key of the server, etc., can be stored in the memory 1004.

Optionally, the information handling system 1000 further includes one or more input devices 1006. Examples of such input device 1006 include: keyboard, mouse, stylus, image scanner, microphone, tactile/touch input device (e.g., touch sensitive screen), image/video input device (e.g., camera), etc. Optionally, the information handling system 1000 further includes one or more output devices 1008. Examples of such output device 1008 include: display (e.g., monitor, screen, projector, etc.), speaker, disk drive, headphone, earphone, printer, additive manufacturing machine (e.g., 3D printer), etc. The display may include a LCD display, a LED/OLED display, or any other suitable display, which may or may not be touch sensitive. The information handling system 1000 may further include one or more disk drives 1012 which may include one or more: solid state drive, hard disk drive, optical drive, flash drive, magnetic tape drive, etc. A suitable operating system may be installed in the information handling system 1000, e.g., on the disk drive 1012 or in the memory 1004. The memory 1004 and the disk drive 1012 may be operated by the processor 1002. Optionally, the information handling system 1000 also includes a communication device 1010 for establishing one or more communication links (not shown) with one or more media recorders (such as media recorders described with reference to Figures 1-9) and other computing devices such as servers, personal computers, terminals, tablets, phones, watches, loT devices, or other wireless or handheld computing devices. The communication device 1010 may include one or more of: a modem, a Network Interface Card (NIC), an integrated network interface, a NFC transceiver, a ZigBee transceiver, a Wi-Fi transceiver, a Bluetooth® transceiver, a radio frequency transceiver, a cellular communication transceiver, an optical port, an infrared port, a USB connection, or other wired or wireless communication interfaces. The transceiver may be implemented by one or more devices (integrated transmitter(s) and receiver(s), separate transmitter(s) and receiver(s), etc.). The communication link(s) may be wired or wireless for communicating commands, instructions, information and/or data. In one example, the processor 1002, the memory 1004, and optionally the input device(s) 1006, the output device(s) 1008, the communication device(s) 1010 and the disk drive(s) 1012 are connected with each other through a bus, a Peripheral Component Interconnect (PCI) such as PCI Express, a Universal Serial Bus (USB), an optical bus, or other like bus structure. In one embodiment, at least some of these components may be connected through a network such as the Internet or a cloud computing network. A person skilled in the art would appreciate that the information handling system 1000 shown in Figure 10 is merely example and that in other embodiments the information handling system 1000 can have different configurations (e.g., include additional components, has fewer components, etc.).

In some embodiments, a user has to register with the media authentication system in order to use the system, e.g., one or more media recording and/or authentication programs or applications of the system. The registration may be performed via a webpage, via an application / program (e.g., installed in the media recorder), etc. As part of the registration the user has to provide a user name/ID, a password, and an email, and create a user profile containing various user information. The email address provided by the user can be used for initial validation of the creation of the user account. In one example, the application / program may generate, e.g., randomly, a unique complementary public/private key pair and a unique identifier for the user at the beginning of the registration, during registration, or upon initial validation. The public key of the user as well as other user information (e.g., user alias, public information, unique identifier, etc.) are sent to the server of the system. In response, the server generates a user certificate for the user, e.g., based on the user information received, the public key received, a signature of the server, a unique identifier of the user, etc. The user certificate is then sent back to the user, i.e., the media recorder (device) of the user as well as stored at the server. In some embodiments, the application / program may generate a user credential based on the user’s unique identifier and the key pair. The user credential may be encrypted with a symmetric encryption algorithm, e.g., using the user’s password as key. The encrypted user credential may be sent to the server. The user can register one or more media recorders that he/she intends to use the functions provided by the media authentication system. When a registered user uses a media recorder for the first time, the encrypted user credential can be retrieved from the server and stored at the media recorder.

In some embodiments, the media recorder has to register with the media authentication system in order to use the system. The media recorder is arranged to download, store, or access one or more media recording and/or authentication programs or applications of the system. In some embodiments, the first time the application is run on the media recorder, a unique complementary public/private key pair is generated for the media recorder. Then, hardware identifying information of the media recorder (e.g., device identifier that uniquely identifies the hardware configuration of the media recorder) is retrieved at the media recorder. The hardware identifying information may be different for different brands and/or models of media recorders. The hardware identifying information along with the public key of the key pair are sent to the server. The server generates a device certificate for the media recorder, e.g., based on the hardware identifying information received, the public key received, a signature of the server, a unique identifier of the media recorder, etc. The device certificate is then sent back to the media recorder (device) as well as stored at the server. Preferably the device certificate is stored in a secured repository of the media recorder.

Preferably the media authentication system (e.g., the various systems and methods disclosed herein) is arranged to be used only by certified users (with user certificate generated by the system) and certified media recorders (with device certificate generated by the system).

Figure 11 shows a method 1100 for operating a media authentication system in one embodiment. The method 1100 in this embodiment concerns media recorder validation and/or registration prior to recording media data. The method 1100 is performed by a device (media recorder) installed with a recorder application (media recording and/or authentication application) and a server of the media authentication system. The device and server may be any of the media recorder and server described herein.

Method 1100 begins in step 1102, in which the recorder application on the device validates whether it is being operated on a real physical device. This can be done via an anti- abuse API (e.g.,. App Attest API, SafetyNet Attestation API, etc.). If it is determined that the recorder application is not operating on a real physical device (e.g., it is operating on simulated hardware), then in step 1104, the event, optionally associated with the user operating the application, is sent to the server for record. If it is determined that the recorder application is operating on a real physical device, then in step 1106, the recorder application determines whether the device certificate of the device on which the application is operating can be found locally at the device. If the device certificate is found, then the validation is successful and the recorder application is then enabled for recording media data. If the device certificate is not found, then the method proceeds to step 1108, in which the recorder application determines whether the device meets required hardware requirements (e.g., whether it contains predetermined sensor(s) which are operational for obtaining sensed data during recording of the media data). The predetermined sensor(s) can be those described above in the other embodiments, e.g., proximity sensor, location sensor, motion sensor, light sensor, etc. If it is determined that the device fails to meet the hardware requirement, in step 1110, the event, optionally associated with the user operating the application, is sent to the server for record. If it is determined that the device meets the hardware requirement, in step 1112, the device operating the recorder application is registered with the server of the system. In one example, the device sends its public key (generated by the application) along with device metadata to the server to facilitate the registration of the device to the system. In step 1114, the server logs registration of the device, and generates a device certificate based on the public key received, the signal of the server, and a unique identifier associated with (e.g., generated for) the device. The server stores the device certificate and sends a copy of the device certificate to the device. After successful registration, the recorder application is then enabled for recording media data.

Figure 12 shows a method 1200 for operating a media authentication system in one embodiment. The method 1200 in this embodiment concerns clock synchronization/time keeping operation. The method 1200 is performed by a device (media recorder) installed with a recorder application (media recording and/or authentication application) and a server of the media authentication system. The device and server may be any of the media recorder and server described herein. The method 1200 can be operated when the recorder application is operating on the device.

Method 1200 begins in step 1202, in which the device operating the recorder application sends a heartbeat notification to the server. In step 1204, the server receives the heartbeat notification, validates that the connection is from the recorder application based on the heartbeat notification signal and logs the heartbeat notification. The heartbeat notification log may be recorded against specific user and/or device. If it is determined that the connection is from the recorder application, then in step 1206, the server generates a reference timestamp and sends it to the recorder application. In step 1208, the recorder application receives the server reference timestamp and determines whether the clock of the recorder application matches with the clock of the server as indicated by the reference timestamp. If the clock of the recorder application matches with the clock of the server, then no adjustment is required. If the clock of the recorder application does not match with the clock of the server, then the recorder application adjusts its clock or the device’s clock to match with the server’s clock. Preferably the method 1200 is repeated during operation of the recorder application at determined times or time intervals. In one example, a device heartbeat is transmitted to the server every 30 seconds during operation of the recorder application. In some embodiments, the method 1200 for operating the media authentication system may further include status reporting operation between the recorder application and the server when the recorder application is operating on the device. The status reporting operation may be repeated during operation of the recorder application at determined times or time intervals. The status reporting operation includes the device generating and sending a device status certificate to the server and in response the server sending a timestamped device status certificate back to the device. The device status certificate may include data related to date and time information (e.g., of when the device status certificate is generated and/or sent), a signature associated with the system, status information (geographical location, local clock, etc.) of the device, etc. The device status certificate may not be signed by the device. The timestamped device status certificate may include data related to the date and time information (e.g., of when the timestamped device status certificate is generated and/or sent), the device certificate received, a signature associated with the system, etc.

Figure 13 shows a method 1300 for operating a media authentication system in one embodiment. The method 1300 in this embodiment concerns media recording and authentication operation. The method 1300 is performed by a device (media recorder) installed with a recorder application (media recording and/or authentication application) and a server of the media authentication system. The device and server may be any of the media recorder and server described herein. The clock synchronization operation described herein may be operated while the method 1300 is performed.

Method 1300 begins with step 1302, in which the user of the media recorder initiates media recording using the recorder application. A timestamp associated with the beginning of the recording is obtained and stored locally at the device, preferably in a secure and encrypted storage. In step 1304, during the recording of the media data, at predetermined times or time intervals, a snapshot of the media data along with measurements of the sensor(s) of the media recorder are obtained and stored as part of a media authentication timeline. The measurements of the sensor(s) of the media recorder provide the one or more sets of sensed data described herein. For static media data (e.g., image), only one set of sensed data is obtained. For dynamic media data (e.g., video, audio), multiple sets of sensed data are obtained at different times during the recording. The sets of sensed data form a stream of sensed data. In step 1306, the user stops the media recording using the recorder application, e.g., by pressing a stop button on the recorder application. Optionally, in step 1308, the user may edit the reordered media data. In one example, for video data, the user may trim the media file and cut the footage at the beginning and/or at the end (not in the middle, as doing so would disrupt continuity of the media data and authentication data streams). Then, in step 1310, the recorder application computes a hash (media hash) for the recorded (or edited, if edited) media data. The recorder application further prepares a media certificate for the media data and sends the media certificate to the server for authentication. The media certificate may be generated based on the media hash, unique identifier of the user, unique identifier of the device, the latest timestamp status certificate received from the server, etc. The recorder application further digitally signs the media certificate using the private key of the user and the private key of the device. The device sends the signed media certificate, along with the snapshot of the media data along with measurements of the sensor(s), to the server. The measurements of the sensor(s), taken at different times during the recording, may form a stream of the sensed data. In step 1312, the server receives the media certificate and the snapshot of the media data along with measurements of the sensor(s). The server checks the signatures of the media certificate using the public key of the user and the public key of the device. The server may also certify the measurements of the sensor(s), e.g., the stream of the sensed data, e.g., by generating a certificate. The server may also check whether the latest timestamp status certificate is recently enough (e.g., generated within a predetermined time duration, whether it is the last one sent by the server to the device, etc.). If the server determines that the media certificate is acceptable, the server keeps the snapshot(s) of the media data along with measurements of the sensor(s). In one example in which the media data is video, the server keeps a lower resolution (compared with original) thumbnail of every 5 seconds of the media content. In one example in which the media data is image, the full resolution image is kept. The server further generates a timestamped media certificate based on the media certificate, date and time on which the media certificate is submitted, a signature of the system, etc. The server stores the timestamped media certificate and sends a copy to the device. Optionally, in step 1314, the device receives the timestamped media certificate from the server and, in response, stores it locally and send the media file containing the media data to the server for storage. In step 1316, the server then stores the full media file content.

Figure 14 shows a method 1400 for operating a media authentication system in one embodiment. The method 1400 in this embodiment concerns uploading certified media content to certified media publisher for online distribution of media content. The certified media publisher may be news media agencies, social media platforms, etc., which preferably have been registered with the system. The method 1400 is performed by a device (media recorder) installed with a recorder application (media recording and/or authentication application), a server of the media authentication system, and a server of the media publisher. The device and server of the media authentication system may be any of the media recorder and server of the media authentication system described herein. The server of the media publisher may be implemented at least partly using the information handling system as shown in Figure 10.

Method 1400 begins in step 1402, in which the recorder application sends a request to obtain a list of certified media publishers from the server. The request may be initiated based on a user input at the device, or automatically upon launch of the recorder application. In step 1404, the server verifies that the request is from a genuine recorder application. Upon successful verification, in step 1406, the server sends the list of certified media publishers to the device, and in step 1408, the device receives the list. In step 1410, the user of the device can then select the media file he/she wishes to publish and the certified media publisher(s) to publish the media file to. The media file is then sent to the server of the selected media publisher (For simplicity, assume only one media publisher is selected). The media file is preferably in an industry standard/format. In step 1412, the server of the selected media publisher accepts the media file, then in step 1414, sends a request to the server of the media authentication system to authenticate the received media file. The request may include information associated with the received media file, e.g., the identifier of the file, the file itself, etc. In step 1416, the server validates the computed hash of the media file, e.g., by determining whether it matches with a corresponding hash stored in the server. Upon successful validation, the server sends the media certificate reference to the server of the selected media publisher. In step 1418, the server of the selected media publisher receives and stores the media certificate reference. In step 1420, optionally, the server of the selected media publisher encodes or re-encodes the media file into suitable format prior to making the media file available for view online.

Figure 15 shows a method 1500 for operating a media authentication system in one embodiment. The method 1500 in this embodiment concerns uploading certified media content to certified media publisher for distribution of media content. The certified media publisher may be news media agencies, social media platforms, etc., which preferably have been registered with the system. The method 1500 is performed by a device (media recorder) installed with a recorder application (media recording and/or authentication application), a server of the media authentication system, and a server of the media publisher. The device and server of the media authentication system may be any of the media recorder and server of the media authentication system described herein. The server of the media publisher may be implemented at least partly using the information handling system as shown in Figure 10.

Method 1500 begins in step 1502, in which the user selects a media file using the recorder application. In response to the selection the device sends the media certificate associated with the media file to the server. In step 1504, the server validates the signatures of the media certificate, e.g., using public keys of the user and device. Upon successful validation of the media certificate, in step 1506, the server determines whether the media file associated with the validated media certificate is stored at the server. If the server determines that the media file is not available at the server, it requests the media file from the recorder application, which in response, in step 1508, the device sends the media file to the server. Upon receiving the media file or finding the media file at the server, the server generates a new media file based on the media file and the authentication information associated with the media file. The authentication information may include visual representation of the send data obtained by the sensor(s) during the recording, media timeline; date and time, a barcode (e.g., QR code) associated with an URL containing authentication information of the media file, etc. In some embodiments, the method 1500 proceeds to step 1510, in which the device sends a request to the server to request a list of certified media publishers, and in response, in step 1512, the server verifies the request, sends the list to the device in step 1514, and the device receives the list in step 1516. In some embodiments, steps 1510 and 1512 are omitted and the server sends the list of the publisher to the device at its own initiative. Steps 1510-1516 generally correspond to steps 1402-1408 hence will not be described in further detail. In step 1518, the user selects the certified media publisher(s) to publish the media file to, then in step 1520, the server enables access of the new media file (the file with the media file and the authentication information associated with the media file) by the selected certified media publisher(s). In step 1522, the server of the certified media publisher then obtains the new media file from the server, for publication or distribution.

Figure 16 shows a method 1600 for operating a media authentication system in one embodiment. The method 1600 in this embodiment concerns validation of published media content. The method 1600 is performed by a media viewer (audience) viewing the media content, e.g., via an electronic device, and a server of the media authentication system. Method 1600 begins in step 1602, in which the media viewer who consumes the media content wishes to validate the authenticity of the media content. The viewer scans the QR code published along with the media content. In step 1604, if the URL link is valid, the URL link will lead to a page that indicates that the media fde is authenticated. The page may optionally also show the thumbnail or original image of the media file, timeline data, sensed data, etc. If the URL link is invalid, the page/message error will be displayed.

Figure 17 shows a method 1700 for operating a media authentication system in one embodiment. The method 1700 in this embodiment concerns playback of media content through the certified media publisher. The method 1700 is performed by a media viewer (audience) viewing the media content, e.g., via an electronic device, a server of the media authentication system, and a server of the media publisher. The certified media publisher may be news media agencies, social media platforms, etc., which preferably have been registered with the system.

Method 1700 begins in step 1702, in which the media viewer visit a portal (webpage, app, etc.) of the certified media publisher and select media content he/she wishes to watch. In step 1704, the server of the media publisher, upon receiving the request, sends the identifier of the media file that the viewer wishes to watch to the server of the media authentication system. In step 1706, the server of the media authentication system retrieves and sends the media authentication timeline data associated with the media file identifier to media publisher server. In step 1708, the media publisher server receives the media authentication timeline data. In step 1710, during playback of the media content, the media publisher server displays the media data (image, video, audio) along with the media authentication timeline data, e.g., in a widget. The widget may be embedded in a media player of the media publisher. The widget may contain information regarding the timeline data, sensed data (measurements obtained by the sensor(s) of the media recorder during recording), a marker indicating authentication by the system, etc. In one example, for video data, the widget refreshes, e.g. per frame of video, to display the information that may change over time.

The above embodiments of the invention provide various advantages. The above embodiments of the invention can be combined as suitable and as appropriate to provide a chain of custody for media data. The chain of custody is authenticated and may be viewer- authenti cable. Some embodiments provide a way to ensure that a media file cannot be easily tempered with (e.g., modified) after its recording. Some embodiments tie a media sensor measurements timeline (e.g., produced by multiple sets of sensed data, or the stream of sensed data) to the media file, to establish the context of the authenticated media file. In some embodiments, in addition to the media file, the timeline of the sensor measurements is also authenticated, e.g., by the server. In one example, a user who uses the invented method/system to record and authenticate an event (media data) would obtain a media file certified to have not been tempered with and a certified timeline of when and where the event occurred and of the captured sensor measurements (e.g., produced by multiple sets of sensed data, or the stream of sensed data). Some embodiments provide a way to authenticate a media file when it is published by mass-media or online, e.g., via a QR code that points to the original authenticated media reference information on a webpage. The QR code enables readily access to the authentication information by the viewer, e.g., a public user who may not be a user registered with the system or server.

Although not required, the embodiments described with reference to the Figures can be implemented as an application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular functions, the skilled person will understand that the functionality of the software application may be distributed across a number of routines, objects and/or components to achieve the same functionality desired herein.

It will also be appreciated that where the methods and systems of the invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilized. This will include standalone computers, network computers, dedicated or non-dedicated hardware devices. Where the terms “computing system” and “computing device” are used, these terms are intended to include (but not limited to) any appropriate arrangement of computer or information processing hardware capable of implementing the function described.

It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments to provide other embodiments of the invention. The described embodiments of the invention should therefore be considered in all respects as illustrative, not restrictive. Example optional features of the invention, i.e., features not necessarily present in all embodiments of the invention, are set forth in the summary section. System/method embodiments as disclosed herein may be combined as appropriate and applicable. Any feature(s) described herein in relation to an embodiment may be combined with any other feature(s) described herein in relation to any other aspect or embodiment as appropriate and applicable.