A refinement of the single ended architecture relieves some of the constraints associated with informed embedding. It is entirely possible to analyze the content once, prior to distribution, and then forward the results of the analysis, as metadata within the DRM security envelope, to the watermark embedding process. The watermark embedding process is thus relieved of a significant processing burden. The cost of the content analysis process is incurred only once, when the content is authored, rather than many times - at each point of consumption.
The price of the up-front content analysis is the overhead of packaging or transmitting the resulting watermark metadata, along with the content. The watermark metadata must be protected, along with the content, by the DRM, or some equivalent mechanism. Protecting watermark metadata is vital, since access to the plain-text would greatly aid an adversary in removing the watermark, or suppressing its embedding. In the architecture shown in Figure 6, the combined content and metadata is decrypted by the DRM in the rendering device, and then separated into the encoded content and metadata streams. The metadata stream provides the watermark modulation process with essential information about the content.
This architecture has been carried a step further in the consumer electronics market. The pre-distribution preparation process not only performs the content analysis, but also watermarks fragments of the content, and includes these watermarked fragments in the metadata. This approach is termed the replacement model, since the embedding process needs only replace fragments of the original content with the watermarked fragments. The embedding process is thereby vastly simplified, and becomes much less challenging to implement in consumer electronics devices.
Another notable feature of the replacement model, as depicted in Figure 6, is the embedding of the watermark in the encoded (compressed) content stream. Embedding watermarks in the encoded domain is practical, provided the watermarked fragments in the metadata are compatibly encoded. This approach permits content decode to take place outside of the security envelope without compromising system security. The content decode process becomes much less sensitive, from a security standpoint, since it operates on already watermarked content.
These prepared watermarks fall into the detectable category. Clearly, it is not possible to provision the embedding process with every possible readable watermark required to represent even a short forensic message. It is, however, entirely possible to treat the forensic message as a series of data bits, with each bit assigned to a set of detectable, prepared watermarked content fragments. The watermark embedding process can then incorporate the forensic message into the content by simply choosing which of the prepared watermarked content fragments to insert into the content stream.
The replacement model architecture offers an attractive paradigm for renewal. The algorithms controlling the placement, strength, and nature of the watermarks are implemented in the mastering or authoring stage, prior to distribution. Consequently, most or all enhancements to the forensic watermarking system can be effected through changes to the mastering or authoring process. Such enhancements are transparent to the low level of "watermark awareness" required in the rendering device. Under the replacement model, a content distributor can quickly react to new attacks by changing the nature of the watermark, without having to wait for a rollout of new code or security hardware to deployed rendering devices.
The replacement model also offers a degree of flexibility not provided by the single ended approach. Just as the essential algorithms can be renewed at the authoring or mastering stage, it is possible to manipulate parameters controlling the watermark process at that point. For example, a content owner might choose to sacrifice perceptibility for robustness for certain piracy prone content, or move in the opposite direction for quality-sensitive content. It is entirely possible for a single rendering device to watermark each of several content items in distinct ways, as dictated by the watermark metadata supplied with the content. The replacement model ensures that all renderings of a particular content item are marked consistently and as expected by the content provider, since the only watermarks permitted are those supplied in the metadata.
Finally, note that the security envelope in the rendering device does not contain heavyweight processes such as decoding or content analysis in the replacement model. Consequently, it is much easier to secure access to the unmarked plain-text content.
The replacement model does, however, offer its own engineering challenges. The content preparation and metadata generation must be coordinated with the embedding process in the rendering devices. Thus the format and semantics of the watermark metadata must be strictly defined. In practice, the replacement model is easiest to implement in environments where a compatible watermark embedding process can be assured in each rendering device.
Some provision must be made for the secure delivery of the watermark metadata, along with the content. As mentioned above, the most reasonable approach would be for the DRM to encrypt both the content and the metadata, as depicted in Figure 6.
Implementations of the replacement model must consider the available bandwidth for metadata. Each watermark is a discrete representation of a single message bit, prepared for insertion at a specific point in the content: the metadata must supply a significant number of distinct and independent watermarked content fragments. Large fragments may exceed the capacity of some channels. Embedding techniques that embed a continuous signal, reflecting the entire message over a large spatial or temporal interval, are not compatible with replacement embedding.