JP2008519355A - Method for preventing unauthorized use of copyrighted digital information and system for preventing unauthorized use of copy-protected content - Google Patents

Abstract

  A method and system for preventing unauthorized use of copyrighted digital information over a broadband network includes testing a network topology between a source and a recipient device. The test includes sending a well-craft information packet for transmission between the source and recipient, and evaluating the network response to the acquired information for the topology of the connected network. A key component for using the digital content or the content itself may be placed in the package, which is not transmitted by unauthorized network devices. Authorization or entitlement to use or receive digital content is based at least in part on the network topology between the source and recipient device.

Description

  The present invention relates to a method and system for controlling the distribution of digitally copyrighted material over a broadband connection based on the determination of the network topology between a source device and a receiving device requesting content over a broadband network.

  Recent developments in broadband technology have enabled cost-effective delivery of high-value content over a broadband network, both locally and remotely. For example, the increasingly widespread use of “plug-and-play” technology allows a wide range of consumer electronic devices to be easily connected to a digital cable network. Thus, past set-top boxes may be converted to broadband network distribution nodes. However, they increase the efficiency of broadband communications and expand the use of networked systems in and between homes, offices and other locations. It also increases the risk of remote redistribution of digital content from paid consumers to unpaid consumers via broadband connections. TV and movie distributors cease to use this transmission method for their content due to the risk of illegal and frequent copying and redistribution of digital content over networked systems. In order to enjoy the effectiveness of broadband distribution, new content protection and copy management systems should ensure that content cannot be redistributed to another consumer or another location using a broadband distribution network. is there.

  Further, for example, when the broadcast content is distributed in a digital form, it may be preferable to prevent the digital content from being redistributed outside a defined geographical area. Traditional business models for authorizing and distributing content over a broadcast network are typically based on location or geographic area. TVs are licensed based on conditional access models in accordance with Designed Market Areas (DMAs) based on Nielsen's geographical area. For example, the Los Angeles television station is not authorized to broadcast to New York viewers. Televisions that pay for viewing also have rules that establish restricted interests in content based on a geographical point of view (eg, subscriptions restricted to a home or home in a particular region).

  Simply rebroadcasting or redistributing content signals over a broadband network may not require a copy of the content. Therefore, traditional copy protection methods focused on preventing content copying cannot effectively prevent such redistribution or rebroadcasting of content.

  Accordingly, it is desirable to provide a method and system for determining the relative proximity of networked devices that receive copyrighted digital content over a network with reasonable reliability. Furthermore, in a digital rights management system, it is desirable to utilize information regarding the relative proximity of a networked device to one or more other networked devices.

  The present invention provides a system and method for controlling the distribution of copyrighted digital content based on the determination of a network topology between a source device and a receiving device. The topology information can then be used to determine whether the receiving device is authorized to access the content.

  In an embodiment of the invention, information regarding the intervening network topology may be determined from messages exchanged between transmitting and receiving devices. A topology that indicates relative proximity may be determined by detecting specific network components installed between the two devices: hub, switch, router, tunnel, VPN gateway, and other network devices.

  Network components can be detected by sending specific well-crafted packets that are handled differently by different components. For example, a packet with a valid layer-2 MAC header instead of an invalid layer-3 network header is retransmitted by the switch, not the router. Often, switches and hubs are used in local, home networks, while routers and VPN gateways are used in wide area networks (WAN's), eg, the Internet. In an embodiment of the invention, therefore, content may be prohibited or distributed depending on whether a router or VPN gateway is detected between the source device and the receiving device.

  The use of well-craft packets offers benefits over other methods of detecting network topology and can provide a more reliable and practical way to detect network components and determine relative proximity. . For example, pinging or port scanning a network address can only detect components configured for response to a ping or port scan, and any component is used to communicate between two end points. It is not possible to determine whether or not Network interception can be used to monitor each network segment for routing and management protocols, eg, RIP, OSPF, BGP, SNMP, RGMP, CGMP, HSRP, VRRP, STP, etc. However, such monitoring requires a network interception component to be installed on each network segment, which is not feasible for wide area networks such as the Internet, and is not possible for switches, VPN devices or static configurations. Will not detect the majority of the router. A further technique is to transmit packets with a small time-to-live (TTL) value, eg, 1. Although this type of packet returns when it encounters a router, this technique cannot be used to detect switches, VPNs, and other forms of network encapsulation functions. Well-craft packets can overcome these limitations by more efficiently detecting the presence of certain network components and eliminate the need for intercept components.

  In embodiments of the invention, a sequence of well-craft packets may be transmitted, some or all of which may be a return package or handshake. Two or more packages may be created to respond separately to different network components. A network response to a sequence of packages may provide more detailed and more accurate information than can be obtained by evaluating the response to a single package.

  In an embodiment of the invention, a key component is provided in the package, which is designed not to be transmitted over forbidden network topologies. For example, the package may be made so that the package cannot be routed using a router or VPN gateway. The key component may contain any component necessary to use the transmitted content, such as a decryption key or password. In some cases or in addition, any part of the controlled content may be sent in a package that is not routed or otherwise delivered using a prohibited device.

  In an embodiment of the invention, the relative proximity between network devices may be calculated without considering geographical proximity. For example, if a router or VPN gateway is detected between the source and recipient device, the content may be prohibited for the recipient device regardless of the geographical distance between the source and recipient. In other embodiments, some combination of approximate geographic proximity and relative network proximity may be used to determine eligibility to receive content.

  For example, certain geographic characteristics including responses to well-craft packages or typical transmission times may be stored in a fixed updatable table. The table may be referenced immediately before sending the controlled content, instead of or in addition to performing a relative proximity assessment. Information in the table may be updated periodically.

  A more complete understanding of the relative proximity determination method, as well as its realization of further benefits and objectives, is provided to those skilled in the art by considering the following detailed description of the preferred embodiments.

  This application claims priority under provisional application No. 60 / 624,829 filed on Nov. 3, 2004 in accordance with 35 USC 119 (e), and Nov. 24, 2004. Which is a continuation-in-part of application No. 10 / 998,030, filed on Nov. 26, 2003, which claims priority from US Provisional Application No. 60 / 525,651, filed Nov. 26, 2003 To do. All of the aforementioned applications are specifically incorporated herein by reference in their entirety.

  The present invention provides a method and system for determining the geographical location of network devices, or the relative proximity of interconnected devices, and the use of such information for the management of digital rights over the network. This overcomes the limitations of the prior art. In the detailed description that follows, like element numerals are used to describe like elements represented in one or more drawings.

  FIG. 1 illustrates that a system 100 that includes a wide area network 102, eg, the Internet, and an exemplary local area network 108 connected to the WAN 102, may include various components, at least one of which is digital content, eg, Shows that it is used to watch movies, television or radio programs, music, e-books, photos, or any other content that can be distributed commercially, in digital form. System 100 may include a server 104 connected to LAN 108 via WAN 102 for distribution of digital content. In some cases or in addition, digital content may be provided to the LAN 108 from a non-networked source, such as a DVD or CD optical disk, magnetic media, satellite receiver, cable television receiver, and the like. System 100 further includes many other end user devices 130, 132, which may be connected to many other local area networks, eg, LAN 110 (one of many is shown). System 100 and WAN 102 may include a number of network components, such as router 124 and server 126.

  LAN 108 is a variety of different devices for receiving, using, storing, processing or transmitting digital content, such as personal computers 116 and 118, portable media player 120, display set-top box, digital television (DTV) receiver, broadband. A modem 112 or other device for connecting to the WAN 108 via a copper cable, fiber optic cable, wireless connection, or other connection may be included. In an embodiment, LAN 108 includes a cable modem or set top box (not shown) that receives digital content from a cable or satellite network. These devices for receiving, using, storing, processing or transmitting digital content may be connected via one or more hubs, eg, hub 114. In some cases or in addition, the devices may be connected to a peer-to-peer network or other suitable LAN topology with or without a hub.

  In an embodiment of the invention, the LAN 108 may comprise a digital rights management topology detection (TD-DRM) device 106. The TD-DRM device may include any suitable device, apparatus, component, software or firmware that is effective to perform or facilitate proximity detection and digital rights management steps according to the invention. The TD-DRM device may be implemented as a stand-alone device or as a component of another network device, eg, hub 114 or computer 116. The TD-DRM device 106 may be in or coupled to different network devices in the LAN 108, or may be combined with a single device as shown. The TD-DRM device 106 may be implemented as software or firmware for execution processing of a general purpose computer, special purpose consumer electronic product device or other device. In some cases or in addition, the TD-DRM device may be implemented with an adapter that attaches or plugs into a digital electronic card, printed circuit board, or other device. All or part of the functionality of a TD-DRM device may be implemented in application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs) or other electronic or chip devices. The TD-DRM device 106 may also include a plurality of distribution components or modules that collectively perform TD-DRM device functions.

  According to an embodiment of the invention, a digital rights control scheme may be used to allow certain copyrighted digital content to be distributed free of charge within the authorized user's local area network 108, although the local rights network Outbound distribution may be restricted and prohibited, and may function based on the principle of receiving additional authorization fees as it is necessary to protect the copyright holder's interests and prevent copyright infringement. For example, certain content may be purchased and used freely on consumer devices belonging to the user's home network, such as the user's media display device 122, personal computers 116, 118, and portable electronic device 120. However, distribution of content to another family may be prohibited. For example, a satellite or cable subscriber may be allowed to view and record on either device for personal or family use of copyrighted content, but another family may have their own LAN 110. Should not be allowed to jointly use the content, nor should the subscriber be allowed to upload digital content to the network server 126. A method using proximity detection is described below for digital rights management in such content and for such use.

  Referring to FIG. 2, exemplary steps of a method 200 for digital rights management using network topology detection are shown. In step 202, a request to send digital content to an authorized network location is received. The request may be intercepted by the TD-DRM device between the device in question, for example, the computer 116 and the network connection device 112 or other portal up to the WAN 102 or anywhere within the local area network 108. In some cases, or in addition, TD-DRM functionality may be implemented as a component or accessory of the device in question. For example, the TD-DRM functionality may be implemented in software used to send a file to an address in the network, such as e-mail software or file sending application software or streaming media. In an embodiment of the invention, the TD-DRM function may first check a transmission request for copyrighted content before executing the topology detection routine.

  In step 204, the network topology between the TD-DRM function and the designated recipient is evaluated by sending a well-craft information packet to the recipient and evaluating the resulting response. Details regarding an exemplary method of topology detection are provided below in connection with FIG. In step 206, eligibility determination is made based on the response. For example, if a response or missing response indicates that the transmission path includes elements of a wide area network, the path may be deemed ineligible for content transmission. Conversely, if a response or missing response indicates that the transmission path does not include elements of the wide area network, the path may be considered eligible for content transmission. It is clear that any desired criteria may be adopted to distinguish eligible routes from ineligible routes, and eligible criteria may evolve as consumer trends change and new technologies develop .

  In step 208, the content is transmitted to the recipient device if the transmission path appears to be eligible. In step 210, the content is disabled if the transmission path appears to be ineligible. Disabling may include, for example, preventing transmission of all or part of restricted content, transmitting content in an unusable form, eg, encrypted form without a decryption key Good.

  In another embodiment, some combination of approximate geographic proximity and relative network proximity is used to determine eligibility for receiving content, as in step 204 of method 200. Also good. Geographic distance may be used as a factor in combination with the measured transmission topology. For example, a switch may be allowed as long as the recipient device is within a defined geographical distance of the source device. A mixed decision method that uses geographic distance as a factor may be appropriate for those who subscribe to more advanced content using more complex local networks. For example, content may be permitted for distribution over a corporate organization or university campus intranet, but not for off-campus distribution.

  The distance determination can be, for example, a secure time function that determines the time at which a message containing a cryptographically unique identifier is sent to the requesting device. The message may be transmitted via any one of various known fixed communication methods. The requesting device receives the message, modifies the message using its own cryptographically unique identifier, and returns the message to the source device via a well-known fixed communication method. When the source device receives the reply message, it verifies that it was sent in response to the first message sent and that the message could only be modified based on the unique identifier by the requesting device. The source device then measures the elapsed time between when the original message was sent and when the reply was received, and using a fixed updatable table of network characteristics along with the measured time, the receiving device is either local or source device To determine the probability of short distance, medium distance or long distance. Based on this relative distance determination and the geographic range allowed for the requested content, the source device may allow or deny access to the requested content.

  Additionally or in some cases, the receiving device may also use a fixed time function to stamp the message when the message is received from the source device. Upon receiving and accepting the reply message, the source device simply measures the time difference between the time sent by the source and the time received by the receiving device. This time difference may be used along with information about network characteristics to determine the relative proximity of the receiving device. In addition, or in some cases, device proximity may be determined using message travel times for reply messages.

  It is also clear that the geographical location information can be obtained by other methods, for example as described in patent application 10 / 998,030. Further, in an embodiment of the invention, the eligibility estimate may be expressed by a probability method. For example, “95% confidence that a device is eligible to receive this content” represents a mere probabilistic estimate of eligibility. According to an embodiment of the invention, the user may define a desired level of confidence as an essential threshold before the source device takes action. Furthermore, the definition of “eligible” can be set by the source device according to the desired values of various parameters. If the device is determined to be eligible, the source device can perform processing according to the eligibility, eg, send video content.

  In an embodiment of the invention, the step of evaluating the transmission path may be essentially collapsed into the step of transmitting and disabling content using another method 300 shown in FIG. In method 300, the key portion of the protected content is sent in a package, which cannot be sent beyond the forbidden topology. In an initial step 302, a request to send digital content to an authorized network location is received. As in method 200, this step may occur at any point before transmitting content across the forbidden topology. In step 304, an information packet containing a key component of the content, eg, a decryption key or password, is created and addressed to the designated recipient. Packets are often made such that they cannot be transmitted by prohibited network components. For example, the packet may be non-routable or may include unknown or invalid layer-3 information. Such packets are sent by the hub to other devices in the local area network, but cannot be sent through a router, VPN layer, or some type of switch. Further details on well-craft packets are provided in the discussion below. The key component is not limited to a decryption key or password, and may include any information necessary to enable use of the control content. In an embodiment of the invention, the protected content is placed entirely within the well-craft packet as described herein. However, limiting the well-craft packet to the role of the key component as a carrier is more effective and is therefore considered a generally more desirable approach if the key system is properly secured.

  In step 306, the well-craft packet with the available components is sent to the designated recipient. However, if any prohibited network device or topology is used for transmission, it will not be received by the recipient. Conversely, if a prohibited device is not included in the transmission, the well-craft packet and its key component are received by the recipient device as scheduled. Step 306 may include transmitting all of the required parts of the key component in a single well-craft packet. In some cases, one or more well-craft packets are transmitted, each containing a different key component or part of a key component. In each case, the well-craft packet may be configured not to be transmitted by different forbidden network devices, or if any one of such forbidden devices is present in the transmission path, all key components are received. First, it prevents the recipient device from outside the recognized topology area from using the content.

  In step 308, the remaining portion of the content is transmitted to the recipient. If no key component is received, the content is unusable and any type of packet may be used. In some cases, steps 304 and 306 may be eliminated, and the content may be transmitted in whole or substantially all in a well-craft packet, and the well-craft packet may be received from an authorized local area network or other It can only be received by devices with recognized topology regions.

  In order to detect and evaluate the network topology between two devices, the device may send or exchange a series of well-craft packets called test packets. FIG. 4 shows exemplary steps of a method 400 for evaluating a network topology. Although method 400 includes transmitting a series of test packets, it should be determined that transmitting as few as one test packet is within the scope of the invention. Further, transmission of a different number of test packets or different types of test packets than those shown in FIG. 4 is within the scope of the invention. In addition, example well-craft packets as described below may also be useful for transmitting key components in accordance with steps 304 and 306 of method 300.

  Several methods and options can generally be used to exchange test packets. In some cases or in addition, a single packet may be sent without provicing a response packet. A “bidirectional handshake” may be used to test one-way traffic from source “A” to recipient “B”. Start by device “A” sending a specific test packet to “B”. When “B” receives or receives a packet, “B” returns “A” with a corresponding response packet. Device “A” does not derive results from the test until it receives a response packet.

  A “3-way handshake” may be used to test bi-directional traffic between a source and a recipient. Start by device “A” sending a specific test packet to “B”. When or when “B” receives a packet, “B” returns “A” with a corresponding “test + response” packet. When “A” receives or receives a test + response packet, “A” returns to “B” along with the corresponding response packet. Device “A” does not derive a result from the test until it receives a test + response packet, and device “B” does not derive a result until it receives a response packet.

Any of the aforementioned handshakes may use HMAC authorization, where the two devices “A” and “B” jointly use a common HMAC encryption key. The data payload of the test packet may include a announce value (“n”) encrypted using the HMAC key {n} _HMAC . If the recipient device can decode the announcement, it will reply with {n + 1} _HMAC (or another pre-changed announcement value) in the test + response packet or possibly the response packet. Other challenge / response procedures may be suitable. Similarly, authorization may use PKI authorization, where each device knows the public key of the other device, but not the private key. The data packet contains the announcement value or the announcement value modified according to a pre-specified call / response protocol and is decrypted by the recipient device using the PKI public key.

  The test packet may include copyright information next to the copyrighted work. For example, “Haiku, I hate you. You're so hard to do.” (C) 2003 Author unknown. Copyright information and works may be defined in the header rather than the data (layer 7) portion of the packet. Thus, a copyrighted work may itself be part of the test protocol. The device may check the validity of the test packet by checking the copyrighted work and the value of the copyright information against the expected value. The device can request the copyright holder to authorize legal copying and retransmit the packet. This can include retransmissions by routers, VPN gateways and other network components. In some cases or in addition, a copyrighted work may be provided only in the data portion of the packet.

  FIG. 4 illustrates an a priori method that can detect specific network components. The illustrated steps may be performed in any order of operation and may be combined to reduce the number of illustrated steps. In step 402, the network connectivity exchanges any standard network communication format, eg, a ping packet, a netware ping packet, or an Apple Talking packet according to TCP / IP (ie, TCMP request / reply packet). To be tested. Other useful protocols and communications may include UDP datagrams, TCP handshake, IPX / SPX, NetBEUI, etc. If no return packet is received, the device is disconnected or separated by a firewall. Devices separated by a firewall may be considered to be in different local environments, and transmission of content between different local networks is generally undesirable in the assumed DRM scheme. Thus, in steps 404 and 406, if the test indicates that no valid connection exists between the source device and the recipient device, the content is prohibited or disabled.

  In step 408, a test for a router or VPN gateway may be performed by exchanging test packets using a non-routable protocol, eg, UDP broadcast, NetBEUI, or AppleTalk. The router does not retransmit these test packets unless specifically configured to do so, and therefore such packets cannot be transmitted over a large public wide area network, eg, the Internet. In comparison, switches and hubs generally always send these test packets. The VPN gateway can be configured in either way and can retransmit these packets via the Internet using the protocol encapsulation function.

Thus, router and VPN gateway tests may involve exchanging packets with unknown layer-2 network protocols instead of or in addition to non-routable packets as described above. Two examples of test packets using an unknown layer-2 network protocol are provided below:
Example 1 : Using Ethernet II frame Byte 0: 5 Destination MAC address Byte 6:11 Source MAC address Byte 12:13 Protocol number 0xCBBC
Byte 14: n Copyrighted work and information Byte n + 1: end Layer-7 data field
Example 2 : Using 802.2 LLC frame Byte 0: 5 Destination MAC address Byte 6:11 Source MAC address Byte 12:13 Packet length Byte 14 0xBC
Byte 15 0xCB
Byte 16 0xFF
Byte 17: n Copyrighted work and information Byte n + 1: end Layer-7 data field

  These test packets are retransmitted by the hub and switch but not by the router and VPN gateway. Example 2 appears to be most effective in detecting routers and VPN gateways that are configured to retransmit as many protocols and packets as possible.

  Another method of detecting a router involves exchanging test packets with invalid checksums at the network or transport layer, eg, 16-bit header checksum of IP packets or 16-bit TCP or UDP packets, respectively. . Similar invalid checksums may be used for the network layer (layer 2) and transport layer (layer 3) of other protocols, including but not limited to networkware SPX / IPX, AppleTalk, There are SNA and other protocols.

  In steps 410 and 406, if a router or VPN gateway is detected, the content may be prohibited or disabled because the transmission is likely to involve the use of the Internet from a remote location.

  In step 412, a test for a high-end corporate organization switch may be performed. Higher performance switches such as those used in corporate networks often enable CRC checksums in Ethernet frames. Thus, a test packet with an invalid CRC checksum may be used to test for a valid switch. Routers, VPN gateways, and valid switches will reject these test packets, and poorly performing switches, such as consumer grade switches or hubs, will retransmit the test packets. In steps 414 and 406, the content is prohibited if a corporate organization (checksum is valid) switch is detected. If a corporate organization switch is not detected, the content may be provided to the recipient device at step 420. In some cases, additional test layers may be performed at step 416.

The test for the switch in step 416 is performed by exchanging packets characterized by partial or invalid layer-1 frames or unicast packets destined for the transmitting device so that they are not routed through the switch. Also good. Examples of these packets are provided below:
Example 3 : Invalid Ethernet II frame byte 0: 5 source (not destination) MAC address byte 6:11 source MAC address (same as previous byte 0: 5)
Byte 12:13 Protocol number = 0xCBBC
Byte 14: n Copyrighted work and information Byte n + 1: end Layer-7 data field
Example 4 : Incomplete Ethernet II frame byte 0: 3 0x1234
end (no more bytes in this packet)

  Both of these packets are sent by the hub in the local area network, but are not sent by the switch, router or VPN gateway. In steps 418 and 406, the content may be prohibited for the recipient if a switch is detected. If no switch is detected, the content can be provided to a speculatively approved recipient device. It will be appreciated that the particular test method described in connection with FIG. 4 is merely exemplary. Other test packets or other test sequences can be devised to evaluate the network topology between the source and recipient devices without departing from the scope of the present invention. Further, the changes in method 400 may be applied to a collection of devices rather than to a paired device at the same time. The collection may be evaluated through trust connections, certificate exchange, broadcasting and multicasting, and other techniques.

  The invalidation of digital content protection is not permitted and illegal, but there is a tremendous economic interest in copyrighted content and theft of such creations to avoid the digital rights management methods disclosed here. A system can be devised and built. Usually, the device is not, but the avoidance device can be configured to retransmit the test packet. For example, a router or VPN gateway may be configured to encapsulate and otherwise retransmit unknown or non-routable protocols used by test packets, as disclosed herein.

  As shown in FIG. 5, such a router or other avoidance device may use an avoidance method 500. In step 502, the device receives a non-routable, otherwise undeliverable packet. In step 504, the device repackages the undeliverable packet into a deliverable format. For example, a non-routable packet can be repackaged and addressed to a specified forwarding address. The device may be provided with a forwarding address to simulate the intended recipient response. In some cases or in addition, the system may be configured such that a router or other evasion device is also provided with a scheduled recipient address. During repackaging, the header information error is simply corrected so that the packet can be routed as a normal packet.

  In step 506, the packet is routed and retransmitted to the designated recipient. If the packet is forwarded to a different recipient as a result of the repackage, the forwarded recipient may be configured to provide a response packet to the source as described herein. If necessary, the response packet may be modified so that an intervening evasion device interrupts and hides any indication to escape the test protocol. This prevents the source from detecting the forbidden topology and can send the available digital content to unauthorized recipients. It should be noted that combining topographical testing with other methods, such as geographic location testing, can make it more difficult to escape the inventive digital rights management method.

  The foregoing avoidance devices and methods are within the scope of the invention. However, the use of avoidance devices and methods is not permitted or supported. Those skilled in the art should comply with the law and should not circumvent or disable rights protection schemes for digital content.

  Having described a method and system for controlling access to digital content based on the topology of the transmission path, it will be apparent to those skilled in the art that certain benefits of the internal system are achieved. In addition, it should be understood that various modifications, applications, and alternative embodiments may be within the scope and spirit of the invention. For example, although a system where the requesting device is a set-top box has been illustrated, the inventive concept described above applies to other types of television devices, music devices, computing devices, personal assistants and other similar devices. It should be clear that the same applies. In addition, the system can be used to control the flow of any type of communication, where absolute or relative geography and proximity are decisive factors.

FIG. 1 is a block diagram illustrating an exemplary system according to the invention. FIG. 2 is a flowchart illustrating exemplary steps of a method for preventing unauthorized access to copyrighted digital information. FIG. 3 is a flowchart illustrating exemplary steps of a method for preventing unauthorized access to copyrighted digital information according to another embodiment of the invention. FIG. 4 is a flowchart illustrating exemplary steps of a method for evaluating a transmission path according to the invention. FIG. 5 is a flowchart illustrating exemplary steps for disabling a digital rights management method based on a topology test.

Claims (24)

Sending, for copyrighted digital information, a test packet created from a source to a receiving device that cannot be sent by a forbidden device;
A method for preventing unauthorized use of copyrighted digital information, comprising: disabling use of copyrighted digital information by a receiving device when a test packet is not successfully transmitted to the receiving device. The method of claim 1, wherein
A method for preventing unauthorized use of copyrighted digital information, further comprising the step of waiting to receive a response packet from a receiving device. The method of claim 2, wherein
A method for preventing unauthorized use of copyrighted digital information, further comprising evaluating a transmission path between the source and the receiving device based on whether a response packet is received from the receiving device. . The method of claim 3, wherein
A method for preventing unauthorized use of copyrighted digital information, wherein the evaluating step further comprises measuring an elapsed time between the transmission of the test packet and the time when the response packet is received. The method of claim 4, wherein
The method of preventing unauthorized use of copyrighted digital information, wherein the disabling step further comprises at least in part a condition of the elapsed time measured in the evaluating step. The method of claim 1, wherein
Further comprising transmitting a test packet in the series of test packets;
A method for preventing unauthorized use of copyrighted digital information, characterized in that it is configured such that it in a series of test packets cannot be transmitted by different prohibited devices. The method of claim 6, wherein
Copyrighted digital information further comprising: evaluating a transmission path between the source and the receiving device based on whether a response packet corresponding to the series of test packets is received from the receiving device. How to prevent unauthorized use of. The method of claim 1, wherein
A method for preventing unauthorized use of copyrighted digital information, wherein the disabling step comprises placing at least a portion of copyrighted digital content in a well-craft packet. The method of claim 1, wherein
The disabling step comprises locating a key component for accessing copyrighted digital content within the well-crafted content, and a method for preventing unauthorized use of copyrighted digital information . The method of claim 1, wherein
A method for preventing unauthorized use of copyrighted digital information, wherein the transmitting step comprises transmitting a well-craft packet comprising a ping packet. The method of claim 1, wherein
A method for preventing unauthorized use of copyrighted digital information, wherein the step of transmitting comprises transmitting a well-craft packet comprising a non-routable packet. The method of claim 1, wherein
The step of transmitting comprises transmitting a well-craft packet selected from the group consisting of an unknown layer-3 packet, an invalid layer-3 CRC packet, and an unknown layer-2 packet. A method to prevent unauthorized use of digital information. A processor that can be used to execute program instructions;
A memory operatively coupled to the processor;
This memory holds the above program instructions,
The above program instruction is
For copyrighted digital information, sending test packets created from the source to the receiving device that cannot be sent by the forbidden device;
A system for preventing unauthorized use of copy-protected content, comprising: disabling use of copyrighted digital information by a receiving device if a test packet is not successfully transmitted to the receiving device. The system of claim 13, wherein
A system for preventing unauthorized use of copy protected content, wherein the program instructions further comprise waiting for a response packet from a receiving device. The system of claim 14, wherein
The program instructions further comprise evaluating a transmission path between the source and the receiving device based on whether a response packet is received from the receiving device, or unauthorized use of copy-protected content Prevent system. The system of claim 14, wherein
The step of evaluating the program instructions further comprises measuring an elapsed time between sending a test packet and when a response packet is received to prevent unauthorized use of copy-protected content System. The system of claim 14, wherein
The program instructions further comprise making the elapsed time measured in the evaluating step at least partially an execution condition of the step of disabling, preventing unauthorized use of copy-protected content System. The system of claim 12, wherein
The program instructions further comprise transmitting a test packet in a series of test packets,
A system for preventing unauthorized use of copy-protected content, wherein the series of test packets are configured so that they cannot be transmitted by different prohibited devices. The system of claim 16, wherein
The program instructions further comprise evaluating a transmission path between the source and the receiving device based on whether a response packet corresponding to the series of test packets is received from the receiving device. A system that prevents unauthorized use of copy-protected content. The system of claim 13, wherein
Disabling the program instructions further comprises placing at least a portion of the copyrighted digital content within the well-craft packet to prevent unauthorized use of copy-protected content system. The system of claim 13, wherein
Disabling the program instructions further comprises placing a key component in the well-craft content for accessing copyrighted digital content, unauthorized use of copy-protected content Prevent system. The system of claim 13, wherein
The system for preventing unauthorized use of copy protected content, wherein the transmitting of the program instructions further comprises transmitting a well-craft packet comprising a ping packet. The system of claim 13, wherein
The system for preventing unauthorized use of copy protected content, wherein the sending of the program instructions further comprises sending a well-craft packet comprising a non-routable packet. The system of claim 13, wherein
The step of transmitting the program command further comprises transmitting a well-craft packet selected from the group consisting of an unknown layer-3 packet, an invalid layer-3 CRC packet, and an unknown layer-2 packet. A system that prevents unauthorized use of copy-protected content.

Images