RU82356U1 - INTELLECTUAL PROPERTY TRANSFER CONTROL SYSTEM ON THE INTERNET - Google Patents

Abstract

1. A data control system on the Internet, comprising at least one data server, at least one consumer server, an access server for admission to the Internet, and a data control server, wherein the output of the data server is connected via a network The Internet is connected to the input of the access server, the access server is connected via the local network to the consumer server, the output of the access server is connected via the Internet to the input of the data control server, characterized in that protocol filtering server and server are introduced p identification data via the local network are respectively connected to the access server, the data control server includes providing their deposition. ! 2. The system according to claim 1, characterized in that the data identification server is configured to define files. ! 3. The system according to claim 2, characterized in that the definition of the files is performed by hashing. ! 4. The system according to claim 2, characterized in that the definition of the files is performed using digital watermarks. ! 5. The system according to claim 2, characterized in that the definition of audio files is made by means of sound prints. ! 6. The system according to claim 2, characterized in that the definition of video files is made by means of video prints. ! 7. The system according to claim 1, characterized in that the data identification server is configured to authorize digital streams. ! 8. The system according to claim 7, characterized in that the authorization of digital streams is performed by means of digital watermarks. ! 9. The system according to claim 7, characterized in that the authorization of digital audio streams is performed by means of sound prints. ! 10. The system according to claim 7, characterized

Description

The utility model relates to electronic systems for transmitting and processing information and can be used to control files and digital data streams on the Internet. The system can mainly be used to control files and digital streams, the data of which are objects of intellectual property, for example, texts of books, music files, films, video clips, etc.

A known system for controlling the passage of documentary information containing a control point for a system for controlling the passage of information with its operational dispatch equipment designed to collect, display data on the passage of information in the communication system and conduct telephone conversations over communication lines with operators of managed objects. A document control post has been introduced into the system, the basis of which is the workplace of the duty officer (dispatcher) for monitoring the passage of documentary information, jobs of the first and second forwarders, each of the mentioned jobs of the duty officer for controlling the passage of documentary information and forwarders a computer consisting of a system unit, a monitor, a standard keyboard, a graphic manipulator, a printer and an interface expander, and also entered The adapter block, the connection and distribution block of communication lines, subscriber and connecting lines of service communication, equipment of service communication, consisting of a line switching unit and three control panels, one of which is installed at each of the mentioned workplaces of the documentary control officer , the first and second forwarders, n subscriber points for the transfer of documentary information, each of which contains a group equipment group, four telegraph console and four terminals speaking remote control, while the first, second, third, fourth and fifth inputs and outputs of the system unit of the personal computer of the workplace of the desk of the person on duty for monitoring the passage of documentary information are connected to the inputs and outputs of the monitor, standard keyboard, graphic manipulator, printer and interface expander, first , second, third, fourth and fifth inputs and outputs of the system unit of a personal computer

the workplace of the first forwarder is connected to the inputs and outputs of the monitor, standard keyboard, graphic manipulator, printer and interface expander, the first, second, third, fourth and fifth inputs and outputs of the system unit of the personal computer of the workstation of the second forwarder are connected to the inputs and outputs of the monitor , a standard keyboard, a graphic manipulator, a printer and an interface expander, the second inputs and outputs of an interface expander of a workstation personal computer The urn for controlling the passage of documentary information, the expander of the interfaces of the workplace of the first forwarder and the expander of interfaces of the workplace of the second forwarder are connected respectively to the first, second and third inputs and outputs of the adapter unit, the fourth inputs and outputs of which are connected to the first station inputs and outputs of the connection unit and distribution of communication lines, the second station inputs / outputs of which are connected to the line inputs-outputs by means of subscriber and trunk lines of service communication Am of the switching unit of the lines of intercom equipment, the inputs and outputs of the first, second and third control panels installed at the workplace of the duty officer for monitoring the passage of documentary information, at the workplaces of the first and second forwarders, are connected respectively to the first, second and third inputs and outputs line switching unit, the first linear inputs and outputs of sets of data transmission lines of the group equipment unit of the first subscriber station are connected to the first linear inputs and outputs of the connection unit and distribution of communication lines, the first linear inputs and outputs of sets of data transmission lines of a group equipment unit of a second subscriber station are connected to the second linear inputs and outputs of a block of connection and distribution of communication lines, and the first linear inputs and outputs of sets of data transmission lines of a block of a group equipment of the nth subscriber unit points are connected to the nth line inputs and outputs of the unit for connecting and distributing communication lines, the first, second and nth line inputs and outputs of the sets of subscriber telephone lines and the connections and distribution of communication lines are connected to the second linear inputs and outputs of the group equipment unit of the first, second, and nth subscriber stations, respectively, the inputs and outputs of the first, second, third, and fourth telegraph consoles of the first subscriber station are connected respectively to the first, second, third and the fourth station inputs and outputs of the group block

equipment, inputs and outputs of the first, second, third and fourth telegraph consoles of the second subscriber station are connected respectively to the first, second, third and fourth station inputs and outputs of the group equipment unit, inputs and outputs of the first, second, third and fourth telegraph consoles of the nth subscriber station connected respectively to the first, second, third and fourth station inputs and outputs of the group equipment unit, the fifth station inputs and outputs of the group equipment unit of the first subscriber stations are connected in parallel to the linear inputs and outputs of the first, second, third and fourth terminal intercoms, the fifth station inputs and outputs of the group equipment unit of the second subscriber station are connected in parallel to the linear inputs and outputs of the first, second, third and fourth terminal intercoms, fifth station inputs and outputs of the group equipment block of the nth subscriber station are connected in parallel to the linear inputs and outputs of the first, second, third and fourth terminal conversations control panels, the third line inputs and outputs of the group equipment block of the first subscriber station via an interaction line are connected to the third line inputs and outputs of the group equipment block of the second subscriber station, the inputs and outputs of the data line set of the control center for information flow control are connected to the third station inputs - the outputs of the unit for connecting and distributing communication lines, the fourth station inputs and outputs of which are via telephone lines Noah connection connected to the line inputs-outputs of the control points for the passage of information control system. (RF patent for the invention No. 2314648, H04L 12/00, publ. 2008.01.10).

The system is complex and does not provide high data processing performance.

The closest is an Internet control system containing at least one data server, at least one consumer server, an access server for admission to the Internet, and a data control server, while the output of the data server is connected via the Internet to the input of the access server, the access server is connected via a local area network to the consumer server, the output of the access server is connected via the Internet to the input of the data control server (US Patent No. 6085324, G06F 21/00, published 2000.07.04).

The disadvantage of this technical solution is the need to make special marks in the monitored files, which limits the scope and functionality. Limited use of the system, since it does not allow to control digital streams. Low productivity, as digital data must be fully processed.

The task solved by the utility model is the improvement of technical and operational characteristics.

The technical result that can be obtained by performing a utility model is an extension of functionality and increased productivity. When monitoring objects of intellectual property (IP) passing digitally through the Internet gateway, increasing the speed of monitoring and documenting the processed information and, thus, increasing the reliability of the system, and providing the possibility of detecting unauthorized use of IP objects on the Internet.

To solve the problem with achieving the specified technical result in the well-known Internet monitoring system, containing at least one data server, at least one consumer server, an access server intended for admission to the Internet, and a data control server, when the output of the data server is connected via the Internet to the input of the access server, the access server is connected via the local network to the consumer server, the output of the access server is connected via the Internet to the server input and data control, according to the claimed device, a protocol filtering server and a data identification server are introduced, which are respectively connected to the access server via a local network, and the data control server is provided for depositing them.

Additional embodiments of the utility model are possible, in which it is advisable that:

The data identification server was configured to define files.

In this case, the definition of files can be performed by hashing or by digital watermarking, the definition of audio files by means of sound prints, the definition of video files by means of video prints.

The data identification server was configured to authorize digital streams.

In this case, the authorization of digital streams can be performed through digital watermarks, the authorization of digital audio streams through sound prints, the authorization of digital video streams through video fingerprints.

These advantages, as well as the features of this utility model are illustrated by the best option for its implementation with reference to the accompanying drawings.

Figure 1 depicts a functional diagram of the claimed system;

Figure 2 is a block diagram of an algorithm for a filtering server;

Figure 3 is a flowchart for a data identification server.

The Internet control system comprises at least one data server 1, at least one consumer server 2, an access server 3 for admission to the Internet, and a data control server 4. The output of the data server 1 is connected via the Internet to the input of the access server 3. The access server 3 is connected via a local area network 5 to the server 2 of the consumer. The output of the access server 3 is connected via the Internet to the input of the data control server 4. A protocol filtering server 6 and a data identification server 7 are introduced into the system, which are respectively connected to the access server 3 via the local network 5. Server 4 data control is made providing their deposit.

The data identification server 7 is configured to define files.

In this case, the definition of files can be performed by hashing or by digital watermarking, the definition of audio files by means of sound prints, the definition of video files by means of video prints.

The data identification server 7 is configured to authorize digital streams.

In this case, the authorization of digital streams can be performed through digital watermarks, the authorization of digital audio streams through sound prints, the authorization of digital video streams through video fingerprints.

The system works (figure 1) as follows.

The passage of a file or digital stream through the Internet refers to the transfer of a file or digital stream from server 1 to server 2 through at least one access server 3 (Internet gateway), for example, an Internet service provider. Server 1 may, for example, be a database server or a digital content seller server. Server 2 can be a computer of any Internet user.

The file is characterized by a number of features:

- name (a sequence of characters, a number or something else that uniquely characterizes the file);

- a specific logical representation and the corresponding read / write operations;

- the presentation can be from a sequence of bits to a database with arbitrary organization of data within a file.

Most often, the list of resources represented by files includes:

- data areas;

- devices (physical and virtual);

- data streams;

- network resources;

- objects of the operating system;

- IP objects (music, films, pictures, texts, etc.).

File transfer control is carried out using file identification techniques known in the art. One way is hashing authentication. Hashing is a mathematical operation performed on a file, resulting in a code of a certain length. Moreover, the probability that the same code will be obtained as a result of hashing another file is negligible. In particular, the hash algorithm described in GOST 34.11-94 has a probability of the same hash for two different files equal to 10-77. To use hash identification on the control server 4 (Fig. 1), a preliminary hash procedure is performed, and the resulting hash is deposited (placed) with the file in the server 4 database.

Any data on the Internet is transmitted using Internet protocols. For different network servers to communicate with each other, they must

“Speak” in one “language”, that is, use the same protocol. The Internet protocol system is called the TCP / IP protocol stack.

The most common Internet protocols (in alphabetical order, grouped in approximate accordance with the OSI model):

At the application level: DNS, FTP, HTTP, HTTPS, IMAP, LDAP, POPZ, SMTP, SSH, Telnet, XMPP (Jabber), SNMP.

At the session / presentation level: SSL, TLS.

At the transport level: TCP, UDP.

At the network level: BGP, ICMP, IGMP, IP, OSPF, RIP, EIGRP, IS-IS

At the data link layer: Ethernet, Frame relay, HDLC, PPP, SLIP.

Application-level protocols are used to transfer files, digital streams or any other significant data. For example, the HTTP protocol can be used both to transfer WEB-pages (data from Internet sites) and files. When solving the problem of controlling the movement of files and / or digital streams on the Internet, server 6 filters the protocols and selects exactly those that are used to transfer files and / or digital streams.

Before starting work, the server 6 filtering protocols is configured to control the movement of files and / or digital streams on the Internet, transmitted using any specific Internet application protocol. On server 1, the file is divided into small pieces of data and transmitted from server 1 via the Internet to the access server 3 through one of the application data transfer protocols. Next, the data is transmitted using the local network to the server 6 filtering protocols. There is a set of well-known Internet application protocols that can be used to transfer files over the Internet. For example, HTTP, SMTP, FTP, POPZ protocols. The protocol filtering server 6 selects from all the protocols only those with which it is configured to work, and transmits this data to the identification server 7, which significantly improves the performance and speed of the system as a whole. On server 7, the file is assembled from the filtered data of the Internet application protocol. After that, the hash procedure is applied to the file, and the received hash is transmitted via the Internet to server 4 for comparison with the hashes already there. If the hash of the file received on server 7 coincides with the hash already on server 4, the fact of the passage of a particular file from server 1 to server 2 through a specific access server 3 is recorded. System

is used to control the movement of specific IP objects on the Internet, therefore, pre-controlled files are deposited on the control server 4, where the hashing procedure is applied to them, which allows subsequent identification of the controlled files.

Filtering is carried out in accordance with the algorithm (figure 2).

In block 201 of the filtering server 6, the lists of protocols that need to be filtered out from the general data stream are configured. Next, in comparison block 202, a check is made for the availability of new data packets from the access server 3. If there are packets, then in block 203 compares the check whether the protocol of a particular data packet belongs to one of the protocols specified for server 6 in block 201. If the packet protocol is suitable, then in block 204 compares package data file? If the packet contains file data, then in block 205, the filtered data packet is transmitted to the identification server 7.

Packet filtering significantly improves system performance because eliminates all packets of unprocessed data transfer protocols, as well as those data packets that do not contain file data.

Identification of files by hashing is carried out in accordance with the algorithm (figure 3).

In block 301 of the authentication server 7, new packets of file data are received from the filtering server 6. At block 302, a file is assembled from data packets. After the file is assembled, in block 303, a hash is generated from the file by processing the file with a mathematical function. After that, in block 304, the hash is transmitted to the control server 4. On the control server 4, in the comparison unit 305, a search for the obtained hash is performed among the ones already available on the server 4, generated from previously deposited files intended for control. If the same hash is found in the database of server 4, then in block 306 the fact of detecting a file transfer from the data server 1 to the consumer server 2 through the access server 3 is recorded.

The method of controlling the passage of digital streams through the Internet gateway is similar to the method of controlling files and has a different set of application protocols for transmitting a digital stream (for example, MPEG2 TS), as well as another identification algorithm. Algorithms for identifying digital streams depend on the content (content) that is transmitted using the digital stream. AT

In case of transmission of audio data in a digital stream, the sound fingerprint algorithm is used for identification. Using the algorithm of sound fingerprints, the digital stream is subjected to primary processing by the algorithm for extracting sound fingerprints that are transmitted to server 4. Sound fingerprints are a sequence of digital data. Subsequently, when the same digital stream passes through the server 7, the sound fingerprint extraction algorithm applied to the digital stream produces sound fingerprints identical to those that were previously obtained and placed on the control server 4. Thus, due to the receipt of the same sound fingerprints of the monitored and pre-processed digital stream, the identification of digital streams of audio data is achieved, which allows you to record the facts of the passage from server 1 to server 2 through server 3 of specific digital streams containing specific audio data. The method of identifying intellectual property objects in digital streams by sound fingerprints can be equivalently applied to the identification of IP objects in files containing audio IP objects. The use of video fingerprint technology will allow the identification of files and digital streams containing video IP objects.

The method of identifying files and digital streams using watermarks (inserts) is similar to the technology for identifying by sound fingerprints, but requires a special insertion into the file or digital stream. This insert can be a digital sequence that uniquely identifies the IP object and has such qualities that its inclusion in a file or digital stream does not affect the quality of sound or video playback, but if a special procedure is applied to the file (stream), it allows you to extract the watermark code (insets) that uniquely identifies a specific IP object. The advantage of watermarking technology is that with its help identification of IP objects of arbitrary composition is possible, be it texts, video, sound or graphic information. In each case, the initial implementation of the watermark in the file (stream) occurs, and then during the identification procedure, the procedure for extracting the watermark (insert) is performed.

Although the protocol filtering server 6 and the data identification server 7 are known in the art, they have not previously been used to control files and digital streams whose data are intellectual property. In addition, the server 4 data control is made providing

file deposit, which is also known from the prior art, but was not used for processing on the Internet files that characterize inherently intellectual property. At the same time, server 6 and server 7 are connected to server 3 through a local network 5. Therefore, the claimed Internet control system is new.

Thus, through the use of filtering data packets, as well as identification using hashing, video, and sound fingerprints, watermarks, it is possible to expand functionality and increase productivity. When monitoring objects of intellectual property (IP), passing digitally through server 3 (Internet gateway), it is possible to increase the speed of monitoring and documenting the processed information by server 4 and, thus, to increase the reliability of the system.

The most successfully declared Internet monitoring system is industrially applicable in computer technology for controlling and monitoring the movement of IP objects in digital form on the Internet.

Claims (10)

1. A data control system on the Internet, comprising at least one data server, at least one consumer server, an access server for admission to the Internet, and a data control server, wherein the output of the data server is connected via a network The Internet is connected to the input of the access server, the access server is connected via the local network to the consumer server, the output of the access server is connected via the Internet to the input of the data control server, characterized in that protocol filtering server and server are introduced p identification data via the local network are respectively connected to the access server, the data control server includes providing their deposition. 2. The system according to claim 1, characterized in that the data identification server is configured to define files. 3. The system according to claim 2, characterized in that the definition of the files is performed by hashing. 4. The system according to claim 2, characterized in that the definition of the files is performed using digital watermarks. 5. The system according to claim 2, characterized in that the definition of audio files is made by means of sound prints. 6. The system according to claim 2, characterized in that the definition of video files is made by means of video prints. 7. The system according to claim 1, characterized in that the data identification server is configured to authorize digital streams. 8. The system according to claim 7, characterized in that the authorization of digital streams is performed by means of digital watermarks. 9. The system according to claim 7, characterized in that the authorization of digital audio streams is performed by means of sound prints. 10. The system according to claim 7, characterized in that the authorization of digital video streams is performed by means of video fingerprints.