WO2008045818A2 - Droits numériques associés à une application logicielle - Google Patents
Droits numériques associés à une application logicielle Download PDFInfo
- Publication number
- WO2008045818A2 WO2008045818A2 PCT/US2007/080684 US2007080684W WO2008045818A2 WO 2008045818 A2 WO2008045818 A2 WO 2008045818A2 US 2007080684 W US2007080684 W US 2007080684W WO 2008045818 A2 WO2008045818 A2 WO 2008045818A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- drm
- component
- bound
- software application
- Prior art date
Links
- 230000002085 persistent effect Effects 0.000 claims abstract description 80
- 238000000034 method Methods 0.000 claims abstract description 46
- 238000004519 manufacturing process Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 description 15
- 238000007726 management method Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- EPO European Application
- This disclosure relates to digital rights management methods and systems. More particularly, the present disclosure relates to binding digital rights management information to a software application.
- DRM Digital rights management
- the purpose of this information is to store the current trial status for given protected applications so that each time the application is launched, the trial status is updated. Also, each time a game is launched, the trial criteria is checked so the protected application can expire when the trial is over (e.g. after three uses). When the trial criteria expires the protected application, the only way to use the application again is to pay for a subscription or to buy the full version of the application.
- Conventional approaches save this trial data in traditional ways as persistent information that could be saved and restored using a provided application programming interface (API) by the client operating system (OS).
- API application programming interface
- Usual examples of common persistence methods used in conventional systems include: 1) saving data to files in the hard drive and restoring the information back from those files stored on a hard drive; 2) accessing the OS registry to save and restore information; or 3) accessing and modifying some known files in the application (or known files that are in the basic OS installation), so using, for example, steganographic methods, information can be saved and restored in a way that is not readily noticeable by users (e.g. altering the lowest bits in images, music, or videos).
- These conventional methods rely on the fact that the next time the protected application is executed, all saved trial information will be recovered so the trial status can be updated conveniently.
- Figure 1 depicts a conventional protected software application program.
- Figure 2 depicts the conventional system illustrated in Figure 1 in a scenario where a hacker has circumvented the effectiveness of the DRM component.
- Figure 3 depicts an alternative implementation of a conventional protected software application program.
- Figure 4 depicts an example embodiment showing a protected software application program including a software application portion and a digital rights management (DRM) portion.
- DRM digital rights management
- Figures 5 and 6 are flow diagrams illustrating the processing steps in various embodiments.
- Figures 7 and 8 are block diagrams of a computing system on which an embodiment may operate and in which embodiments may reside.
- a computer-implemented method and system for binding digital rights management information to a software application are disclosed, hi the following description, numerous specific details are set forth. However, it is understood that embodiments may be practiced without these specific details, hi other instances, well-known processes, structures and techniques have not been shown in detail in order not to obscure the clarity of this description.
- Various embodiments include a mechanism to bind digital rights management information to an application (host software) without requiring code changes to the application.
- Various embodiments strive to improve the binding between the host executable and the DRM information while maintaining the benefit of not requiring modifications of the host at the source- code level.
- a protected software application makes operating system (OS) calls or physical media access to save and retrieve data through a DRM access layer.
- OS operating system
- DRM trial status information and software application information are both channeled through the same DRM access layer, there is no way of altering such information to remove only the DRM information without affecting the persistent application program information as well, hi order to preserve DRM information, it is important to use the same input/output (I/O) data channels that the protected software application uses to store and retrieve data by using cryptographic methods to securely bind DRM information with software application program data.
- I/O input/output
- FIG. 1 depicts a conventional protected software application program 100 comprising an application portion 104 and a digital rights management (DRM) portion 102.
- Software application 104 represents any conventional software application program, software game, business or enterprise software, and similar commercially available software products for sale or license.
- DRM portion 102 represents a conventional software component used to manage access to application 104 in a variety of controlled or limited ways.
- DRM component 102 can be used in a conventional way to provide users with a trial sampling of application, 104. In such a trial version, DRM component 102 provides a user with limited access to application 104.
- DRM component 102 could provide a user access to application 104 for limited time, a limited number of uses, or a functionally restricted version of application 104.
- DRM component 102 In a typical conventional configuration, users make access to application 104 through DRM component 102. With each such access by a user, DRM component 102 can store persistent DRM information in a nonvolatile data store 106. Similarly with the execution of application software 104, application 104 can store persistent software application data in nonvolatile data store 108. It will be apparent to those of ordinary skill in the art that are data stores 106 and 108 can be implemented in a conventional memory devices such as hard disk drives, flash memory, magnetic media, and the like. As the user makes access to application 104, DRM component 102 records such access in persistent data store 106.
- DRM component 102 can prevent a user from making subsequent access to application 104.
- the DRM component 102 can also record a user identifier, user name, device identifier, software license/registration number, or the like so the persistent DRM information can be associated with a particular user and/or a particular device.
- various embodiments allow the sharing of files or software application trials between different users or devices. This will enable a first user to share the first user's saved game or other software application with a second user, without expiring the first user's game or other software application trial status. Similarly, vice- versa, a second user can share the second user's saved game or other software application with a first user, without expiring the second user's game or other software application trial status.
- FIG. 2 the system illustrated in Figure 1 is shown in a scenario where a hacker has circumvented the effectiveness of DRM component 102. hi this example, a hacker has attacked the DRM information stored in persistent data store 106. If the DRM information stored in persistent data store
- DRM component 102 in protecting access to application 104 is circumvented. In this manner, a hacker can modify or remove DRM information in persistent data store 106 and thereby obtain unlimited access to application 104. As such, prior art DRM implementations are vulnerable to attacks such as those described above.
- an application program 107 directs all input/output (I/O) to application data store 108 through DRM component 103 via I/O path
- DRM component 103 can store persistent DRM information in a nonvolatile data store
- DRM component 103 records such access in persistent data store 106.
- the conventional implementation illustrated in Figure 3 is still vulnerable to a hacker attack. If the DRM information stored in persistent data store 106 is removed or replaced with inaccurate data, the effectiveness of DRM component 103 in protecting access to application 107 is circumvented. In this manner, a hacker can modify or remove DRM information in persistent data store 106 and thereby obtain unlimited access to application 107. As such, prior art DRM implementations are vulnerable to attacks such as those described above.
- Figure 4 depicts a protected software application program 110 comprising a software application portion 114 and a digital rights management (DRM) portion 112.
- Software application 114 represents any conventional software application program, software game, business or enterprise software, and similar commercially available software products for sale or license.
- DRM portion 112 represents an improved digital rights management software component used to manage access to application 114 in a variety of controlled or limited ways.
- I/O input/output
- data channel or data path 113 provides a means by which application 114 transfers application information to/from persistent data store 116.
- DRM 112 provides a software layer between application 114 and a conventional operating system (OS).
- OS operating system
- components of DRM 112 can replace various components of application 114, system drivers, or OS components to provide the software layer between application 114 and the OS or directly provide the software layer between the application 114 and the hardware.
- DRM 112 can intercept any function calls to the OS made by application 114. Because conventional operating system function calls are a well-known interface, DRM 112 can be configured to anticipate and intercept these I/O function calls to the OS by application 114. In this manner, DRM 112 is accessed by application 114 any time application 114 needs to access persistent data store 116.
- DRM 112 In servicing these I/O requests by application 114, application data travels to or from persistent data store 116 through DRM 112 and via data paths 113 and 115. [0018]For its own purposes in retaining persistent DRM information, DRM 112 also makes access to persistent data store 116 via data path 115. These accesses by DRM 112 can be used to store and retrieve DRM information related to limited usage or trial sampling of application 114 by a user. In these cases, DRM information also travels via data path 115 to/from persistent data store 116. Thus, in normal operation, all persistent application data and persistent DRM data travels to/from persistent data store 116 via data path 115. Application-specific information travels to/from application 114 via data paths 113 and 115.
- persistent DRM information and persistent application 114 information have been combined in persistent data store 116 and transferred via a common data path 115.
- the DRM 112 binds the application data and the DRM data together using a variety of techniques.
- the application data and the DRM data is combined and encrypted using a cipher.
- the application data and the DRM data is combined and scrambled, mixed, hashed, or steganographically hidden to create a bound data set of combined application data and DRM data that is extremely difficult to decipher or unscramble.
- Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured.
- Steganographically hiding the DRM data with the application can be accomplished using well-known steganographic techniques. These techniques can be used to create a bound data set of combined application data and DRM data.
- the bound data set can be a data block or a set of streaming data. This bound data set is then written to persistent data store 116.
- DRM 112 When application 114 and/or DRM 112 need to read the bound data set stored in persistent data store 116, DRM 112 reads the bound data set and decrypts or unscrambles the bound data set prior to sending the unbound data on to application 114 or retaining and using the unbound data within DRM 112. As such, the embodiment illustrated in Figure 4 presents a very difficult configuration for hackers to circumvent. Because the application-specific information and persistent DRM information are bound together in persistent data store 116 in a manner that is extremely difficult to decipher or unscramble, a hacker can no longer conveniently remove just the DRM persistent information without affecting the persistent application 114 information as well. Therefore, DRM 112 and application 114 are rendered much more resilient to hacker attack.
- FIG. 5 illustrates a flow diagram of the processing flow employed in an example of various embodiments.
- a DRM component is inserted between a software application component and an operating system component. This inserted DRM component creates a software layer between the software application and the operating system.
- the software application component requests access to a persistent data store
- use the DRM component to intercept the request from the software application component for access to the persistent data store (processing block 412).
- the DRM component binds the DRM data with application data in a bound data set as described above (processing block 414).
- the DRM component stores the bound data set (including both DRM data and application data) in the persistent data store (processing block 416).
- FIG. 6 illustrates a flow diagram of the processing flow employed in another example of various embodiments.
- a DRM component is inserted between a software application component and an operating system component. This inserted DRM component creates a software layer between the software application and the operating system.
- the DRM component intercepts the request from the software application component for access to the persistent data store (processing block 512).
- the DRM component retrieves a bound data set (including both DRM data and application data) from the persistent data store (processing block 514).
- the DRM component recovers the DRM data from the application data to create an unbound data set as described above (processing block 516). It will be apparent to those of ordinary skill in the art that the DRM data can be unbound from the application data using a copy of the bound data set that is transferred to a volatile memory and processed there. In this way, the bound data set (including both DRM data and application data) maintained in the persistent data store is not modified in the unbinding process. The bound data set maintained in the persistent data store remains bound until an older version of the bound data set is overwritten with a newer version. This prevents a hacker from gaining access to an unbound version of the bound data set stored in the persistent data store.
- the recovered application data can then be sent on to the application and the DRM can use the recovered DRM specific data.
- the application-specific information and persistent DRM information are bound together in persistent data store 116 and then recovered when needed by the application and/or the DRM component.
- FIGS 7 and 8 show an example of a computer system 200 illustrating an exemplary client or server computer system in which the features of an example embodiment may be implemented.
- Computer system 200 is comprised of a bus or other communications means 214 and 216 for communicating information, and a processing means such as processor 220 coupled with bus 214 for processing information.
- Computer system 200 further comprises a random access memory (RAM) or other dynamic storage device 222 (commonly referred to as main memory), coupled to bus 214 for storing information and instructions to be executed by processor 220.
- Main memory 222 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 220.
- Computer system 200 also comprises a read only memory (ROM) and /or other static storage device 224 coupled to bus 214 for storing static information and instructions for processor 220.
- ROM read only memory
- An optional data storage device 228 such as a magnetic disk or optical disk and its corresponding drive may also be coupled to computer system 200 for storing information and instructions.
- Computer system 200 can also be coupled via bus 216 to a display device 204, such as a cathode ray tube (CRT) or a liquid crystal display (LCD), for displaying information to a computer user. For example, image, textual, video, or graphical depictions of information may be presented to the user on display device 204.
- CTR cathode ray tube
- LCD liquid crystal display
- an alphanumeric input device 208 is coupled to bus 216 for communicating information and/or command selections to processor 220.
- cursor control device 206 such as a conventional mouse, trackball, or other type of cursor direction keys for communicating direction information and command selection to processor 220 and for controlling cursor movement on display 204.
- a communication device 226 may also be coupled to bus 216 for accessing remote computers or servers, such as a web server, or other servers via the Internet, for example.
- the communication device 226 may include a modem, a network interface card, or other well-known interface devices, such as those used for interfacing with Ethernet, Token-ring, wireless, or other types of networks.
- the computer system 200 may be coupled to a number of servers via a conventional network infrastructure.
- the system of an example embodiment includes software, information processing hardware, and various processing steps, as described above.
- the features and process steps of example embodiments may be embodied in machine or computer executable instructions.
- the instructions can be used to cause a general purpose or special purpose processor, which is programmed with the instructions to perform the steps of an example embodiment.
- the features or steps may be performed by specific hardware components that contain hard- wired logic for performing the steps, or by any combination of programmed computer components and custom hardware components. While embodiments are described with reference to the Internet, the method and apparatus described herein is equally applicable to other network infrastructures or other data communications systems.
- the programs may be structured in an object-orientated format using an object-oriented language such as Java, Smalltalk, or C++.
- the programs can be structured in a procedure-orientated format using a procedural language, such as assembly or C.
- the software components may communicate using any of a number of mechanisms well known to those of ordinary skill in the art, such as application program interfaces or inter-process communication techniques, including remote procedure calls.
- the teachings of various embodiments are not limited to any particular programming language or environment, including HTML and XML.
- Figures 7 and 8 illustrate block diagrams of an article of manufacture according to various embodiments, such as a computer 200, a memory system 222, 224, and 228, a magnetic or optical disk 212, some other storage device 228, and/or any type of electronic device or system.
- the article 200 may include a computer 202 (having one or more processors) coupled to a computer-readable medium 212, and/or a storage device 228 (e.g., fixed and/or removable storage media, including tangible memory having electrical, optical, or electromagnetic conductors) or a carrier wave through communication device 226, having associated information (e.g., computer program instructions and/or data), which when executed by the computer 202, causes the computer 202 to perform the methods described herein.
- a computer 202 having one or more processors
- a storage device 228 e.g., fixed and/or removable storage media, including tangible memory having electrical, optical, or electromagnetic conductors
- a carrier wave e.g., fixed and/or removable storage media, including tangible memory having electrical, optical, or electromagnetic conductors
- associated information e.g., computer program instructions and/or data
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06121995A EP1912146A1 (fr) | 2006-10-09 | 2006-10-09 | Procédé exécuté sur ordinateur et système pour relier des informations de gestion des droits numériques à une application logicielle |
EP06121995.2 | 2006-10-09 | ||
US11/699,679 | 2007-01-29 | ||
US11/699,679 US20080086777A1 (en) | 2006-10-06 | 2007-01-29 | Computer-implemented method and system for binding digital rights management information to a software application |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008045818A2 true WO2008045818A2 (fr) | 2008-04-17 |
WO2008045818A3 WO2008045818A3 (fr) | 2008-10-16 |
Family
ID=39283543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/080684 WO2008045818A2 (fr) | 2006-10-09 | 2007-10-08 | Droits numériques associés à une application logicielle |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008045818A2 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112040268A (zh) * | 2020-08-11 | 2020-12-04 | 福建天泉教育科技有限公司 | 支持自定义drm的视频播放方法、存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030084306A1 (en) * | 2001-06-27 | 2003-05-01 | Rajasekhar Abburi | Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices |
US20050091534A1 (en) * | 2003-10-28 | 2005-04-28 | Itay Nave | Security features in on-line and off-line delivery of applications |
-
2007
- 2007-10-08 WO PCT/US2007/080684 patent/WO2008045818A2/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030084306A1 (en) * | 2001-06-27 | 2003-05-01 | Rajasekhar Abburi | Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices |
US20050091534A1 (en) * | 2003-10-28 | 2005-04-28 | Itay Nave | Security features in on-line and off-line delivery of applications |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112040268A (zh) * | 2020-08-11 | 2020-12-04 | 福建天泉教育科技有限公司 | 支持自定义drm的视频播放方法、存储介质 |
CN112040268B (zh) * | 2020-08-11 | 2023-03-24 | 福建天泉教育科技有限公司 | 支持自定义drm的视频播放方法、存储介质 |
Also Published As
Publication number | Publication date |
---|---|
WO2008045818A3 (fr) | 2008-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20080086777A1 (en) | Computer-implemented method and system for binding digital rights management information to a software application | |
EP1031909B1 (fr) | Procédé et dispositif pour la manipulation d'un fichier d'ordinateur et/ou d'un programmme | |
US7646867B2 (en) | System and/or method for encrypting data | |
JP4235691B2 (ja) | 自己保護文書システム | |
JP4759513B2 (ja) | 動的、分散的および協働的な環境におけるデータオブジェクトの管理 | |
US20020082997A1 (en) | Controlling and managing digital assets | |
US7778417B2 (en) | System and method for managing encrypted content using logical partitions | |
US10417392B2 (en) | Device-independent management of cryptographic information | |
EP2065828B1 (fr) | Structures de stockage de média pour le stockage de contenu, dispositifs pour utiliser de telles structures, systèmes pour distribuer de telles structures | |
WO2001059617A1 (fr) | Procede et systeme de gestion de la conservation d'informations | |
US20140082657A1 (en) | On-demand protection and authorization of playback of media assets | |
WO2001046782A2 (fr) | Methode de prediffusion d'un contenu numerique et base de donnees a cle de cryptage a utiliser avec cette methode | |
US7003110B1 (en) | Software aging method and apparatus for discouraging software piracy | |
US20160204939A1 (en) | Media storage structures for storing content, devices for using such structures, systems for distributing such structures | |
US7395423B1 (en) | Security association storage and recovery in group key management | |
WO2008045818A2 (fr) | Droits numériques associés à une application logicielle | |
JP2004094616A (ja) | セキュリティ管理システム、セキュリティ管理方法、セキュリティ管理プログラム及び、セキュリティ管理プログラムを記録したコンピュータ読み取り可能なプログラム格納媒体 | |
CN114726612A (zh) | 一种工作域管理方法、装置、介质及电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200780037729.4 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07853827 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1267/KOLNP/2009 Country of ref document: IN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07853827 Country of ref document: EP Kind code of ref document: A2 |