Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/2803—Home automation networks
  • H04L12/2807—Exchanging configuration information on appliance services in a home automation network
  • H04L12/2812—Exchanging configuration information on appliance services in a home automation network describing content present in a home automation network, e.g. audio video content
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/2803—Home automation networks
  • H04L2012/2847—Home automation networks characterised by the type of home appliance used
  • H04L2012/2849—Audio/video appliances

Definitions

• the invention relates to a method of providing controlled access to content data, in particular as provided to an end-user of consumer electronics equipment or a multimedia computer.
• the invention also relates to a method of protecting unauthorized copying of digital data content.
• content and content data refer to data that contains information for the end-user, e.g., alphanumerical text, graphics, video, audio, multimedia, etc.
• digital content is usually sent or streamed to the end-user from a remote server using cable or Internet, or is provided on a DND, etc.
• the content is processed by the receiving device (e.g., a computer, a set-top box ) and rendered to the end user.
• Content can be copyright-protected using "watermarking”: adding digital modifications that are undetectable by the user, but are recognized by the rendering or verifying software or hardware.
• Another way to protect the content is encryption.
• the content data is encoded using special encryption algorithms before sending the data to its destination.
• the stream is decrypted before rendering or storage.
• Watermarking for example, is highly sensitive to content modifications. If the digital content is modified by software/hardware, which is not aware of the "watermark", the watermark is not guaranteed to persist in the original form. For example, picture resizing, storing the picture in a different file format, applying compression techniques, etc., affect also the watermark and make it less useful. Encryption methods also provide a number of challenges. As computer/processing hardware and software become more powerful and sophisticated, well-known algorithms get "cracked” and are rendered obsolete. Another challenge is standardization. That is, in order to address the mass market with multiple vendors, a content protection method needs to be standard.
• the invention provides a method of providing or receiving content information, preferably via a network, as one or more software objects.
• a procedure is encapsulated in the object for access of the information on a runtime environment. That is, the procedure for accessing the information by the end-user is packaged together with the content information for delivery to the end-user.
• a software object comprises content data plus a method or procedure to process the data.
• a method is a programmed procedure that is defined as part of a class and that is included in any object of that class.
• An object can have more than one method.
• a method in an object can only have access to the data known to that object, which ensures data integrity among the set of objects in an application.
• Open distributed software architectures such as HAVi, Java/JINI, Home API based on COM or DCOM technology, CORBA and others allow transfer of software objects over a network (Internet, home network, local area network, wide area network, etc.).
• HAVi the use of COM technology and OLE Automation objects
• 09/165,683 (Attorney Docket PHA 23.483), filed 10/2/98 for Yevgeniy Shteyn for "CALLS IDENTIFY SCENARIO FOR CONTROL OF SOFTWARE OBJECTS VIA PROPERTY ROUTES";
• U.S. Serial No. 09/165,682 (Attorney Docket PHA 23,484), filed 10/2/98 for Yevgeniy Shteyn for "CONTROL PROPERTY IS MAPPED ONTO MODALLY COMPATIBLE GUI ELEMENT " ; and U.S. Serial No.
• a HAVi DCM can be uploaded to an FAV and executed in a Java run-time environment.
• the DCM can be programmed to implement API's for the rendering, storing, recording or other processing of graphics, audio, video, text, image, etc.
• the software object works directly with the rendering machine, without intermediate decryption or modification. All operations are controlled by the object itself and hidden from hostile applications.
• an object-controlled storage API is invoked (for example: Serialization, see further below). Since the object controls the storage (recording) process, the host system has to recreate the object in order to access stored content and therefore its content is protected.
• the object can affect the quality of recording, the number of times the content can be recorded or rendered and other interactions with the host system.
• the software object also can be made time-sensitive. For example, a movie object can be leased, i.e., its rendering API can only be used for a certain amount of time - movie playing time, a day, etc...
• a controlling object does not have to contain all the content. When the content is very large, the object could just keep the reference(s) to content location and does the retrieval as needed. Where necessary or desirable, a chain of objects could control operations. For example, different movie scenes are controlled by different objects.
• An object can be set up to provide free (trial) access to certain parts of the content and require payments for other. Conditional interaction with system resources, based on user preferences, can be accomplished. Advertisements and promotions can be inserted as separate objects, depending on the level of user access (e.g., via subscription).
• An object can wrap up binary code, provided the execution environment of the target client is known or can be detected after object interaction with the device. For example, a better rendering algorithm or a binary upgrade can be delivered to a TriMedia machine running Java VM.
• the proposed method of data content delivery to an end-user through objects is also highly suitable for other usages than copyright protection.
• email, teleconferencing (via telephone) or videoconferencing can be based on the exchange of software objects for security reasons.
• electronic monetary transactions are made secure through the communication of software objects.
• Electronic mail can be implemented as software objects.
• Transport of an object over a network is accomplished through, e.g., object serialization.
• Object serialization in Java supports the encoding of objects, and the objects reachable from them, into a stream of bytes, and it supports the complementary reconstruction of the object graph from the stream.
• Serialization is used for lightweight persistence and for communication via sockets or Remote Method Invocation (RMI).
• RMI Remote Method Invocation
• the default encoding of objects protects private and transient data, and supports the evolution of the classes.
• a separate digital data stream that can be pirated and replicated by hostile parties does not exist in the traditional sense. All what is being sent is the string of bits and it is not possible to the average person to find a clue about its meaning, since procedures and content information are not recognizable from the stream.
• a class may implement its own external encoding to increase security and is then solely responsible for the external format (source: http:// www.iavasoft.com/ products /jdk/1.1/ docs/guide/ serialization/ index.html). Accordingly, a decryption procedure can be encapsulated in the object, together with encrypted content data. The decryption procedure is then invoked at the receiving end, possibly complemented with an also encapsulated verification procedure verifying the receiver's ID, decryption key, or serial number of the rendering device, etc.
• a video conferencing system can provide conventional video streaming and object-encapsulated secure audio and/or graphical data.
• FIGS.1 -5 are block diagrams of examples of a system wherein the method of the invention is implemented.
• Fig.l is a block diagram of a HAVi system 100 for implementing the method of the invention.
• System 100 comprises a storage medium 102 and an FAV (Full AV node) 104 that comprises a digital TV in this example.
• FAV 104 has a Java Virtual Machine 106.
• Storage medium 102 comprises, for example, a buffer that stores a software object 108 received electronically from outside system 100, e.g., via the Internet after de-serialization, or a DVD or another physical data-carrier that contains the software object, here a HAVi DCM 108 with content data 110 and play-out procedures, represented by rendering API 112.
• Software object 108 is uploaded to the rendering process on FAV 104 where rendering API 104 directly interacts with Java VM 106.
• Conditional access to the content can be based on security or on user/system capabilities.
• the object allows invocation for play-out or storage through API's dedicated to verification.
• the run time would have to provide an authorization or an identifier that can be verified by the object.
• parental control can be implemented by a group of objects representing different parts of a movie content.
• an electronic book can encapsulate graphical objects with access restriction requirements.
• Fig.2 is a block diagram of a Jini system 200 which uses a JavaSpaces architecture.
• JavaSpaces is an architecture for creating a distributed operating system and creating repositories for Java-based objects, as well as Java VM's and Java's Remote Method Invocation (RMI) functionality.
• JavaSpaces implementations provide a mechanism for storing a group of related objects and retrieving them based on value-matching look-up for specified fields. This allows a JavaSpaces server to be used for storing and retrieving objects on a remote system.
• the JavaSpaces API uses a specific package to provide basic atomic transactions that group multiple operations across multiple JavaSpaces implementations into a bundle that acts as a single atomic operation.
• the JavaSpaces architecture supports a transaction mechanism allows multi-operation and/or multi-space updates to complete atomically.
• the term "atomicity" means that all operations grouped under a transaction occur or none of them does.
• Jini is a technology, also from Sun Microsystems, for networking of devices.
• Jini is a Java-based software technology that assists in networking PC's and peripherals.
• a Jini-enabled device When plugged into a network, a Jini-enabled device will broadcast its presence. Network clients that are ready to use that device can request the necessary software from the device itself, bypassing a server or a network administrator. This architecture builds on top of an existing network.
• System 200 comprises JavaSpaces servers 202 and 204, and a client 206 connected through a network 208.
• JavaSpaces server 202 or 204 provides a distributed persistence and object exchange mechanism for objects written in the Java programming language. Objects are written in entries that provide a typed grouping of relevant fields. Clients can perform simple operations on a JavaSpaces server to write new new entries, to look-up existing entries, and remove entries from the space. Using these tools a user can write systems that use flow of data to implement distributed algorithms and let the JavaSpaces system implement persistence for the user.
• server 202 transfers an object (through Serialization) to client 206. The transfer is a lease as specified by Java's
• a leased resource or service grant is time-based. When the time for the lease has expired the service ends or the resource is freed.
• server 202 leases a first object to server 204 for temporary storage and a second object to client 206 for temporary storage or rendering.
• This configuration is relevant to, for example, a video- (or audio-) on-demand service provider, a multi-player video game provider, etc.
• a similar client-server architecture can be built using COM/DCOM technology of Microsoft, with a COM client on a Windows operating system.
• Fig.3 is a diagram of a system 300 with a COM/DCOM server 302 and a COM client 304.
• Server 302 provides object access and object storage.
• Client 304 can access server 302 using COM or DCOM mechanisms. For a remote location, DCOM is be used. The access mechanism is transparent to client 304.
• a COM object is transferred into the process on client 304 and an appropriate API is invoked at client 304 in order to produce desirable content.
• the object has full access to system resources and API's such as DirectShow components from Microsoft.
• Fig.4 is a diagram of another configuration of a system 400 in the invention.
• System 400 comprises a server 402 for providing objects and serving as an object repository.
• System 400 further comprises clients 404 and 406.
• System 400 is used for, e.g., multi-client interaction for exchange of content such as in videoconferencing.
• Content objects are placed in server/repository 402 by client 404 and can be retrieved from repository 402 by client 406.
• Fig.5 is a diagram of a system 500 that has a similar configuration as system 400.
• System 500 comprises an object server 502 that serves clients 504, 506, 508 and 510.
• Server 502 functions as an object repository to enable multi-client object interaction.
• Content objects are placed in server 502 by any of clients 504-510 and can be retrieved by any of the other clients 504-510.
• System 500 comprises a relay or replication server 512 to serve clients 514 and 516.
• a content object can be packaged or can expose interfaces based on preferences or access privileges of clients 504-510 and 514-516.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Software Systems (AREA)
• Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• Multimedia (AREA)
• General Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• Technology Law (AREA)
• Automation & Control Theory (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Data Mining & Analysis (AREA)
• Databases & Information Systems (AREA)
• Mathematical Physics (AREA)
• Information Transfer Between Computers (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=22697749

Family Applications (1)

Country Status (5)

Families Citing this family (14)

Family Cites Families (1)

• 1999
  • 1999-11-01 KR KR1020007007594A patent/KR20010034000A/ko not_active Application Discontinuation
  • 1999-11-01 CN CN99803708A patent/CN1124534C/zh not_active Expired - Fee Related
  • 1999-11-01 WO PCT/EP1999/008333 patent/WO2000028398A1/en not_active Application Discontinuation
  • 1999-11-01 JP JP2000581519A patent/JP2002529844A/ja active Pending
  • 1999-11-01 EP EP99957978A patent/EP1046095A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events