KR20070085748A - Digital rights management using network topology testing - Google Patents

Abstract

A method and system for preventing unauthorized use of copyrighted digital information over a broadband network includes testing network topology between a source and recipient device. Testing may include transmitting well-crafted information packets for transmission between source and recipient, and evaluating network response to gain information about the topology of the connecting network. Key components for using digital content, or the content itself, may be placed in a package that will not be transmitted by unauthorized network devices. Authorization or capability to use or receive the digital content is based at least in part on network topology between the source and recipient device.

Description

DIGITAL RIGHTS MANAGEMENT USING NETWORK TOPOLOGY TESTING}

This application is incorporated by reference in U.S.C. No. 60 / 624,829, filed November 3, 2004. Of Serial No. 10 / 998,030, filed November 24, 2004, which claims priority under §119 (e) and claims priority to U.S. Patent Application No. 60 / 525,651, filed November 26, 2003. Partial application.

The present invention relates to a method and system for controlling the distribution of digital rights-protected material over a broadband connection based on the determination of the network topology between a source device and a receiving device requiring content on the broadband network.

Recent developments in broadband technology have enabled cost-effective distribution of high-value content by local and remote broadband networks. For example, the increasing widespread availability of "plug-and-play" technology allows a wide range of consumer electronics to be easily connected to a digital cable network. Set-top boxes of the past may be converted to distribution nodes in broadband networks. However, the increase in the efficiency of broadband communications has increased the risk of remote redistribution of paid and free customers' digital content over broadband connections with increased utilization of networked systems in homes, offices and other locations and between them. The concern of illegal and widespread duplication and the redistribution of digital content on network systems can prevent TV and movie suppliers from utilizing the above methods of transmission for content. In order to take advantage of broadband distribution, new content protection and copy management systems must ensure that content cannot be redistributed to other customers and to other locations using broadband distribution networks.

It is also desirable to prevent digital content from being redistributed outside the defined geographic area (eg, if the provided content is digitally distributed). Traditional business models for authorization and distribution content on broadcast networks are typically based on location or geographic area. TVs are approved in the conditional access model according to the Designated Market Area (DMA) in the region based on the Nielsen-defined geographic region. For example, Los Angeles (LA) television stations are not authorized to broadcast to New York audiences. Pay television also has rules that define restricted rights to content based on geographic scope, such as subscriptions that are restricted to homes or homes within a particular area.

Only re-broadcasting or redistributing the content signal on a broadband communication network may not require any copying of the content. Therefore, conventional copy protection methods focused on preventing copying of content cannot effectively prevent redistribution or re-run of the content.

It would be desirable to provide a method and system that reasonably determines the relative proximity of any networked device receiving copyrighted digital content over the network. It is more desirable to use information regarding the relative proximity of networked devices to one or more other network devices in a digital rights management system.

The present invention provides a method and system for controlling the distribution of copyrighted digital content based on the determination of the network topology between the source and receiver. The topological information can be used to determine whether the receiving device is authorized to access the content.

In an embodiment of the present invention, information related to disturbing network topology may be determined from messages exchanged between transmitting and receiving devices. The phase indicating relative proximity can be determined by detecting certain network elements (hubs, switches, routers, tunnels, virtual private network (VPN) gateways and other network devices) installed between the two devices.

Network elements can be detected by sending certain well-crafted packets that are processed differently by different elements. For example, a packet with a valid layer-2 MAC (MAC) header but with an invalid layer-3 network header is retransmitted by the switch and not by the router. Switches and hubs are often used in local home networks, and routers and virtual private network (VPN) gateways are used in wide area networks (WANs) such as the Internet. Therefore, in an embodiment of the present invention, content may be restricted or distributed depending on whether a router or virtual private network gateway is detected between the source device and the receiving device.

The use of normal packets provides the advantage of an alternative method of determining network topology and may provide a more robust and practical method of sensing network elements and determining relative proximity. For example, a ping or port scanning network address can only detect elements that are configured to respond to pings or port scans, or which elements can be used to send traffic between two endpoints. Can't decide if Network sniffing can be used to monitor each network segment for routing and management protocols (such as RIP, OSPF, BGP, SNMP, RGMP, CGMP, HSRP, VRRP, STP, etc.). However, the monitoring requires a network sniffing element installed on each network segment, which is not feasible for wide area networks such as the Internet and does not detect most of switches, virtual private network (VPN) devices or statically formed routers. . The further technique transmits packets with small TTL values such as one. Packets of this type are carried when facing a router, but the technique cannot be used to detect switches, virtual private networks (VPNs), and other types of network encapsulation. Normal packets can overcome this limitation by more effectively determining the presence of certain network elements, thus eliminating the need for sniffing elements.

In an embodiment of the present invention, a series of normal packets may be sent, some or all of which may result in a return package or handshake. Two or more packages can be processed to respond differently to different network elements. The network's response to a series of packages can provide more accurate and more detailed information than can be obtained by evaluating the response to a single package.

In an embodiment of the invention, the key components are provided in a package that has been engineered to not be transmitted in the disabled network topology. For example, a package can be processed such that it cannot be routed using a router or virtual private network (VPN) gateway. The key component may include any element required to use the transmitted content (eg, decryption key or password). Alternatively, or in addition, any portion of the controlled content may be transmitted in a non-routed package or otherwise not delivered using the disabled device.

In an embodiment of the present invention, the relative proximity between network devices can be calculated without considering the geographical proximity. For example, if a router or virtual private network (VPN) gateway is detected between the source and the receiver, the content may be restricted from the receiver regardless of the geographical distance between the source and the receiver. In other embodiments, some combination of measured geographic proximity and relative network proximity may be used to determine eligibility to receive content.

The characteristics of a particular phase can be stored in a secure and updatable table, including, for example, a response to a normal package or a typical transmission time. The table may be consulted instead of or in addition to performing an assessment of relative proximity immediately before transmitting the controlled content. The information in the table can be updated periodically.

A more complete understanding of the relative proximity determination method as well as further understanding of the advantages and objectives will be given to those skilled in the art by considering the following detailed description of the preferred embodiments. Reference is made to the accompanying sheet of drawings, which will be briefly described first.

1 is a block diagram illustrating an exemplary system in accordance with the present invention.

2 is a flow diagram illustrating exemplary steps of a method for preventing unauthorized access to copyrighted digital information.

3 is a flow diagram illustrating exemplary steps of a method for preventing unauthorized access to copyrighted digital information in accordance with an alternative embodiment of the present invention.

4 is a flowchart illustrating exemplary steps of a method for evaluating a transmission path according to the present invention.

5 is a flow chart illustrating exemplary steps for bypassing a digital rights management method based on a phase test.

※ Explanation of codes for main parts of drawing

100: system 102: wide area network

104: server 106: phase detection device for digital rights management

108: LAN 112: Broadband Modem

114: hub 116,118: personal computer

120: portable electronic device 122; Media display device

124: router

The present invention provides a method and system for determining the geographic location of a network device or the relative proximity of interconnected devices overcoming the limitations of the prior art, and the use of such information for digital rights management on a network. In the following detailed description, like element numbers are used to describe like elements appearing in one or more figures.

1 illustrates a system 100 that includes an example local area network (LAN) coupled to a wide area network 102 such as the Internet and a wide area network 102. Local area network 108 may include a variety of elements, at least one of which may be a movie, television or radio program, music, e-book, photograph, or any other content that may be entered and commercially distributed in digital form. Used to watch or listen. The system 100 may include a server 104 connected to a local area network 108 through a wide area network 102 for distribution of digital content. Alternatively, or in addition, digital content may be provided to local area network 108 from a non-networked source (eg, a DVD or CD optical disc, magnetic media, satellite receiver, cable television receiver, etc.). System 100 may additionally include a number of other end users that may be connected to a number of other local area networks, such as local area network 110 (a portion of which is shown). It should be contemplated that system 100 and wide area network 102 may include a number of network elements (eg, router 124 and server 126).

Local area network 108 may include several different devices for receiving, using, storing, processing, or transmitting digital content (eg, personal computers 116, 118, portable media players 120, display set-top boxes). , Digital television (DTV) receiver, broadband modem 112 or other device connected to wide area network 108 via a copper cable, fiber optical cable, wireless connection or other connection). In one embodiment, local area network 108 includes a cable modem or set-top box (not shown) that receives digital content from a cable or satellite network. The apparatus for receiving, using, storing, processing, or transmitting digital content may be connected through one or more hubs (such as hub 114). Alternatively or additionally, the devices may be connected in a peer-to-peer network or other suitable local area network topology with or without a hub.

In an embodiment of the present invention, local area network 108 may include a digital rights management phase detection (TD-DRM) device 106. Digital Rights Management Phase Detection (TD-DRM) devices include any suitable device, instrument, element, software, or firmware that acts to detect proximity and to implement or facilitate the digital rights management steps of the present invention. can do. The digital rights management phase detection (TD-DRM) device may be implemented as a standard device or as an element of another network device (eg, hub 114 or computer 116). The digital rights management phase detection (TD-DRM) device 106 may be combined with or belong to different network devices in the local area network 108, or may be combined with a single device as shown. The digital rights management phase detection (TD-DRM) device 106 may be implemented as software or firmware for execution on a general purpose computer, special purpose consumer electronics, or other device. Alternatively or additionally, a digital rights management phase detection (TD-DRM) device may be implemented using digital electronic cards, printed circuit boards, adapters that are attached or plugged into other devices. All or part of the digital rights management phase sensing (TD-DRM) device functionality may be implemented in application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) or other electronic and chip devices. The digital rights management phase detection (TD-DRM) device 106 may include a plurality of distribution elements or modules that cooperate to perform the digital rights management phase detection (TD-DRM) device functions.

According to an embodiment of the present invention, the digital rights control scheme can be freely distributed within the local area network 108 of a user whose specific copyrighted digital content is authorized, but distribution outside the local area network protects the interests of the copyright holder. It may work on the principle of being restricted, prohibited, or subject to additional licensing fees, as required to prevent copyright theft. For example, certain content may be purchased and used freely in consumer devices belonging to the user's home network, such as the user's media display device 122, personal computers 116, 118, and portable electronic device 120. However, distribution of content to other households may be prohibited. For example, a satellite or cable subscriber may be allowed to watch or record copyrighted content on any device, personal or home, but share content with other households operating its own local area network 110. And subscribers are not allowed to upload digital content to network server 126. In this context and for this purpose a method of using proximity sensing for digital rights management is described below.

Referring to FIG. 2, exemplary steps of a method 200 for digital rights management using network phase detection are shown. In step 202, a request is received to transmit digital content to an identified network location. The request is internal to a digital rights management phase detection (TD-DRM) device, such as a computer 116, and another portal or local area network 108 to the network connection device 112 or the wide area network 102. It can be blocked by any area. Alternatively, or in addition, the digital rights management phase detection (TD-DRM) function may be implemented as an element or accessory of the initiator. For example, digital rights management phase detection (TD-DRM) functionality can be implemented in software used to transfer files to network internal addresses such as, for example, email software or application software for file transfer or media streaming. have. In an embodiment of the present invention, the digital rights management phase detection (TD-DRM) function may first check the transfer request for copyrighted content before executing the phase detection routine.

In step 204, the digital rights management phase detection (TD-DRM) function and the designated inter-recipient network topology are evaluated by sending a normal information packet to the recipient and evaluating the resulting response. Details regarding an exemplary method of phase sensing are provided below in connection with FIG. 4. In step 206, eligibility determinations are made based on the response. For example, if the lack of a response or response indicates that the transmission path includes elements of a telecommunications network, the path may be considered inappropriate for the transmission of content. Conversely, if the lack of a response or response indicates that the transmission path does not include elements of the telecommunications network, the path may be considered suitable for the transmission of content. It is clear that any desirable criteria can be used to distinguish suitable pathways from inappropriate ones and that criteria for eligibility can evolve with changes in consumer behavior and the development of new technologies.

In step 208, the content is sent to a recipient device if the transmission path is deemed appropriate. In step 210, the content is disabled if the transmission path is deemed inappropriate. Disabling may include, for example, preventing the transmission of all or part of the controlled content or transmitting the content in a useless form, such as an encrypted form without a decryption key.

In an alternative embodiment, some combination of estimated geographic proximity and relative network proximity may be used to determine eligibility for receiving content, such as at step 204 of method 200. The geographical distance can be used as a factor in combination with the measured transmission phase. For example, a switch may only be allowed if the receiver is within the defined geographic distance of the source device. Mixed decisions using geographic distance as a factor may be suitable for more sophisticated content subscribers with more complex local area networks. For example, content may be allowed for distribution on an intranet on a corporation or university campus, but not for off-campus distribution.

The determination of distance may include, for example, a secure time function that determines the time at which a message containing a crytographically unique identifier is sent to the requesting device. The message may be transmitted through one of several known communication security methods. The requesting device receives the message, transforms the message into its own password unique identifier, and returns the message to the source device through a known communication security method. When the source device receives the response message, it confirms that it was sent in response to the message originally sent and that the message could only be modified by the requesting device based on the unique identifier. The source device measures the elapsed time between initial message transmission and the receipt of a response, and uses a secure and updatable network characteristic table with the time measured to determine the likelihood that the source device will be near or short, medium or long distance to the source device. . Based on the determination of the relative distance and the possible geographical range for the requested content, the source device may allow or deny access to the requested content.

Additionally or alternatively, the receiving device may use a security time function to imprint the message when the message is received from the source device. When receiving and authenticating the response message, the source device can easily measure the time difference between the time sent by the source and the time received by the receiving device. The time difference may be used together with the information about the characteristic communication network to determine the relative proximity of the receiver. Additionally or alternatively, the message passing time for the response message may be used to determine device proximity.

It is apparent that the geographic location information may be obtained by other means (eg, as described in sub-application serial number 10 / 998,030). In addition, in the embodiment of the present invention, the qualification evaluation may be expressed by a probability equation. For example, a probabilistic assessment of eligibility “the device is eligible to receive the content with 95% certainty”. In accordance with an embodiment of the present invention, the user can form the desired level of certainty as the threshold required before the action is taken by the source device. For example, the device may require a suitable 95% reliability. In addition, the definition of "eligible" may be set by the source apparatus in accordance with any desired value of the various parameters. After the device is determined to be eligible, the source device may perform handling subject to eligibility, such as transmission video content.

In an embodiment of the present invention, evaluating the transmission path may basically be divided into transmitting content and disabling content using the alternative method 300 shown in FIG. The main portion of the content protected in method 300 is transmitted in packets that cannot be transmitted in the disabled phase. In an initial step 302, a request is received to transmit digital content to the identified network location. As in the method 200, the step may be performed at any point before transmitting content in the disabled phase. In step 304, an information packet containing a key component of the content, such as a decryption key or password, is generated and addressed to the named recipient. Packets are preferably processed such that they cannot be transmitted by disabled network elements. For example, a packet can be unrouted or contain unknown or invalid layer-3 information. The packet is transmitted by the hub to other devices in the local area network, but not through a router, a virtual private network (VPN) layer, or some type of switch. More details regarding normal packets are provided in the discussion below. The key component is not limited to the decryption key or password, but may include any information needed to make the controlled content available. In an embodiment of the invention, the protected content is located entirely in a normal packet as described herein. However, since it is considered more efficient to restrict normal packets that serve as carriers of key components, it is usually considered a more desirable access when the key system is sufficiently secure.

In step 306, the normal packet with the possible elements is sent to the designated recipient. However, if the transmission uses any forbidden network device or phase, it is not received by the receiver. Conversely, when a non-banned device is involved in transmission, the normal packet and its key components are received by the intended receiving terminal. Step 306 may include sending all the necessary parts of the key component in a single normal packet. Alternatively, one or more normal packets may be sent, each containing a different key component or portion of a key component. In this case, the normal packet is formed such that it cannot be transmitted by different prohibited network devices and if one of the prohibited devices is present in the transmission path, all key components are not received and the content is outside of the allowed phase region. It cannot be used by the receiving terminal.

In step 308, any remaining portion of the content is sent to the recipient. Any type of packet can be used since the content is not available if the key component is not received. Alternatively, steps 304 and 306 may be deleted, and content may be transmitted in whole or approximately in whole in a normal packet that may only be received by a device having an allowed local area network or other allowed topological region. .

In order to detect and evaluate the network topology between two devices, the device may send or exchange a series of normal packets called test packets. 4 illustrates exemplary steps of a method 400 for evaluating network topology. While the method 400 includes transmitting a series of test packets, it should be appreciated that small transmissions, such as one test packet, are also within the scope of the present invention. In addition, different numbers of test packets or different types of test packets shown in FIG. 4 are also within the scope of the present invention. In addition, an example of a normal packet may be used to transmit key components along steps 304 and 306 of method 300 as described below.

Several methods and options can generally be used to exchange test packets. Alternatively or additionally, a single packet can be sent without causing a response packet. A "two-way handshake" can be used to test traffic in one direction from source "A" to receiver "B". Device 'A' begins by sending a specific test packet to 'B'. When 'B' receives or receives the packet, it responds to 'A' with the corresponding response packet. Device 'A' does not conclude from the test until it receives a response packet.

A "three-way handshake" can be used to test traffic in both directions between the source and the receiver. Device 'A' begins by sending a specific test packet to 'B'. When 'B' receives or receives the packet, it responds to 'A' with the corresponding "Test + Response" packet. When 'A' receives or receives a test + response packet, it returns a 'B' with the corresponding response packet. Device 'A' does not draw conclusions from the test until it receives a test + response packet, and device 'B' does not draw conclusions from the test until it receives a response packet.

Each of the foregoing handshakes may use hash based message authentication code (HMAC) authentication where two devices 'A' and 'B' share a hash based message authentication code (HMAC) universal encryption key. The data payload of the test packet may include a nounce value 'n' encrypted using a base message authentication code (HMAC) key {n} _HMAC . If the negative can be decoded, the receiving terminal may use the {n + 1} _HMAC in the test + response packet or the response packet as may be the case. (Or some other known modified value). Challenge / response procedures may also be suitable. Similarly, authentication may use public key infrastructure (PKI) authentication where each device knows the public key of another device but does not know the private key. The data packet includes a known or modified known value by a known challenge / response protocol that is decrypted by the receiving terminal using the public key infrastructure (PKI) public key.

The test packet may contain copyrighted works followed by a copyright notice. For example, "Haiku, I hate you. You work too hard. © 2003 Author Unknown". Copyright notices and copyrighted works may be defined in the header rather than in the data of the packet (layer 7). Therefore, the copyrighted work may be part of the test protocol itself. The device may verify the validity of the test packet by examining the values of the work and the notification for the expected value. The device may legally require permission by the copyright holder to copy or retransmit the packet. This may include retransmission by routers, virtual private network (VPN) gateways and other communication network elements. Alternatively or additionally, copyrighted works may be provided only in the data portion of the packet.

4 illustrates a deductive method in which a particular network element is detected. The described steps may be performed in any order of operation and may be combined in fewer than the described steps. In step 402, the network connectivity may be such as a ping packet (i.e. a tightly coupled multiple processing system (TCMP) request / response packet) by a Transmission Control Protocol / Internet Protocol (TCP / IP), a Netware ping packet, or an Appletalk ping packet. It is tested by exchanging any form of standard network connection. Other useful protocols and connections may include User Datagram Protocol (UDP) datagrams, Transmission Control Protocol (TCP) handshakes, IPX / SPX, NetBEUI, and the like.

If no return packet is received, the device is disconnected or separated by a firewall. Devices separated by a firewall may be arranged to be placed in different local environments and the transfer of content between different local area networks may generally be undesirable in a planned DRM configuration. Therefore, in steps 404 and 406, if the test indicates that there is no valid connection between the source and receiving terminals, the content is limited or disabled.

In step 408, a test for a router or virtual private network (VPN) gateway may be performed by exchanging test packets that depend on non-routed protocols such as, for example, User Datagram Protocol (UDP) broadcast, NetBEUI, or Appletalk. have. A router cannot retransmit the test packet unless it is specifically configured to retransmit the test packet, so the packet cannot be transmitted over a large general wide area network such as the Internet. In comparison, switches and hubs generally can always transmit the test packet. A virtual private network (VPN) gateway may be formed in each manner and may retransmit the packet over the Internet using protocol encapsulation.

Therefore, testing for routers and virtual private network (VPN) gateways may include exchanging packets with an unknown layer-2 network protocol, alternatively or in addition to non-routed packets, as described above. Two examples of test packets using an unknown layer-2 network protocol are provided below:

[Example 1] Using Ethernet II Frame

Byte 0: 5 Destination MAC address

Byte 6:11 Source MAC Address

Byte 12:13 Protocol Number 0xCBBC

Byte 14: n Copyright and copyright notice

Byte n + 1: Final layer-7 data field

[Example 2] Using 802.2 LLC Frame

Byte 0: 5 Destination MAC address

Byte 6:11 Source MAC Address

Byte 12:13 Packet Length

Byte 14 0xBC

Byte 15 0xCB

Byte 16 0xFF

Byte 17: n Copyright and copyright notice

Byte n + 1: Final layer-7 data field

The test packet is retransmitted by hubs and switches, but not by routers and virtual private network (VPN) gateways. The second example tends to be very efficient in detecting routers and virtual private network (VPN) gateways configured to retransmit as many protocols and packets as possible.

Another way to detect a router is to test packets with invalid checksums in the network or transport layer, such as 16-bit header checksums of IP packets or 16-bit Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) packets, respectively. Exchanging the same. Similar invalid checksums can be used for the network (layer 2) and transport (layer 3) layers of other protocols, including but not limited to Netware SPX / IPX, Appletalk, SNA, and other protocols.

If routers and virtual private network (VPN) gateways are detected in steps 406 and 410, the content may be limited or disabled because transmissions tend to involve the use of the Internet for remote locations.

In step 412, a test for a high performance integrated switch may be performed. More complex switches used in converged networks often check the periodic redundancy check (CRC) check sum in Ethernet frames. Therefore, for a switch test with verification capability, a test packet with an invalid period redundancy check (CRC) check sum can be used. Routers, virtual private network (VPN) gateways and acknowledgments reject the test packets, and less complex switches such as consumer-grade switches or hubs retransmit them. If at step 406,414 the content is integrated (check sum check) switch is detected, the content is restricted. If a non-integrated switch is detected, the content may be provided to the receiving terminal at step 420. Alternatively, additional layers of testing may be performed at step 416.

The test for the switch in step 416 is not routed through the switch as it can be performed by exchanging a unicast packet addressed to the packet or transmitter characterized by the partial or invalid layer-1 frame. Examples of such packets are provided below.

[Example 3] Invalid Ethernet II Frame

Byte 0: 5 Source (Non-Purpose) MAC Address

Byte 6:11 Source MAC Address (same as byte 0: 5 described above)

Byte 12:13 Protocol Number = 0xCBBC

Byte 14: n Copyright and copyright notice

Byte n + 1: Final layer-7 data field

Example 4 Incomplete Ethernet II Frame

Byte 0: 3 0x1234

Final (no more bytes in the packet)

Both packets are transmitted by a hub in a local area network, but not by a switch, router, or virtual private network (VPN) gateway. In steps 406 and 418, content may be restricted from the recipient when the switch is detected. If the switch is not detected, the content can be thought of as being provided to an authorized receiving device. It is obvious that the particular test method described in connection with FIG. 4 is merely illustrative. Other test packets or other test sequences can be devised to evaluate the network topology between the source and the receiving terminal without departing from the scope of the present invention. Further, the modified method 400 can be applied to a set of devices rather than one device pair. Aggregation can be evaluated through certificate verification procedures, exchange of certificates, broadcast and multicasting, and other techniques.

While avoiding digital content protection is not tolerated or legal, enormous economic incentives exist for the theft of copyrighted content, and to some extent the design and construction of a system that bypasses the digital rights management methods disclosed herein. Can be forced to The bypass device may be configured to retransmit the test packet even if the device does not operate normally. For example, a router or virtual private network (VPN) gateway may be constructed that encapsulates or otherwise retransmits the unknown or non-routed protocol used by the test packet as disclosed herein.

As shown in Figure 5, the router or other bypass device may use a bypass method (500). In step 502, the device receives a packet that could not be routed or could not be sent. In step 504, the device repackages the untransmittable packet in a transportable form. For example, non-routed packets are repackaged and addressed to a designated bypass address. The device may be provided at the address bypassed to stimulate the response of the original recipient. Alternatively or additionally, the system may be configured such that a router or other bypass device is supplied to the destination recipient's address. During repackaging, errors in the header information are easily corrected so that packets can be routed as normal packets.

In step 506, the packet is routed or retransmitted to the destination recipient. If the packet is diverted to a different recipient as a result of repackaging, the bypassed recipient can be configured to provide a response packet to the source as disclosed herein. If necessary, the intervening bypass can block and modify the response packet to conceal the indication that the test protocol is being bypassed. The source can therefore not detect the forbidden phase and can transmit the digital content enabled to an unlicensed receiver. It should be noted that combining the phase test with other methods (eg, geographic location test) may make it even more difficult to bypass the inventor's digital rights management method.

Previous bypass devices and methods are within the scope of the present invention. However, the use of bypass devices or methods is neither tolerated nor encouraged. Those skilled in the art must abide by the law and must not bypass or disable copyright protection schemes for digital content.

After describing a method and system for controlling access to digital content based on the phase of the transmission path, it will be apparent to those skilled in the art that some advantages within the system may be obtained. It should also be appreciated that various modifications, adaptations, and alternative embodiments may be made within the scope and spirit of the invention. For example, although a system in which the requesting device is a set-top box has been described, it is clear that the above-described inventive concept is equally applicable to other types of television devices, music devices, computing devices, personal assistants and other similar devices. In addition, the system can be used to control any form of connection flow where absolute or relative phases and proximity are deterministic. The invention is defined by the following claims.

Claims (24)

As a precaution against unauthorized use of copyrighted digital information: Transmitting a test packet which is processed such that it is not transmittable by the prohibited device from the source to the receiving device for copyright protected digital information; Disabling the use of copyright protected digital information by the receiving device if the test packet is not successfully transmitted to the receiving device. Way. 2. The method of claim 1, further comprising the step of waiting to receive a response packet from the receiving device. The method of claim 2, further comprising evaluating a transmission path between the source and the receiving device based on whether the response packet is received from the receiving device. How to avoid old use. 4. The method of claim 3, wherein said evaluating further comprises measuring elapsed time between transmission of said test packet and receipt of said response packet. How to avoid use. 5. A method as claimed in claim 4, wherein the disabling step is at least partially given additional conditions with respect to the elapsed time measured in the evaluating step. The unauthorized use of copyrighted digital information as claimed in claim 1, further comprising the step of transmitting said test packet in a series of test packets each formed so as not to be transportable by different prohibited devices. How to prevent. 7. The copyright of claim 6, further comprising evaluating a transmission path between the source and the receiving device based on whether a response packet is received from the receiving device in response to the series of test packets. How to prevent unauthorized use of protected digital information. 2. The method of claim 1, wherein disabling comprises disposing at least a portion of copyrighted digital content in the normal content. 2. The method of claim 1, wherein disabling comprises disposing a key component for accessing copyrighted digital content in normal content. Way. 2. The method of claim 1, wherein the step of transmitting comprises transmitting a normal packet comprising a ping packet. 2. The method of claim 1, wherein the step of transmitting comprises transmitting a normal packet comprising an unrouted packet. 2. The method of claim 1, wherein the step of transmitting comprises transmitting a normal packet selected from the group consisting of an unknown layer-3 packet, an invalid layer-3 periodic redundancy check (CRC) packet, and an unknown layer-2 packet. Characterized by the unauthorized use of prevented use of copyrighted digital information. A system that prevents unauthorized use of copy protected content: A processor capable of executing program instructions; A memory operably coupled with the processor, The memory is Transmitting a test packet processed to be impossible to transmit by a prohibited device from a source to a receiving device for copyright-protected digital information; If the test packet is not successfully sent to the receiving device, having a program command comprising disabling the use of the copyright protected digital information by the receiving device. System to prevent authorized use. 15. The system of claim 13, wherein the program instructions further comprise waiting to receive a response packet from the receiving device. 15. The method of claim 14, wherein the program command further comprises evaluating a transmission path between the source and the receiving device based on whether the response packet is received from the receiving device. System to prevent unauthorized use. 15. The non-licensed copy protected content of claim 14, wherein the evaluating of the program command further comprises measuring an elapsed time between the transmission of the test packet and the time at which the response packet is received. System to prevent its use. 15. The non-licensed copy protected content of claim 14, wherein the program instructions further comprise a step in which execution of the disabling step is conditioned at least in part on the elapsed time measured in the evaluation step. System to prevent use. 13. The method of claim 12, wherein the program instructions further comprise transmitting the test packets to a series of test packets each formed so as not to be transportable by different prohibited devices. System to prevent authorized use. 17. The method of claim 16, wherein the program command further comprises evaluating a transmission path between the source and the receiving device based on whether a response packet is received from the receiving device in response to the series of test packets. A system that prevents unauthorized use of copy protected content. 15. The method of claim 13, wherein disabling the program command further comprises disposing at least a portion of the copyright protected digital content in a normal packet. system. 15. The method of claim 13, wherein disabling the program command further comprises disposing a key component for accessing copyrighted digital content in normal content. System to prevent use. 15. The method of claim 13, wherein transmitting the program command further comprises transmitting a normal packet comprising a ping packet. system. 14. The system of claim 13, wherein transmitting the program command further comprises transmitting a normal packet comprising a non-routed packet. The method of claim 13, wherein the transmitting of the program command comprises: transmitting a normal packet selected from a group consisting of an unknown layer-3 packet, an invalid layer-3 periodic duplication check (CRC) packet, and an unknown layer-2 packet. And further comprising an unauthorized use of copy protected content.

Images