TW200417217A - Digital content distribution system - Google Patents

Abstract

The invention relates to the method generating the protected digital data from the encrypted code, which encodes data contents and arranges as information capable of being encoded by the application program of decoder in client's terminal equipped with service interface so as to translate each information from assembly language program into machine code program of application program of decoder. The method comprises that search information from readable media of a machine, encrypt at least one part of the information, provide the encrypted information in certain form of output data that at least initiates a server service interface to arrange the information as at least a data packet containing a title and a table body, in which each table body contains at least one part of the information and at least one title contains information data for activating service interface of client's terminal that the table body of data packet translates each information from the assembly language program into the machine code program of the application program in decoder. The method includes to separate each information into first one and another information section. At least one of those information sections is encrypted. The encryption method enables to isolate from other information section for decryption. Those encrypted information is further added a re-synchronization mark and is isolated from the neighboring information section and further contains obviously synchronized information data. Such combination extends to at least farther data section.

Description

V. Description of the invention (1) [Technical field to which the invention belongs] The present invention relates to hierarchical encryption of inefficient data content, which is widely used, for example, on (MPEG-4) bitstreams). C. σ, in the video compression standard [prior art], in particular, the method of the present invention; the content of the data ^ and secretly generated protected digital assets by customers with a service interface: become information , Each piece of information can be decoded by the decoder application on the Turtle & tLtian combined language program to turn up the language program, & methods include: 2 a :: the opportunity of the decoder application; at least one of the information, = readable media retrieval data is output data in a certain format, Two '=; and provide the encrypted information to arrange the information into one; :::: f-server service introduction bread, each table body contains at least the data title and the data body of a table. On board ...; ::, and at least-the title contains a program that translates each piece of information by a combined language program and a verbal program by the body of the data packet. The calcite horse application application machine The present invention is also related to a server, = decryption, Xiao data is, by this means ^ the content of the contents of 1 encrypted protection. , And flattened into an information book ^ The description also refers to the generation of a password = which encodes and arranges the content into information. ^ Digital information is used on the decoder library on the client terminal. ^ Information can be provided by the server. Beixun is translated into a decoder by a combined language program. 庑 = -type decoding, in order to translate each stroke to the machine language program 1 ^ ·

Page 5

200417217 V. Description of the invention (2) ί i The system is configured so that the machine can read the information retrieved by the media; it is encrypted. * &Amp; j At least a part of the alum, 'and ^^ for the The encrypted information is in a certain form -V + Recognize a J-type system startup-server service interface to send information:]: data 'the data packet containing-title and-table body,: m-at least part of the package, and ^ The body contains the information of the eighth ® i to ^ A header contains information and data to enable the service on the client = each piece of information from the body of the data packet 2 = machine language program for decoding and application. A "-" style information is distributed to-or more via the network routing-server server, each piece of information can be decoded by the decoder application program on the client terminal. This so-called method includes: The packet is transmitted from the feeder to the server's network interface through the network. Each data packet contains at least a title and a body, and each body contains at least a part of the information; 爿 H pieces of information are provided to the installation The first of a series of service interfaces (at least one) between second-order sounds in a communication protocol stack on the server; each service interface is configured to add at least one packet header to the data packet encoding intelligence data so that the client The machine can process the rest of the packet; the method further includes transmitting a data packet. The packet includes at least a header, and the information contained in the header is related to starting the service interface on the user's machine. The combined language program is translated into a machine language program for a decoder application program. The invention also relates to a server for allocating digital data, encoding and arranging content The data feed distribution to one or more client terminals via the Internet

6 pages 200417217 V. Description of the invention (3) Each piece of information can be decoded by the decoder application program on the client terminal. This so-called server includes: a network for transmitting most data packets from the server through the network Interface, each packet contains at least a header and a body, each body contains at least a part of the information, the server also includes a series of service interfaces (at least one) between the two layers in a communication protocol stack, each service The interface configuration is configured to add at least one packet header to the data packet encoding intelligence data so that the client can process the remainder of the packet; the configuration of the edge server is configured to transmit a data packet including at least one header 'The information contained in the title is related to the activation of the service on the client 2' Each piece of information is translated from the combined language program to the machine language program of the de-horse application by the body of the data packet. The present invention also relates to a client terminal for receiving and processing digital data. The 2 valley code is arranged and arranged into information, and each piece of information can be applied by a decoder to 7 yards, which includes ... an interface for receiving most data packets, Each packet ^ includes a header and a body; the terminal also includes a communication protocol plane: inside: a series of service interfaces (at least one) between layers, each service interface is configured to be removed by the packet at least The title of a packet, and use the intelligence data on the second packet = to process the remaining part of the packet. The service is configured to be configured by at least one packet language program, using the included in the packet: df The invention also relates to an information shell on a client terminal. The method is to encode and arrange the content on the Equatorial Watts ^ to receive and process digital data. Application decoding includes: 利:, each piece of information can be decoded and received using the interface of the client terminal.

Page 7 200417217

V. Description of the invention (4) Number of data packets, each packet including at least a header and a body; each packet provides a first service interface (to one) of a series of service interfaces (to one) between two layers in a communication protocol stack The configuration is configured to remove at least one packet header from the packet, and use the intelligence data encoded on the removed packet header to process the remainder of the packet; including a service interface whose configuration is configured to include at least one packet The watch body translates this information from the combined language program to the machine language program of the decoder application, using the data information contained in at least one header of the packet. The present invention also relates to a computer program that can be loaded into a computer and has a latent spoon. When executed in the computer, the computer is provided with the functions of such a system, a server, or a client terminal. The present invention finally relates to a computer program that can be loaded into a computer and has the potential to enable the computer to execute one or more of the above-mentioned methods when executed in the computer. Examples of such systems and methods are known, such as the international standard ISO / IEC 1 4496-1, the well-known MPEG (Motion Picture Compression Standard. MPEG and MPEG-4 are the recommended standards, with MPEG as an example, It is widely used in the distribution of image data and, to a secondary level, the etiquette of other data content. In addition, such as the distribution of digitalized inner valleys on the Internet " individuals for private use and others, etc. The need for encryption processing is no matter in MPEG, MPEG-4 or any other format. The MPEG-4 standard indicates the architecture of the basic construction data segment formed by graphic description and transmission of the circulation data base. .In order not to lose the tongbei material, it is delivered in SL ~ packet formatted transport (SPS).

200417217 V. Description of the invention (5) The content includes the version of Xia Xun; the eight information materials 'for example' are: Shi jijjj :: Two, the sound carried by the relevant transport on the magnetic field side will be carried by one or more basic M Video lean synchronization. The concept of Douban Crying * is a reference concept that is used to integrate the daily planner and its camera. The time stamp 俜 is used for user-pull σ ~ to pass 1 ^ to a receiving terminal. The C system uses I to receive the terminal at the exact time when the access unit is consumed. When a message is cleared, a given piece of data will be produced. B ′ j j Muxin Daily Talent Reference (0TB) is a Λ time mark of (0ΤΒ). The target time base resolution can be determined by the application, according to the characteristics defined in the document 41. ^ ^ ^ ^ Α is based on the time stamp of the characteristic stream; between Π and Π: the machine inserts coded data to run It is identified by the time stamp in the header of the SL packet of the J machine at ΐΐΠ (0CR), or

^ The display reading of the basic operation ▲ is identified; and the operation of the target descriptor is based on this time base. ; IL The target description architecture includes a set of identifiers that allow identification, describing the base stream and the audio-visual entity targets used for image description and appropriately linking them to each other. A physical object descriptor is a collection of descriptors describing one or more basic streams associated with a single node in the image. A basic flow descriptor in a shoulder object descriptor identifies a single basic flow. Each elementary stream descriptor contains the information necessary to start and configure the elementary stream decoding program, as well as the intellectual property identification. Intellectual property management and protection (IPMP) information is transmitted via the ιρμρ descriptor as part of the entity's target descriptor stream, and also via the PPMP stream;

200417217 V. Description of the invention (6) The IPMP transport stream is the basic transport stream that carries IPMP time-varying intelligence data. The intelligence data, especially the key for data content encryption. The key is combined with the content or other streams via the appropriate IPMP transport descriptor. These keys must be synchronized with the material content stream. The existing MPEG-4 model is used for delay and synchronization management. Therefore, the decryption application located at the receiving terminal must appropriately manage the time stamping action. Based on the existing format of MPEG-4 bit stream syntax, there is no explicit support for resynchronization of the decryption process in the case where part of the encrypted content bit stream is lost during transmission. Since the transport layer is not specifically specified by MPEG ~ 4, it is impossible to take advantage of the characteristics of the synchronized fundamental transport protocol. MPEG-4 media may also be partially replayed, in which case no transmission action is involved. In an error-prone environment, the loss of a single bit of data can effectively destroy the rest of the architecture group. There are many cryptographic programs and their associated modalities that cannot perform self-synchronization, but they are compelling under a wide range of evaluation criteria. These must now be ruled out because they cannot support the synchronization of the decryption process in the event of data loss. The present invention now provides a method and system for generating protected digital data that encodes data content with encryption, and for allocating the digital data and a client, terminal, and method for receiving and processing digital data; It implements a data point compliance to prevent unauthorized access and displays ^ good. Unsurprisingly, the ability to correct errors has changed

The present invention achieves this by providing a method that uses encryption

200417217 V. Description of the invention (7) The code method is generated as the encoded data content into information, and each piece of information can be decoded by the decoder application to retrieve information from the media that can be read by the decoder of the decoder application; And provide the encrypted information as part of the data package that starts a server service interface with a header and a body, and at least one header contains' data, which is translated from the body of the data package into a decoder application. The information is divided into the first and at least ^ sections. At least one section is encrypted, and the sections are decrypted independently. Moreover, the step sign is reported to the adjacent information section, so as to combine at least one piece of information into the data unit code. The program sends to the client = to process the individual information, so that the content can be used, for example, to image, to implement a certain protocol stack in a protocol stack, to use a certain protocol stack service, and to use the communication protocol at the same time. I do this. Advantageously, this is the lack of protection of digital data and sorting each piece of information of the client terminal with a service interface. The combined language program translates the language program; this method includes: a machine at least one piece of the piece of information A round-up of data is added in a format that arranges the information into a service interface on a client that includes at least 'each table contains at least the information. The information is translated by a combined language program. . Among them, the method includes adding another information section; among them, the encryption method is to enable it to be separated from other information. The encrypted information is added into a separate data section and contains obvious synchronization scenarios. The data is decoded by arranging the data content by a decoder application that encodes the data content. Sound or text in the material. A service interface is an interface of a part of communication protocols, and mentions a layer of communication that can be used to exchange information. A communication protocol at a different level in a stack. A network protocol stack, such as

$ 11 页 200417217 V. Description of the invention (8) Compatible with 0 SI open system. Mutual administration may provide application programs. The service interface is also a γ π i-type interface and system interface. Information transfer.睪 Zhi is determined by the file system of the 3 Xuan Zong Zuo system. The rules:: L: The password file text or plain text can be unlocked. In the context of the example, the title is the second piece of data in a data packet followed by the next piece of data, and it is also the encoded information describing the data packet or piece. Data packet system-self-sufficient cigarette smoke, shellfish solid 'carrying sufficient information and materials to pass through a certain source ....: two destinations, without having to rely on the earlier information about the father and the poor between the source and the destination, and in the meantime Interface. Since each resource section can be decrypted independently, χ because the re-synchronization mark = the boundary of the encrypted poor information section provides a clear indication of #, so that the poor materials in a section can produce errors or losses without affecting customers. The ability of the machine to solve other information sections = force In other words, 'All or part of any previous data segment is missing, and it does not affect the ability of the client to decrypt the current data segment. By adjusting the size of the information section, that is, the number of resynchronization targets, it is possible to mention that some errors can be corrected. In addition, this may also encrypt only a small number of lean nodes, and reduce the amount of decryption processing required by the client and the power required for 4 fees. It should be noted that 'The syntax of the MPEG-4 bit stream defines Resync Markers. When residual errors are detected, the resynchronization flag provides the ability to correct errors by increasing the chance of resynchronization between the decoder and the bitstream. A typical example is the synchronization point before the error

Page 12 200417217 Invention description (9) and the data between the resynchronization point establishment points are discarded. This is the only guarantee for valid, unencrypted MPEG-4 content. Some guarantees apply. The concept works on clean, original content. Although this encrypted content does not work well. Regardless of whether or not ^ is used for encoding, all messages are forcibly encrypted, this phenomenon seems to be selective encryption, and this fact is true, because when the legal and effective clean original # is validly applied. When re-synchronizing the logo, this concept no longer simulates the possibility of being encrypted. What's more important is that RU-4 has not publicly disclosed such information; one of them is encrypted so that the decryption action can be independent of other masters. If data loss occurs, I will need to… instead, so that τ π points need to be mixed but used as the error recovery technique of 3 τ team a to reconstruct the entire information. ',,, and later can only be resolved by the client. In a preferred embodiment of the present invention, this key has at least one key with a periodic specific value. , 11 is used by the encryption system in this way, compared with the improved security of distributed content. According to the analysis of the code, it is better to get each re-synchronous rod Gu Shi. The use of the serial number proposes to surround the: one / one sequencer access to the encrypted media: ::: a: the user has a problem 'to allow periodic passwords associated with the body: Yes; J: τ password The structure imposes resilience on the distribution of data content: σv, without depending on the user's entry into the encrypted;]: System: sender or receiver. In the case of MPEG-4 bit stream syntax, where ^ = performs random search, stepping does not provide an obvious type of connection. The decryption process is again in the content hierarchy. MPEG-4 does not refer to 200417217. DESCRIPTION OF THE INVENTION (ίο) 疋 1 What is the sinister nature or the ordering, which may depend on the decryption of the information in the decryption? It is difficult to synchronize the use of knife-level intelligence data, because traditionally all SL intelligence data is decrypted before decryption. being abandoned.讥 Preservation of intelligence data ^ Transfer to an IPMP tool will show significant obstacles to the execution of the terminal. Time series intelligence data cannot be used for synchronization because DTS / Cs may change from the time when the data content is saved to the time the content is consumed. Traditionally, media formats have used explicit ordering of intelligence data and / Or consistent data packet sizes to help with the encryption / decryption process. The m = eg-4 media may also partially replay m without transmitting action parameters. = = The transfer of the benchmark to the sorted intelligence of the transport layer is not identifiable.卩 For this reason-intelligence materials are left in the media with a unique serial number for effective management. A serial number of two benefits, the key is periodically converted by the device, during which = installed and by-the media details (such as carried in MPEG-2 or storage type device independently transported secret τη / Λ ^ stored in dvd / cd- The media protection of 〇m is based on the production of IP (Internet Protocol) network media and the emergence of intelligence data. The only sequence i is allowed. Darren Ho Media was able to send out the entire light although the ability of the MPEG-4 IPMP second default key, that is, the MPH stream has a periodic path in the transport band, so when the new key is transported, a standard department cannot provide A reliable way. It is related to specific media access units. 200417217 V. Description of the invention ~ --- * * Media time (DTS / CTS) cannot be used in this way, because it may change from the time when the content of the second factory is protected to this When the content of the data is consumed, Mα 0, the person's media stream with decryption and 1 PPM information stream may be = various conditions, including jitter instability during delivery, 1 packet missing or network machine "and ΐΓ: ίΡΜΡ Information flow is sent to customers by different feeders. It is almost impossible to achieve compact and strict synchronization, even if it is lost in a tight way; if it is lost, the synchronization will be accepted. Early or box, It ca n’t be connected at all—a better embodiment. According to the present invention—the packaging envelope will add 10,000 months to it and include the added serial number. 〇 狁 讯 讯 into it and give a unique For its relevant information ^ report sets / materials' put the data placed before or around the information, by using the band "only = at the end after it, or both." Belong to the information, the Synchronization of the information of the package `` envelope '' I-information section of the report materials; it does not need to be carried with explicit information. It is best to indicate the steps: so, test; t to 7 7 serial numbers are provided in a self-explanatory format. The length is to reduce the information. In addition, these serial numbers can be variable

200417217 V. Description of the invention G2) According to the preferred embodiment of the method according to the present invention, it also includes generating at least one key information; each key information carries a data link to a secret value, and at least one unique serial number is Added to the information to initiate a decryption process on at least a portion of the information. This intelligence data can be used to link key data with access unit data to any granularity (ie, interval size), regardless of the resolution of the receiving terminal timer. According to an advantageous embodiment of the method according to the present invention, the method further includes encrypting the information section by using an encryption program using the password mode of the feedback; wherein the plus private type is at the beginning of each information section. Restart. The use of feedback (also known as a link), can provide more == Ming = encrypted) The data segment will not be encrypted into = one = encrypted assets 1 Ding, Shi can protect each ancestor. Can be decrypted independently. More than one and four plants with the same product or call secret = pen shell plus plus — use explicit or implicit initialization to remove the ν1 丄 lamp to avoid the full use of encryption programs. The guide ⑼ can be targeted by Mr. Neer (Schneie; r > β, some cryptosystems, which proposes random storage and applied cryptography "described in the problem. Encryption programs and non-linking force j are diversified I = not working or not in a defective environment. It is not compatible with the pull. The bad energy meets the requirements without adding redundancy :: Modal (ECB). The standard of poor execution. The electronic type has not been hidden because of its type of material (: =;). No, here is the _____ shell material & meaning the same page] 6 pages 200417217 V. Description of the invention (13) Plain text section) The best example of the embodiment mentioned in the previous time is the Gushan Mountain. In the difference between one information section and another resource section, a unique sequence is used as a guide for the initial action: = step sacrifice 'is secret. In order to add to this other information section, the data is lost Or it is determined that the decryption process can be synchronized. In the case of ', -thinking, searching, these technologies such as ECB + 0FB (electric + absolute answer and CBC with implicit iv ± Cheng (Modal grant mode) Ping He will increase under the defect ring ;; = Duan Lai, its work. Some characteristics of this information The unencrypted plaintexts generated by the obstacles were misinterpreted or discarded. The loss of Erbei Er will result in the inability to perform self-synchronization, but it is widely used; Er Er and its related molds, minor errors caused damage. (To limit the change in the serial number from ok / horizontal V to ^ 1, this method is a high-performance simple d: ;; to provide support. $ May need efficiency '... go, and k for acceptable safe water : 200417217 V. Description of the invention (14) The stream encryption program is an ideal solution, but it needs to sort information information formally. According to another aspect of the present invention provided by this embodiment of the present invention, a server is provided so that Protected data, which encodes and arranges the content of the data into a method described in the information statement, which can be decrypted; where the word is used to convert at least one key information, and each key information carries the unique information added to the asset. The serial number is linked to a secret value, so that part of the information can be decrypted in response to a request sent by the client terminal to connect to the server. In this way, the key information is distributed by each server: The function of distributing encrypted content is separated from the 余 X spare action that can initiate content decryption. This also allows—different entities to process the decryption action of the data content in accordance with another aspect of the invention. A system is provided to Protect digital data; encode and arrange the content into information, the decoder application program of the client terminal translates the Speicher Beixun from a combined language program into a decoder response program. The system is configured to: retrieve information from the media ; For this piece of information ^^, for the round of information in a certain format, including: title and-table into a package, and at least one title contains intelligence information, related i ... Each piece of information is: The latter is implicit or explicit. The server is encrypted and guaranteed. With this server, at least one of the values is arranged through the network to allow at least one of the information flow to be managed and controlled. The password is generated and can be decoded by each piece of information. Part of the output data should be a mobile client server language program containing at least the information

Page 18 200417217-——— II —— V. Description of the invention (13) Text in plain text). In the preferred derivation of the previously mentioned embodiment, the resynchronization of the funds: section and another information section is marked as: the guide of the initial action to the other information "Ji Xi: Λ 'In the case of data loss or random search of the media, the solution of this bifurcation process can be synchronized. (Electronically encoded thin mode + output feedback mode) 仵 付 成 之 CBC ( Encryption program data segment link), complex: Ho: Erhui will perform redundant work due to poor execution in a defective environment, n = Bei Xun /, the second characteristic generates an implicit 1 V (initialization guide). Because a little dream m J m of the IV data has unencrypted plaintexts that have been misinterpreted or abolished. ^ Bei missed " ¥ Cause state can not perform self-identification + Yu + You Xu Xi addition program and its The relevant mold has a suction force. Now, ίYes, 1: It seems to be lost under a wide range of evaluation standards. Yes, 隹 Da Er must be excluded, only because the capital 2 = :::: part is not here.彳 Prevent unencrypted plaintext completion = S 2 2 and fail to provide any protection separately to apply. And re-synchronization 2: Provide yourself You can correct the two minor errors caused by mistakes-it can be used to limit the sequence number. The complexity and value of the sequence can vary greatly. At present, the method is simple and simple. Support. This may require efficiency and an acceptable level of safety. Additional: Page 17 200417217 V. Description of the invention (14) After the flow is added, the program is the ideal solution, but two

~ 鬲 S-type sorting information, and this embodiment of the present invention 1 J q provides another appearance according to the present invention, which provides a servo, data, and protection information, which encodes and arranges the content of the data into secondary ^ Produced by the method described, can be decrypted; its ;, ° κ at least one key information, each key information is carried ;: the unique serial number added to the negative is linked to a redundant value to make the information Part of it can be decrypted in response to the client's request to connect to the server. The key information is separated from the function of distributing the encrypted content by the separate server Yaya and the action of enabling the content decryption knife 6 to be distributed. This also allows a different key system = decryption of the data content [only in accordance with another appearance of the present invention is to provide a series of = digital data; encode and arrange the content into data: plus the decoder of the client terminal The application program is the second program. The system is configured as: '益 应用,:, and media retrieval information that can be read by the device; Grid =: Secret, and provides the encrypted information as 3 Yuxun-part ... ί Each body At least the title of the eighth to the first day contains information and information on women's affairs. It is covered by the body of the consultation agency α Α 士 A A. The body of the package enclosed by the envelope is hidden or explicit. the latter. The encryption server guarantees that the server will arrange at least one of the values to pass through the network at least, and allows the management and control of the information flow to be generated. The password can be decoded by each piece of information. Part of the output data should be a mobile client server language program containing at least the information

Page 18 200417217 Five 'invention description (15) Translated into the machine language program of the decoder application program. The system is configured to separate each piece of information into the first and at least one other information section, and encrypt the at least one information section. The encryption method is such that it can be decrypted independently from the information section; and the encrypted information is combined. The method of combining information includes adding a re-synchronization flag, separating an information section from its adjacent information, and including an explicit synchronization sequence in at least one other Besslang. This system is essentially arranged to implement various embodiments of the method of implementation of the present invention described above, and provides related advantageous results. According to another aspect of the present invention, a method for allocating digital data is provided, and the data that encodes and arranges the content into information is distributed to one or more client terminals via a network server, and each piece of information is provided by the client terminal. The decoder's decoder application program decodes the data. This so-called method includes: transmitting most data packets from the server through the network to the server's network interface. Each packet contains at least a header and a body, and each body at least Contains a part of GongXun; provide each information to both of a series of service interfaces (at least one) between the two layers in the protocol stack, each service interface configuration is configured to configure at least A packet header is added to the information package to make the client process the packet: 'This method also includes transmitting a data packet, and the packet includes at least one side of relevant information from the relevant information about starting the client service. The body of Jiejie Man = 2 translates each piece of information from the combined language program to the machine language program of the personal program. The packet is with a packet: the outer r ΐ 丄 body includes a first and at least one other information section, that is L 3 —resynchronization flag, will—the information section and its adjacent information m page 19 200417217 5 The invention description (16) is divided, and it also includes an explicit synchronization sequence to break the encryption. The encryption method is to make it independent of at least one of the other information sections so that it can provide a distribution of data content. Decrypt. The embodiment generates the data content by encrypting the content, so that the content is used and the content is encoded according to the present invention. This feature also protects the digital data ’force against network-induced errors and beatings. It is conducive to providing recovery energy. According to another aspect of the present invention, the problem of instability is raised. The server encodes the content and arranges it into information. The server that distributes digital data is distributed to one or more clients. Each server decodes the information through a decoder application program that is routed through the network. The client terminal J includes most of the data packets from the feed. Each packet contains at least one network interface that is transmitted from the Internet to the host, and the main body includes at least 4 of the data. Injury, the server also includes the watch body to the evening ° 3 Bei Xun Zhi-a series of service interfaces (to pass = client computers between the two levels in the agreement stack; this data packet encodes intelligence data I to enable customers to transmit Go to the rest of w, ^ Rainbow G; the server is configured as data, the data packet about the ^ ^ title, the title contains the relevant information pen information from the group 由!: End service interface, from the data packet table The body will be vertical. The straight 钤 = σ type is translated into the machine language of the decoder application. The configuration of the data envelope is configured to be allocated with a packet table section. Each additional ^ f includes a first- Neighboring information with at least one other piece of information The message section 8M means that it has a re-synchronization flag, and it includes an information section with one less section and two explicit synchronization sequences. The information to σ in ’encryption method makes it independent of other information sections.

Page 20 200417217 V. Description of Invention (17) Decryption. This server is used to configure the method. The data content of the present invention is divided into a client terminal according to another external data of the present invention, and the inner six * 'is provided to receive and process digital data. The decoder application can decode and arrange it into information. Each piece of information-the second package for receiving most data packets: · A watch body; the terminal also packs two people, the 'f packet contains at least a header and a series of service interfaces (at least one% of the two layers in the communication protocol stack At least one packet is removed from time to time. The configuration of each service interface is configured to be processed by the header's intelligence data. The configuration of the removed packet surface is configured to the remainder; including-service The language program is translated into a decoder application program. The information is composed of an information language program that contains at least the header of the packet. The packet configuration is used to receive the data packet and the factory. One of the terminals is another The information section, the L table body includes a first and the last ancient priest, and a resource 邡 r * Gan additional tribute section contains an Α π half and a half: 丄, its adjacent information section is separated, two-step sequence , The set-up includes an explicit material, and each encrypted information is extracted from each information savings. &Quot;, each corruption section is inserted into the extracted: D: secret, and it is assumed that the information is being transmitted Time ^, that is, the location. The encrypted information can be restored to most of the following: "Information is %%", then the client terminal of the stomach will get ::: An information section will be decrypted into the original Ming :: An error will make the client 糸The system can position each-individual information section :: 'This is because it should be independent of other resources

Page 21 200417217 V. Description of the invention (18)-Section Λ solves the problem, that is, it does not require the knowledge of ciphertext or plaintext in other information sections. In a preferred embodiment, the terminal configuration is configured to reorganize at least a portion of the received data packet after receiving the secret; this is achieved by adding at least one of the packet questions with a decrypted information section inserted The body itself, and before it is passed to the service interface. If this is the case, the appearance of the resynchronization banner will allow the data packet to be in the second place; the I side will be handled by the protocol stack on the client system, which may be a network communication protocol stack. "Enhancing efficiency" and allowing the use of special communication protocol stacks. Preferably, the client terminal further includes-a network interface M to receive data packets via a network router to a server. , Can identify the customer, meaning = including-intended recipients. The body, the machine, and the machine are the predictions of the packet. In this variation, the decryption is completely stacked in the "quote"-that is, to provide a universally available conditional access system, only to order. … Such a terminal and network communication protocol. …, Related to a specific category According to yet another aspect of the present invention, it is a method of collecting and processing digital data. The content and types of information on the client terminal L can be interpreted by the decoder application: horse 1 column becomes capital = customer One of the interfaces of the two terminals receives the majority of information including: a private question and a body; each packet provides identification-3 packets, each packet is at least between layers-a series of service interfaces (at least one; : Two in a fixed stack

One on page 22, each service introduction 200417217 V. Description of invention (19) '" " " 一' ------——.— The surface configuration is configured to be removed by the packet at least one removed The information of the packet header is processed by the following: the bundle is encoded in a service interface, and its configuration is configured by ^ 少 = 封: 二 2, and the information is translated by the program into a decoder application. In the process, at least one header included in the packet is used: in the process, the data packet table body is received, the table body '', one >, Xun namely, each additional information section contains repeated information. ^ Li, which also includes-": 化 中 ：: Medium: Power poverty: Shell material is extracted by setting the resynchronization flag; and-, China and Canada are separated independently from other information. The information section is inserted into the extracted information section: the method is implemented by the client terminal according to the present invention, and Guan Bei has the same advantages in replying after an error. According to another aspect of the present invention, a computer, an electric program, and a program can be provided. The potential, when executed in a computer, to provide the computer with the functions of a system, a server consistent with the present invention, or a client terminal consistent with the present invention. According to the last aspect of the present invention, it provides a loadable A computer program 'into a computer' has the potential to enable the computer to execute when executed in the computer, a method consistent with the present invention. [Summary of the Invention] The method for a content-level encrypted communication protocol has been described. And system. In the following description, for the sake of explanation, many detailed descriptions of features will be presented 'in order to provide a thorough understanding of the present invention. However, the

Page 23 200417217 V. Description of the invention (20) For those skilled in the art, it is obvious that the present invention can be carried out without these detailed descriptions. In Figure 1, the content of the data is more red! Μ ^ / 益 糸, 充 1 are used to generate protected digital data that encodes the content with a password. Xi Ding Bei Ding Shi 3 The raw materials can be those who have already been generated on the same system 1, or have been received from other sources. In either case, the information is arranged as information ^ ^ ^ ^ / 4 for two bets. Each piece of information can be decoded by the decoder application of the client system 2 this time. The term Yuanxuanxuan is related to the use of encoder libraries and decoder applications in the application of data resources. In an example that will be used throughout the description of this ## 夕夕 邙 自 —I, the crfl of each encrypted Ma Baokouman contains' one encrypted MPEG p F ρ / 1 and the MPEG of 4 Shishan —4 access unit (AU) 3 (see Figs. 4, 5A and 5B). One access; decision ^ The early child is the eighth part of a basic stream of data. Do not access one by one. Yimeitai and Fana met the opportunity, and Shibei had no choice but to do so.; IL refers to the mono-media material $; Chabe's current flow, in the compressed sound t household αα _ Kabe tt's relocation Actually, the second and second generation entities flowed to the -single-target shell body earlier, and the contraction layer was used as a transposition between the basic transportation and the day of Canada, # ^ s ;, L, horse notation and decoding notation j % 丨 Work symbol sequence, and will explain that it can also be used with other types of energy%. Note, however, that this packet is packed. & Heart-shell condition—for example, MPEG-2 basic transport data. In an embodiment, the information encrypted by the data / code is transmitted to the σ4 generated by the iσ 铪 糸 system 1 and used the network interface. Connect to network 5. (Figure 1), while the storage server 4 is downloading and running, 'the client system can be downloaded from the element 3 as the encrypted package)' and can be planned 2. : In the material package (SL one letter SL. The SL-seal

It can be composed of a titanium case with a complete access to Tan + + and a watch body. The watch body can be taken early or-part of the access unit. The body of the watch is torn. 200417217 V. Description of the invention (21)-The subsequent map of the packet corresponds to the packet used in the network 5 ΜΓ-2 transport packet, or UDP (user data packet protocol). Apricot: within the scope of the two-species-encryption system and the first distribution feed :. It is also possible in the present invention that in another embodiment, the data encrypted by the data content encryption system is stored in a content carrier medium 6, such as an encoded DVD: or other appropriate medium. The disk drive 7 is used to increase the fee information and is loaded into the guest by the content carrier media 6, '^ already ,, flat code = medium, and the intelligence data is accompanied by the implementation of the storage unit (for example, enter SL_packet). In these cases, take the soap unit and system 2 to transfer the access unit to the appropriate client: Go to the customer and go to the correct decoder application 'decoding public device'. P is read from the archives in both cases, in the encrypted case. MP4-files are typically Cui * stored in MP4-files as early as 70. The format is designed to include the extension of / P4. The liver 4 coffin case is flexible and extensible. \ PEG_4 The presentation of media information is represented by-li, editing and presentation. : 22 makes it easy for these media to exchange and manage the system that includes the performance, or the current manifestation cannot be " partial limitation " in the delivery mechanism. The broadcast case is ΐΐ 疋, 疋 、 L, = ° and is independent of any special transport communication via the Internet or other transport protocols. According to the frequency of the computer company, " 达 运 ± 达 却使Effective support. This design is in r, Japanese τ (QuickTime) format. 200417217 V. Description of the invention (22) The good thing is that the data content encryption system 丨 has a periodic value of two for the access ticket secret—using a series of time-varying call keys, that is: the entry: plus round ▲ plus fork. The same encryption mode can be used for image, key body, and shell material to provide encryption of its content hierarchy. Examples of such access slips ^ encryption side, will be provided below. In the preferred embodiment described here, the use of a pair-type algorithm, that is, the decryption key and the encryption key are the same. The intranet-architecture and the Internet ~ the architecture can meet the selective fork. demand. (An example where selective encryption can be satisfactory may have low complexity facilities and only guaranteed encryption—the low-value connotation of the architecture,%. However, other application cases may only require the organization's structure or motion vectors to be encrypted. ) According to the invention, a unique serial number is added to the information section. The used fork system enables the client system 2 to perform decryption of each information section independently of other information sections, that is, no data contained in other information sections is required. The data content encryption system 1 generates at least one key information, each key information carrying data adds at least a unique serial number to the information link to the key J: value, so that the information can be decrypted at least in part. The key information is also preferably formatted and integrated into an MPEG-4 elementary stream, that is, entering the access unit, and identified by another elementary stream identifier (ES-ID). In MPG-4 standard terminology, this information is called IPMP (intelligent property management and protection) information.

Page 26 200417217 V. Description of the invention (23) In one embodiment, the IPP information is streamed from the first distribution server 4. In another embodiment, the IPMP information stream is downloaded by the client system 2 by the second distribution server 5. It is also possible that the IPMP information can be contained in another file on the key stream, and the key carries the media 9, which are individually assigned, such as CD-ROM, DVD-ROM, flash memory device, computer card and many more. In one embodiment, the secret value is provided separately. In that case, the key information contains an index linked to the serial number so that the key can be retrieved by the client system 2. For example, the secret record can be stored on the key stream carrying the media 9. However, the IP stream is provided by the second distribution server 8. In another embodiment, the key information also includes the key value. The incomprehensible data in the I PMP information may be linked to the media and keys in the following ways: < Li, Yu: 1 ES = 1 seqNum.begin = l seqNum.end = 54 > 〈洽 、 录 2 ES: 1 seqNum .begin = 54 seqNum.end = 169 > 〈Chauge 2 ES = 1 seqNum.begin = 169 seqNum.end = 289 > DTS (Transmission Time Stamp: The Access Unit) of an Access Unit with a Periodic Call Key The indication of the nominal decryption time) may be ahead of schedule and the arrival of the relevant encrypted media AU (S) 3 (the data carrying the encrypted data content). It is suggested that the DTS of the IPMP information flow can lead a key cycle period. This will be sufficient to tolerate the delays caused by the jerky network and allow any pre-processing in the client system2. The information given above σ can then be used to store key data and content

200417217

It is not necessary to control the resolution of the timer when the unit data of the receiving end is connected to any interval size. ^ As mentioned earlier, the appearance of the unique serial number also allows the whole secret = to be sent out before any media transmission. So — alas, the DTS of the media TP3 is no longer relevant, and the synchronization is performed purely on the value of the IPMP sequence number. The present invention can find application examples in all multimedia delivery systems, and breaks the requirement to perform effective content-level encryption of its data (for example, MfEG 4 > material) within its system using periodic keys. These include heterogeneous environments such as traffic over IP networks, and MPEG-4 delivery over MPEG-2 delivery, or any other error-prone or error-free delivery mechanism that may be used to deliver MpEG_4 content . As shown above, one embodiment of the present invention is based on an architecture for protecting MPEG-4 content, which utilizes two different concepts:-a protection envelope for the MPEG-4 access unit; and-password resynchronization Mark all. This conception is discussed in detail below. With particular reference to Figure 4, the data content encryption system 1 reads an original access unit from a machine-readable medium. In this example, the original access unit ▲ Ο is divided into three sections, each encrypted independently to form an encrypted access unit 3; including a first encrypted AU information section π, a second encrypted AU information section 12 and a third encryption AU Information Section 1 3. The first resynchronization flag 14 is added to the first encrypted AU information section 12 to be separated from the first encrypted AU information section 11. The second ^ resynchronization flag 15 is added to the third encrypted AU information section 13 to match the second addition

Page 28 200417217 V. Description of the Invention (25) Li and A U Yulang 12 separate. 1. The security envelope shout 16 is placed in the encrypted access unit 3. In the exemplary embodiment of the present invention, it is thought to be a built-in envelope of a password. The security envelope of the present invention can be used (image architecture, sound samples, information "Material package, a good MPEG-4 ticket / server / owner will provide protection for individual ticket-I. The content of the publisher's data. Such content can then only be wrapped in these envelopes and The protection must be unpacked by the user. It is common for the envelope to have a ^ with a proper key / authority and to use a variety of different cryptographic communication protocols, and the -J envelope works. Therefore, the present invention can be generalized to the present invention The exemplary embodiment is in an MPEG-4 environment. In addition, the present invention can be used for specific definitions, such as numbers, etc.), and the characteristics of the envelope (sequence y- ^ ^ Eight weeks' The ability of Yuexiong and Key, and simultaneous access to Zuo De, to implement the "double post". For example, 丨] Compliance with the widely used communication protocols and operation , Can be re-synchronized by Zhuo 14, 15), will conceive (Zhu Method, and use it in a certain way; .. put into the wood structure to generate a block. The title 16 shown below (summary illustration, AU 3 beginning: α 4) is placed in each add-and-receive order 200417217 V. Description of the invention (26) 0 edition = 00 EA 5 6 CRM 7 This block reserves _ serial number (variable length) authorization code (n length, optional 翌,

Heading 16 contains the following fields: Version-Binary version field 17. The first version is set to zero. —Bit flag 18, indicating whether the watch body is encrypted (1) or cleared (0). Please note that only the body of the watch is encrypted. Bit flag 19 indicates that the authentication code exists (1) or not (0). For example, the authentication code is related to the entire structure— # 套 16 and the access unit au3 CRM-bit flag 20, indicating that ATiQ π, 15 exists or not. Representing the re-synchronization of Mimar in AU3 Blocks: i-bit reserved bits Block 21-Set to zero. The lower seven digits of each digit of each digit indicates that the method of generating tigers is considered to be beyond the J code, and is carried in the serial number field 22. This place is increased due to the scope of the Hamming The value may be caused by the single-level encryption standard (AES), which significantly prevents the counter mode from being set, due to its use of self-expression: ::. The length of this field 22 is not a predetermined value Yuan is used to carry the serial number Shima

Page 30 200417217 V. Description of the invention (27) The existence of another byte, and the most significant bit (MSB) of the last byte is set to zero. • For example, the value 3 5 would be represented as follows: 11010111 00000010 Authorization Authentication Code-This is an optional non-required field (not shown in Figure 4) with a self-expression authentication code. This architecture is agnostic to the authentication code system used, but it is assumed that hash code (HMAC) with keys is the most appropriate. Digital visas best meet demand, but assuming that these systems are still too expensive to implement at this AU level. Pay close attention to the entire structure-the title 丨 6 + AU3 is certified. —Body—Original access unit AU 10 or encrypted AU 3. In the case where the re-synchronization flags 14, 15 are used, the encrypted Au 3 will be larger than the original A Ι 1 〇 02 · Password re-synchronization banner Zhiyi In order to start the re-synchronization of the password, the flag 14, 15 each carry certain J / Chemistry Reports 枓 23, 2 4 in order to facilitate data loss 4 / Brother Xiagu Xu encryption program was ,, reset ,,. The following is a password that works well within the crypto domain, and is only half a mile away. The signs, lines, are arranged in tuples, and the top: Zhi / Ma Zaimen ^ Huaben 罇 long production, ό ^] and 16 zeros followed by a set of 0 ^ 00 00 00 00 00 00 〇〇〇〇χχχχ χχχχ In the second application, multiple passwords, and an access unit Aϋ3. Located at access: "14, 15" can be inserted into the positioning, so it is guaranteed to be only as early as 70 AU 3 marks 1 4, 1 5. The data still conflicts and conflicts 200417217

Statistically, there are ways in which the emergence of internal escape codes can be completely stepped by using escape codes, which can produce such situations as 0 0 0 0. The possibility is small, so the performance is very low, but the standard excludes it. In such a case, a plaintext / key type ciphertext is declared by escape π. Although the possibility of imitation and imitation can be explained in the example, in the same way as the C language II in the typical usage of error-prone environments, some resynchronization bars 4, 15 can be placed in a given Within the access unit Αυ 3. Each of the = 14, 15 main bodies contains their own unique counters 25, 26, /, which have the same format and are used as serial numbers in the security envelope. It is suggested that the count = 2 5, 26 be counted from the starting serial number carried in the heading 16 as one-way. The destruction or loss of the serial number contained in the heading 16 does not cause the entire access unit AU3 to be lost. The serial number in the resynchronization flag is preferably the & pair value, and not the huge value specified by the sequence counter specified in the header. It is also very important to confirm that the serial number value of the subsequent title should be used in the value of the last serial number in the existing AU 3 to avoid the use of encryption programs. An example of a resynchronization flag with a value of 3 5 1 is: 0000 0000 0000 0000 1000 0010 〇1〇1 nll In the case of data loss, the next resynchronization label should be located, and the sequence in the body of the beacon is used The value is entered as I v (Initial Leader) 'to restart the encryption program for synchronization purposes. [Embodiment]

Page 32 200417217 V. Description of the invention (29) 1 · Encryption = 2 is the encryption processing device 27 according to the present invention-the preferred embodiment is composed of a reconciliation key 28,-serial number 29 and-=: Index 30. The "encrypted counter" is generated by: a secret record of 32. The encrypted counter is repelled or gated by a cleared access unit = U.) Data section 33 is generated or encrypted, and _encrypted M data section ^ level = secret The standard (AES) / Rljndael algorithm has been selected as the media. The addition, the program runs in the counter mode, and uses an explicit counter (serial number encryption and resynchronization flag) inside the media. / Rijndael algorithm was selected as the new Federal Processing Standard (FIPS) for data encryption, and was considered to replace the outdated National Bureau of Standards Data Encryption Standard C ^ ES) and Triple Data Encryption Standard (TripU DES) standards. ^ The standard (AES) variant method has passed the courtesy and code analysis (decoding) in the selection process. The level of analysis results bet on AES is comparable to that on DES at the time. It is now widely accepted The most famous method is to conduct a thorough and thorough search of the key space. Some important highlights of AES are:-No patent tax and no confidentiality. The output is available all over the world. 128, 192 & 2 5 6 key and data segment size. All nine combinations of key / lean segment length are possible. Significant improvement in execution speed of hardware and software programs exceeds DES: 8.416 KB / s in 20MHz 80 5 1 200417217 V. Description of the invention (30) 8.8 MB / s ^ _ 200 MHz Pentium, some graphics are referenced by the event control segment mode (ECB). The counter mode only needs one more OR or (X0R ) Operation, so the additional work can be ignored. + Counter mode used to be 2 f for high-speed encryption of asynchronous transfer mode (ATM) networks, and the edge network required parallel processing of encryption algorithms. 1 = The addition and operation of L is performed by applying the encryption function to the counter 2 7 and taking the bucket mouth mouth prince as ancient as lL. It is said to be filled with a catty ^. This pad is followed by the plain text. 5 R) processing. The decryption operation is the same. The leaf counter module bears the card name, ,,, and 2, except that the receiver has a secret 7 counter hidden by sharing the usual hidden key. Note that the counter 27 does not need to be for encryption: c 1 — P1 or E (counter For decryption:

Ci rep or E (counter) Gu Fu number is explained as follows: It is the encryption function of the segment encryption program. n. The i-th data segment of the code system. , The i-paragraph of the plaintext.隹 'The important point is that the same counter will not be repeated (on x〇R). The wide starter can then process the two encrypted program data M ^ =) and get the refusal of the relevant data segment of the plaintext. To end

200417217 V. Description of the invention (31) The advantages of the counter mode are: 1 · Software efficiency. Because the generation of the key flow is independent of the information, pre-processing can be used in some environments. The time pad can be calculated during the reserve period, even before the media is ready. And when the media is ready, only the padding is rejected or (XOR) processed. In this way, the total output of G b i t s / s on the same processor will be ten times. 2. Hardware efficiency. Counter modalities can be fully parallelized. Each data segment Cl, C2, ... Cn can be decrypted at the same time. 3 _Random Access. There is no link, so it does not depend on Ci_l to decrypt Ci. An error extension is limited to the same bit. The error of the cipher text is only limited to the relevant bit in the plain text. This is a very satisfactory property for image transport applications in vulnerable environments. 5. Low complexity. Both encryption and decryption processing rely on the encryption function E (). This is an important criterion when the inverse direction of an encrypted f-form D () = E ()-l is very different from its " forward, " direction. This is the case for ^ 忉 乜 "and many other data segment encryption programs. This makes the hardware and software solution coverage very small. 6. Security. As secure as the basic data segment encryption program. 'Crypt 文 # The size does not increase σ. For the time being, the use of explicit resynchronization tags is ignored, and the ciphertext has not been expanded. The encryption has been compared to the group of appropriate working books: the effectiveness is known, and it has also experienced passwords from all over the world. Analysis, and is widely used. The encryption program itself is almost universal

鼸 III surface

200417217 V. Description of Invention (32), the encryption program is also very important, because it has a lot of reasons for all kinds of DVDs. It seems too exaggerated to use a single parameter. The supplier of the conductor industry will use the well-known code to self-y, and it has the same situation. If the data section has the ability to decrypt. The data must be assumed to be accurate. One phase earlier in the code text. The encryption, good sexuality and rationality all emphasize policy guidelines while reducing complexity. The size of the ciphertext is accepted by the National Institute of Standards and Technology (NI S T). The length of the security secret is at least 1 2 8 bits. It ’s possible that the same encryption program must be able to be parameterized to protect the poor data content. From a three-minute video to a Hollywood movie, Baidu ’s key larger than 128 bits is possible for some applications. A long key support system is considered an advantage. The algorithm also promised half of the benefits of the economic scale. The present invention does not use an obfuscated encryption program ^ f or a named encryption program to use the cryptic mode to synchronize, not only provides random access or search capabilities = the ability to recover from the loss of lean materials. Although these are inconsistent, they rely on the same judgment criteria: any part or all of it is missing, and it does not mean one =; a single-bit error in the reliable continuous information code of the confidential data will only cause: Error) is a heavy attack on the moon segment or an infinite number of false concealment + liL pairs have the same program to span a wide range of calculations. “Quality two mode does not apply. The settings for close input and software are required. The choice of algorithm reflects the" quotation " Companion: Tongzhi Buqi and its parallels are acceptable for safety approval. Baotian Shouzhimao-point " the password system access owed ° ', used to increase efficiency and show the information withheld 卞 I the name The size of the code text is the same bite _. The resulting fly is close, and any extra

200417217 V. Description of the Invention (33) ^ The second question of production safety: all kept to a minimum. It is possible to encrypt more than one piece of information and only the same-sex product or communication secret is possible, and it will not be compromised. 2. Decryption

Fig. 3 is a schematic illustration of the decryption process (not a symmetrical arrangement) described in the ^ A encryption / decryption process and the ft chain according to the embodiment of the present invention. In the unclear embodiment, the decryption process proceeds as follows: The encryption flag 18 in the envelope of the access unit ⑼3. False r, has not been attacked, and no authentication certification has been used, then the envelope = j 1, 疋 is removed, and the original AU 3 can pass through to the decoder. If A A U 3 has been encrypted, the serial number in the envelope will be extracted, and the counter 27 will be generated. The counter data segment is the same size as the data segment of the selected Advanced Encryption Standard (AES). This requirement is because the counter 2 7 is entered into the data segment encryption program. This method can be expanded, because it is relatively easy to fill the counter 2 7 under the condition that a larger AES shell segment size must be specified. And stretched to a larger size. For the purpose of this article, the size of a high-level encryption standard (AES) data segment is set to 128 bits: Edition Serial Number Page 37 200417217

The reconciliation secret records 2 and 8 series can be IP miscellaneous,... ", But it must be noted that in the case where multiple bitstreams are encrypted with the same key 32, the M less than the reconciliation key 28 will lead to the entire security Totally crashed. (For example, if the audio and video data is encrypted with two identical product keys and call keys, one or more reconciliation keys 28 will be used to avoid thorough and intensive use of the encryption process <.) The value of 28 need not be hidden. The 32-bit province and the segment index 30 are the number of segments in the single access unit 3. The index of the first 128-bit data segment of an AU is 0, the next one is 1, and so on. The data segment index number is reset to zero after each resynchronization j far, 1, 4, and 15. Note that the value of the data segment index 3 0 will not be transmitted, but will be calculated by the encryption and decryption processing program. During the processing of the first access unit AU 3, the data segment index 30 must not be used cyclically. Assuming the worst case of the size of the AES data segment of 1 28 bits and the maximum length of the image AU 3, a 32-bit data segment size provides more than sufficient headroom. The counter data segment 27 is then used as an input to the AES data segment encryption program in the calculation of stuffing and lengthening. The processing of the i-th data segment of an access unit AU is:, i-Pi mutually exclusive or E (counter) is the encryption processing

Pi = Trunc (n, Ci mutually exclusive or E (counter)) undecrypted processing process meets the following symbols: E () is the encryption function of the high-level encryption standard (A E S)

200417217

V. Invention Description (35)

Ci is the i-th data segment of the encrypted MPEG ~ 4 access unit (AU). Pi / is the first tuple in the first data segment of the original AU data. The value is between 1 and the data segment size. The number of η This assumption is that 'the length of each access unit AU 3 is provided to the tool and is combined with the data of the AU. The Trunc (x, y) function is used to truncate the X first tuples of the y value. The right is the fork code resynchronization flags 丨 4, 丨 5 are used, the following must be adopted: Make it mandatory The CRM (password resynchronization flag) flag 20 is checked and checked. If it is now AU 3, the decryption operation continues as above, until -RM is encountered. The luck flow was also checked to confirm that this was not a simulated CRM that had escaped. If this is a simulated flag, then the flag should be processed by "non-escaping + two", and decryption should continue as usual. If the flag 1 4, 1 5 is valid, then the body of the flag should generate a New counter 27: 0 31 32 95 96 127 Reconciliation (optional) Password resynchronization flag Data segment index The tributary segment index 3 0 is reset to zero, and this new counter value is used as 417217 V. Description of the invention (36) '' 一 " " 一 ^-It is the input of the adding program to make the decryption continue. 3 · Configure the password system configuration In an exemplary embodiment of the present invention, some parameters can not be set In order to be able to use the key efficiently, these keys may contain, for example, a forthcoming authorization authentication mode (if any).-Reconciliation key 28. Since these do not have to be hidden and confidential, they can be configured with configuration information. They are carried together. The solution program and its modal. If no one is specified, then 5 is the high-level encryption standard (AE s) in the modal mode. If the enterprise intranet is used— The architecture is selectively encrypted, and there should be a precise description of what data is encrypted. This information is carried in the IOD (the original entity description symbol). The exact format of the data structure to be used is considered to be beyond The scope of this document. The diagram graphically represents a gangster represented in the exemplary format of a computer system 35 in which a set of instructions for causing a machine funder to discuss any of the methods discussed above can be executed. In another embodiment , The machine may include a video converter (STB) 'network router, network switch, network rack personal digital assistant (PDA), mobile phone, network device, or any machine capable of performing a series of specified The machine should take action. The computer system 35 includes a processor 36, a main memory 37, and a static memory 38, and communicates with each other via a bus 39. The computer system 3 5

Μ

I11S

Page 40 200417217

It may further include an image display unit 40 (for example, a liquid crystal display (lcd) or a cathode ray tube display (CRT)). The computer system 35 also includes a digital input device 41 (such as a 'keyboard'), a cursor control device 42 (such as a mouse), a disk drive unit 43, a signal generating facility 44 (such as a microphone), and a network. Interface device 4 5. The disk drive unit 43 includes a machine-readable medium 46, which stores a set of instructions (i.e., software) 47, which contains any or all of the methods or functions described herein. The software 47 is also shown as resident, all or at least a part, within the main memory U and / or within the processor 38. The software 47 may be transmitted or received via the network interface device 45. For the purposes of this article J, the term "pi machine-readable media" will be considered to include any conspiracy that can store, encode, or carry a series of instructions that are executed by the machine and cause the Machines implement any of the methods of the invention. The term "machine-selectable media" will therefore be considered to include, but not limited to, solid-state electronic memory, optical and magnetic disks, and carrier signals. Figure 5 Α and 5 Β together constitute a schematic diagram describing the password resynchronization flags 1, 4, 15 & used to perform resynchronization in the case of data loss, according to an embodiment of the present invention. Figure 5A represents the previous Technology, no resynchronization mark appears: only the heading 16 of the encrypted access unit AU 3 appears before it. Assume that the guest system 2 will receive the encrypted access unit 3 with data loss 4 9 ° using Encryption program in the data mode of the counter mode, and only when the title number 16 is used as the initializer's guide, then the client system's decryption of the encryption access unit 3 will only be able to correctly resolve the missing data 49. Dagger will continue to Decrypting encrypted access unit 3, but will use error

We now p. 41 200417217 V. The counter value of the invention description (38) is connected to the wrong data segment, thus generating a plaintext code that is distorted. As a result, the decryption process will generate a data segment 50 for recovering data and a (relatively larger) data segment 51 for missing AU data. The "reverse" password re-synchronization mark is used for 14,15, as shown in Figure ^ and Figure 4. The first part of the recovered AU data generated during the σ-xuan solution process shown in Figure ^ and Figure 4 is lost. Data segment 53 of the AU data, and second part 54 of the recovered M data. This is due to the fact that the client system 2 can recognize the points and the synchronization information data 2 3 and 2 $ located in the resynchronization mark, 14 and 15. Dagger extracted each of the younger brother, the younger brother, and the third A U data segment, and decrypted them independently. It is now turn to FIG. 7, which is a schematic diagram of an Internet Protocol (IP) data packet 55, which is used to distribute the encrypted A U 3 to the home system 2 across the network 5. The IP data packet 55 includes an IP header 56 as well as a network address. The client system can thereby discern whether it is the intended recipient of the IP data packet 55. The p address can be a unique address, a multicast address' or a broadcast address, as known in the art. In a far-flung embodiment, the User Data Packet Protocol (UDP) is used as the communication protocol for transport. Therefore, the IP data packet 55 contains a UDP header 57. In addition, 'the encrypted access unit 3 has been encapsulated by an application executing the synchronization layer; the application is defined in the MPEG-4 standard, and Run on the first allocation server. Therefore, the IP data packet contains an SL header 58. Immediately following the SL title 58 is a title 59 that forms a security envelope. It is the same as the above title 16 except that it also contains an explicit synchronization sequence 6 0; and the password resynchronization flags 1 4 and 15 are explicit

Page 42 200417217 V. Description of Invention (39) Synchronized intelligence data 23, 24 are the same. The title 59 further includes a bit flag 1 indicating the encryption of the access unit 3, a bit flag 19 indicating the authentication and authentication, a (CRM) flag 2 0, a reserved bit 2 1 and a serial number block 2 2. The first encrypted A U data segment 1 1 follows heading 59. The second encrypted AU data segment 12 is separated from the first encrypted AU data segment 11 by the first cryptographic resynchronization flag 14, and the flag contains the synchronized intelligence data 23 and the counter 25. The third encrypted AU data segment 13 is separated from the second encrypted AU data segment 12 by a second password resynchronization flag 15, and the flag contains synchronization information 24 and counter 26 . ~ These synchronized information materials 23, 24, 60 are exploited by the present invention to exploit their superiority, a type of decryption known to perform decryption under stacks. This type of decryption is described more fully in the international patent application PCT / US01 / 41361 of the same applicant in the same period. The client system 2 includes an interface for implementing the IP communication protocol. That is, the interface uses the intelligence data in the IP header 56 to process the data packet 55 to determine what to do with the remainder of the IP data packet 55. = It is usually 'The remaining part is handed over to-the higher-level communication protocol is being executed' ^ interface, which is the UDP protocol in this example, and from the top, that is, to perform MPEG_4 in this example Synchronous layering. In the current embodiment of the present invention, the IP data packet 55 is a user who has been dismissed. / Alas.丨 Ertian stops at the customer? Bu ## The entire IP data received at the interface of the IP communication protocol ^ Α ^ ^ The remaining part of the IP data packet 55 is not

200417217 V. Description of the invention (40) In the body of the IP data packet 55, intelligence data 23, 24, 60. Iron: find the seed in the data. 勹 π 4 丄 山 心 说 It will find the obvious synchronization in the second inch. Use the method described above: The dense data segment is reassembled from the IP data packet 55. And return it: its decrypted. Next, the interface of the "data communication protocol" is handled by each ^ f in the client system 2 implementation of the jp UDP, SL, interface. 'Implement other communication protocols, that is, here, a data encryption protocol The description is complete. Although the method and system of the present invention #I have agreed on the agreement has been described with reference to specific examples of embodiments, it is obvious that these embodiments may be modified and changed in various ways without Departs from the original intention and scope of the present invention. Therefore, the descriptions and figures should be regarded as illustrative and not restrictive.

Page 44

200417217 A brief description of the drawings will now explain the accompanying drawings of the present invention in more detail, in which: FIG. 1 is a schematic diagram of a data distribution system according to an embodiment of the present invention; The outline of the encryption process in one embodiment is not shown in FIG. 3. FIG. 3 is a schematic diagram of the decryption process in accordance with an embodiment of the present invention. FIG. 4 is an MPEG-4 AU that has been encrypted and added to an outer envelope and re-encrypted. A schematic diagram of the format after the synchronization flag, according to an embodiment of the present invention; Figures 5 A and 5 B are schematic diagrams describing the use of the resynchronization flag to perform resynchronization in the event of data loss According to a certain embodiment of the present invention; FIG. 6 is an outline diagram of an exemplary type of machine of a computer system. A set of instructions in the system may be executed. method. FIG. 7 is a schematic diagram of a data packet, and the packet is used to distribute some or all of the information through the network in the data distribution system of FIG. 1.

Page 45

Claims (1)

200417217 Application for patent scope compulsion ## Adding a fork code to generate protected digital data The data content terminal is listed as information, and each piece of information can be decoded by a customer with a service interface, a language program, and an application program. Each piece of information is composed of the combination of ^. And σ as the machine language program of the decoder application program. This method package =, machine = retrievable media retrieval information; at least one of the information is encrypted; and * — A wound format is activated—Cifu News is output data in a certain format, which contains a _title ^: service interface to arrange the information into a data packet of at least ::: 通 and a table body, each table It is included in the service interface, and is turned on by the data sealing material on the client. # 为 解 益 应用 应用 ': The information section has at least _ dagger and at least another information section; those P ^ ^ are added with a password The reviewing party seven made you a sweetheart &# The message section is independently resolved. And the p #A 4 way such as "this synchronizes with other assets," Γ, where the encrypted information is added to a re-intelligence GeXun , I contains obviously synchronized,, and s to at least distant information sections. Use at least-ΐ = f right 1, where these information sections are encrypted with a key with a periodic specific value. It also includes a : Right 1 or 2, in which each resynchronization mark is added with a -4 package II root: m1: 3, any-one, and also includes an increase of the serial number. Each plus the robbery fund is loaded into it and given a unique 200417217 The scope of the application for patents is based on the ancients 7 heart news of the internal secret code f / Γ, which is the A 4 ± formula according to the application right 3, 4, Gan h provided from the format of 6 I.-8 The serial number of each unique-in the 6 package: Ϊ Ϊ; Ι = = and any of the application rights 3-5-the value of f to 1 ，, 'to J Jing each key information carries' 7 to ^ the information In other words, the Kai number is added to the information for feedback. According to any one of the right 3'6, it also includes the encryption of the f message with the encryption program of 5 | , Tu Beixun re-started at the beginning. 1 -Yegu According to the application right 7, a difficult ΛΑ production is immediately related to another ~ Zi Que M Xi Η & unique serial numbers are used to distinguish the _ action bow I leader :: pair section: ν mark, it is used as the initial 9. Fang Zhu f to encrypt the other information section. The program is used. According to any one of the application rights 1-8, the data section, complex i + Bei Xun, will be forked, and the encryption program uses a sixteen 10. square, small equal to the divisor of the size of the information section. The number of crying mode can be determined according to any one of the application rights 1-9, 7 4 ″, the encryption program, wherein the count is crying: X includes-Yi is reset. ^ 数 ^ The only consonant in the 11 plus squares of an information section according to the application rights 3 and 10, one of the # 4 ^ serial number is used to form the count, w # synchronization mark is encrypted . 々 乂 A secluded .τ-to separate the other. The further step sign is to link this other information section with others \ 贝 、 他 一个 Print News 12. Fang Yunliu Zi #According to the application right 10 or 11, which belongs to the door and the encryption is broken. It is intended as the base of sweat _ Decoding on a smart client 200417217 VI. Patent application scope: The method includes providing the encrypted information as the basic stream separated by the output information ... The counter is composed of a harmonic wave and a key stream == Different harmonization and confidentiality of information: 13, The server encodes and arranges the content into information in order to enable the encrypted data to be deprived. It is generated by the method of * applying for rights 3-5; Feeder According to ^ Mountain Key, the information carried by each fork key is added to at least one of the times ::: the unique serial number is linked to a key value, and the value is at least that; I; Γ in response to the client terminal The demand from the machine connected to the server via the network. 4 WA 14 · The system generates protected data for you by adding a password. It encodes the content and arranges it into information. Refer to the decoder application program on a client terminal with a double sigh. Business: The system is configured as: "application ... machine language program, ^ machine-readable media retrieval information; encrypt the copy; and provide the encrypted information in a certain format including -title and- The data packet of the table body: = column becomes part of the t packet, and at least one title contains the remaining information ^ ^ includes the shell δί1 ^ The interface can be each from the table body of the data packet; The machine language program of the delta coder application is translated by the combined language program. The system is configured to separate each piece of information into first and at least one other information section, and Page 48 200417217 VI. The scope of application for patent information is encrypted. The encryption method enables it to be decrypted independently from other information sections; and the encrypted information is combined, and the combination method includes adding a resynchronization flag to encrypt an information. Separate the section from its adjacent information section, and include an explicit synchronization sequence within at least other other information sections. 15. The system according to claim 14, wherein the system is configured to encrypt the information section with at least one key having a periodic value. 16. The system according to claim 14 or 15, wherein each resynchronization mark further includes a unique serial number. 17. The system according to any one of claims 1 to 16 of the application right, wherein the system is further configured to add a packaging envelope, to load each encrypted information therein, and to give a unique serial number. 18. The system according to claim 16 or 17, wherein the system is configured to provide each unique serial number in a self-expressing format. 19. The system according to any one of application rights 15 and application rights 16-18, wherein the system is further configured to generate at least one key information; each key information carries a data link to a key value, at least A unique serial number is added to the message to initiate a decryption process on at least a portion of the message. 20. The system according to any one of claims 1 to 19, wherein the system is further configured to use an encryption program using a password mode of the feedback to encrypt the information section; wherein the system is configured to encrypt the encryption program in each The beginning of the information festival restarts. 21. According to the application right 2 0 ^, the system is further configured to use a unique serial number in the resynchronization flag as a guide for the initial action. Page 49 200417217 6. Those applying for patents shall encrypt the other information section. The resynchronization flag is to distinguish one information section from another. 22. The system according to any one of claims 1 to 4-2, wherein the system is configured to encrypt a section of information using a data segment encryption program, and the encryption program uses a data segment whose size is equal to the size of the information section Divisor. 23. The system according to any one of claims 14-22, wherein the system is further configured to use an encryption program of a counter mode, and reset the counter before encrypting a message section. 24. The system according to application rights 16 and 23, wherein the system is configured to use a unique serial number in the resynchronization flag to constitute the counter so as to encrypt the other information section. The resynchronization flag separates this other information section from the other information section. 25. The system according to claim 23 or 24, wherein the system is capable of encrypting the information belonging to the separated basic streams, each stream is intended to be used as a decoding application on the client; wherein the system is configured to provide The encrypted information is used as output data in a format that enables the service interface on the client to combine the information into separate basic streams; where the system is configured to form a counter with a reconciliation key, and Streamed information uses different harmonic keys. 26. A method for allocating digital data. Data that encodes and arranges content into information is distributed to one or more client terminals through a server through a network. Each piece of information can be decoded by the decoder application program of the client terminal. Methods include: Page 50 200417217 VI. Scope of patent application Most data packets are transmitted from the server to the server's network interface via the network. 2. Each data packet contains at least a title and a body, and each body contains at least ^ A part; providing each piece of information to a series of service interfaces (at least one of the first one) between two layers in a communication protocol stack installed on the server; each service interface configuration is configured to add at least one packet header ^ This data packet is compiled into the intelligence information so that the client can process the remaining part of m 2. The method also includes transmitting a data packet, which is included in the "Private Question" header. The information contained in the header is related to the activation of the packet on the user machine. The body of the watch sends each piece of information from the package language program to the body of the package. Ϊ́ ΐ Ή The package in ί 々 Ή / r ^ The body of the watch includes a first toilet with at least one plus two owing floods. The other sections contain _ Shi ^ Separate a section of information from the neighbors, and scoop the kj 铩 into one ... One poor section is associated with it, the alum section is encrypted, and the wheat is J, at least it is decrypted. Separate secrets from other information sections] Way party / two apply for the right to attack 'these information. ^ Use at least one with periodic secret drawing to break: solution 2 8 ancient, ^ — Gan · method according to application rights 23 Or 24, the package bars are ,, .. Each of the resynchronization flags in 2 9 includes a sequence of incubation material seals, secondary material seals, and methods according to any of the application rights 2 6-2 8. 枓 枓 包 ， 其 Φ々 # J 个 ， 句 红 他 杜 λGAN Ning Each piece of information is included in a mere leather dagger and transferred into it. The packaging envelope of the order is based on the application right 28 or 29, complex φ々 ~, Zhongge Only-the serial number 200417217 VI. The scope of patent application is provided in the form of self-expression. 31. The method according to any one of the application right 27 and the application right 2 8-30, further including transmitting at least one piece of key information, each key information carrying data is linked to a key value, and at least a unique serial number is added Enter the information to initiate a decryption process on at least a portion of the information. 32. A server that distributes digital data, encodes the content and arranges it into information. The data is distributed to one or more client terminals via a network router. Each piece of information can be decoded by the decoder application program of the client terminal. This so-called The server includes: In order to transmit most data packets from the server to the network interface, each packet includes at least a header and a body, and each body contains at least a part of the information. The server Including a series of service interfaces (at least one) between two layers in a communication protocol stack, each service interface is configured to add at least one packet header to the data packet encoding information so that the client can process the packet. The rest; the server is configured to transmit a data packet that includes at least one header, the header contains relevant information, and related information for starting the client service interface, each piece of information is translated by the combined language program from the body of the data packet A machine language program for a decoder application. The configuration of the server is configured to allocate a data packet with a packet body; the body includes a first and at least one other information section, and each other section includes a resynchronization flag to associate an information section with it. The adjacent information section is separated, and it also includes an explicit synchronization sequence. At least one section of the information is encrypted, and the encryption method is to make it decryptable independently from other information sections. Page 52 200417217 VI. Scope of patent application 3 3.4 The company's β ^ & 丄 is encrypted, and its method is transmitted. ^ According to application right 32, these information sections are encrypted. The worker μ M can use at least one of the periodic keys to send funds for 2 packets. The server is configured according to the application right 32 or 33, and its configuration is configured to transmit 35. Each resynchronization mark in the server includes a unique serial number. . Configured to transmit ^ Coarse 4 According to any one of the application rights 32-34, each piece of information in its configured packaging package includes a unique-serial number for each U5W according to application rights 34 or 35, and its configuration is configured to provide The preface is in the form of self-expression. Whatever, Λ server is configured to transmit at least one key asset 1 according to application rights 33 and application rights 34, 夂 一 — a beixun carrying information s ^ shan'be 5fl each fork key is added In the information, the serial number of ws 丨, # 一 1U 'was 38... ^ To ^ part of the poor information to start the decryption process ... ^ In order to receive and process digital data from the client terminal, each piece of information can be decoded and coded, including: 1) Application of private solution. An interface for receiving most data packets. The packet contains at least one body; the terminal also includes a communication protocol stack and a series of service interfaces (at least one). At least one packet header is removed between the two layers of each service interface, and The remaining part of the packet is processed using the coded information configured by the header; the packet surface of packet = f goes, and its configuration is configured to translate the service interface dialect into decoding by the body of at least one packet Application of the machine to cry seventy-five scholarships by combination-type 1, profit Page 53 200417217 VI. Scope of Patent Application Contained in the packet at least-the configuration in the header is configured to receive the data packet table ^ ^. Among them, the terminal has another information section, each of which has another core information = package:-the first-and Zhizhi 'will separate one resource from its adjacent information section and synchronize the step sequence, by setting the Same as + 4 dagger—explicitly the same material. Insert each encrypted information section independently of the information section decrypted by the worker, and then decrypt it, and change 缦, Q into the original. Mountain stream, the location of the extracted information festival.卞 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, The machine is configured to use at least one information section such as the female, su /, Qianhai terminal system to solve it. I have a periodic wire value The secret wheel Λ 40. The client terminal retrieves a unique serial number from each of the resynchronization targets according to the application right 38 or ⑽. , Configured by 41 · customer terminal according to any one of the application rights 38-40 each encrypted information is packaged into a package, and the :: cooking machine is configured to be retrieved from each packaging envelope A unique serial number. According to the application right 40 or 4 丨, the 4L client terminal is configured to derive a shelf length including a unique serial number, which is obtained by comparing the unique serial number in a self-expressing format. Do parsing. Any 43 · client terminal according to the application right 39 and the application right 40-42 ι Miao Qiao Wang key information carrying data link to-key value, at least a unique serial number is added to the poor news, to At least a portion of the information initiates a decryption process; and a key value is selected for using the information. 44 · According to any one of the application rights 40_43, the client terminal is further configured to receive at least one piece of secret information, each with a data wire frog ^ h. Page 54 200417217 VI. Scope of patent application The configuration is further configured to use an encrypted program that uses the returned password mode to decrypt the information section, and restart the encryption program at the beginning of each information section. 45. According to claim 44 of the client terminal, its configuration is configured to use the unique serial number in the resynchronization mark as the guide of the initial action to decrypt the other information section; the resynchronization mark is to distinguish the Another information section and other information sections. 46. According to any one of the application rights 3 8-45, the client terminal is further configured to use a data segment encryption program to decrypt an information section and use a password data section whose size is equal to the size of the information section divided by Approx. 47. According to any one of the application rights 38-46, the client terminal is further configured to use the encryption program of the counter mode, and reset the counter before decrypting a message section. 48. According to the application rights 40 and 47, the client terminal is further configured to use a unique serial number in the resynchronization flag as a counter to decrypt the other information section. The resynchronization flag separates the other information section from the other information section. 49. According to the application right 47 or 48, the client terminal is further configured to receive and process information belonging to separate basic streams, each stream is intended to be used by a decoding application installed on the client, of which The service interface on the client is configured to combine the information into separate basic streams, wherein the client terminal is further configured to form a counter with a harmonic key, using a different secret for each basic stream of information. key. 50. The client terminal is based on any of the application rights 38-49, which Page 55 contains a header and a body; each packet provides a series of service interfaces (at least one) between the communication protocol layers, which is configured to remove at least one packet header from the packet, where The terminal is equipped with a reconfiguration part; the decrypted data received by this system is inserted into the decryption data before the header of each packet. And the body is also passed to the surface facilities, so that the title of the second and the second machine according to the application right 50, and more ^ contains a packet containing ^ service for the reason that the network received the data as the pre-packet; so == the title of the address , Can be identified 52. As the guest. ^ The terminal receives and processes the digits 1 and arranges the internal code into Λ ^ χ Feng Beixun, each poor message can be decoded; its contents include: Use one interface of the client terminal to receive most data packets and remove them The information of the packet header deals with the remainder of the packet, and the service interface is configured so that at least ^ one packet of information is translated by the combined language program into a decoder application, using at least one header included in the packet. In the information, the data packet table body is received. The table body includes a first // th information section, and each additional information section includes a re-synchronization information section separated from its adjacent information section, and includes an obvious row; each section of which Data is set by setting the resynchronization flag; the ten encrypted information sections are decapsulated independently of other information sections, and at least one of them is added to the network interface with the service interface Γ, and the method of adding the client terminal t, The encoder application program ^ packet specifies at least two in the stack, each service agent uses the encoding in the part; and includes the body of the pen language program data. It and at least another blog, synchronize the order of _ to extract; JL #; and beg 200417217 VI. Patent Application Scope A decrypted information section was inserted into the location of the extracted information section. 53. The method according to claim 52, wherein the information sections are decrypted using at least one key having a periodic value. 54. The method according to claim 52 or 53, including retrieving a unique serial number from each resynchronization flag. 55. The method according to any one of claims 5 2-54, wherein each piece of encrypted information is included in a packaging envelope, and the method includes retrieving a unique serial number from each packaging envelope. 5 6. Method According to claim 5 4 or 55, including deriving the length of a field containing a unique serial number, this is done by grammatically analyzing the unique serial number in a self-expressing format. 57. The method according to any one of application right 53 and application right 54-56, and further includes receiving at least one piece of secret information, each of which carries data linked to a key value, and at least one unique serial number is added to the information Then, a decryption process is started for at least a part of the information, and the data is used to select a secret recording value. 5 8. The method is based on any one of the application rights 5 4-5 7 and further includes decrypting the information section with an encryption program using the returned password mode, and restarting the encryption program at the beginning of each information section. 59. The method according to claim 58 includes using a unique serial number in a resynchronization mark as a guide for initial actions to decrypt the other information section; the resynchronization mark separates the other information section from other Another info section. 60. Method according to any of the application rights 5 2-5 9 including use Page 57 200417217 ——. VI. Patent application scope 'Negative material section replenishment w ^ ^ Legacy program decrypts an information section and uses a password data & its size 衮 w is divided by the size of the information section . b 1 · Ancient, 丄, and correction are based on any one of the application rights 5 2-60, including the use of Liu r [" 数 哭 礼 < ^ _ L σσ,% encryption program, and in the information section Reset the violation counter before decryption. 6 2 ηκ 里 土 · Naifa According to application rights 54 and 61, it also includes the use of a unique serial number in Dan Shikou step step Jin Shi Shi Ju #cut ^ as a counter to the other asset The machine is decrypted. Sections are separated. The Dan synchronization mark refers to this other information section and other information 63 卞 Mu is determined according to the application right 6 1 or 6 2 and further includes receiving and processing Xing 7, occasional open account for the exchange of Thai and Thai information Each stream system is intended to be installed on the guest distribution system 4 'Applications used' where the service interface on the client system is used. Qiqihai will include — “cough information combined to separate basic streams, where This method uses the information X 2 and the secret record to form a counter, using a different secret wheel for each basic stream. 64, Fang ,, and X. The received interpretation history is based on any one of application rights 52-63, including reorganizing at least a part of at least one data packet; this is added by adding the title of the package with less than $ It was inserted in # 65 of the decryption information section and before being passed to the service interface. Λ is the table—the customer should go to the title of the network address according to the application right 64 4 'where the asset is in the +4 network of the winter worm's network interface facility. , ...—— The Hai method includes adding 200417217 VI. When implemented within the scope of the patent application, providing the computer with a system according to any of the application rights 1 4-2 5 and any system according to the application rights 1 3 or 3 2-3 7 The function of one server, or the client terminal according to any one of the application rights 3 8-51. 67. A computer program that can be loaded into a computer and has the potential to enable the computer to execute a method according to any of claims 1-12, 2, 26-31, or 52-65 when executed in a computer. Page 59