TWI225352B - Apparatus and method for preventing digital media piracy - Google Patents

Abstract

The present invention is directed to a digital verification and protection (""DVP"") system that can be implemented to protect against piracy or unauthorized reproduction of digital content that is delivered from a content provider to an end user of the content. Specifically, the preferred embodiments of the present invention detects the configuration or setup of the viewing or downloading equipment of the end user to determine whether the detected configuration or setup, including hardware and/or software setup, that may be used by the end user to copy or pirate the digital content to be delivered to the end user additionally, the present invention may be used by the content provider to require a specific minimum viewing or downloading equipment setup, such as a minimum processor speed, as precondition to accessing or viewing the digital content being requested by the end user.

Description

1225352 V. Description of the invention (1) Field of the invention The present invention relates to a kind of digital media theft threat that can protect digitals to unauthorized reproduction, and protect them against the system. Known technology The present invention can avoid illegally providing services provided on information and other media (such as the public network of the Internet, or θwide 'or private networks on the Internet). Like a regional network shell. 1 Unauthorized copying or unauthorized copying Internet-based entertainment services, streaming and downloading (down l0ading), transfer images and content to customers' homes. In the case of streaming, the digital media is on the feeder, and when the audio / video screen is on the network, a media viewer installed on the client will be used from the server. Receive and display audio / video images without having to store the media on the client. In the case of downloading, the digital media is stored on a server, and the digital media is downloaded from the media viewer via a media viewer installed on the client. A copy on the Internet to a storage device on the client for subsequent projections. One of the important issues of these two methods is' digital media assets retrieved by the user. Will, the risk of being re-distributed. In many examples, such as media delivery systems, they rely on an encryption scheme to protect against intrusion. , This method is generally called digital rights

Page 7 C02858 1225352 V. Description of the invention (2) Digital Right Management (DRM). Under this scheme, digital media files are encrypted by using a private key (private k y) that only the rights owner or authorized distributor knows. The digital media is transmitted to the client, and after successful execution of the client's authentication and authorization, it is decoded using a public key exchanged between the server and the client ( decrypt). Identity verification / authorization is usually accompanied by payment methods, which pay the rights owner or distributor. These methods are usually sufficient to protect digital media files from unauthorized viewing. When faced with only digital rights management or similar forms of encryption / watermark (encrypti ο n / watermark) protection schemes, there are various mechanisms for those who want to invade digital media. can use. When displaying media, the client's browser will first decrypt (decrypt) and then perform a decode (converting the media from a digital format to an analog format) for the analog display. As a result, a continuous series of video frames can be presented to the user. Digital rights management is not protected and copying of decoded images is prohibited. Importantly, once the content has been decrypted and decoded, there is no protection and it can be copied in digital or analog form. Before digital media can be shown to the audience, it must be fully decompressed 'and displayed on a computer screen. An image is a bitmap in memory, and all timings and signals are on the video card bus. It is possible to convert these signals from the image

Page 8 002S59 1225352 V. Description of the invention (3) On the feature connector of the card, capture it and record it. Once these signals have been captured, a simple set of algorithms (a 1 g 0 r i t h m) can be used to generate the original uncompressed movie, which is then displayed by the media player. The next thing to do is to make a master for duplication. FIG. 1 shows a pattern for explaining an imaginary digital path from a streaming computer to a final product of a coded video disc (Vide0_CD, VCD). As shown in the figure i, the digital data is captured from the video card (Video Carcj) ii through the digital recording device 12 and the next recorded digital data will be transferred to a personal computer. (PC) 1 3. The personal computer 3 can use a rewritable optical disc (CD-RW) to decode an image disc 1 4. Even though a digital record can generally be obtained from a streaming computer, proper hardware is required, and the program has exceeded—the average hacker's ability. A simpler and faster way is to use analog output. More special, you can use a scan converter (scan c ο n v er t e r) to make analog recordings from a computer and fine-grained μ. Using ^ 一 南 ί: Π ί: sweeping cat converter, the result will be streamed or downloaded iU ::. Further, other equipment may be used to create a digital copy to create a re-encoded output suitable for creating a video-CD (VCD). In particular, as shown in the picture, the uncompressed picture passes through | II! Γ々Ξ 月 刀 0, shown to the audience. The vast majority of fans; they use a 15-pin D-type battery that is plugged into the back of the electricity month, and the electricity will be connected.

1225352 V. Description of the invention (4) To a computer monitor (moni tor). Just use a general scan converter 2 1 to get the signal on the monitor and turn it into a TV screen 23, a projector 22, or a portable device such as a portable Camcorder 24 or a video recorder 25. The output of the cat sweep converter 21 can vary according to quality (usually directly related to price). Most will provide S-Video output, or even component output with excellent reproduction quality for analog recording. Although most high-end personal computers have graphics cards that can display TV compatible signals, the image quality displayed is not comparable to the image quality produced by the scan converter. There are currently some consumer electronics products on the market that can capture analog signals to K and convert them into a format suitable for digital media such as digital video tapes (v i d e 〇 t a p e). With these products, via the computer 2 6 which will be used as the master of an image disc 27, a small step forward for recoding the movie, for a small number of pirates, Next, a CD-ROM writer will be used, or for a large number of actions, a CD stamper will be used. In the Asian market, video discs are widely welcomed and are a widely accepted format. Therefore, most DVD players on the market are currently used to play video disc movies. The video community has previously faced the problem of analog theft. With the advent of DVD, analog output can be used to make high-quality copy recordings directly from DVD. This feature is by using a digital watermark

Page 10 002861 1225352 Fifth, the invention description (5) (digital watermarks), or area password embedded data (steganographical ly embedded data), where the area password carbon-type data, originally by, for example, such as Ma cr visi The company introduced the market to prohibit the intrusions recorded by VHS. A similar system can also be implemented on the scan converter to stop, for example, the situation shown in Figure 2. However, this method is not practical and may cause the normal use of projection devices and televisions. More questions. SUMMARY OF THE INVENTION The present invention is related to a digital verification and protection (digita 1 verification and protection (DVP) system), which can intelligently avoid digital media intrusion through threat response methods, and reduce many known In digital media protection systems, a common 1 is the need for a forensic diagnostic process after a post-breach. The preferred embodiment of the present invention helps to provide a protection from unauthorized digital media copying to a personal computer or a television via a set-top boxes (STB). The intrusion protection of the present invention can be applied to both streaming and downloading digital media. In terms of high-level description, the preferred embodiment of the present invention can provide the following functions: a) positively identify a known part of the equipment, device, or software, and search for digital or analog output Or equivalent output; broken b) allows playback of digital media (playback) and can only watch or download devices of known or approved architecture devices; and

Page 11 0G286: 1225352 V. Description of the invention (6) c) Confirm that the equipment architecture can be changed on the fly and decide whether such changes constitute a security breach. . It is an object of the present invention to provide a protection against theft of digital content. The protection is not allowed for digital content to be played on the device, where the device provides a mechanism by which the decrypted and decoded media can be copied. In a DVP system, according to a preferred embodiment of the present invention, customers who want to watch or use digital content must obtain permission (permissi ο η) before accessing or displaying digital media (regardless of the digital Does the media use conventional anti-theft methods such as digital rights management (DRM) as additional protection? If the customer is authorized to access digital content in accordance with the present invention, the customer's hardware and software configuration or setup is not considered a threat — (i.e., unauthorized permission, Digital content cannot be reproduced). Furthermore, according to a preferred embodiment of the present invention, when a configuration change of a client's viewing or download setting is detected, the transmission of digital content is automatically stopped, and permission of the digital media must be obtained again. Another object of the present invention is to maintain a database of device or software configuration information such as peripherals and applications, which can be classified into whether or not it is the customer's permission to access digital content, Receivable or unacceptable configuration of settings. Specifically, according to a DVP system of the present invention, a database is used to determine whether a particular device configuration is determined to be a required digital medium for a threat. For example, if the user's personal computer is connected to a digital recording device, the present invention can be set to determine that a threat exists and to reject digital media

Page 12 002863 1225352 V. Description of the invention (7). If an unknown configuration is detected, the database is updated and it is best to perform a threat inspection process to strengthen the system's capabilities to accurately detect and respond to possible threats. An advantage of the present invention is that it provides security measures for protected information, copyright information, and media services. In particular, the present invention can ensure that information can only be sent, or can only be configured and set, by a user who has been approved by the owner of the digital content to be transmitted. In addition, this system ensures that the media can only be displayed on devices approved by the asset owner. This system prevents unauthorized copying or reproduction of the newsletter 'from being displayed on individual personal computers or media display devices such as televisions. Another object of the present invention is to notify digital content owners when unauthorized users, device stomachs, and actions occur, and allow digital content owners to use appropriate security policies Or measure, make the necessary response. Although the embodiment of the present invention is preferred to be used in a video on demand system (Video On Demand), the present invention can also be widely applied to any other specific systems on which digital media content is transmitted from one party To the other side. In particular, the present invention can also be applied to any specific application, on which digital media is transmitted to a personal computer (PC), a set-top box (STB), or a similar device, And on these devices, some rights-holders or owners are interested in protecting digital media from unauthorized reproduction or use. Regardless of digital media transmitted to customer equipment

Page 13 CG2864 1225352 V. Explanation of the invention (8) What methods can be used to apply the system according to the present invention, and the present invention can also be used as a digital figure outside the conventional protection system for preventing theft A level of digital media protection scheme ° In order to make the above and other objects, features, and advantages of the present invention obvious and easy to understand, a preferred embodiment is given below with the accompanying drawings Formula, detailed description is as follows. Simple instructions for labeling: 11 video card 12 digital recording device 13 computer 14 video disc 2 (Γ personal computer 2 1 scan converter 22 projector 2 3 TV 2 4 portable digital video camera 25 video recorder 26 computer 27 Video disc 30 Client device 3 1 Configuration verification client program 32 Media viewer 33 Application server

Page 14 002865 1225352 V. Description of the invention (9) 34 Configuration verification server 35 Media server 36 Digital rights management server 37 Streaming identification server 38 Threat database server 40 Display 41 Display information 7 0 DVP Server 90 Personal Computer or Set-Top Box 9 1 Internet 9 2 Visitors 93 Host Internet Server 9 ί Digital Rights Management 9 5 Host Internet Site 96 J a ν a Usage Report Internet Services 97 Windows Media Service 98 Use Report Database 99 DVP Internet Server 101 CVServices.dll 102 SBEncrypt.dll 103 DVPAdmin.dl1

104 ThreatDB 10 5 C V S r v e r Internet Services 106 DVP Management 鬌

Page 15 002866 1225352 V. Description of invention (ίο) 10 7 CVContro 1. Cab 1 08 DVP Internet server 109 CVControl.dll 110 CVSettings.xml 111 SBEncrypt.dll 112 SOAP redistributable unit 130 customer 13 1 server 132 Database 1 33 Coded components 14 0-151 Poor structure 2 0 0-2 0 6 System entity is a preferred embodiment. The present invention is a device and a device for protecting digital content from intrusion or unauthorized reproduction and method. According to a DVP system according to a preferred embodiment of the present invention, when starting to transmit each digital content such as a movie, a decision is made as to whether or not there is a danger according to a result of checking a device configuration check by a user. Specifically, if the DVP system detects that the device configuration downloaded or viewed by the user includes a recording device, such as a plug-in recording device that has been activated on the computer, or is connected to the top A video recorder (VCR) of the box will instruct the DVP system to refuse to send digital content to the user. In addition, the D V P system can also be used to monitor the user's device configuration during the entire download or viewing period. If the user's device changes, such as adding a recording device to the device group

Page 16 002867 1225352 V. Description of the invention (11) State or setting, you can interrupt or stop the transmission of digital content. According to this embodiment, the DVP system uses a heuristic algorithm to identify possible threats. The entire process starts with the client device trying to access the digital media. At this time, the D V P system will register the hardware and software profiles related to the client device (p r 0 f i 1 e). When structuring this information, the system searches for specific devices and software fingerprints ("fingerprints"), which are known information that is needed to decide whether or not to pose a threat. When the device was first proposed, and When registering in a client device profile, the DVP system will improve the performance of identifying threats by comparing the client device profile with the profile registered in the following occasions. When When there are some differences between the current and registered profiles, the system will then go through a complete 'threat determination process. This can provide an optimal customer service experience without sacrificing important security concerns The following will describe the preferred embodiment of the present invention in detail with reference to FIGS. 3 to 19. FIG. 3 illustrates the architecture of a DVP system according to a preferred embodiment of the present invention. In particular, according to this The DVP system of the preferred embodiment includes a media server 35 for storing digital media content (stored in a coded or decoded form). Root The DVP system according to the preferred embodiment also includes a client device 30, which includes a personal computer (PC), a set-top box (STB), and any other device that can be used to display digital media. For example Say, a typical client device can include a TV and a set-top box. Other typical client devices can also include

Page 17 C02368 1225352 V. Description of the invention (12) Personal computer and a display. The DVP system according to this preferred embodiment also includes: a media viewer 32, which can be any device that can display digital content (such as a set-top box), including any digital signal that can be converted to Analog signals for devices used for display; an application server 3 3, coordinate download or viewing requests from customers to the server / distributor, a streamer 1 easecriteria server, SRC) 37, used to store configurations and settings that have been determined to be receivable for receiving digital content to be transmitted; a threat repository server (TRS) 38, using * for Store suspicious or unknown device configurations, and preferably record the use of those configurations; a configuration verification server (c 〇nfigurati ο η verification server (CVS) 34) for arbitration ( mediate) requirements for media viewing; a configuration verification client (configuration verificati ο nc 1 ient, CVC) 31, which is used to identify the user's configuration or settings, and provides information to CVS; and a digital rights management server (DRM) 3 6, which is used to authorize the password Media 'and provide a decryption key ° It is worth noting that although the above-mentioned various components are shown in Figure 3 as separate hardware devices, they are executed by various software that share the same hardware resources Methods to implement the above functions are also included in the scope of the present invention. FIG. 4 illustrates a d v P system according to a preferred embodiment of the present invention.

Page 18 0Ό2Β69 1225352 V. Description of the invention (13) A typical operation mode. In particular, a consumer using a client device 30 first asks the content provider for authorization to access digital media. This request will be passed through CVC 31, of which CVC 31 is preferably installed in the client device. , If not, you need to be able to access the client device 30. When receiving this request, C V C 31 will get the configuration or setting information from client device 30, and forward this information to CVS 3 4 for its decision and approval. After receiving an approval request from CVC 31 or client device 30, CVS 34 retrieves or searches for a pre-approved acceptable and unacceptable configuration from SRC 37 via a predetermined approval criterion Or a list of settings (1 ist). 'After receiving the list of receivable / unreceivable configurations or settings, CVS 34 will compare the configurations or settings of client device 30 with the receivable configurations retrieved or searched to Or the list of settings is compared with each other. If the CVS 34 determines that the configuration or settings of the client device 30 are acceptable, then the CVS 34 will notify the CVC 31 that the digital content request has been approved. After CVC 31 receives a notification from cVS 34 that the user has been authorized to view the requested digital content, CVC 31 then notifies client device 30 that the request has been approved. Thereafter, the media viewer 32 requests media content from the media server 35, and the media server 35 then transmits digital content to the media viewer 32. It is worth noting that when testing the configuration of the client device 30, in addition to the hardware, CVC 31 may also be able to detect whether there is unauthorized software residence, such as the method of covering Macrovision Software, ripping software, hacked or

Page 19 CC28? 0 1225352 V. Description of the invention (14) Fake DRM or password-encoding software. Users usually use software called π T r 〇ja η software (which may look like Unauthorized software, but is actually a program that destroys software) and performs illegal configuration. According to the DV system of this preferred embodiment, it is best to detect Trojan software or rogue software by checking the dll signature of the dynamic link library of each process currently executing. ). It's a bit like a DNA test. For example, the trick of a piece of software is its use of DLLs and other handlers. Changing it to another name (such as Word or Outlook) does not deceive DVP because DVP recognizes the signature of the dynamic link library of this process, which claims to be part of a similar software Out 1 ook or Word, but not ut1ook or Word.丨 _ According to another embodiment of the present invention, if the DVp system is used with a conventional coding or watermarking security system (w a t e r m a r k s e c u r t y system), additional security measures need to be adopted. For example, in Figure 4, the digital content can be transmitted to the media viewer 32 in the form of a code. After that, the media viewer 32 must push one out to the DRM 36. + The requirement of license or authorization 'here will also determine whether the authorization should be agreed and the appropriate decryption key' or other similar means for viewing the transmitted digital content The access means is transmitted to the client device 30. In Figure 4, if cvs 34 determines that the configuration or setting of the client device is > unacceptable ', then CVS 34 will notify CVC 31 that the request for the digital content is rejected. C V C 3 1 will then notify the user, preferably via the media.

Page 20 CG2871 1225352 V. Description of the invention (15) Viewer 3 2, the request for digital content has been rejected. According to a preferred embodiment of the present invention, the DVP system can also display a message to the user at the same time, explaining why the digital content request was rejected, such as indicating that a specific device or software has been connected to the client device May pose a threat to digital theft. Finally, if CVS 34 in Figure 4 determines that the configuration or setting of the client device is not included in the captured configuration list and / or belongs to an unknown configuration or setting, then CVS 34 will The steps shown in Figure 6 are performed. Figure 6 illustrates the operation of the DVP system of the present invention when the CVS 34 encounters an unknown client device configuration or setting. Specifically, CVS 34 will send the detected suspicious client device configuration to TRS 38 to update the unknown client device configuration on the database. This data can (or at the same time) be updated. Used by content providers to analyze the threat of digital theft. At the same time, CVS 34 will extract a list of possible threat responses from SRC 37 to configure the detected unknown client devices and take appropriate responses. These responses should preferably be based on the required digital content. , And the geographic area where the requesting client device is located. Responses to possible threats to unknown user-client device configurations can be simply rejecting digital content delivery requests, agreeing to permission for digital content delivery, or agreeing to temporarily suspend digital content delivery until subsequent conditions are met (Like if the user changes their client device configuration within a specific time frame). If responding to a possible threat, provide for consent to digital content delivery

Page 21 M :: 872 1225352

There may be various changes in the form of p e r m i s s i ο η). For example, one possible client device configuration or user profile may provide that the temporary license is extended to 30 days, while another situation may allow 10 different requests that are allowed at the same time, Access the requested digital content. In summary, when the inspection result of the client device configuration does not match the known configuration of s R c, there are at least three situations that the DVP system may encounter. No threat configuration is known to SRC 3 7 and no threat configuration is known to SRC 3 7 and no threat configuration is detected to be unknown to SRC 3 7 As mentioned above, the threat check is based on Several factors, including media ownership

n

Page 22 002873 1225352 V. Description of the invention (17), geographical area, and other conditions vary. When deciding what kind of response should be, the system considers all threat discriminating factors before determining whether it is non-threatening, threatening, or unknown. As mentioned above, it is worth noting that although the above devices and their functions are separate hardware components for the purpose of explaining the present invention, these functions are provided in different hardware or software implementations or The methods of providing the same functions and results in the diagram are all included in the scope of the present invention. FIG. 5 shows the operation of a DVP system according to the present invention when new hardware or software is added to the client device 30 during downloading or transmitting digital content to the user. Specifically, when the media viewer 32 is displaying or transmitting digital content to the client device 30, the CVC 31f detects a configuration change in the client device 30, and the CVC 31 indicates the media viewer 3 2. Stop transmitting digital content. In addition, CVC 31 will transfer the updated client device configuration to CVS 34, and then CVS 34 will update the updated client device configuration with the receivable / non-receivable configuration retrieved from SRC 37 or The setting lists are compared with each other. If based on the results of the CVS 34 inspection, the DVP system determines that the updated client device 30 configuration is not acceptable, then the CVS 31 will terminate the digital content transmission and cause the client device to notify the user that the DVP system decides to do this. Kind of action. If CVS 34 decides that the updated client device 30 configuration is acceptable, then CVC 31 resumes transmission of digital content. If the CVS 34 decides that the configuration of the updated client device 30 is unknown, the process described in Figure 6 is executed next.

Page 23 CG2874 1225352 V. Description of the invention (18) Over time, when the DVP system has a better understanding of the possible threats and the technology required to identify threatening devices and software, the client device configuration The complexity will increase. In fact, the D V P system according to the present invention has been continuously developed in terms of discrimination of threats, and has become more intelligent. DVP systems can learn additional threats in a variety of ways. To be clear, when the system reports an unknown configuration to TRS 38, an expert in threat identification can analyze the configuration and notify the system of the results of the analysis through a management interface. Once the results have been made, the D V P system will understand (u n d e r s t a n d) the configuration and can automatically perform a threat discrimination, in which a similar configuration can be confirmed again. Stomach consumers can use a variety of new devices and software. These devices can use expert or artificial intelligence programs to determine whether there is a threat of digital theft and notify the system of the results through a management interface. The system can then automatically perform threat discrimination on these configurations. In addition, different content owners have different options for receivable client device configurations. For example, a content provider may need to make their media playable only on devices that do not have a video card with an S-Video connector, while others may not have such restrictions. Furthermore, the same media owner can have different interests (c ο ncer η) for a specific media type (such as the first round of movies), or for different geographic regions, Different stakes ideas. Under these conditions, it is foreseeable that the system will allow threat profiles to be threatened.

1225352 V. Description of Invention (19) To change with media owner, media item, and geographical area. The D V P system of the present invention can be constructed and is suitable for adding a new threat profile. For example, future content providers can perceive a particular network protocol as a threat. In this situation, the DVP system can be adapted to detect such network protocols and further protect the content of the media owner based on the updated threat profile. In the DVP system according to the preferred embodiment of the present invention, if the CVC 31, in its hardware or software, is tampered to some extent due to user actions or other reasons, making it invalid. (disabled), or malfunction (malfunction), then all requests for digital content transmission should preferably be rejected until CVC works normally again. ~ Specific terms related to server and network architecture are also outside the scope of the present invention. Please note that the characteristics of the architecture are not described, there is only a small amount of description in the present invention, and it cannot be regarded as a single example of the invention. The D V P implementation can be different in many examples, especially with regard to network and server architecture. Specifically, although the preferred embodiments of FIGS. 3 to 6 describe various servers connected via a network, a specific example of a DVP system may have two or more servers, included in the same actual Computing devices, and communicating with each other on devices that are not networks. FIG. 7 illustrates a D V P system according to another embodiment of the present invention. As can be seen from the figure, CVS 34, SRC 37, and TRS 38 are all included in the D V P server 70. FIG. 8 illustrates another embodiment of the present invention.

Page 25 C02B76 1225352 V. Description of the invention (20) Among them, the media server 35 and DRM 36 are included in the application server 33. It is worth noting that although the main purpose of the present invention is to protect digital content, In the event of a theft or unauthorized reproduction, the present invention can also be used to specify the minimum client device requirements for receiving specific digital media. For example, some media owners may require client devices that must meet certain minimum specifications in terms of hardware, operating system, software, and so on. These requirements are usually based on the requirements of media playback quality. For example, media owners may believe that unless the devices have a central processing unit (CPU) above certain performance specifications or have a specific graphics processing capability, the devices will not The quality of their media. In another example, a digital content provider may require that a client device be equipped with a specific parental control function before transmitting digital content of an adult nature. The core part of the present invention judges the ability of a client device configuration, and compares this configuration with a receivable configuration, which is ideally matched to ensure that the device must meet the minimum specifications. In fact, some people see devices that do not meet these minimum specifications as a threat to quality rather than security. Finally, the present invention can be applied not only to streaming and downloading digital video, but also to digital audio. The invention can be implemented relatively easily to provide protection from digital music being stolen. FIG. 9 illustrates a specific implementation of a D V P system according to a preferred embodiment of the present invention. To be clear, in this particular implementation

Page 26 C02877 U25352 V. Description of the Invention (21) " ^ The client device is a personal computer or box 90 running Microsoft Windows operating system, and the consumer uses the Internet Explorer Internet Explorer to access the listing A host web site with accessible digital content. CCVC is an Active Control built into a web page and communicates with client devices through Microsoft's Windows Management Instrumentation. , WMI) interfaces are connected to each other. The media viewer is Microsoft's Media Player media player 'and the DRM server is Microsoft's Media Rights Manager. The application server is Microsoft's IIS Web Server, and CVS runs IIS as an Internet service. CVC and CVS communicate securely through a Simple Object Access Protocol (SOAP). TRS and SRC are a Microsoft SQL Server 2 (Γ〇〇 database under CVS control. In Figure 9, the equivalent to CVC 31 is CV Control, dl 1 109, and the equivalent to application server 33 is The DVP web server 108 is equivalent to CVS 34 as cvServices 106, and equal to TRS 38 and 5 {^ 37 is Ding 1 ^ 681 and 104. Fig. 10 shows a specific implementation of the preferred embodiment of the present invention. A specific aspect of the solution. Specifically, Figure 10 shows a sequence diagram that describes the sequence of events that occur when CVC is downloaded as software to a user's computer. Figure 11 shows A specific aspect of the specific implementation of the preferred embodiment of the present invention. Specifically, Figure 丨 丨 shows a sequence diagram to describe when a visitor to a host Internet site decides to request to view digital content Sequence of events that occur.

Page 27

CG287S 1225352 V. Description of the Invention (22) Figure 12 shows a specific aspect of the specific embodiment of the preferred embodiment of the present invention. Specifically, 'Figure 12 shows a sequence diagram to describe when a user starts a new processing program or connects a new device to a device while watching or using the transmitted digital content. The sequence of events that occur at the client device.

Figure 13 shows a sequence diagram that illustrates the basic Internet service security protocols. Specifically, the client requests some random data from the server, encodes the data, and sends the data back to the server 'as a parameter with a business call. The server encodes the data to be sent to the customer, and compares the encrypted data sent back by the customer. If the data matches each other, the server will execute the real business request. The passwords (passwords) used to encode data on both sides are exchanged with each other outside the band (0ut_0f-band). The coded data will be sent back to the server as a b a s e-6 4 coded form, so it can be transmitted using a SOAP string. The return value of the business function can be used to indicate whether the identity authentication is passed. Figure 14 is an entity-relationship diagram, which is used to describe the preferred embodiment of the present invention. CVS 34 data structure. It is worth noting that Figures 14 and 14 are only described in a small amount, and according to the preferred embodiment of the present invention, multiple alternative database structures can be implemented.

Fig. 15 shows a packaging diagram for describing a typical system entity that can be used directly or indirectly by CVS 31 according to a preferred embodiment of the present invention.

1225352 V. Description of the invention (23) Figure 16 shows the characteristics and methods of C v S 3 1 according to a preferred embodiment of the present invention, which can be seen publicly. Figure 17 shows a ciss diagram for describing the method used by cvs 34 to implement the functions of the preferred embodiment of the present invention. Figure 18 shows an integrated classification diagram, in which an Internet site host 'can create a Java Script framework method for combining with CV C 31 according to the preferred embodiment of the present invention. FIG. 19 shows a cryptographic diagram for describing the functions exposed by sNEncrypt.dll. The SNE ncrypt · d 1 1 is provided and can be used by CVC 31 and CVS 34 according to the preferred embodiment of the present invention. Available SOAP challenge-Response security mechanism 〇 • Although the present invention has been disclosed in the preferred embodiment as above, it is not intended to limit the present invention. 'Any person skilled in the art will not depart from this. Within the spirit and scope of the invention, 'a few changes and modifications can be made. Therefore, the scope of protection of the present invention shall be determined by the scope of the attached patent application.

Page 80 S80 1225352 Brief description of the diagrams Figure 1 shows an example of a possible path from a computer to the digital content of an encoded video disc; Figure 2 shows a possible recording or reproduction using an analog digital conversion device An example diagram of the manufacturing scheme; FIG. 3 illustrates an example diagram of a DVP system architecture according to a preferred embodiment of the present invention; FIG. 4 illustrates a DVP system according to a preferred embodiment of the present invention Example of operating characteristics (〇peratingcharacteristi cs); FIG. 5 shows an example of the operating characteristics of a DVP system according to another preferred embodiment of the present invention; FIG. 6 shows another preferred embodiment of the present invention. An example of the operating characteristics of a DVP system in the embodiment; \ 7 shows an example diagram of a DVP system architecture according to another preferred embodiment of the present invention; 8 shows an alternative implementation according to the present invention Example DVP system architecture; Figure 9 shows a specific implementation of a DVP system according to a preferred embodiment of the present invention (i Figure 1 shows an example of another specific implementation of a DVP system according to a preferred embodiment of the present invention. Figure 1 shows a DVP according to a preferred embodiment of the present invention. An example diagram of another specific implementation scheme of the system; FIG. 12 shows an example diagram of another specific implementation scheme of a DVP system according to a preferred embodiment of the present invention;

1225352 on page 30. Brief description. Figure 1 3 shows another example of a specific implementation of the D VP system according to a preferred embodiment of the present invention. Figure 1 4 shows a preferred embodiment according to the present invention. An example diagram of yet another specific implementation scheme of the DVP system of the embodiment; FIG. 15 shows an example diagram of another specific implementation scheme of the DVP system according to a preferred embodiment of the present invention; and FIG. 16 shows An example of another specific implementation of the DVP system according to the preferred embodiment of the present invention is shown; and the seventh to seventeenth is a specific implementation of the DVP system according to the preferred embodiment of the present invention. An example of the solution; another eighteenth is an example of a specific implementation of the DVP system according to a preferred embodiment of the present invention; and ~ nineteenth is a preferred implementation according to the present invention An example of another specific implementation of the example DVP system.

Page 31

Claims (1)

1225352 1225352 --- Case No. 91120fiQR VI. Patent application scopes to avoid unauthorized re-entry The digital-media server is used to store: a configuration verification server for ^ digital media content; and, a configuration data, the configuration data ~ the client device receives the client's state information, and In a system group 1 of the client device, the configuration tester verifies the configuration data of the server f, and determines that the client receives the client's receipt of the stored digital media content; Authorization can be connected to the device, and will store the stored digital ::::: The configuration verification t is being transmitted to the client device for playback. Gu, from the media server, the feed 2 device as described in the first item of the system, and further includes-discriminant state injection feed device, the configuration data of the second 'where, this group of rights can be broadcast compared to' It is determined whether the client device has digital media content that is misplaced. The system described in item 1 of the scope of data file 2 and 2 further includes a threat material, where =: is used to store a group of unauthorized configuration data, and the group is not; :: server The second group is whether the received configuration equipment client device is accurate; J materials are compared with each other to determine the technical right and can be played in the stored digital media 10017pifl.ptc page 32 ΛΙ 91120698 1225352 —-----— No—Scope of patent application 1 year > 1 factory. Yue Rong 4. The system described in item 丨 of the scope of patent application, which is a server, works with the client device and the media server, and the 1st tone stores the stored digital media content from the media server = client Device. It can be sent to the system according to item 5 of the scope of patent application, wherein the device includes a device for detecting the configuration data of the client device. The detected configuration data is transmitted to the device. Configuration verification server. : 6. The system described in item 丨 of the scope of patent application, wherein the media content includes a plurality of image files, and wherein the client department, including a media viewer, is used to view the image files. 1. Please refer to the system described in item 1 of the patent scope. * In the transmitter, the client will periodically receive the baby from the customer ^ ^ "Inverse check servo configuration configuration test word server, receive an updated set Status data, to determine whether the client device is still receiving the updated configuration data, using the media content: authorized to 'play the digital media stored in the library's LHC's ... then this group starts with: 8. If applying for a patent Digital media content transmission. Digital media content is based on the system: 'the stored location.' The code format is transmitted to the client device. The system described in the client device item further includes a provided device for encrypting the password, 10017pifl.ptc Page 33 —j No. 9m_Q «VI. Patent application scope ^ Amendment Pass to: Decode the digital media content of the client device. A method to prevent digital media content from being reproduced without authorization by the number of injured individuals. The system's internal body is distributed via a communication network to a client device that can perform playback of the digital media content. The method includes the following steps: : Store the digital media content; leave the client device to receive a configuration data of the client device, the group ~, the material includes the system configuration information set by the client; Humeng even used the received The configuration data of the client device determines whether the client is authorized to play the stored digital media content; the stored digital media content is played and transmitted to the client device for further steps: if the scope of patent application The method described in item 10 further includes the following storage of a set of pre-approved configuration data; and material exchange: comparing the configuration data received with the group in advance ^ "2: If the scope of patent application The method described in item 10 further includes the following storage of an unauthorized set of configuration data, and comparing the received configuration data with the status data. The level of approval of the copyright is 1 3. The contents of the digital media as described in the scope of the patent application No. 丨 0 are transmitted in the form of a password ^, 5Hai storage IMS Page 34 1017pifi .ptc 1225352 Hip :: ## Q119 / Vfed «;; 丄 .L CL____________________________________ —... i /, the scope of patent application PJ a _〇 said, the scope of patent application ... 1-1-1 4 The method described in item 13 further includes a step of 'providing a decoding key to the client device' to decode the stored digital media content transmitted in a coded format. 1 5 • As described in the patent application The method described in item 10 further includes the following steps: = During the transmission of the stored digital media content to the client device, receiving an updated configuration data from the client device; using the received updated group State data to determine whether the J still has the authority to 'play the stored digital media content'. If it is determined that the client device no longer has the authority to play the media content, the storage of Bit 16. A machine-readable medium, including a set of k-homing, to enable a computer to execute a method, use the executed instructions, and use the network to distribute to a digital device that can be reproduced on a communication device. Inside the media, the client of the content broadcast * stores the digital media content; the following steps are performed: receiving the client state data from the client device, including the two configuration data of the client device's-system configuration, the group uses Received the customer ’s wear, digital media, content, and playback of the stored digital media content.… Authorized, 4 = media = customer ’was transmitted to the customer's farm for 10035pifl.ptc on page 35 卺% 1 Repair Dagger I Case No. 9112〇im 1225352 7? The scope of the six patent applications ___ 17. The method described in item 16 of the patent application scope may further include the following steps: a medium storing a set of pre-approved configuration data; and receiving the set of received State data, compared with this group's expectations. Described as unapproved configuration data 18. The method as described in item 16 of the scope of patent application further includes the following steps:-fetching the media 'which stores a set of unauthorized configuration data; and receiving the received configuration data The configuration data of the comparison with the group of unstated data. Unauthorized approval 19. The method in the machine described in item 16 of the scope of patent application further includes the following steps: flying the media, which will be transmitted to the stored serial number of the client device; and J The media content is silently provided, and the client device is provided with a decryption code for decoding the encrypted digital media content. ⑹The storage of the code 20. The method described in item 16 of the scope of patent application may include the following steps: a medium, which transmits the stored digital media content to the client device, and receives an updated Configuration data; during the installation, 'from the use of the updated, configuration data #' received by # to determine whether the customer still has the authorization to play the stored data. Double talk about body content; if it is determined that the client device no longer has permission to play the stored digital Ended 122 ^ 352 Media, each stop the transmission of the stored digital media content. Digital media and system for recreating digital media content, the media message network is distributed to a client device that can execute the digital _ Kariya broadcast, the system includes · two storage devices for storing a digital media content; A verification device for receiving a message from the client device dreamed by the client device; the configuration data includes a system configuration information of the client device; The client device that arrived here determines whether the client device is authorized to receive the stored digital media content, and press & if the verification device determines that the client device is authorized ,. In order to receive the stored digital media content, the verification device, together with the stored digital media content, transmits from the storage device ^ user ^ settings for playback. 22. The system described in item 21 of the scope of patent application, further includes a device 'for storing a set of pre-approved configuration data, wherein the verification device $' will receive the configuration data, and The set of pre-approved configuration data is compared with each other to determine whether the client device is authorized to play the stored digital media content. 23. The system described in item 21 of the scope of patent application, further comprising a device for storing a group of unauthorized configuration data, wherein the verification device 'receives the configuration data received, Compared with this set of unauthorized configuration data to determine if the client device is authorized, 1225352 Case No. 911206 ^ 6. Scope of patent application The stored number can be played. 24. If a patent application is used, it is used to store the stored data to the client device. 2 5 · If the patent application device includes a device, use the detected configuration data 2 6 · If the patent application digital media content includes resetting 'include one to watch these 2 7 · If the patent application is a The internet. Bit media content. The system described in item 21 further includes digital media content. From this storage device, Peide sends the system described in item 21, in which the configuration information of the client device is detected. The device is transmitted to the configuration verification server and the system described in item 21, wherein the image files are stored, and the customer's image files are stored therein. ~ The system described in item 21, wherein the communication network 28. The system described in item 21 in the scope of patent application, wherein the digital media content is transmitted to the client's storage in the form of a password. Home installation 29. The system described in item 28 of the scope of patent application, further including-a device for providing a decoding key to the client device, for transmitting the coded format to the client device. Digital media content decoding. 30. The system according to item 21 of the scope of patent application, wherein, during the transmission of the stored digital media content to the client device, the verification device ^ periodically receives an updated Configuration data, the check device uses the received updated configuration data to determine whether the client device is still authorized, and can play the stored digital media content, if the check device indicates the client device. No longer have permission to play the stored 1225352 Amendment 6. Applying for a patent __ 3 :: f content, the annotation device will stop the transmission of the stored data valley. TW Digital Media = Readable Media 'includes a set of executable instructions, using the -methodϊΐ :: =: device: execute playback in a digital media] u Digital media content is provided by a content provider, The method is distributed on Kariya U Road, and the method includes the following steps:-Passing to the supplier of Hayne Valley, presenting a system configuration information of the client device to play the digital media content; or the detected The configuration information of the system is transmitted to the content provider from the content provider in May, and receives a license that can receive the media content. H㈣ Put money 32. In the machine described in item 31 of the scope of patent application? The method further includes the following steps: buying the media, which receives the requested digital media for playback to detect the updated system configuration information of the client device; and ° / updates the system configuration of the client device Information to the respondent. / 谷 谷 33. The machine-readable media as described in item 31 of the scope of the patent application, the method: J method further includes a step 'one will require digital media content; the state' to notify a user of the client device . 3 4. The machine-readable medium as described in item 31 of the scope of patent application, the method further includes a step of suspending transmission of what is needed for playback; 10017pifl.ptc 1225352 93U No. 1 91120698 Car Ⅵ. The digital media content within the scope of patent application. 35 · A digital media content is delivered to an executable via a communication network. The digital media content is a client device. The system includes: vanadium. The digital media content is played by a distribution device. , With the format of inverse Xi Nu A put in touch with rin — · 'digital media content in the communication network of the industrial court; a check device, used to receive a message from the client ’s device from the client ’s dream device. The Sigma Haier verification device in a system configuration resource of the corpse device uses the received L data of the client device to determine whether the client device has authorization and can receive the distributed device for playback. Digital media content, and if the verification device determines that the client device is authorized to receive the delivered digital media content, the verification device will provide a decoding key to the client device to use the delivered device Decoding of digital media content for playback. 36. The system described in item 35 of the scope of patent application, further includes a device 'for storing a set of pre-approved configuration data, wherein the verification device compares the received configuration data with The set of pre-approved configuration data is compared with each other to determine whether the client device is authorized. One ... * ▲ I'A means to modify the digital media content that can be played. 37. If the system described in item 35 of the patent application scope further includes a device 'used to store a group of unauthorized approved configurations > materials', the verification device will receive all The configuration data of this group is not authorized with the group I00l7pifl.ptc 40th purchase 卩 25352 mu Revision 丄 Cover number 9112069 «f 7/07 6. Scope of patent application ΐΐϊΐ: Compare with each other 'to determine whether the client device has authorization and 乂 play the digital media content delivered. 38. The system according to item 35 of the scope of patent application, wherein the client ^ = includes a device for detecting the configuration data of the client device, and transmitting the detected configuration data to the verification Device. f9. The system according to item 35 of the scope of application for a patent, wherein after the installation device is provided to the client device, the inspection device will periodically update the configuration data updated by the client and update the μ fI. The verification device uses the receiving right to determine whether the device still has the digital media content to be sent. If the verification device no longer has the authorization to receive the digital media content delivered, the verification device will The client device stops receiving the digital media 40. The system described in item 35 of the scope of patent application, wherein the communication path is an Internet. Comment on jl · Two methods for distributing digital media content, the digital media content is t, and the network is distributed to a device that can perform the playback of the digital media content. The method includes the following steps: The format is "on the communication network". The digital media client device receives a configuration data of the client device. The configuration information includes a system configuration information of the client device, and uses the received client device. The configuration data of the device determines that the customer is authorized to receive the data delivered for playback. Page 41 1225352 Weaving ------ * Case No. 91120 8: Amended in the afternoon of January __ Sixth, the scope of patent application-media content; and if the client device is determined to be authorized, it can receive the distribution The digital media content provides a decoding key to the client device to decode the distributed digital media content. 4 2 · The method described in item 41 of the scope of patent application, further comprising the following steps: storing a group of pre-approved configuration data; and comparing the received configuration data with the group of pre-approved configuration data Information is compared with each other. 4 3 · The method described in item 4 丨 of the scope of patent application, further comprising the following steps: storing a group of unauthorized configuration data; and receiving the configuration data with the group of unauthorized The approved configuration data is compared with each other. 44. The method as described in item 41 of the scope of patent application, further comprising the following steps: receiving an updated configuration data from the client device; using the received updated configuration data to determine the client device, It still has authorization to receive the distributed digital media content; and if the client device team 1 heart, V · ..., eight users from the team pole X's digital media content, stop distributing the digital media to the client device. 4 5 · The method described in item 4 丨 of the patent scope of Shenyan, wherein the communication network is an Internet. ° -----