TWI225352B - Apparatus and method for preventing digital media piracy - Google Patents

Apparatus and method for preventing digital media piracy Download PDF

Info

Publication number
TWI225352B
TWI225352B TW91120698A TW91120698A TWI225352B TW I225352 B TWI225352 B TW I225352B TW 91120698 A TW91120698 A TW 91120698A TW 91120698 A TW91120698 A TW 91120698A TW I225352 B TWI225352 B TW I225352B
Authority
TW
Taiwan
Prior art keywords
client device
digital media
media content
configuration data
patent application
Prior art date
Application number
TW91120698A
Other languages
Chinese (zh)
Inventor
Andrej Simec
Kristie Jones
Stephen Hogben
Derek Miller
Original Assignee
Anytime Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anytime Pte Ltd filed Critical Anytime Pte Ltd
Application granted granted Critical
Publication of TWI225352B publication Critical patent/TWI225352B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention is directed to a digital verification and protection (""DVP"") system that can be implemented to protect against piracy or unauthorized reproduction of digital content that is delivered from a content provider to an end user of the content. Specifically, the preferred embodiments of the present invention detects the configuration or setup of the viewing or downloading equipment of the end user to determine whether the detected configuration or setup, including hardware and/or software setup, that may be used by the end user to copy or pirate the digital content to be delivered to the end user additionally, the present invention may be used by the content provider to require a specific minimum viewing or downloading equipment setup, such as a minimum processor speed, as precondition to accessing or viewing the digital content being requested by the end user.

Description

1225352 五、發明說明(1) 發明領域 本發明是有關於一種可以保護數位〜 到未經授權重製的一種數位媒體侵盜威脅€反 士某體,使其不會受 應系統。 習知技術 本發明可以避免對資訊和其它媒體内^ 上(例如像是網際網路的公眾網路,或θ广’或是在網路 路的私有網路)所提供的服務,做非法^像是區域網 貝。 1又并古或疋未經授權的拷 以網際網路為基礎的娛樂服務,大量地依 (streaming)和下載(down l0ading),將影像和 内 ^, 僵 傳送到客戶家中。在串流的情況下,數位媒體 個飼服器上’而且當聲音/影像畫面,在網路 ,會使用一種安裝在客戶端(cl ient)的媒體觀看”器 (media viewer),從伺服器接收和顯示聲音/影像^面, 而不必將媒體儲存在客戶端上。在下載的情況^^位媒 體是儲存在一個伺服器上,而且經由一個安裝在客戶端的 媒體觀看器’將數位媒體從網路上拷貝到客戶端的一個儲 存裝置,以供接下來的放映之用。這兩種方法的其中一個 重要問題是’被使用者所擷取的數位媒體資產,接下來會 這反資產擁有者的意願,會被再次分配(re — distribute) 出去的風險。 在許多範例中,例如像是媒體供應系統(m e d i a delivery systems),會依賴一種加密方案(encrypti〇ri s c h e m e ),來保護放止侵盜,這種方法一般被稱為數位權1225352 V. Description of the invention (1) Field of the invention The present invention relates to a kind of digital media theft threat that can protect digitals to unauthorized reproduction, and protect them against the system. Known technology The present invention can avoid illegally providing services provided on information and other media (such as the public network of the Internet, or θwide 'or private networks on the Internet). Like a regional network shell. 1 Unauthorized copying or unauthorized copying Internet-based entertainment services, streaming and downloading (down l0ading), transfer images and content to customers' homes. In the case of streaming, the digital media is on the feeder, and when the audio / video screen is on the network, a media viewer installed on the client will be used from the server. Receive and display audio / video images without having to store the media on the client. In the case of downloading, the digital media is stored on a server, and the digital media is downloaded from the media viewer via a media viewer installed on the client. A copy on the Internet to a storage device on the client for subsequent projections. One of the important issues of these two methods is' digital media assets retrieved by the user. Will, the risk of being re-distributed. In many examples, such as media delivery systems, they rely on an encryption scheme to protect against intrusion. , This method is generally called digital rights

第7頁 C02858 1225352 五、發明說明(2) 利管理(Digital Right Management, DRM)。在這種方案 下,數位媒體檔案,會藉由使用一個只有權利所有者或是 授權的配銷商(distributor)知道的私有密鑰(private k e y )加密。數位媒體會被傳送到客戶端,並且在成功的執 行客戶的身分確認(authentication)和授權認可 (authorization)之後,使用一個在伺服器和客戶端之間 交換的公用密鑰(public key)解碼(decrypt)。身分確認/ 授權認可的動作,通常會伴隨著一些付款的方式,向權利 所有者或是配銷商付費。通常這些方法已經足以保護數位 媒體檔案,免於受到未經授權的觀看。 當面臨只有使用數位權利管理,或是類似形態的加密/ 水印(e n c r y p t i ο n / w a t e r m a r k ) P方護方案時,對於想要侵盜 數位媒體者而吕’有各式各樣的機制(mechanisms)可以使 用。在顯示媒體時,客戶端的瀏覽器,貢先會解密 (decrypt),然後會對媒體執行解碼(dec〇de)(將媒體從數 位格式轉換成類比格式),以供類比襄置展示。結果是連 續串列的影像畫面’可以呈現展示給使用者。數位權利管 理並未保護,禁止對已解碼的影像晝面做拷貝。重要的 是,一旦内容被解密和解碼之後,就沒有任何保護,而且 可以允許以數位或類比型式拷貝。 在數位媒體被展示給觀眾之前,必須先被完全地解壓 縮’並且在電腦螢幕上顯示出來。影像(image)是在記憶 體中的一個位圖(bitmap),而且所有的時序(timing)和訊 號’都是在影像卡匯流排上。有可能將這些訊號,從影像Page 7 C02858 1225352 V. Description of the invention (2) Digital Right Management (DRM). Under this scheme, digital media files are encrypted by using a private key (private k y) that only the rights owner or authorized distributor knows. The digital media is transmitted to the client, and after successful execution of the client's authentication and authorization, it is decoded using a public key exchanged between the server and the client ( decrypt). Identity verification / authorization is usually accompanied by payment methods, which pay the rights owner or distributor. These methods are usually sufficient to protect digital media files from unauthorized viewing. When faced with only digital rights management or similar forms of encryption / watermark (encrypti ο n / watermark) protection schemes, there are various mechanisms for those who want to invade digital media. can use. When displaying media, the client's browser will first decrypt (decrypt) and then perform a decode (converting the media from a digital format to an analog format) for the analog display. As a result, a continuous series of video frames can be presented to the user. Digital rights management is not protected and copying of decoded images is prohibited. Importantly, once the content has been decrypted and decoded, there is no protection and it can be copied in digital or analog form. Before digital media can be shown to the audience, it must be fully decompressed 'and displayed on a computer screen. An image is a bitmap in memory, and all timings and signals are on the video card bus. It is possible to convert these signals from the image

第8頁 002S59 1225352 五、發明說明(3) 卡的特性連接器(feature connector)上,擷取(capture) 出來並且加以錄製。一旦這些訊號被擷取之後,可以使用 一組簡單的運算法則(a 1 g 〇 r i t h m ),來產生原始的未被壓 縮的電影,再藉由媒體播放器展示出來。接下來所要做 的’就是製造一個用來復製(duplication)的原版 (master)。第1圖繪示一個圖型,用來說明從串流電腦 (streaming computer)到編碼的影像光碟(Vide〇_CD, VCD )的最後產品的一個假想的數位路徑。如在第i圖中所 繪不’數位資料是從影像卡(vide〇 carcj)ii ,藉由數位錄 製裝置1 2被擷取,接下來被錄製的數位資料,會再被傳送 到一個個人電腦(PC ) 1 3,該個人電腦丨3可以使用一個可 讀寫光碟(C D - R W )來解碼一個影像光碟1 4。 、即使一般可以從串流電腦取得一個數位錄 但是需 適當的硬體,而且其程序已經超過—般盜用者的能 ^乾圍之内。了種更為簡單和快速的方法是使用類比輸 出。較特別的疋,可以經由—個掃描轉換器(scan c ο n v e r t e r ),從一個電腦卜从細丄μ 一 做類比錄製。搭配使用^一個南 ί:Π ί:掃猫轉換器,結果會與串流或是下載的 iU ::。而且可能進一步的使用其他設備,以 =侍一個數位拷貝,用以建立一個適用於建立視頻光盤 (Video-CD, VCD)的重新編碼輸出。 特别的疋如在第圖中所繪示,未壓縮的畫面會經由| 二! Γ々Ξ月匕0,展示給觀眾。絕大部分的範;都是使用 個插到電月旬背面的1 5腳的D型電冑,而且該電纔會連接Page 8 002S59 1225352 V. Description of the invention (3) On the feature connector of the card, capture it and record it. Once these signals have been captured, a simple set of algorithms (a 1 g 0 r i t h m) can be used to generate the original uncompressed movie, which is then displayed by the media player. The next thing to do is to make a master for duplication. FIG. 1 shows a pattern for explaining an imaginary digital path from a streaming computer to a final product of a coded video disc (Vide0_CD, VCD). As shown in the figure i, the digital data is captured from the video card (Video Carcj) ii through the digital recording device 12 and the next recorded digital data will be transferred to a personal computer. (PC) 1 3. The personal computer 3 can use a rewritable optical disc (CD-RW) to decode an image disc 1 4. Even though a digital record can generally be obtained from a streaming computer, proper hardware is required, and the program has exceeded—the average hacker's ability. A simpler and faster way is to use analog output. More special, you can use a scan converter (scan c ο n v er t e r) to make analog recordings from a computer and fine-grained μ. Using ^ 一 南 ί: Π ί: sweeping cat converter, the result will be streamed or downloaded iU ::. Further, other equipment may be used to create a digital copy to create a re-encoded output suitable for creating a video-CD (VCD). In particular, as shown in the picture, the uncompressed picture passes through | II! Γ々Ξ 月 刀 0, shown to the audience. The vast majority of fans; they use a 15-pin D-type battery that is plugged into the back of the electricity month, and the electricity will be connected.

1225352 五、發明說明(4) 到電腦顯示器(moni tor )上。只需要使用一個一般的掃瞄 轉換器2 1 ,就可以獲得監視器上的訊號,並且將其轉成可 以顯示在一個電視螢幕23,投影機(projector)22,或是 一個例如像是可攜式攝錄機(camcorder) 24或是一個影像 錄製器(video recorder)25上。掃猫轉換器21的輸出,可 以根據品質(通常都是直接與價位有關)而有不同。大部分 都會提供S-Video輸出,或甚至是提供類比錄製絕佳重製 品質的component輸出。雖然大部分的高階個人電腦,都 具有可以展示T V相容訊號的圖型卡,但是所展示的影像品 質,都是無法與經由掃瞄轉換器所產生的影像品質相比 較。 目前市場上有一些消費電子產品,可以將類比訊號捕 K,並且轉換成一種適用於例如像是數位錄影帶 (v i d e 〇 t a p e )的數位媒體的格式。藉由該些產品,可以經 由將被用來當成一個影像光碟27的原版(master)的電腦 2 6,對於重新編碼該電影而言,又前進了一小步,對少量 的盜用者而言,接下來會使用CD-ROM燒錄器,或是對大量 的動作而言,會使用一種CD壓模器(stamper)。在亞洲市 場内,影像光碟受到廣大的歡迎,並且是一種被廣為接收 的格式,所以絕大部分在市場上的DVD播放機,目前都是 用來播放影像光碟電影。 影像團體(video community)在以前已經面臨類比侵盜 的問題。隨著DVD的問世,已經可以使用類比輸出,從DVD 直接做高品質的拷貝錄製。這種功能是藉由使用數位水印1225352 V. Description of the invention (4) To a computer monitor (moni tor). Just use a general scan converter 2 1 to get the signal on the monitor and turn it into a TV screen 23, a projector 22, or a portable device such as a portable Camcorder 24 or a video recorder 25. The output of the cat sweep converter 21 can vary according to quality (usually directly related to price). Most will provide S-Video output, or even component output with excellent reproduction quality for analog recording. Although most high-end personal computers have graphics cards that can display TV compatible signals, the image quality displayed is not comparable to the image quality produced by the scan converter. There are currently some consumer electronics products on the market that can capture analog signals to K and convert them into a format suitable for digital media such as digital video tapes (v i d e 〇 t a p e). With these products, via the computer 2 6 which will be used as the master of an image disc 27, a small step forward for recoding the movie, for a small number of pirates, Next, a CD-ROM writer will be used, or for a large number of actions, a CD stamper will be used. In the Asian market, video discs are widely welcomed and are a widely accepted format. Therefore, most DVD players on the market are currently used to play video disc movies. The video community has previously faced the problem of analog theft. With the advent of DVD, analog output can be used to make high-quality copy recordings directly from DVD. This feature is by using a digital watermark

第10頁 002861 1225352 五、發明說明(5) (digital watermarks),或是地區密碼嵌入式資料 (steganographical ly embedded data),其中地區密碼炭 入式資料,最初是由例如像是M a c r 〇 v i s i ο η公司所導入市 場,用來禁止V H S錄製的侵盜行為。類似的系統,也可以 被實現在掃瞄轉換器上,用來中止例如像是第2圖的情 況,但是這種方法並不實際,並且對正常使用投影裝置和 電視而言,有可能會引發更多問題。 發明概述 本發明是有關於一種數位驗註和保護(d i g i t a 1 verification and protection,以下簡稱DVP)系統,可 以經由威脅反應的方法,智慧性地避免數位媒體侵盜行 為,並且減輕在許多習知的數位媒體保護系統中,常見的1 在·違反之後(post-breach),法庭的診斷程序(forensic diagnostic p r o c e s s )的需求。本發明的較佳實施例,有 助於提供一種保護,以防止未經授權的數位媒體的拷貝, 經由置頂盒(set-top boxes, STB),傳送到個人電腦或是 傳送到電視。本發明的侵盜保護,可以應用在串流和下載 數位媒體兩者之上。在高層次的說明方面,本發明的較佳 實施例,可以提供下列功能: a) 肯定地確認設備(equipment),裝置,或軟體的一個 已知(known)的部分,並且搜尋數位或類比輸出,或是與 其等量(equivalent)的輸出; 破 b) 允許數位媒體的重放(playback),只能觀看或是下 載已知或經核准的(a p p r 〇 v e d )架構裝置的設備;以及Page 10 002861 1225352 Fifth, the invention description (5) (digital watermarks), or area password embedded data (steganographical ly embedded data), where the area password carbon-type data, originally by, for example, such as Ma cr visi The company introduced the market to prohibit the intrusions recorded by VHS. A similar system can also be implemented on the scan converter to stop, for example, the situation shown in Figure 2. However, this method is not practical and may cause the normal use of projection devices and televisions. More questions. SUMMARY OF THE INVENTION The present invention is related to a digital verification and protection (digita 1 verification and protection (DVP) system), which can intelligently avoid digital media intrusion through threat response methods, and reduce many known In digital media protection systems, a common 1 is the need for a forensic diagnostic process after a post-breach. The preferred embodiment of the present invention helps to provide a protection from unauthorized digital media copying to a personal computer or a television via a set-top boxes (STB). The intrusion protection of the present invention can be applied to both streaming and downloading digital media. In terms of high-level description, the preferred embodiment of the present invention can provide the following functions: a) positively identify a known part of the equipment, device, or software, and search for digital or analog output Or equivalent output; broken b) allows playback of digital media (playback) and can only watch or download devices of known or approved architecture devices; and

第11頁 0G286: 1225352 五、發明說明(6) c )確認設備架構可以即時地更改,並且決定這樣的改 變是否構成違反安全的條件。。 本發明的目的是提供一種保護,防止數位内容的侵 盜。該保護是不准數位内容在裝置上播放,其中該裝置提 供一種機構,藉由該機構,可以拷貝已解密和解碼的媒 體。在一個D V P系統中,根據本發明的較佳實施例,想要 觀看或是使用數位内容的客戶,在可以存取或顯示數位媒 體之前,必須先得到許可(p e r m i s s i ο η )(不管該些數位媒 體,是否使用習知的例如像是數位權利管理(DRM )的反侵 盜方法,做為額外的保護)。如果根據本發明,客戶得到 存取數位内容的許可,則客戶的硬體和軟體組態 _ (configuration)或是設定(setup),就不被視為是威脅 — (也就是未經授權許可,不能重製數位内容)。再者,依照 本發明的較佳實施例,當檢測到客戶的觀看或是下載設定 的組態改變時,數位内容的傳遞,就會自動停止,並且必 須重新獲得數位媒體的許可。 本發明的另一目的,是維持一個例如像是週邊裝置和 應用程式的裝置或軟體組態資訊的資料庫,該些資訊可以 被分類成,是否為客戶在獲得存取數位内容的許可之前, 可接收或不可接收的的設定的組態。明確地說,根據本發 明的一個DVP系統,資料庫是用來決定一個特定的裝置組 態,是否被判定成威脅所要求的數位媒體。舉例來說,如 果使用者的個人電腦,連接到一個數位錄製裝置,則本發 明可以被設定成,決定具有威脅存在,並且拒絕對數位媒Page 11 0G286: 1225352 V. Description of the invention (6) c) Confirm that the equipment architecture can be changed on the fly and decide whether such changes constitute a security breach. . It is an object of the present invention to provide a protection against theft of digital content. The protection is not allowed for digital content to be played on the device, where the device provides a mechanism by which the decrypted and decoded media can be copied. In a DVP system, according to a preferred embodiment of the present invention, customers who want to watch or use digital content must obtain permission (permissi ο η) before accessing or displaying digital media (regardless of the digital Does the media use conventional anti-theft methods such as digital rights management (DRM) as additional protection? If the customer is authorized to access digital content in accordance with the present invention, the customer's hardware and software configuration or setup is not considered a threat — (i.e., unauthorized permission, Digital content cannot be reproduced). Furthermore, according to a preferred embodiment of the present invention, when a configuration change of a client's viewing or download setting is detected, the transmission of digital content is automatically stopped, and permission of the digital media must be obtained again. Another object of the present invention is to maintain a database of device or software configuration information such as peripherals and applications, which can be classified into whether or not it is the customer's permission to access digital content, Receivable or unacceptable configuration of settings. Specifically, according to a DVP system of the present invention, a database is used to determine whether a particular device configuration is determined to be a required digital medium for a threat. For example, if the user's personal computer is connected to a digital recording device, the present invention can be set to determine that a threat exists and to reject digital media

第12頁 002863 1225352 五、發明說明(7) 體的要求。如果檢測到一個未知的組態,資料庫就會被更 新,並且最好可以執行一個威脅檢驗程序,強化系統的能 力,以精確地檢測,並且反應可能的威脅。 本發明的一個優點是,提供所保護的資訊,版權資 訊,和媒體服務的安全措施。特別的是,本發明可以確 保,資訊只可以被送到,或是只可以由其組態和設定,已 經被將要被傳送的數位内容的所有者所認可的使用者所存 取。此外,這個系統也可以確保,媒體只能在由資產所有 者所認可的裝置上展示。這個系統可以避免未經授權許可 的拷貝或重製貨訊’在個別的個人電腦或例如像是電視的 媒體顯示裝置上顯示。 本發明的另一目的,是當有未經認可的使用者,裝 置胃,和動作發生時,可以通知數位内容的所有者,並且允 許數位内容所有者,使用適當的安全措施政策(security policy)或是辦法(measure),做必要的回應。 雖然本發明的實施例,較偏好使用在視頻點播系統 (Video On Demand, V0D),本發明也可以廣泛地被應用在 任何的其他特定系統,在該些系統上,數位媒體内容會從 一方傳到另一方。特別的是,本發明也可以被運用在任何 的特定應用程式上,在該些特定的應用程式上,數位媒體 被傳送到個人電腦(PC),置頂盒(STB),或是類似的裝 置,而且在該些裝置上,部分的權利持有者(rights-holder)或所有者(owner),有興趣要保護數位媒體,免於 未經授權許可的重製或使用。不管數位媒體傳送到客戶裝Page 12 002863 1225352 V. Description of the invention (7). If an unknown configuration is detected, the database is updated and it is best to perform a threat inspection process to strengthen the system's capabilities to accurately detect and respond to possible threats. An advantage of the present invention is that it provides security measures for protected information, copyright information, and media services. In particular, the present invention can ensure that information can only be sent, or can only be configured and set, by a user who has been approved by the owner of the digital content to be transmitted. In addition, this system ensures that the media can only be displayed on devices approved by the asset owner. This system prevents unauthorized copying or reproduction of the newsletter 'from being displayed on individual personal computers or media display devices such as televisions. Another object of the present invention is to notify digital content owners when unauthorized users, device stomachs, and actions occur, and allow digital content owners to use appropriate security policies Or measure, make the necessary response. Although the embodiment of the present invention is preferred to be used in a video on demand system (Video On Demand), the present invention can also be widely applied to any other specific systems on which digital media content is transmitted from one party To the other side. In particular, the present invention can also be applied to any specific application, on which digital media is transmitted to a personal computer (PC), a set-top box (STB), or a similar device, And on these devices, some rights-holders or owners are interested in protecting digital media from unauthorized reproduction or use. Regardless of digital media transmitted to customer equipment

第13頁 CG2864 1225352 五、發明說明(8) 置的方法為何,都可以應用根據本發明的系統,而且本發 明也可以被使用來,當成在習知的防止侵盜的保護系統之 外的數位媒體保護方案(digital media protection scheme)的一個額夕卜的層級° 為讓本發明之上述和其他目的、特徵、和優點能明顯 易懂,下文特舉一較佳實施例,並配合所附圖式,作詳細 說明如下。 標示之簡單說明: 11 影像卡 12 數位錄製裝置 13 電腦 14 影像光碟 2 (Γ 個人電腦 2 1 掃瞄轉換器 22 投影機 2 3 電視 2 4 可攜式數位攝錄機 25 影像錄製器 26 電腦 27 影像光碟 30 客戶裝置 3 1 組態驗證客戶程序 32 媒體觀看器 33 應用伺服器Page 13 CG2864 1225352 V. Explanation of the invention (8) What methods can be used to apply the system according to the present invention, and the present invention can also be used as a digital figure outside the conventional protection system for preventing theft A level of digital media protection scheme ° In order to make the above and other objects, features, and advantages of the present invention obvious and easy to understand, a preferred embodiment is given below with the accompanying drawings Formula, detailed description is as follows. Simple instructions for labeling: 11 video card 12 digital recording device 13 computer 14 video disc 2 (Γ personal computer 2 1 scan converter 22 projector 2 3 TV 2 4 portable digital video camera 25 video recorder 26 computer 27 Video disc 30 Client device 3 1 Configuration verification client program 32 Media viewer 33 Application server

第14頁 002865 1225352 五、發明說明(9) 34 組態驗証伺服器 35 媒體伺服器 36 數位權利管理伺服器 37 串流核發判別伺服器 38 威脅資料檔案庫伺服器 40 顯示器 41 顯示資訊 7 0 DVP伺服器 90 個人電腦或置頂盒 9 1 網際網路 9 2 訪客 93 主機網際網路伺服器 9 ί 數位權利管理 9 5 主機網際網路站點 96 J a ν a使用報告網際網路服務 97 視窗媒體服務 98 使用報告資料庫 99 DVP網際網路伺服器 101 CVServices.dll 102 SBEncrypt.dll 103 DVPAdmin.dl1Page 14 002865 1225352 V. Description of the invention (9) 34 Configuration verification server 35 Media server 36 Digital rights management server 37 Streaming identification server 38 Threat database server 40 Display 41 Display information 7 0 DVP Server 90 Personal Computer or Set-Top Box 9 1 Internet 9 2 Visitors 93 Host Internet Server 9 ί Digital Rights Management 9 5 Host Internet Site 96 J a ν a Usage Report Internet Services 97 Windows Media Service 98 Use Report Database 99 DVP Internet Server 101 CVServices.dll 102 SBEncrypt.dll 103 DVPAdmin.dl1

104 ThreatDB 10 5 C V S e r v e r網際網路服務 106 DVP管理 鬌104 ThreatDB 10 5 C V S r v e r Internet Services 106 DVP Management 鬌

第15頁 002866 1225352 五、發明說明(ίο) 10 7 CVContro 1 . cab 1 08 DVP網際網路伺服器 109 CVControl.dll 110 CVSettings.xml 111 SBEncrypt.dll 112 SOAP可再配送單元 130 客戶 13 1 伺服器 132 資料庫 1 33 編密碼組件 14 0-151 貧料結構 2 0 0 - 2 0 6 系統實體 被佳實施例 本發明是一種保護數位内容,免於侵盜或是未經授權 重製的裝置和方法。根據本發明的較佳實施例的一種DVP 系統,在開始串流傳送每個例如像是電影的數位内容時, 會根據使用者觀看設備組態檢查的結果,做出一個是否具 有危險的決定。明確地說,如果DVP系統,檢測到使用者 下載或觀看的設備組態包括一個錄製裝置,例如像是在電 腦上的一個已經啟動的可拆卸(plug-in)錄製裝置,或是 連接到置頂盒的一個錄影機(VCR),則會指示DVP系統,拒 絕傳送數位内容給使用者。另外,在整個下載或觀看期 間,D V P系統也可以被用來監視使用者的設備組態,如果 使用者設備有任何改變,例如像是加入錄製裝置到設備組Page 15 002866 1225352 V. Description of invention (ίο) 10 7 CVContro 1. Cab 1 08 DVP Internet server 109 CVControl.dll 110 CVSettings.xml 111 SBEncrypt.dll 112 SOAP redistributable unit 130 customer 13 1 server 132 Database 1 33 Coded components 14 0-151 Poor structure 2 0 0-2 0 6 System entity is a preferred embodiment. The present invention is a device and a device for protecting digital content from intrusion or unauthorized reproduction and method. According to a DVP system according to a preferred embodiment of the present invention, when starting to transmit each digital content such as a movie, a decision is made as to whether or not there is a danger according to a result of checking a device configuration check by a user. Specifically, if the DVP system detects that the device configuration downloaded or viewed by the user includes a recording device, such as a plug-in recording device that has been activated on the computer, or is connected to the top A video recorder (VCR) of the box will instruct the DVP system to refuse to send digital content to the user. In addition, the D V P system can also be used to monitor the user's device configuration during the entire download or viewing period. If the user's device changes, such as adding a recording device to the device group

第16頁 002867 1225352 五、發明說明(11) 態或設定,則可以中斷或是停止數位内容的傳送。 根據本實施例,DVP系統使用啟發式的運算法則來辨別 可能的威脅。整個程序從客戶裝置開始嘗試要存取數位媒 體開始。在這個時候,D V P系統會註冊客戶裝置相關的硬 體和軟體簡檔(p r 〇 f i 1 e )。在架構這個資訊時,系統會搜 尋特定的裝置和軟體指紋(’’fingerprints”),也就是那些 已知的,做為決定是否造成威脅所需的相關資訊。 當裝置是第一次提出,並且在一個客戶裝置簡檔 (client device profile)中註冊時,DVP系統會藉由將客 戶裝置簡檔,與在接下來的場合中所註冊的簡檔互相比 較,而改進其判別威脅的性能。當目前的和已註冊的簡 檔,在某些方面有些差異時,系統接下來會經過一個完整 的' 威脅判別程序。如此可以在不犧牲重要的安全顧慮之 下,提供一個最佳的客戶服務經驗。 以下將參考第3圖到第1 9圖,詳細說明本發明的較佳實 施例。 第3圖繪示一個根據本發明的較佳實施例的一個D V P系 統的架構。特別的是,根據本較佳實施例的D V P系統,包 括一個媒體伺服器3 5,用來儲存數位媒體内容(以已編密 碼或已解碼的形式儲存)。根據本較佳實施例的D V P系統, 同時也包括一個客戶裝置30,該客戶裝置包括一個個人電 腦(PC),一個置頂盒(STB),和任何其他可以用來顯示數 位媒體的裝置。舉例來說,典型的客戶裝置,可以包括一 個電視和一個置頂盒。其他典型的客戶裝置,也可以包括Page 16 002867 1225352 V. Description of the invention (11) State or setting, you can interrupt or stop the transmission of digital content. According to this embodiment, the DVP system uses a heuristic algorithm to identify possible threats. The entire process starts with the client device trying to access the digital media. At this time, the D V P system will register the hardware and software profiles related to the client device (p r 0 f i 1 e). When structuring this information, the system searches for specific devices and software fingerprints ("fingerprints"), which are known information that is needed to decide whether or not to pose a threat. When the device was first proposed, and When registering in a client device profile, the DVP system will improve the performance of identifying threats by comparing the client device profile with the profile registered in the following occasions. When When there are some differences between the current and registered profiles, the system will then go through a complete 'threat determination process. This can provide an optimal customer service experience without sacrificing important security concerns The following will describe the preferred embodiment of the present invention in detail with reference to FIGS. 3 to 19. FIG. 3 illustrates the architecture of a DVP system according to a preferred embodiment of the present invention. In particular, according to this The DVP system of the preferred embodiment includes a media server 35 for storing digital media content (stored in a coded or decoded form). Root The DVP system according to the preferred embodiment also includes a client device 30, which includes a personal computer (PC), a set-top box (STB), and any other device that can be used to display digital media. For example Say, a typical client device can include a TV and a set-top box. Other typical client devices can also include

第17頁 C02368 1225352 五、發明說明(12) 個個人電腦和一個顯示器。 根據本較佳實施例的D V P系統,同時也包括:一個媒體 觀看器3 2,該媒體觀看器可以是任何可以顯示數位内容的 裝置(例如像是置頂盒),包括任何可以將數位訊號,轉換 成類比訊號,以用來展示的裝置;一個應用伺服器3 3,協 調(coordinate)從客戶到伺服器/配銷商的下載或觀看要 求,一個串流核發判別伺服器(s t r e a m r e 1 e a s e c r i t e r i a server, SRC)37,用來儲存已經被判定為可接收的,用來 接收即將被傳送的數位内容的組態和設定;一個威脅資料 槽案庫伺服器(threat repository server, TRS)38,用 * 來儲存可疑的或是未知的裝置組態,並且最好可以記錄該 些組態的使用情形;一個、组態驗言正伺服器(c 〇 n f i g u r a t i ο η verification server, CVS)34 ,用來仲裁(mediate)媒體 觀看的需求;一個組態驗證客戶程序(configuration v e r i f i c a t i ο n c 1 i e n t, C V C ) 3 1 ,用來判別使用者的組態 或設定,並且提供資訊給C V S ;以及一個數位權利管理伺 月艮器(digital rights management server, DRM)3 6 ,用 來授權給已編密碼的媒體’並且提供一個解密鑰 (decryption key) ° 值得注意的是,雖然上述的各種組件,在第3圖中繪示 的是各自分開的硬體裝置,但是經由各種分享相同硬體資 源的軟體執行方法,來實施上述的功能,也是包括在本發 明的範疇之内。 第4圖繪示根據本發明的較佳實施例的一個d v P系統的Page 17 C02368 1225352 V. Description of the invention (12) Personal computer and a display. The DVP system according to this preferred embodiment also includes: a media viewer 32, which can be any device that can display digital content (such as a set-top box), including any digital signal that can be converted to Analog signals for devices used for display; an application server 3 3, coordinate download or viewing requests from customers to the server / distributor, a streamer 1 easecriteria server, SRC) 37, used to store configurations and settings that have been determined to be receivable for receiving digital content to be transmitted; a threat repository server (TRS) 38, using * for Store suspicious or unknown device configurations, and preferably record the use of those configurations; a configuration verification server (c 〇nfigurati ο η verification server (CVS) 34) for arbitration ( mediate) requirements for media viewing; a configuration verification client (configuration verificati ο nc 1 ient, CVC) 31, which is used to identify the user's configuration or settings, and provides information to CVS; and a digital rights management server (DRM) 3 6, which is used to authorize the password Media 'and provide a decryption key ° It is worth noting that although the above-mentioned various components are shown in Figure 3 as separate hardware devices, they are executed by various software that share the same hardware resources Methods to implement the above functions are also included in the scope of the present invention. FIG. 4 illustrates a d v P system according to a preferred embodiment of the present invention.

第18頁 0Ό2Β69 1225352 五、發明說明(13) 一個典型的操作模式。特別的是,一個使用客戶裝置3 0的 -消費者,首先對内容供應者,提出存取數位媒體的授權要 求,這個要求會經由CVC 31傳遞,其中CVC 31最好是安裝 在客戶裝置之内,如果不是的話,也要可以存取客戶裝置 3 0才行。當接收到這個請求,C V C 3 1會從客戶裝置3 0,得 到組態或設定資訊,並且將這個資訊,向前傳遞給CVS 3 4,供其做判定和核准。在接收到來自C V C 3 1或客戶裝置 30的核准要求之後,CVS 34會從SRC 37中,擷取或是搜尋 一個經由一個預定的核准判別規範,所預先核准的可接收 和不可接收的組態或設定的列表(1 i s t )。 ' 當接收到可接收/不可接收的組態或設定的列表之後, C V S 3 4會將客戶裝置3 0的組態或設定,與所擷取或所搜尋彳· 到’的可接收的組態或設定的列表互相比較。如果CVS 34判 定客戶裝置30的組態或設定是可接收的,則接下來CVS 34 會通知CVC 31 ,該數位内容的要求已經被核准。在CVC 31 接收到一個來自c V S 3 4,告知使用者已經被授權觀看所要 求的數位内容的通知之後,接下來CVC 31會通知客戶裝置 3 0,該要求已經被核准。此後,媒體觀看器3 2會向媒體伺 服器3 5,要求媒體内容,接下來媒體伺服器3 5會傳送數位 内容給媒體觀看器32。 值得注意的是,在檢測客戶裝置3 0的組態時,除了硬 體之外,C V C 3 1最好同時也可以檢測,是否有未經授權的 軟體常駐(residence),例如像是覆蓋Macrovision辦法的 軟體,破壞軟體(ripping software),破解(hacked)或是Page 18 0Ό2Β69 1225352 V. Description of the invention (13) A typical operation mode. In particular, a consumer using a client device 30 first asks the content provider for authorization to access digital media. This request will be passed through CVC 31, of which CVC 31 is preferably installed in the client device. , If not, you need to be able to access the client device 30. When receiving this request, C V C 31 will get the configuration or setting information from client device 30, and forward this information to CVS 3 4 for its decision and approval. After receiving an approval request from CVC 31 or client device 30, CVS 34 retrieves or searches for a pre-approved acceptable and unacceptable configuration from SRC 37 via a predetermined approval criterion Or a list of settings (1 ist). 'After receiving the list of receivable / unreceivable configurations or settings, CVS 34 will compare the configurations or settings of client device 30 with the receivable configurations retrieved or searched to Or the list of settings is compared with each other. If the CVS 34 determines that the configuration or settings of the client device 30 are acceptable, then the CVS 34 will notify the CVC 31 that the digital content request has been approved. After CVC 31 receives a notification from cVS 34 that the user has been authorized to view the requested digital content, CVC 31 then notifies client device 30 that the request has been approved. Thereafter, the media viewer 32 requests media content from the media server 35, and the media server 35 then transmits digital content to the media viewer 32. It is worth noting that when testing the configuration of the client device 30, in addition to the hardware, CVC 31 may also be able to detect whether there is unauthorized software residence, such as the method of covering Macrovision Software, ripping software, hacked or

第19頁 CC28?0 1225352 五、發明說明(14) 冒牌的(fake)DRM或是編密碼的軟體,使用者通常藉由稱 為π T r 〇 j a η軟體’’(有可能看起來像是未經授權的軟體,但 是其實是一種破壞軟體)的程式,執行非法的組態。根據 本較佳實施例的D V Ρ系統,最好可以經由檢查目前正在執 行的每一個處理程序(process)的動態鍊接庫的署名(dll Signature),以檢測Trojan軟體或是捉弄軟體(rogue software)。這有點像是DNA測試,舉例來說,捉弄軟體一 部分的特徵,是其使用DLL和其他處理程序的方法。只將 其改成其他名字(像是Word或Outlook),並沒有辦法欺騙 DVP,這是因為DVP會辨識這個處理程序的動態鍊接庫的署 · 名,該處理程序宣稱自己是類似捉弄軟體一部分的 Out 1 ook 或Word,而並不是〇ut1ook 或Word。 丨_ 、根據本發明的另一個實施例,如果DVp系統與一個習知 的編欲碼或疋水印安全系統(w a t e r m a r k s e c u r i t y system) —起使用時,就需要採用額外的安全措施辦法。 舉例來說’在第4圖中,數位内容可以用編密碼的形式, 傳送給媒體觀看器32。之後,媒體觀看器32必須向DRM 36 挺出一個。+可書(license)或授權(auth〇rizati〇n)的要 求’在此f還會判別是否應該同意授權,以及將適當的解 密鑰’或是其他類似的用來觀看所傳送的數位内容的存取 手段,傳送給客戶裝置3 〇。 在第4圖中,如果cvs 34判定客戶裝置的組態或設定是> 不可接收的’則CVS 34就會通知CVC 31 ,該數位内容的要 求被拒絕。C V C 3 1接下來會通知使用者,最好是經由媒體 .Page 19 CC28? 0 1225352 V. Description of the invention (14) Fake DRM or password-encoding software. Users usually use software called π T r 〇ja η software (which may look like Unauthorized software, but is actually a program that destroys software) and performs illegal configuration. According to the DV system of this preferred embodiment, it is best to detect Trojan software or rogue software by checking the dll signature of the dynamic link library of each process currently executing. ). It's a bit like a DNA test. For example, the trick of a piece of software is its use of DLLs and other handlers. Changing it to another name (such as Word or Outlook) does not deceive DVP because DVP recognizes the signature of the dynamic link library of this process, which claims to be part of a similar software Out 1 ook or Word, but not ut1ook or Word.丨 _ According to another embodiment of the present invention, if the DVp system is used with a conventional coding or watermarking security system (w a t e r m a r k s e c u r t y system), additional security measures need to be adopted. For example, in Figure 4, the digital content can be transmitted to the media viewer 32 in the form of a code. After that, the media viewer 32 must push one out to the DRM 36. + The requirement of license or authorization 'here will also determine whether the authorization should be agreed and the appropriate decryption key' or other similar means for viewing the transmitted digital content The access means is transmitted to the client device 30. In Figure 4, if cvs 34 determines that the configuration or setting of the client device is > unacceptable ', then CVS 34 will notify CVC 31 that the request for the digital content is rejected. C V C 3 1 will then notify the user, preferably via the media.

第20頁 CG2871 1225352 五、發明說明(15) 觀看器3 2,該數位内容的要求已經被拒絕。根據本發明的 較佳實施例,D V P系統同時也可以顯示訊息給使用者,解 釋該數位内容的要求被拒絕的原因,像是指出有一個特定 的裝置或是軟體,已經被連接到客戶裝置上,有可能造成 數位侵盜的威脅。 最後,如果在第4圖中的CVS 34,判定客戶裝置的組態 或設定,並未包含在所擷取的組態列表中,和/或屬於未 知的組態或設定,則C V S 3 4會進行繪示在第6圖中的步 驟。第6圖繪示本發明的DVP系統,在CVS 34碰到一個未知 的客戶裝置組態或設定時的操作狀況。明確地說,C V S 3 4 會將所檢測到的可疑的客戶裝置組態,傳送給TRS 38,以 在資料庫上更新未知的客戶裝置組態,這些資料接下來 (或是同一時間),可以被内容供應者用來分析數位侵盜的 威脅。 同時,CVS 34會從SRC 37,擷取出一個對可能威脅的 反應的列表,以對所檢測到的未知的客戶裝置組態,採取 適當的反應,這些反應最好是可以根據所要求的數位内 容,和提出要求的客戶裝置所在的地理區域來決定。對未 知的使用者客戶裝置組態可能威脅的反應,可以是只是簡 單地拒絕數位内容傳送的要求,同意數位内容傳送的許 可,或是同意暫時的擱置數位内容的傳送,直到隨後的條 件被滿足為止(像是使用者在一個特定的時間範圍之内, 改變其客戶裝置組態)。 如果對可能威脅的反應,規定要同意數位内容傳送的Page 20 CG2871 1225352 V. Description of the invention (15) Viewer 3 2, the request for digital content has been rejected. According to a preferred embodiment of the present invention, the DVP system can also display a message to the user at the same time, explaining why the digital content request was rejected, such as indicating that a specific device or software has been connected to the client device May pose a threat to digital theft. Finally, if CVS 34 in Figure 4 determines that the configuration or setting of the client device is not included in the captured configuration list and / or belongs to an unknown configuration or setting, then CVS 34 will The steps shown in Figure 6 are performed. Figure 6 illustrates the operation of the DVP system of the present invention when the CVS 34 encounters an unknown client device configuration or setting. Specifically, CVS 34 will send the detected suspicious client device configuration to TRS 38 to update the unknown client device configuration on the database. This data can (or at the same time) be updated. Used by content providers to analyze the threat of digital theft. At the same time, CVS 34 will extract a list of possible threat responses from SRC 37 to configure the detected unknown client devices and take appropriate responses. These responses should preferably be based on the required digital content. , And the geographic area where the requesting client device is located. Responses to possible threats to unknown user-client device configurations can be simply rejecting digital content delivery requests, agreeing to permission for digital content delivery, or agreeing to temporarily suspend digital content delivery until subsequent conditions are met (Like if the user changes their client device configuration within a specific time frame). If responding to a possible threat, provide for consent to digital content delivery

第21頁 M ::872 1225352Page 21 M :: 872 1225352

p e r m i s s i ο η )的形式有可能會有各種變化。舉例來說,一 種可能的客戶裝置組態或是使用者簡檔,可以規定暫時許 可被延長到3 0天,而另一種狀況,則有可能會允許1 〇個經 過允許的不同的要求,同時存取所要求的數位内容。 綜上所述,當客戶裝置組態的檢驗結果,與s R c已知的 組態不合時,最少有三種DVP系統可能會碰到的情況。 不具威脅 組態為S R C 3 7所知,並且檢測到不具威脅 具威脅 組態為S R C 3 7所知,並且檢測到具威脅 未知 組態不為S R C 3 7所知 如上所述,威脅檢查是根據幾個因素,包括媒體擁有There may be various changes in the form of p e r m i s s i ο η). For example, one possible client device configuration or user profile may provide that the temporary license is extended to 30 days, while another situation may allow 10 different requests that are allowed at the same time, Access the requested digital content. In summary, when the inspection result of the client device configuration does not match the known configuration of s R c, there are at least three situations that the DVP system may encounter. No threat configuration is known to SRC 3 7 and no threat configuration is known to SRC 3 7 and no threat configuration is detected to be unknown to SRC 3 7 As mentioned above, the threat check is based on Several factors, including media ownership

ηn

第22頁 002873 1225352 五、發明說明(17) 者,地理區域,和其他條件而有不同。在決定應該有何種 反應時,在判定是不具威脅,具威脅,或未知的情況之 前,系統會考慮所有的威脅判別因素。 如上所述,值得注意的是,雖然上述的裝置和其功 能,為容易說明本發明起見,都是各自分開的硬體組件, 但是將這些功能配備在不同的硬體或軟體實施方案或是圖 表中,藉以提供相同功能和結果的做法,都是包含在本發 明的範疇之内。 第5圖繪示一個根據本發明的DVP系統,當在下載或傳 送數位内容給使用者期間,有新的硬體或軟體,被加到客 戶裝置3 0上時的操作情況。明確地說,當媒體觀看器3 2正 在顯示,或是正在傳送數位内容給客戶裝置30時,CVC 31 f檢測到在客戶裝置3 0中的組態異動,而且C V C 3 1會指示 媒體觀看器3 2,停止傳送數位内容。另外,C V C 3 1會將更 新過的客戶裝置組態,轉送給CVS 34,接下來CVS 34會將 更新過的客戶裝置組態,與從SRC 37所擷取的可接收/不 可接收組態或設定列表互相比較。 如果根據CVS 34檢查的結果,DVP系統決定更新過的客 戶裝置30的組態是不可接收的,接下來CVS 31會終止 (terminate)數位内容傳送,並且使客戶裝置通知使用者 DVP系統決定做這種動作。如果CVS 34決定更新過的客戶 裝置30的組態是可接收的,則CVC 31會恢復數位内容的傳 送。如果CVS 34決定更新過的客戶裝置30的組態是未知 的,接下來就會執行在第6圖中所描述的處理程序。Page 22 002873 1225352 V. Description of the invention (17), geographical area, and other conditions vary. When deciding what kind of response should be, the system considers all threat discriminating factors before determining whether it is non-threatening, threatening, or unknown. As mentioned above, it is worth noting that although the above devices and their functions are separate hardware components for the purpose of explaining the present invention, these functions are provided in different hardware or software implementations or The methods of providing the same functions and results in the diagram are all included in the scope of the present invention. FIG. 5 shows the operation of a DVP system according to the present invention when new hardware or software is added to the client device 30 during downloading or transmitting digital content to the user. Specifically, when the media viewer 32 is displaying or transmitting digital content to the client device 30, the CVC 31f detects a configuration change in the client device 30, and the CVC 31 indicates the media viewer 3 2. Stop transmitting digital content. In addition, CVC 31 will transfer the updated client device configuration to CVS 34, and then CVS 34 will update the updated client device configuration with the receivable / non-receivable configuration retrieved from SRC 37 or The setting lists are compared with each other. If based on the results of the CVS 34 inspection, the DVP system determines that the updated client device 30 configuration is not acceptable, then the CVS 31 will terminate the digital content transmission and cause the client device to notify the user that the DVP system decides to do this. Kind of action. If CVS 34 decides that the updated client device 30 configuration is acceptable, then CVC 31 resumes transmission of digital content. If the CVS 34 decides that the configuration of the updated client device 30 is unknown, the process described in Figure 6 is executed next.

第23頁 CG2874 1225352 五、發明說明(18) 隨著時間的增加,當D V P系統對可能的威脅,和確認具 威脅的裝置和軟體所需的技術,有更深的了解之時,客戶 裝置組態的複雜度也會隨之上升。實際上,根據本發明的 D V P系統,在對威脅的判別方面,是不斷的發展,而且變 的更加智能化。 DVP系統可以用各種不同的方法,學習額外的威脅。明 確地說,當系統向T R S 3 8報告有一個未知的組態時,一個 威脅判別方面的專家,就可以分析該組態,並且透過一個 管理介面,將分析的結果通知系統。一旦結果已經被做 出,D V P系統會懂得(u n d e r s t a n d )該組態,並且可以自動 執行一個威脅判別,在該判別中,類似的組態就可以被再 一次的確認出來。 胃消費者可以使用各種新的裝置和軟體,該些裝置可以 藉由專家或是人工智慧程式,判別是否具數位侵盜威脅, 並且透過管理介面,將結果通知系統。接下來,系統就可 以在這些組態上,自動地執行威脅判別。另外,不同的内 容所有者,對可接收的客戶裝置組態,可以有不同的選 擇。舉例來說,一種内容供應者有可能需要讓他們的媒 體,只能在並未具有S-Video連接器的影像卡的裝置上播 放,而其他人可能並沒有這種限制。再者,同樣的媒體所 有者,針對特定的媒體型態(像是首輪電影)而言,可以有 不同利害關係的想法(c ο n c e r η ),或是針對不同的地理區 域而言,可以有不同利害關係的想法。在這些狀況下,可 預見的是,系統會允許威脅簡樓(threat profiles),可Page 23 CG2874 1225352 V. Description of the invention (18) Over time, when the DVP system has a better understanding of the possible threats and the technology required to identify threatening devices and software, the client device configuration The complexity will increase. In fact, the D V P system according to the present invention has been continuously developed in terms of discrimination of threats, and has become more intelligent. DVP systems can learn additional threats in a variety of ways. To be clear, when the system reports an unknown configuration to TRS 38, an expert in threat identification can analyze the configuration and notify the system of the results of the analysis through a management interface. Once the results have been made, the D V P system will understand (u n d e r s t a n d) the configuration and can automatically perform a threat discrimination, in which a similar configuration can be confirmed again. Stomach consumers can use a variety of new devices and software. These devices can use expert or artificial intelligence programs to determine whether there is a threat of digital theft and notify the system of the results through a management interface. The system can then automatically perform threat discrimination on these configurations. In addition, different content owners have different options for receivable client device configurations. For example, a content provider may need to make their media playable only on devices that do not have a video card with an S-Video connector, while others may not have such restrictions. Furthermore, the same media owner can have different interests (c ο ncer η) for a specific media type (such as the first round of movies), or for different geographic regions, Different stakes ideas. Under these conditions, it is foreseeable that the system will allow threat profiles to be threatened.

1225352 五、發明說明(19) 以隨媒體所有者,媒體項目,和地理區域而改變。本發明 的D V P系統可以被架構成,適用於新的威脅簡檔的加入。 舉例來說,將來的内容供應者,可以察覺到一個特定的網 路協定引起威脅。在這種狀況下,DVP系統可以適用於檢 測這種網路協定,並且根據更新的威脅簡檔,更加保護媒 體所有者的内容。 在根據本發明的較佳實施例的DVP系統中,如果CVC 31 ,在其硬體或軟體中,因為使用者的動作,或是其他原 因,受到某種程度的篡改(tampered),使其失效 (disabled),或是故障(malfunction),則所有的數位内 容傳送的要求,最好都可以被拒絕,直到C V C再次正常工 作為止。 ~與伺服器和網路架構相關的特定名詞,也不在本發明 的說明範圍之内。請注意沒有說明的架構的特性,在本發 明中只有少量的說明,而且不能被當成本發明的單一範 例。D V P的實施方案,在很多範例中可以不同,特別是關 於網路和伺服器架構方面。明確地說,雖然第3圖到第6圖 的較佳實施例,描述藉由網路連接的各種伺服器,一個 D V P系統的特定範例,可以具有二到多個伺服器,包含在 相同的實際計算裝置中,並且在並非是網路的裝置中互相 通訊。 第7圖繪示一個根據本發明的另一個實施例的D V P系 統。從圖中可看出,CVS 34,SRC 37,和TRS 38 ,都是包 含在D V P伺服器7 0中。第8圖繪示本發明的另一個實施例,1225352 V. Description of Invention (19) To change with media owner, media item, and geographical area. The D V P system of the present invention can be constructed and is suitable for adding a new threat profile. For example, future content providers can perceive a particular network protocol as a threat. In this situation, the DVP system can be adapted to detect such network protocols and further protect the content of the media owner based on the updated threat profile. In the DVP system according to the preferred embodiment of the present invention, if the CVC 31, in its hardware or software, is tampered to some extent due to user actions or other reasons, making it invalid. (disabled), or malfunction (malfunction), then all requests for digital content transmission should preferably be rejected until CVC works normally again. ~ Specific terms related to server and network architecture are also outside the scope of the present invention. Please note that the characteristics of the architecture are not described, there is only a small amount of description in the present invention, and it cannot be regarded as a single example of the invention. The D V P implementation can be different in many examples, especially with regard to network and server architecture. Specifically, although the preferred embodiments of FIGS. 3 to 6 describe various servers connected via a network, a specific example of a DVP system may have two or more servers, included in the same actual Computing devices, and communicating with each other on devices that are not networks. FIG. 7 illustrates a D V P system according to another embodiment of the present invention. As can be seen from the figure, CVS 34, SRC 37, and TRS 38 are all included in the D V P server 70. FIG. 8 illustrates another embodiment of the present invention.

第25頁 C02B76 1225352 五、發明說明(20) 其中,媒體伺服器35和DRM 36,都是包含在應用伺服器33 中 〇 值得注意的是,雖然本發明的主要目的,是保護數位 内容,免於受到侵盜或是未經授權的重製,但是本發明同 時也可以被用來,指定用來接收特定數位媒體的最小客戶 裝置需求。舉例來說,有些媒體所有者,可能需要客戶裝 置,在硬體,操作系統,軟體,等等方面,必須符合特定 的最小規格。這些需求通常都是出於對媒體播放品質的要 求考量。舉例來說,媒體所有者可能相信,除非該些裝置 具有一個高於某些特定的性能規格的中央處理器(CPU), 或是具有一個特定的圖形處理能力,否則該些裝置將無法 以足夠的品質,展示他們的媒體。在另一個範例中,數位 内胃容供應者,在傳送成人性質的數位内容之前,可能需要 客戶裝置配備有特定的家長控制功能(parent control m e a s u r e s )。本發明的核心部分,判別客戶裝置組態的能 力,和將該組態與可接收的組態互相比較,非常理想地搭 配,用來確保裝置必須符合最小規格。其實,有些人會視 並未符合這些最小規格的裝置,為對品質而不是對安全的 威脅。 最後,本發明不只可以應用到串流和下載數位影像, 同時也可以用在數位聲音。可以相當容易地實施本發明, 以提供保護,使數位音樂免於被侵盜。 第9圖繪示一個根據本發明的較佳實施例的一個D V P系 統的特定實施方案。明確地說,在這個特定的實施方案Page 25 C02B76 1225352 V. Description of the invention (20) Among them, the media server 35 and DRM 36 are included in the application server 33. It is worth noting that although the main purpose of the present invention is to protect digital content, In the event of a theft or unauthorized reproduction, the present invention can also be used to specify the minimum client device requirements for receiving specific digital media. For example, some media owners may require client devices that must meet certain minimum specifications in terms of hardware, operating system, software, and so on. These requirements are usually based on the requirements of media playback quality. For example, media owners may believe that unless the devices have a central processing unit (CPU) above certain performance specifications or have a specific graphics processing capability, the devices will not The quality of their media. In another example, a digital content provider may require that a client device be equipped with a specific parental control function before transmitting digital content of an adult nature. The core part of the present invention judges the ability of a client device configuration, and compares this configuration with a receivable configuration, which is ideally matched to ensure that the device must meet the minimum specifications. In fact, some people see devices that do not meet these minimum specifications as a threat to quality rather than security. Finally, the present invention can be applied not only to streaming and downloading digital video, but also to digital audio. The invention can be implemented relatively easily to provide protection from digital music being stolen. FIG. 9 illustrates a specific implementation of a D V P system according to a preferred embodiment of the present invention. To be clear, in this particular implementation

第26頁 C02877 U25352 五、發明說明(21) " ^ 客戶裝置是一個執行微軟視窗操作系統的個人電腦或 盒90 ,而且消費者使用lnternet Expl〇rer網際網路 屬覽器,存取列示有可供存取的數位内容的一個主機網際 網路站點(host web site) cCVC是一個内建在網頁(web Page)上的Active控制,與客戶裝置透過微軟的視窗管理 裝置(Windows Management Instrumentation, WMI)界面 互相連接。媒體觀看器是微軟的Media Player媒體播放 器’而且DRM伺服器是微軟的Media Rights Manager。應 用伺服器是微軟的IIS Web Server,而且CVS執行IIS,當 成一個網際網路服務。CVC和CVS透過一個簡易物件存取協 定(Simple Object Access Protocol, SOAP),安全地通 訊。TRS和SRC是一個在CVS控制之下的微軟的SQL Server 2(Γ〇〇資料庫。在第9圖中,與CVC 31相等的是CV Control, dl 1 109,與應用伺服器33相等的是DVP網站伺服 器108 ,與CVS 34 相等的是cvServices 106 ,與TRS 38 和 5{^37相等的是丁1^681別1〇4。 第1 0圖繪示本發明的較佳實施例特定實施方案的一個 特定的方面。明確地說,第1 〇圖繪示一個順序圖,用來描 述當將CVC當成軟體’下載到使用者的電腦中,所發生事 件的順序。 第1 1圖繪示本發明的較佳實施例特定實施方案的一個 特定的方面。明確地說,第丨丨圖繪示一個順序圖,用來描 述當一個主機網際網路站點的訪客,決定提出要求觀看數 位内容時,所發生事件的順序。Page 26 C02877 U25352 V. Description of the Invention (21) " ^ The client device is a personal computer or box 90 running Microsoft Windows operating system, and the consumer uses the Internet Explorer Internet Explorer to access the listing A host web site with accessible digital content. CCVC is an Active Control built into a web page and communicates with client devices through Microsoft's Windows Management Instrumentation. , WMI) interfaces are connected to each other. The media viewer is Microsoft's Media Player media player 'and the DRM server is Microsoft's Media Rights Manager. The application server is Microsoft's IIS Web Server, and CVS runs IIS as an Internet service. CVC and CVS communicate securely through a Simple Object Access Protocol (SOAP). TRS and SRC are a Microsoft SQL Server 2 (Γ〇〇 database under CVS control. In Figure 9, the equivalent to CVC 31 is CV Control, dl 1 109, and the equivalent to application server 33 is The DVP web server 108 is equivalent to CVS 34 as cvServices 106, and equal to TRS 38 and 5 {^ 37 is Ding 1 ^ 681 and 104. Fig. 10 shows a specific implementation of the preferred embodiment of the present invention. A specific aspect of the solution. Specifically, Figure 10 shows a sequence diagram that describes the sequence of events that occur when CVC is downloaded as software to a user's computer. Figure 11 shows A specific aspect of the specific implementation of the preferred embodiment of the present invention. Specifically, Figure 丨 丨 shows a sequence diagram to describe when a visitor to a host Internet site decides to request to view digital content Sequence of events that occur.

第27頁Page 27

CG287S 1225352 五、發明說明(22) 第1 2圖繪示本發明的較佳實施例特定實施方案的一個 特定的方面。明確地說’第1 2圖繪示一個順序圖,用來描 述在觀看或使用所傳送的數位内容期間,當使用者開始啟 動一個新的處理程序,或是將一個新的裝置,連接到一個 客戶裝置時,所發生事件的順序。CG287S 1225352 V. Description of the Invention (22) Figure 12 shows a specific aspect of the specific embodiment of the preferred embodiment of the present invention. Specifically, 'Figure 12 shows a sequence diagram to describe when a user starts a new processing program or connects a new device to a device while watching or using the transmitted digital content. The sequence of events that occur at the client device.

第1 3圖繪示一個順序圖,用來說明基本的網際網路服 務安全協定。明確地說,客戶從伺服器要求某些隨機資料 (random data),將這些資料編密碼,並且將這些資料傳 回給伺服器’當成一個具有業務請求(business call)的 參數。伺服器會將要送給客戶的資料編密碼,並且對比較 客戶所傳回的編密碼的資料,如果資料互相吻合,词服器 就會執行真正的業務請求。在兩邊上用來對資料編密碼的 密’碼(password),是在頻帶外(0ut_0f-band)互相交換。 編密碼的資料會以一個b a s e - 6 4編密碼形式,送回到伺服 器,因此可以使用一個SOAP字串(string)傳送。業務功能 的回傳值(return value),可以用來表示是否通過身分驗 言正(authentication) 〇 第14圖是一個實體關係(entity-relationship)圖,用 來描述根據本發明的較佳實施例的CVS 34的資料結構。值 得注意的是,第1 4圖只有少量描述,而且根據本發明的較 佳實施例,可以使用多種替代的資料庫結構來實施。Figure 13 shows a sequence diagram that illustrates the basic Internet service security protocols. Specifically, the client requests some random data from the server, encodes the data, and sends the data back to the server 'as a parameter with a business call. The server encodes the data to be sent to the customer, and compares the encrypted data sent back by the customer. If the data matches each other, the server will execute the real business request. The passwords (passwords) used to encode data on both sides are exchanged with each other outside the band (0ut_0f-band). The coded data will be sent back to the server as a b a s e-6 4 coded form, so it can be transmitted using a SOAP string. The return value of the business function can be used to indicate whether the identity authentication is passed. Figure 14 is an entity-relationship diagram, which is used to describe the preferred embodiment of the present invention. CVS 34 data structure. It is worth noting that Figures 14 and 14 are only described in a small amount, and according to the preferred embodiment of the present invention, multiple alternative database structures can be implemented.

第15圖繪示一個組裝(packaging)圖,用來描述可以被 根據本發明的較佳實施例的C V S 3 1,所直接或間接使用的 典型的系統實體。Fig. 15 shows a packaging diagram for describing a typical system entity that can be used directly or indirectly by CVS 31 according to a preferred embodiment of the present invention.

1225352 五、發明說明(23) 第1 6圖繪示一個根據本發明的較佳實施例的C v S 3 1 , 可以公開地看見的特性和方法。 第17圖繪示一個分類(ci ass)圖,用來描述cvs 34所 用,實現根據本發明的較佳實施例功能的方法。 第1 8圖繪示一個整合分類圖,其中一個網際網路站點 主機’可以建立一個Java Script framework方法,用來 與根據本發明的較佳實施例的C V C 3 1結合。 第19圖繪示一個編密碼圖,用來描述sNEncrypt.dll所 暴露的功能,該S N E n c r y p t · d 1 1提供,可以被根據本發明 的較佳實施例的CVC 31和CVS 34,兩者之間可以使用的 SOAP 挑戰-反應安全機構(challenge-Response security mechanism) 〇 •雖然本發明已以較佳實施例揭露如上,然其並非用以 限定本發明’任何熟習此技藝者,在不脫離本發明之精神 與範圍内’當可作少許之變動與潤飾,因此本發明之保護 範圍當視後附之申請專利範圍所界定者為準。1225352 V. Description of the invention (23) Figure 16 shows the characteristics and methods of C v S 3 1 according to a preferred embodiment of the present invention, which can be seen publicly. Figure 17 shows a ciss diagram for describing the method used by cvs 34 to implement the functions of the preferred embodiment of the present invention. Figure 18 shows an integrated classification diagram, in which an Internet site host 'can create a Java Script framework method for combining with CV C 31 according to the preferred embodiment of the present invention. FIG. 19 shows a cryptographic diagram for describing the functions exposed by sNEncrypt.dll. The SNE ncrypt · d 1 1 is provided and can be used by CVC 31 and CVS 34 according to the preferred embodiment of the present invention. Available SOAP challenge-Response security mechanism 〇 • Although the present invention has been disclosed in the preferred embodiment as above, it is not intended to limit the present invention. 'Any person skilled in the art will not depart from this. Within the spirit and scope of the invention, 'a few changes and modifications can be made. Therefore, the scope of protection of the present invention shall be determined by the scope of the attached patent application.

第29頁 S80 1225352 圖式簡單說明 第1圖繪示一個從一個電腦到編碼的影像光碟的數位内 容的可能路徑的例圖; 第2圖繪示一個使用類比數位轉換裝置的可能的錄製或 重製方案的例圖; 第3圖繪示一個根據本發明的較佳實施例的一個D V P系 統架構(a r c h i t e c t u r e )的例圖; 第4圖繪示一個根據本發明的較佳實施例的一個D V P系 統操作特性(〇 p e r a t i n g c h a r a c t e r i s t i c s )的例圖; 第5圖繪示另一個根據本發明的較佳實施例的一個DVP 系統操作特性的例圖; 第6圖繪示再另一個根據本發明的較佳實施例的一個 D V P系統操作特性的例圖; \ 第7繪示一個根據本發明的另一個較佳實施例的D V P系 統架構的例圖; 第8繪示一個根據本發明的一個可替代的實施例的D V P 系統架構的例圖; 第9繪示一個根據本發明的較佳實施例的D V P系統的一 個特定的實現方案(implementation)的例圖; 第1 0繪示一個根據本發明的較佳實施例的D V P系統的另 一個特定的實現方案的例圖; 第1 1繪示一個根據本發明的較佳實施例的D V P系統的另 一個特定的實現方案的例圖; 第1 2繪示一個根據本發明的較佳實施例的D V P系統的再 另一個特定的實現方案的例圖;Page 80 S80 1225352 Brief description of the diagrams Figure 1 shows an example of a possible path from a computer to the digital content of an encoded video disc; Figure 2 shows a possible recording or reproduction using an analog digital conversion device An example diagram of the manufacturing scheme; FIG. 3 illustrates an example diagram of a DVP system architecture according to a preferred embodiment of the present invention; FIG. 4 illustrates a DVP system according to a preferred embodiment of the present invention Example of operating characteristics (〇peratingcharacteristi cs); FIG. 5 shows an example of the operating characteristics of a DVP system according to another preferred embodiment of the present invention; FIG. 6 shows another preferred embodiment of the present invention. An example of the operating characteristics of a DVP system in the embodiment; \ 7 shows an example diagram of a DVP system architecture according to another preferred embodiment of the present invention; 8 shows an alternative implementation according to the present invention Example DVP system architecture; Figure 9 shows a specific implementation of a DVP system according to a preferred embodiment of the present invention (i Figure 1 shows an example of another specific implementation of a DVP system according to a preferred embodiment of the present invention. Figure 1 shows a DVP according to a preferred embodiment of the present invention. An example diagram of another specific implementation scheme of the system; FIG. 12 shows an example diagram of another specific implementation scheme of a DVP system according to a preferred embodiment of the present invention;

第30頁 1225352 圖式簡單說明 第1 3繪示一個根據本發明的較佳實施例的D VP系統的再 另一個特定的實現方案的例圖; 第1 4繪示一個根據本發明的較佳實施例的DVP系統的再 另一個特定的實現方案的例圖; 第1 5繪示一個根據本發明的較佳實施例的D V P系統的再 另一個特定的實現方案的例圖; 第1 6繪示一個根據本發明的較佳實施例的DVP系統的再 另一個特定的實現方案的例圖; 另 第1 7繪示一個根據本發明的較佳實施例的D V P系統的再 -個特定的實現方案的例圖; 另 第1 8繪示一個根據本發明的較佳實施例的DVP系統的再 -個特定的實現方案的例圖;以及 ~第1 9繪示一個根據本發明的較佳實施例的D V P系統的再 另一個特定的實現方案的例圖。1225352 on page 30. Brief description. Figure 1 3 shows another example of a specific implementation of the D VP system according to a preferred embodiment of the present invention. Figure 1 4 shows a preferred embodiment according to the present invention. An example diagram of yet another specific implementation scheme of the DVP system of the embodiment; FIG. 15 shows an example diagram of another specific implementation scheme of the DVP system according to a preferred embodiment of the present invention; and FIG. 16 shows An example of another specific implementation of the DVP system according to the preferred embodiment of the present invention is shown; and the seventh to seventeenth is a specific implementation of the DVP system according to the preferred embodiment of the present invention. An example of the solution; another eighteenth is an example of a specific implementation of the DVP system according to a preferred embodiment of the present invention; and ~ nineteenth is a preferred implementation according to the present invention An example of another specific implementation of the example DVP system.

第31頁Page 31

Claims (1)

1225352 1225352 ---案號 91120fiQR 六、申請專利範圍 種避免未經授權而重_ 數位媒體内容係經一通訊網製數位媒體内容之系統,該 媒體内容播放的客戶裝置,,配送到一可以執行該數位 -媒體伺服器,用來儲: 一組態驗証伺服器,用來^數位媒體内容;以及 ,的一組態資料,該組態資〜客戶裝置接收該客戶裴 態資訊, 、匕括该客戶裝置的一系統組 一中,ό亥組態驗言正伺服 f的該組態資料,判定該客使^接收到的該客戶裝 收該,存的數位媒體内容用來;】疋=有授權’可以接 =器,會將該所儲存的數位::::容:則該組態驗t正伺 傳送到該客户裝置,供其播放。谷,從該媒體伺服器, 飼服2器如圍第?項所述之系統,更加包括-判別 態驗註飼服器,二的組態資料’其中,該組 權,可以播較’以判定該客戶裝置是否具有授 3 敌3亥錯存的數位媒體内容。 資料檔案二專二範圍第1項所述之系統,更加包括一威脅 料,其中,=:驗用來儲存一組未經授權核准的組態資 料,與該組未經;::正伺服器二將所接收到的該組態資 客戶裝置是否准的組;J料互相比較,以判定該 有技權,可以播放該儲存的數位媒體内 10017pifl.ptc 第32頁 ΛΙ 91120698 12253521225352 1225352 --- Case No. 91120fiQR VI. Patent application scopes to avoid unauthorized re-entry The digital-media server is used to store: a configuration verification server for ^ digital media content; and, a configuration data, the configuration data ~ the client device receives the client's state information, and In a system group 1 of the client device, the configuration tester verifies the configuration data of the server f, and determines that the client receives the client's receipt of the stored digital media content; Authorization can be connected to the device, and will store the stored digital ::::: The configuration verification t is being transmitted to the client device for playback. Gu, from the media server, the feed 2 device as described in the first item of the system, and further includes-discriminant state injection feed device, the configuration data of the second 'where, this group of rights can be broadcast compared to' It is determined whether the client device has digital media content that is misplaced. The system described in item 1 of the scope of data file 2 and 2 further includes a threat material, where =: is used to store a group of unauthorized configuration data, and the group is not; :: server The second group is whether the received configuration equipment client device is accurate; J materials are compared with each other to determine the technical right and can be played in the stored digital media 10017pifl.ptc page 32 ΛΙ 91120698 1225352 —-----—不— 申請專利範圍 1年>1曰厂。曰 容 4.如申請專利範圍第丨項所述之系統,更加 伺服器,與該客戶裝置和該媒體伺服器搭配運作,1 調將該儲存的數位媒體内容,從該媒體伺服器來= 客戶裝置。 得送到該 5·如申請專利範圍第丨項所述之系統,其中,該 置包括一裝置,用來檢測該客戶裝置的該組態資^^ 4檢測到的組態資料,傳送到該組態驗証伺服器。 : 6·如申請專利範圍第丨項所述之系統,其中該 位媒體内容包括複數個影像檔案,而且其中該客戶署, 包括媒體觀看器,用來觀看該些影像檔案。 、 請專利範圍第1項所述之系統,*中,在傳 器,會週期性地從該客戶駐嬰 ^ 壬^ “驗逆伺服 該組態驗言正祠服器,接收一更新的組態資料, 判定該客戶裝置是否仍^接收的更新過的組態資料,以 位媒體内容:有授權’可以播放該館存的數 LHC存的數位媒體…則該組以: 8.如申請專利範數位媒體内容的傳送。 數位媒體内容,是以:所述之系統中’該儲存的 置。 編费碼的格式,傳送到該客戶裝 9 ·如申清專利範圍第 、 一解碼鑰給該客戶裝置項所述之系統,更加包括一提供 的裝置,用來將以編密碼的袼式,—-----— No—Scope of patent application 1 year > 1 factory. Yue Rong 4. The system described in item 丨 of the scope of patent application, which is a server, works with the client device and the media server, and the 1st tone stores the stored digital media content from the media server = client Device. It can be sent to the system according to item 5 of the scope of patent application, wherein the device includes a device for detecting the configuration data of the client device. The detected configuration data is transmitted to the device. Configuration verification server. : 6. The system described in item 丨 of the scope of patent application, wherein the media content includes a plurality of image files, and wherein the client department, including a media viewer, is used to view the image files. 1. Please refer to the system described in item 1 of the patent scope. * In the transmitter, the client will periodically receive the baby from the customer ^ ^ "Inverse check servo configuration configuration test word server, receive an updated set Status data, to determine whether the client device is still receiving the updated configuration data, using the media content: authorized to 'play the digital media stored in the library's LHC's ... then this group starts with: 8. If applying for a patent Digital media content transmission. Digital media content is based on the system: 'the stored location.' The code format is transmitted to the client device. The system described in the client device item further includes a provided device for encrypting the password, 10017pifl.ptc 第33頁 —j號 9m_Q« 六、申請專利範^圍 修正 傳,到:客戶裝置的該數位媒體内容解碼。 數伤Λ甘種避免未經授權而重製數位媒體内容之方法’該 婼辦rj體内谷係經一通訊網路而配送到一可以執行該數位 媒體内容播放的客戶裝置,該方法包括下列步驟: 储存該數位媒體内容; 離亥客戶裝置,接收該客戶裝置的一組態資料,該組 〜、貝料包括該客戶褒置的—系統組態資訊; 戶梦甚用曰所接收到的该客戶裝置的該組態資料,判定該客 以疋否具有授權,可以播放該儲存的數位媒體内容; 播放將該儲存的數位媒體内容,傳送到該客戶裝置,供其 步::如申請專利範圍第10項所述之方法,更加包括下列 儲存一組預先核准的組態資料;以及 料互將:比接較收到的該組態資料,與該組預㈣^ “2:如申請專利範圍第1〇項所述之方法,更加包括下列 儲存一組未經授權核准的組態資料,·以及 將所接收到的該組態資料,與該 態資料互相比較。 且禾絰杈權核准的級 1 3·如申請專利範圍第丨〇項所述之 的數位媒體内·容,是以一編密碼的袼式所傳^。,5亥儲存 IMS 第34頁 10〇17pifi.ptc 1225352 Hip:: ## Q119/Vfed«;; 丄 .L CL____________________________________—... i /、、申請專利範圍 PJ a _〇曰 、申請專利範圍…一—一一 1 4 ·如申請專利範圍第1 3項所述之方法,更加包括一步 禪、’提供一解碼鑰給該客戶裝置’用來將以編密碼的格式 傳送的該儲存的數位媒體内容解碼。 1 5 ·如申請專利範圍第1 〇項所述之方法,更加括下列 步驟: =在傳送該儲存的數位媒體内容到該客戶裝置期間,從 該客戶裝置,接收一更新的組態資料; 曰使用該接收的更新過的組態資料,以判定該 J否仍然具有授權’可以播放該儲存的數位媒體内容'以 如果判定該客戶裝置不再具有授權播放 媒體内容,就偉卜兮枝六从 μ儲存的數位 16· 一種機器可讀取媒體,包括一组寻k。 來使一電腦執行一方法,用 執仃的指令,用 訊網路上,配送到一可以=的重製在-通 裝置上的數位媒體内纟,該 體内容播*的客戶 儲存該數位媒體内容; 匕括下列步驟: 從该客戶裝置,接收該客戶 態資料包括該客戶裝置的—系统組置的二組態資料,該組 使用所接收到的該客戶穿、、〜、貝訊,· 以及 將該儲存的數位媒體内容 播放。 …授權,4=媒=客 ’傳送到該客戶農置,供其 第35頁 10017pifl.ptc 卺% 1修丄匕I 案號 9112〇im 1225352 7?午丄月ί。曰 六 申請專利範圍 ___ 17·如申請專利範圍第16項所述之機器可 中該方法更加包括下列步驟: 媒體,其 儲存一組預先核准的組態資料;以及 將所接收到的該組態資料,與該組預先 料互相比較。 谓无核准的組態資 18.如申請專利範圍第16項所述之機器 中該方法更加包括下列步驟: -取媒體’其 儲存一組未經授權核准的組態資料;以及 將所接收到的該組態資料,與該組未 態資料互相比較。 不丄抆權核准的纽 19·如申請專利範圍第16項所述之機器 中該方法更加包括下列步驟: 飞取媒體,其 將要傳送到將該客戶裝置的該儲存的數 編密碼;以及 J默位媒體内容, 提供該客戶裝置一解密碼,用來對該編密碼 數位媒體内容解碼。 ⑹在碼的儲存的 20.如申請專利範圍第16項所述之機器可 中该方法更加包括下列步驟: 媒體,其 在傳送该儲存的數位媒體内容到該客 該客戶裝置,接收一更新的組態資料;裝置期間’從 使用該#收的更新過的、组態資# ’以#定該客 疋否仍然具有授權,可以播放該儲存的數 、置 及 。双议嫖體内容;以 如果判定該客戶裝置不再具有授權播放該儲存的數位10017pifl.ptc Page 33 —j No. 9m_Q «VI. Patent application scope ^ Amendment Pass to: Decode the digital media content of the client device. A method to prevent digital media content from being reproduced without authorization by the number of injured individuals. The system's internal body is distributed via a communication network to a client device that can perform playback of the digital media content. The method includes the following steps: : Store the digital media content; leave the client device to receive a configuration data of the client device, the group ~, the material includes the system configuration information set by the client; Humeng even used the received The configuration data of the client device determines whether the client is authorized to play the stored digital media content; the stored digital media content is played and transmitted to the client device for further steps: if the scope of patent application The method described in item 10 further includes the following storage of a set of pre-approved configuration data; and material exchange: comparing the configuration data received with the group in advance ^ "2: If the scope of patent application The method described in item 10 further includes the following storage of an unauthorized set of configuration data, and comparing the received configuration data with the status data. The level of approval of the copyright is 1 3. The contents of the digital media as described in the scope of the patent application No. 丨 0 are transmitted in the form of a password ^, 5Hai storage IMS Page 34 1017pifi .ptc 1225352 Hip :: ## Q119 / Vfed «;; 丄 .L CL____________________________________ —... i /, the scope of patent application PJ a _〇 said, the scope of patent application ... 1-1-1 4 The method described in item 13 further includes a step of 'providing a decoding key to the client device' to decode the stored digital media content transmitted in a coded format. 1 5 • As described in the patent application The method described in item 10 further includes the following steps: = During the transmission of the stored digital media content to the client device, receiving an updated configuration data from the client device; using the received updated group State data to determine whether the J still has the authority to 'play the stored digital media content'. If it is determined that the client device no longer has the authority to play the media content, the storage of Bit 16. A machine-readable medium, including a set of k-homing, to enable a computer to execute a method, use the executed instructions, and use the network to distribute to a digital device that can be reproduced on a communication device. Inside the media, the client of the content broadcast * stores the digital media content; the following steps are performed: receiving the client state data from the client device, including the two configuration data of the client device's-system configuration, the group uses Received the customer ’s wear, digital media, content, and playback of the stored digital media content.… Authorized, 4 = media = customer ’was transmitted to the customer's farm for 10035pifl.ptc on page 35 卺% 1 Repair Dagger I Case No. 9112〇im 1225352 7? The scope of the six patent applications ___ 17. The method described in item 16 of the patent application scope may further include the following steps: a medium storing a set of pre-approved configuration data; and receiving the set of received State data, compared with this group's expectations. Described as unapproved configuration data 18. The method as described in item 16 of the scope of patent application further includes the following steps:-fetching the media 'which stores a set of unauthorized configuration data; and receiving the received configuration data The configuration data of the comparison with the group of unstated data. Unauthorized approval 19. The method in the machine described in item 16 of the scope of patent application further includes the following steps: flying the media, which will be transmitted to the stored serial number of the client device; and J The media content is silently provided, and the client device is provided with a decryption code for decoding the encrypted digital media content. ⑹The storage of the code 20. The method described in item 16 of the scope of patent application may include the following steps: a medium, which transmits the stored digital media content to the client device, and receives an updated Configuration data; during the installation, 'from the use of the updated, configuration data #' received by # to determine whether the customer still has the authorization to play the stored data. Double talk about body content; if it is determined that the client device no longer has permission to play the stored digital 122^352 年月Ί止Ended 122 ^ 352 媒,内各,就停止該儲存的數位媒體内容的傳送。 數位媒體而重製數位媒體内容之系統,該 媒體内訊網路而配送到一可以執行該數位 _円谷播放的客戶裝置,該系統包括·· 二儲存裝置,用來儲存一個數位媒體内容; 細驗証裝置,用來從該客戶裝置接收該客戶梦置的一 訊υ料’該組態資料包括該客戶裝置的一系統組態資 植離其欠中粗該4驗言正裝置,使用所接收到的該客戶裝置的該 在二二判定該客戶裝置是否具有授權,可以接收該儲 存的數位媒體内容,以& 按收㈣ ,、中,如果該驗証裝置,判定該客戶裝置具有授權, 。以接收該儲存的數位媒體内容,則該驗証裝置,合 所儲存的數位媒體内容,從該儲存裝置,傳送^戶^ 置,供其播放。 衣 22·如申請專利範圍第21項所述之系統,更加包括一裝 置’用來儲存一組預先核准的組態資料,其中,該驗証裝 $ ’將所接收到的該組態資料,與該組預先核准的組態資 料互相比較,以判定該客戶裝置是否具有授權,可以播放 該儲存的數位媒體内容。 23·如申請專利範圍第21項所述之系統,更加包括一裝 用來儲存一組未經授權核准的組態資料,其中,該驗 5正裝置’將所接收到的該組態資料,與該組未經授權核准 的組態資料互相比較,以判定該客戶裝置是否具有授權,Media, each stop the transmission of the stored digital media content. Digital media and system for recreating digital media content, the media message network is distributed to a client device that can execute the digital _ Kariya broadcast, the system includes · two storage devices for storing a digital media content; A verification device for receiving a message from the client device dreamed by the client device; the configuration data includes a system configuration information of the client device; The client device that arrived here determines whether the client device is authorized to receive the stored digital media content, and press & if the verification device determines that the client device is authorized ,. In order to receive the stored digital media content, the verification device, together with the stored digital media content, transmits from the storage device ^ user ^ settings for playback. 22. The system described in item 21 of the scope of patent application, further includes a device 'for storing a set of pre-approved configuration data, wherein the verification device $' will receive the configuration data, and The set of pre-approved configuration data is compared with each other to determine whether the client device is authorized to play the stored digital media content. 23. The system described in item 21 of the scope of patent application, further comprising a device for storing a group of unauthorized configuration data, wherein the verification device 'receives the configuration data received, Compared with this set of unauthorized configuration data to determine if the client device is authorized, 1225352 案號 911206^ 六、申請專利範圍 可以播放該儲存的數 24·如申請專利範 置’用來將該儲存的 到該客戶裝置。 2 5 ·如申請專利範 裝置包括一裝置,用 將該檢測到的組態資 2 6 ·如申請專利範 數位媒體内容包括複 置’包括一觀看該些 2 7 ·如申請專利範 路是一網際網路。 位媒體内容。 圍第21項所述之系統,更加包 數位媒體内容,從該儲存裝置,裴 得送 圍第2 1項所述之系統,其中,兮 來檢測該客戶裝置的該組態資g客戶 料,傳送到該組態驗証伺服器和 圍第2 1項所述之系統,其中該儲 數個影像檔案,而且其中該客戶的 影像檔案的裝置。 ~ 圍第21項所述之系統,其中該通訊網 28·如申請專利範圍第21項所述之系統,其中,該 的數位媒體内容,是以一編密碼的格式,傳送到該客戶存 置。 戶裝 29·如申請專利範圍第28項所述之系統,更加包括— 供一解碼鑰給該客戶裝置的裝置,用來將以編密馬的格" 式’傳送到該客戶裝置的該數位媒體内容解碼。 3 0 ·如申請專利範圍第21項所述之系統,其中,在傳、、、 該儲存的數位媒體内容到該客戶裝置期間,該驗証裝置^ 週期性地從該客戶裝置,接收一更新的組態資料,該驗^ 裝置使用該接收的更新過的組態資料,以判定該客戶裝= 尺否仍然具有授權,可以播放該儲存的數位媒體内容,如 果該驗註裝置.判定該客戶裝置不再具有授權播放該儲存的1225352 Case No. 911206 ^ 6. Scope of patent application The stored number can be played. 24. If a patent application is used, it is used to store the stored data to the client device. 2 5 · If the patent application device includes a device, use the detected configuration data 2 6 · If the patent application digital media content includes resetting 'include one to watch these 2 7 · If the patent application is a The internet. Bit media content. The system described in item 21 further includes digital media content. From this storage device, Peide sends the system described in item 21, in which the configuration information of the client device is detected. The device is transmitted to the configuration verification server and the system described in item 21, wherein the image files are stored, and the customer's image files are stored therein. ~ The system described in item 21, wherein the communication network 28. The system described in item 21 in the scope of patent application, wherein the digital media content is transmitted to the client's storage in the form of a password. Home installation 29. The system described in item 28 of the scope of patent application, further including-a device for providing a decoding key to the client device, for transmitting the coded format to the client device. Digital media content decoding. 30. The system according to item 21 of the scope of patent application, wherein, during the transmission of the stored digital media content to the client device, the verification device ^ periodically receives an updated Configuration data, the check device uses the received updated configuration data to determine whether the client device is still authorized, and can play the stored digital media content, if the check device indicates the client device. No longer have permission to play the stored 1225352 修正 六、申請專利__ 3::f内容,則該驗註裝置就會停止該儲存的數 内谷的傳送。 T W數位媒體 來=可讀取媒體’包括一組可執行的指令,用 的-方法ϊΐ::=:器:執行播放一數位媒體内】 u °亥數位媒體内容,是由一内容供應者,扃谷 U路上所配送,該方法包括下列步驟: 在—通 求 向°亥内谷供應者,提出一播放該數位媒體内容的要 檢測該客戶裝置的一系統組態資訊; 者 將所檢測到的該系統組態資訊,傳送給該内容供應 從5亥内容供應者,接收可以接收 媒體内容的-授權許可。 H㈣放錢位 32·如申請專利範圍第31項所述之機器 中?亥方法更加包括下列步驟: 買取媒體,其 當接收該所要求的用來播放的數位媒體内容 性地檢測該客戶裝置的更新的系統組態資訊;以及° / 將客戶裝置的更新的系統組態資訊,傳送給 應者。 / η谷供 33.如申請專利範圍第31項所述之機器可讀取媒體,盆 :J方法更加包括一步驟’將要求數位媒體内容的一;大 態’通知該客戶裝置的一使用者。 3 4.如申請專利範圍第31項所述之機器可讀取媒體,直 中’該方法更加包括一步驟,暫停傳送用來播放的所要;1225352 Amendment 6. Applying for a patent __ 3 :: f content, the annotation device will stop the transmission of the stored data valley. TW Digital Media = Readable Media 'includes a set of executable instructions, using the -methodϊΐ :: =: device: execute playback in a digital media] u Digital media content is provided by a content provider, The method is distributed on Kariya U Road, and the method includes the following steps:-Passing to the supplier of Hayne Valley, presenting a system configuration information of the client device to play the digital media content; or the detected The configuration information of the system is transmitted to the content provider from the content provider in May, and receives a license that can receive the media content. H㈣ Put money 32. In the machine described in item 31 of the scope of patent application? The method further includes the following steps: buying the media, which receives the requested digital media for playback to detect the updated system configuration information of the client device; and ° / updates the system configuration of the client device Information to the respondent. / 谷 谷 33. The machine-readable media as described in item 31 of the scope of the patent application, the method: J method further includes a step 'one will require digital media content; the state' to notify a user of the client device . 3 4. The machine-readable medium as described in item 31 of the scope of patent application, the method further includes a step of suspending transmission of what is needed for playback; 10017pifl.ptc 1225352 93U 一t號 91120698 车 ι 六、申請專利範圍 的該數位媒體内容。 35· 一種配送數位媒體内容之 經一通訊網路而配送到一可以執,該數位媒體内容係 客戶裝置,該系統包括:钒仃该數位媒體内容播放的 配送裳置,用來以一編密碼 上,配逆兮奴Α放触rin — · 的格式’在該通訊網路 工 廷6亥數位媒體内容; 一驗註裝置,用來從該客戶梦 細能次把 展置接收該客戶裝置的一 訊, 令尸裝置的一系統組態資 〃中σ亥驗证裝置,使用所接收到的該客戶裝置的該 組L資料,判定該客戶裝置是否具有授權,可以接收該所 配送的用來播放的數位媒體内容,以及 其中,如果該驗証裝置,判定該客戶裝置具有授權, 可以接收該配送的數位媒體内容,則該驗証裝置,會提供 一解碼鑰給該客戶裝置,用來將該所配送的用來播放的數 位媒體内容解碼。 3 6 ·如申請專利範圍第3 5項所述之系統,更加包括一裝 置’用來儲存一組預先核准的組態資料,其中,該驗証裝 置,將所接收到的該組態資料,與該組預先核准的組態資 料互相比較,以判定該客戶裝置是否具有授權·一…*▲ I’ A 曰 修正 可以播放 該配送的數位媒體内容。 3 7 ·如申請專利範圍第3 5項戶斤述之系統,更加包括一裝 置’用來儲存一組未經授權核准的組態 > 料’其中,該驗 证裝置,將所.接收到的該組態資料,與該組未經授權核准10017pifl.ptc 1225352 93U No. 1 91120698 Car Ⅵ. The digital media content within the scope of patent application. 35 · A digital media content is delivered to an executable via a communication network. The digital media content is a client device. The system includes: vanadium. The digital media content is played by a distribution device. , With the format of inverse Xi Nu A put in touch with rin — · 'digital media content in the communication network of the industrial court; a check device, used to receive a message from the client ’s device from the client ’s dream device. The Sigma Haier verification device in a system configuration resource of the corpse device uses the received L data of the client device to determine whether the client device has authorization and can receive the distributed device for playback. Digital media content, and if the verification device determines that the client device is authorized to receive the delivered digital media content, the verification device will provide a decoding key to the client device to use the delivered device Decoding of digital media content for playback. 36. The system described in item 35 of the scope of patent application, further includes a device 'for storing a set of pre-approved configuration data, wherein the verification device compares the received configuration data with The set of pre-approved configuration data is compared with each other to determine whether the client device is authorized. One ... * ▲ I'A means to modify the digital media content that can be played. 37. If the system described in item 35 of the patent application scope further includes a device 'used to store a group of unauthorized approved configurations > materials', the verification device will receive all The configuration data of this group is not authorized with the group I00l7pifl.ptc 第40買 卩25352 mu 曰 修正 丄 盖號9112069« f 7年〇月 六、申請專利範圍 ΐΐϊΐ:互相比較’以判定該客戶裝置是否具有授權, 乂播放該配送的數位媒體内容。 38如申請專利範圍第35項所述之系統,其中,該客戶 ^=括I 一裝置,用來檢測該客戶裝置的該組態資料,和 將該檢測到的組態資料,傳送到該驗証裝置。 f9·如申請專利範圍第35項所述之系統,其中,在提供 裝石置給Ϊ客戶裝置之後’該驗征裝置會週期性地從該客戶 更新、® μ fI更新的組態資料,該驗証裝置使用該接收的 權,可m ^ 裝置是否仍然具有授 判定送的該數位媒體内容,如果該驗証裝置 容置不再具有授權接收所配送的該數位媒體内 内容則該驗証裝置就會使該客戶裝置停止接收該數位媒體 40.如申請專利範圍第35項所述之系統,其中該通訊 路疋一網際網路。 評jl·二種配送數位媒體内容之方法,該數位媒體内容係 t ,汛網路而配送到一可以執行該數位媒體内容播放的 、裝置’該方法包括下列步驟: 體内以^ ·編在嗎的格式’在該通訊網路上’配送該數位媒 次客戶裝置接收該客戶裝置的一組態資料,該組態 貝料I括該客戶裝置的一系統組態資訊, 使用所接收到的該客戶裝置的該組態資料,判定該客 ^ ”有授權,可以接收該所配送的用來播放的數I00l7pifl.ptc 40th purchase 卩 25352 mu Revision 丄 Cover number 9112069 «f 7/07 6. Scope of patent application ΐΐϊΐ: Compare with each other 'to determine whether the client device has authorization and 乂 play the digital media content delivered. 38. The system according to item 35 of the scope of patent application, wherein the client ^ = includes a device for detecting the configuration data of the client device, and transmitting the detected configuration data to the verification Device. f9. The system according to item 35 of the scope of application for a patent, wherein after the installation device is provided to the client device, the inspection device will periodically update the configuration data updated by the client and update the μ fI. The verification device uses the receiving right to determine whether the device still has the digital media content to be sent. If the verification device no longer has the authorization to receive the digital media content delivered, the verification device will The client device stops receiving the digital media 40. The system described in item 35 of the scope of patent application, wherein the communication path is an Internet. Comment on jl · Two methods for distributing digital media content, the digital media content is t, and the network is distributed to a device that can perform the playback of the digital media content. The method includes the following steps: The format is "on the communication network". The digital media client device receives a configuration data of the client device. The configuration information includes a system configuration information of the client device, and uses the received client device. The configuration data of the device determines that the customer is authorized to receive the data delivered for playback. 第41頁 1225352 織m ------*案號91120的8 : 午1月曰 修正__ 六、申請專利範圍 — 位媒體内容;以及 如果判定該客戶裝置具有授權,可以接收該配送的數 位媒體内容,則提供一解碼鑰給該客戶裝置,用來將該所 配送的數位媒體内容解碼。 4 2 ·如申請專利範圍第4 1項所述之方法,更加包括下列 步驟: 儲存一組預先核准的組態資料;以及 將所接收到的該組態資料,與該組預先核准的組態資 料互相比較。 4 3 ·如申請專利範圍第4丨項所述之方法,更加包括下列 步驟: 儲存一組未經授權核准的組態資料;以及 將所接收到的該組態資料,與該組未經授權核准的組 態資料互相比較。 44·如申請專利範圍第41項所述之方法,更加包括下列 步驟: 從該客戶裝置,接收一更新的組態資料; 使用所接收到的更新的組態資料,判定該客戶裝置, 疋否仍然具有授權,可以接收該配送的數位媒體内容;以 及 如果該客戶裝置 队1心,V · …,八丨户从队极X 的數位媒體内容,則停止配送該數位媒體給該客戶裝置。 4 5 ·如申睛專利範圍第4丨項所述之方法,其中該訊網 路是一網際網路。 °Page 41 1225352 Weaving ------ * Case No. 91120 8: Amended in the afternoon of January __ Sixth, the scope of patent application-media content; and if the client device is determined to be authorized, it can receive the distribution The digital media content provides a decoding key to the client device to decode the distributed digital media content. 4 2 · The method described in item 41 of the scope of patent application, further comprising the following steps: storing a group of pre-approved configuration data; and comparing the received configuration data with the group of pre-approved configuration data Information is compared with each other. 4 3 · The method described in item 4 丨 of the scope of patent application, further comprising the following steps: storing a group of unauthorized configuration data; and receiving the configuration data with the group of unauthorized The approved configuration data is compared with each other. 44. The method as described in item 41 of the scope of patent application, further comprising the following steps: receiving an updated configuration data from the client device; using the received updated configuration data to determine the client device, It still has authorization to receive the distributed digital media content; and if the client device team 1 heart, V · ..., eight users from the team pole X's digital media content, stop distributing the digital media to the client device. 4 5 · The method described in item 4 丨 of the patent scope of Shenyan, wherein the communication network is an Internet. ° ----------
TW91120698A 2002-01-29 2002-09-11 Apparatus and method for preventing digital media piracy TWI225352B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US35307602P 2002-01-29 2002-01-29

Publications (1)

Publication Number Publication Date
TWI225352B true TWI225352B (en) 2004-12-11

Family

ID=27663173

Family Applications (1)

Application Number Title Priority Date Filing Date
TW91120698A TWI225352B (en) 2002-01-29 2002-09-11 Apparatus and method for preventing digital media piracy

Country Status (2)

Country Link
CN (1) CN1435762A (en)
TW (1) TWI225352B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI562580B (en) * 2006-05-05 2016-12-11 Interdigital Tech Corp Device and method for integrity protection of information used in protocol messages exchanged between two entities in a rpotocol

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100384272C (en) * 2004-05-28 2008-04-23 英华达(上海)电子有限公司 Media data protecting method and system
US9047235B1 (en) * 2007-12-28 2015-06-02 Nokia Corporation Content management for packet-communicating devices
US9603283B1 (en) * 2015-10-09 2017-03-21 Raytheon Company Electronic module with free-formed self-supported vertical interconnects
CN113706881B (en) * 2021-07-30 2022-06-07 郑州信大捷安信息技术股份有限公司 Visible light-based vehicle fake plate detection system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI562580B (en) * 2006-05-05 2016-12-11 Interdigital Tech Corp Device and method for integrity protection of information used in protocol messages exchanged between two entities in a rpotocol

Also Published As

Publication number Publication date
CN1435762A (en) 2003-08-13

Similar Documents

Publication Publication Date Title
US20040010717A1 (en) Apparatus and method for preventing digital media piracy
US9342662B2 (en) Method and system for controlling video media
US8234217B2 (en) Method and system for selectively providing access to content
US7400729B2 (en) Secure delivery of encrypted digital content
US8572761B2 (en) Method and system for preventing unauthorized reproduction of electronic media
US7260557B2 (en) Method and apparatus for license distribution
US8280818B2 (en) License source component, license destination component, and method thereof
US20060059105A1 (en) Move component, program, and move method
US20120042391A1 (en) Method and system for protecting children from accessing inappropriate media available to a computer-based media access system
KR20020083851A (en) Method of protecting and managing digital contents and system for using thereof
WO2003061287A1 (en) A system and method for secure distribution and evaluation of compressed digital information
US7421412B2 (en) Computerized method and system for monitoring use of a licensed digital good
KR20050097994A (en) Import control of content
JP2006512658A (en) Divided rights in the approval area
US8739294B2 (en) Reporting information about users who obtain copyrighted media using a network in an unauthorized manner
US20120042134A1 (en) Method and system for circumventing usage protection applicable to electronic media
US20120042385A1 (en) Protecting copyrighted media with monitoring logic
TWI225352B (en) Apparatus and method for preventing digital media piracy
Marks et al. Technical protection measures: The intersection of technology, law and commercial licenses
Traw Technical challenges of protecting digital entertainment content
US8826445B2 (en) Method and system of deterring unauthorized use of media content by degrading the contents waveform
AU2002367530A1 (en) Apparatus and method for preventing digital media piracy
JP2002288045A (en) Contents provision method and device, contents provision program and storage medium storing the contents provision program
Guess et al. Protecting Digital Rights: Technical Approaches

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees