Systems and methods for the prevention of unauthorized use and manipulation of digital content

US 20040030912A1
Filed: 05/09/2002
Published: 02/12/2004
Est. Priority Date: 05/09/2001
Status: Active Grant

First Claim

Patent Images

1. A method for preventing unauthorized use of digital content data in a computer system comprising:

examining system devices that are operational in the system;

determining whether at least one of the operational system devices is a subversion device; and

initiating a defensive action if it is determined that at least one of the operational system devices is a subversion device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A number of systems and methods, alone, or in combination, achieve various levels of protection against unauthorized modification and distribution of digital content. This encompasses at least unauthorized study, modification, monitoring, reconstruction, and any other means for subversion from the originally intended purpose and license model of the digital content. The invention combines a number of techniques that in whole, or in part, serve to protect such content from unauthorized modification, reconstructive engineering, or monitoring by third parties. This is accomplished by means of methods which protect against subversion by specific tools operating on specific platforms as well as general tools operating on general platforms. Specific time domain attacks are identified, code modification can be identified and reversed, and virtual and emulated systems are identified. In addition, identification of in-circuit emulator tools (both software and hardware), debuggers, and security threats to running programs can be achieved.

367 Citations

78 Claims

1. A method for preventing unauthorized use of digital content data in a computer system comprising:
- examining system devices that are operational in the system;
  
  determining whether at least one of the operational system devices is a subversion device; and
  
  initiating a defensive action if it is determined that at least one of the operational system devices is a subversion device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein examining comprises examining device-specific registration data for the system devices within an operating system operating on the computer system.
  - 3. The method of claim 1 wherein examining further comprises examining system memory for the existence of system devices, determining whether the system device is a physical or virtual device, and if a determination is made that the system device is a virtual device, initiating the defensive action.
  - 4. The method of claim 1 wherein determining comprises comparing the device specific registration data to known data for each system device and if the data are not a match, initiating the defensive action.
  - 5. The method of claim 1 wherein determining comprises determining a memory latency value for the at least one system device and comparing the determined memory latency value to a known memory latency value.
  - 6. The method of claim 1 wherein if the comparison indicates that the determined and known memory latency values are not a match, initiating the defensive action.
  - 7. The method of claim 1 wherein the subversion device is a device selected from the group of devices consisting of:
    - in circuit emulator and virtual emulator.
  - 8. The method of claim 1 wherein determining comprises determining a performance parameter of the at least one operational system devices.
  - 9. The method of claim 8 wherein determining a performance parameter comprises supplying test data to the at least one operational system device, and monitoring performance data of the at least one operational device.
  - 10. The method of claim 9 further comprising comparing the performance data to actual data collected on a sample operational device, and if the comparison result is outside a predetermined range, then determining that the operational system device is a subversion device.
  - 11. The method of claim 1 wherein determining comprises dynamically loading at least one of a valid device-specific driver, device driver subcomponent, and device driver simulator component and determining whether the load was successful for that driver.
  - 12. The method of claim 1 wherein the defensive action comprises a data saturation event.
  - 13. The method of claim 1 wherein the defensive action comprises initiating a notification event for notifying other entities operating in the system of the presence of the subversion device.
  - 14. The method of claim 1 wherein the defensive action comprises a defensive action selected from the group consisting of:
    - deactivating the system devices, modifying a display coupled to the system to make information conveyed on the display unintelligible;
      
      modifying the display coupled to the system to change the position of windows on the display;
      
      suppressing undesired input signals from input devices;
      
      initiating a system reboot;
      
      invoking system destabilization through memory corruption;
      
      providing false information to the subversion device; and
      
      generating saturation data in the system.

15. A method for preventing unauthorized use of digital content data in a computer system in which a first process and a second process are active comprising:
- generating a message at the first process;
  
  receiving the message at the second process, the second process examining the message and determining whether the message is valid or invalid;
  
  the second process continuing operation upon determination that the message is valid; and
  
  the second process initiating a defensive action upon determination that the message is invalid.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 16. The method of claim 15 wherein the second process determines the message to be invalid in the event that a predetermined time period has passed before receipt of the message.
  - 17. The method of claim 15 wherein the second process tracks a timer to determine whether the predetermined time period has passed
  - 18. The method of claim 15 wherein the second process tracks a timer to determine whether an attempt to subvert system timer values has occurred.
  - 19. The method of claim 15 wherein the second process, upon determining the message to be valid, transmits the message to a third process.
  - 20. The method of claim 15 wherein the message includes an instruction to halt operation of the second process.
  - 21. The method of claim 20 wherein the message further includes an instruction to halt additional processes active in the system.
  - 22. The method of claim 15 wherein generating the message at the first process comprises encrypting the message.
  - 23. The method of claim 15 wherein receiving the message at the second process comprises decrypting the message.
  - 24. The method of claim 15 wherein the message is passed from the first process to the second process and from the second process to additional processes in a predetermined order.
  - 25. The method of claim 24 wherein the message is eventually acted upon by the first, second or additional process that is the intended recipient of the message.
  - 26. The method of claim 25 wherein the message is passed beyond the intended recipient of the message to subsequent processes in the predetermined order.
  - 27. The method of claim 24 wherein the message is passed a predetermined number of times among the processes before it is acted upon.
  - 28. The method of claim 24 wherein the message is passed a predetermined number of times among the processes, and following this, the message is inactivated.
  - 29. The method of claim 15 wherein the message includes data that is critical to operation of the recipient process.

30. A method for preventing unauthorized use of digital content data in a computer system comprising:
- recording a time value of a non-settable first timer;
  
  recording a time value of a second timer;
  
  processing an event in the system;
  
  comparing an elapsed time of the first timer with an elapsed time of the second timer following the processing of the event; and
  
  initiating a defensive action upon determination that a difference between the first elapsed time and the second elapsed time is outside a predetermined range.
- View Dependent Claims (31, 32)
- - 31. The method of claim 30 wherein the elapsed time of the first timer and the elapsed time of the second timer are monitored in response to an event trigger.
  - 32. The method of claim 30 wherein the difference being outside the predetermined range indicates that a subversion device is active in the system.

33. A method for preventing unauthorized use of digital content data in a computer system comprising:
- identifying a block of digital content data;
  
  modifying a subset of the block of digital content data from original digital content data to modified digital content data; and
  
  processing the block of digital content data such that the modified digital content data is replaced by the original digital content data prior to processing, and such that the original digital content data is replaced by the modified digital content data following processing.
- View Dependent Claims (34, 35)
- - 34. The method of claim 33 wherein the subset comprises a bit, a byte, blocks of bytes, a page, or other specifiable quantity of digital content data.
  - 35. The method of claim 34 further comprising obtaining access permission to the block of digital content data prior to modifying the subset of the block of digital content data.

36. A method for preventing unauthorized use of digital content data in a computer system comprising:
- identifying a block of digital content data;
  
  comparing the block of digital content data to known data; and
  
  initiating a defensive action upon an invalid comparison between the between the block of digital content data and the known data.
- View Dependent Claims (37)
- - 37. The method of claim 36 further comprising obtaining access permission to the block of digital content data prior to comparing the block of digital content data to the known data.

38. A method for preventing unauthorized use of digital content data in a computer system comprising:
- monitoring an input device for device events;
  
  validating whether the event is a permitted event;
  
  permitting processing of the event by the computer system based on the validation results; and
  
  initiating a defensive action if the event is not permitted.
- View Dependent Claims (39, 40)
- - 39. The method of claim 38 wherein the input device comprises a mouse or a keyboard.
  - 40. The method of claim 38 further comprising validating the input focus of the event.

41. A method for preventing unauthorized use of digital content data in a computer system comprising:
- enumerating processes that are active on the computer system;
  
  determining whether at least one of the processes is a subversion process; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The method of claim 41 wherein enumerating processes comprises examining system memory for process signatures.
  - 43. The method of claim 41 wherein enumerating processes comprises examining incremental portions of system memory.
  - 44. The method of claim 41 wherein enumerating comprises examining processes registered in a taskbar of the computer system.
  - 45. The method of claim 41 wherein enumerating comprises inspecting memory partitioning signatures of the computer system.

46. A method for preventing unauthorized use of digital content data in a computer system comprising:
- enumerating processes that are active on the computer system;
  
  determining whether at least one of the processes is a subversion process by searching the computer system memory for a known signature of a subversion process; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (47)
- - 47. The method of claim 46 wherein searching system memory comprises continuous searching of system memory.

48. A method for preventing unauthorized use of digital content data in a computer system comprising:
- enumerating processes that are active on the computer system;
  
  determining whether at least one of the processes is a subversion process by searching the computer system memory for a known memory partitioning signature of a subversion process; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (49)
- - 49. The method of claim 48 wherein the known memory partitioning signature comprises at least one of:
    - amount of memory used;
      
      memory allocation; and
      
      partitioning patterns.

50. A method for preventing unauthorized use of executable digital content data in a computer system comprising:
- in response to initiation of a defensive action to a subversion process, generating saturation data; and
  
  transmitting the saturation data on the system to overload the subversion process with data.
- View Dependent Claims (51)
- - 51. The method of claim 50 wherein the generation of saturation data is additionally initiated by a timer or event.

52. A method for preventing unauthorized use of executable digital content data in a computer system comprising:
- identifying an instruction of executable digital content data to be substituted; and
  
  substituting a synonymous instruction for the instruction to generate modified executable digital content data.
- View Dependent Claims (53, 54)
- - 53. The method of claim 52 wherein the substituted synonymous instruction is substantially immune to automated disassembly.
  - 54. The method of claim 52 wherein the substituted synonymous instruction is obfuscated in a manner that hinders manual debugging or manual disassembly.

55. A method for preventing unauthorized use of digital content data in a computer system comprising:
- examining system devices that are operational in the system to determine features that characterize the system devices;
  
  generating a signature representative of the system based on the features; and
  
  assigning the signature to the digital content data.
- View Dependent Claims (56, 57, 58, 59, 60)
- - 56. The method of claim 55 wherein the features comprise at least one of memory capacity, firmware version, clock rate, bus rate, bus type, component type, component version, and firmware version.
  - 57. The method of claim 55 further comprising encrypting the signature before assigning the signature to the digital content data.
  - 58. The method of claim 55 wherein the signature comprises combined multiple features corresponding to like multiple system devices.
  - 59. The method of claim 55 further comprising controlling installation of the digital content data based on the assigned signature.
  - 60. The method of claim 55 further comprising controlling operation of the digital content data on the system based on the assigned signature.

61. A method for preventing unauthorized use of digital content data in a computer system wherein an entity on the system includes digital content data that is distributed among a plurality of pages comprising:
- modifying at least one of the plurality of pages to replace original digital content data with modified digital content data;
  
  responding to a page fault generated in the system by determining whether the entity generating the page fault is authorized to access a page requested by the entity;
  
  determining whether the page requested by the entity is a modified page having modified digital content data; and
  
  if the entity is authorized to access the page and if the page is a modified page, replacing the modified digital content data in the page with the original digital content data.
- View Dependent Claims (62, 63, 64, 65)
- - 62. The method of claim 61 further comprising, if the entity is unauthorized, initiating a defensive action.
  - 63. The method of claim 62 wherein the defensive action comprises providing the entity with the modified digital content data.
  - 64. The method of claim 62 wherein, following replacing the modified digital content data in the page with the original digital content data, modifying others of the at least one page with modified digital content data.
  - 65. The method of claim 64 wherein the other pages that are modified with modified digital content data are pages that were previously accessed by the entity.

66. A method for preventing unauthorized use of digital content data in a computer system wherein an entity on the system includes digital content data that is distributed among a plurality of pages comprising:
- responding to a page fault generated in the system by determining whether the entity generating the page fault is authorized to access a page requested by the entity; and
  
  if the entity is unauthorized, modifying the page requested by the entity to replace original digital content data with modified digital content data.
- View Dependent Claims (67, 68, 69, 70)
- - 67. The method of claim 66 further comprising, if the entity is unauthorized, modifying other pages among the plurality of pages to replace original digital content data with modified digital content data.
  - 68. The method of claim 66 further comprising designating a subset of the plurality of pages as modification-targeted pages, and if the entity is unauthorized for access, then modifying the page requested by the entity to replace original digital content data with modified digital content data only if the page requested is designated as a modification targeted page.
  - 69. The method of claim 66 further comprising, if the entity is unauthorized, initiating a defensive action.
  - 70. The method of claim 69 wherein the defensive action comprises providing the entity with the modified digital content data.

71. A method for preventing unauthorized use of digital content data in a computer system comprising:
- requesting an installation of the digital content data at a client;
  
  transmitting the request for installation to a server;
  
  verifying, at the server, whether the requested installation is authorized, if the installation is unauthorized, transmitting an installation denial message to the client, and if the installation is authorized, transmitting an installation authorization message to the client;
  
  installing the digital content data at the client if the requested installation is authorized.
- View Dependent Claims (72, 73, 74)
- - 72. The method of claim 71 wherein verifying comprises determining whether the number of previously authorized installations exceeds a predetermined number.
  - 73. The method of claim 71 wherein the client examines system devices on the client that are operational in the system to determine features that characterize the system devices, generates a signature representative of the system based on the feature, and transmits the signature to the server with the request for installation.
  - 74. The method of claim 73 wherein the server verifies authorization of the installation based on the signature.

75. A method for preventing unauthorized use of digital content data in a computer system comprising:
- requesting use of the digital content data at a client;
  
  transmitting the request for use to a server;
  
  verifying, at the server, whether the requested use is authorized, if the installation is unauthorized, transmitting a use denial message to the client, and if the installation is authorized, transmitting a use authorization message to the client;
  
  utilizing the digital content data at the client if the requested installation is authorized.
- View Dependent Claims (76, 77, 78)
- - 76. The method of claim 75 wherein verifying comprises determining whether the number of previously authorized uses exceeds a predetermined number.
  - 77. The method of claim 75 wherein the client examines system devices on the client that are operational in the system to determine features that characterize the system devices, generates a signature representative of the system based on the feature, and transmits the signature to the server with the request for use.
  - 78. The method of claim 77 wherein the server verifies authorization of the use based on the signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SCA IPLA Holdings Incorporated (Sony Group Corp.)
Original Assignee
ECD Systems Incorporated
Inventors
Pagliarulo, Jeff, Goldman, Daniel M., Hart, John J. III, Howard, Daniel G., Lee, Andrew R., LeVine, Richard B., Merkle, James A. Jr., Bouza, Jose L.

Granted Patent

US 7,328,453 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 12/08   in hierarchically structure...

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/55   Detecting local intrusion o...

Systems and methods for the prevention of unauthorized use and manipulation of digital content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

367 Citations

78 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for the prevention of unauthorized use and manipulation of digital content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

367 Citations

78 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links