TAMPER PREVENTION AND DETECTION FOR VIDEO PROVIDED OVER A NETWORK TO A CLIENT

US 20070271189A1
Filed: 11/30/2006
Published: 11/22/2007
Est. Priority Date: 12/02/2005
Status: Active Grant

First Claim

Patent Images

1. A server for use in detecting tampering on a client device over a network, comprising:

a repository that is configured to store tamper event objects;

a processor that is configured to perform actions, including;

providing at least one publisher component to the client device, wherein the at least one publisher component is configured to monitor for an unauthorized action on the client device, and if the unauthorized action is detected, to publish a tamper event object to the repository; and

providing at least one subscriber component to the client device, wherein at least one subscriber component is configured to subscribe to the repository, receive published tamper event objects, and based on the tamper event objects, and at least one business rule, to perform at least one defensive action.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, and method are directed to providing digital copy protection of media using a subscriber/publisher architecture. In one embodiment, a publisher employs various dynamic and/or static tamper detection, including, filter graph change detectors, ICE detectors, screen scraping detectors, debugger detectors, pattern recognizers, or the like. When a tampering event is detected by one or more of the publishers, the tamper event may be published for access by a subscriber. Published tamper events may be pushed to or pulled by the subscribers. When one or more subscribers receive the tamper event, the subscriber(s) may perform one or more tamper response actions according to various business rules, and/or other core rules.

80 Citations

View as Search Results

20 Claims

1. A server for use in detecting tampering on a client device over a network, comprising:
- a repository that is configured to store tamper event objects;
  
  a processor that is configured to perform actions, including;
  
  providing at least one publisher component to the client device, wherein the at least one publisher component is configured to monitor for an unauthorized action on the client device, and if the unauthorized action is detected, to publish a tamper event object to the repository; and
  
  providing at least one subscriber component to the client device, wherein at least one subscriber component is configured to subscribe to the repository, receive published tamper event objects, and based on the tamper event objects, and at least one business rule, to perform at least one defensive action.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The server of claim 1, wherein the at least one publisher component is configured to operate as at least one of an ICE detector, debug detector, pattern recognition detector, or a screen scraper detector.
  - 3. The server of claim 1, wherein the subscriber component receives the tamper event object using a pull protocol mechanism.
  - 4. The server of claim 1, wherein the repository is managed through a mediator component that is configured to manage receipt of the tamper event objects and to distribute the tamper event objects to one or more subscriber components and one or more publisher components.
  - 5. The server of claim 1, wherein the tamper event objects are encrypted.

6. A system that is arranged to respond to unauthorized actions on a client device, the system comprising:
- a repository that is configured to store tamper event objects;
  
  a publisher component that is configured to monitor for an unauthorized action on the client device, and if the unauthorized action is detected, to publish a tamper event object to the repository; and
  
  a subscriber component that is configured to subscribe to the repository, receive published tamper event objects, and based on the tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the subscriber component and the publisher component are configured to reside on the client device.
  - 8. The system of claim 6, wherein the subscriber component is configured to reside on a server device, and wherein the at least one defensive action further comprises at least one of terminating a media stream to the client device, disabling a decryption key associated with the media stream, or terminating an application.
  - 9. The system of claim 6, wherein the publisher component employs at least one of a sequence of different types of computer system calls and related responses to evaluate a presence of unauthorized action, or a digital fingerprint that is generated based on a plurality of parameters that are employed to generate delta events and an associated entropy and if the associated entropy exceeds a determined value detecting the unauthorized action.
  - 10. The system of claim 6, wherein the tamper event objects further comprise a time indicating when the unauthorized action is detected, and an identifier indicating a type of unauthorized action detected.
  - 11. The system of claim 6, further comprising:
    - another publisher component that is configured to perform actions, including;
      
      subscribing to received the published tamper event objects; and
      
      employing the published tamper event object to detect a presence of the unauthorized action associated with the published tamper event object on another client device.

12. A method for managing responses to unauthorized actions on a client device over a network, the method comprising:
- providing to the client device a plurality of different publisher components, each publisher component being configured to employ a different detection mechanism for detecting unauthorized actions;
  
  if an unauthorized action is detected on the client device by at least one of the plurality of different publisher components, publishing information about the unauthorized action in a tamper event object;
  
  receiving the published tamper event object by a subscriber component; and
  
  in response to receiving the published tamper event object, performing at least one action that is directed towards deterring the detected unauthorized action on the client device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the published tamper event object is published over an encrypted communications channel.
  - 14. The method of claim 12, wherein the subscriber component resides on a server, and performs at least one of terminating a transmission to the client device, disabling a decryption key, or terminating an application associated with the unauthorized action.
  - 15. The method of claim 12, wherein providing the client device a plurality of different publisher components, further comprises providing at least one of the publisher components within a stream of media content to the client device.
  - 16. A modulated data signal configured to include program instructions for performing the method of claim 12.

17. A computer-readable storage medium having computer-executable instructions for managing responses to unauthorized actions, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
- receiving a publisher component that is configured to detect an unauthorized action on the computing device;
  
  if the publisher component detects an unauthorized action on the computing device, publishing a tamper event object that includes at least a time of detection of the unauthorized action, and an identifier associated with the unauthorized action; and
  
  receiving by a subscriber component the tamper event object, wherein the subscriber component is configured to perform at least one action directed to deterring the unauthorized action on the computing device.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable storage medium of claim 17, wherein another computing device is configured to receive another publisher component that is configured to receive the published tamper event object and employ the tamper event object to monitor for the unauthorized action on the other computing device.
  - 19. The computer-readable storage medium of claim 17, wherein the publisher component is configured to employ at least one of the following detection mechanisms:
    - an integrated circuit emulator detector, a pattern recognition detector, or a screen scraper detector.
  - 20. The computer-readable storage medium of claim 17, wherein publishing the tamper event object further comprises providing the tamper event object over a secure communications channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Widevine Technologies Incorporated (Alphabet Inc.)
Inventors
Jacobs, Andre, Zhuk, Oscar, Veres, James, Morten, Glenn, Hiar, Edward, Tinker, Jeffrey

Granted Patent

US 8,689,016 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/57
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/55   Detecting local intrusion o...

H04N 21/44236   Monitoring of piracy proces...

H04N 21/6543   for forcing some client ope...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

H04N 7/173   with two-way working, e.g. ...

TAMPER PREVENTION AND DETECTION FOR VIDEO PROVIDED OVER A NETWORK TO A CLIENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TAMPER PREVENTION AND DETECTION FOR VIDEO PROVIDED OVER A NETWORK TO A CLIENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links