Self-protecting digital content
First Claim
1. An automated method for determining whether to allow a portion of software stored in a computer-readable memory to access to a portion of a nonvolatile memory, comprising:
- (a) receiving a reference to said portion of software wishing to receive access to said nonvolatile memory portion;
(b) computing a cryptographic hash of said software portion;
(c) comparing said computed cryptographic hash with a value stored in said nonvolatile memory;
(d) if said computed cryptographic hash matches said stored value, executing said software portion with access to said nonvolatile memory portion; and
(e) if said computed cryptographic hash does not match said stored value, not allowing said software portion to access said nonvolatile memory.
6 Assignments
0 Petitions
Accused Products
Abstract
Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title'"'"'s security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies. If pirates compromise a player or title, future content can be mastered with security features that, for example, block the attack, revoke pirated media, or use native code to correct player vulnerabilities.
135 Citations
9 Claims
-
1. An automated method for determining whether to allow a portion of software stored in a computer-readable memory to access to a portion of a nonvolatile memory, comprising:
-
(a) receiving a reference to said portion of software wishing to receive access to said nonvolatile memory portion; (b) computing a cryptographic hash of said software portion; (c) comparing said computed cryptographic hash with a value stored in said nonvolatile memory; (d) if said computed cryptographic hash matches said stored value, executing said software portion with access to said nonvolatile memory portion; and (e) if said computed cryptographic hash does not match said stored value, not allowing said software portion to access said nonvolatile memory.
-
-
2. A method for regulating access to nonvolatile digital memory connected to an audiovisual player device running a machine-executable program, said program causing said audiovisual player device to:
-
(a) receive a request from said machine-executable program that specifies; (i) a portion of said nonvolatile memory for which access is requested; and (ii) a plurality of program instructions; (b) apply a cryptographic hash function to said plurality of program instructions to compute a hash value; (c) authenticate said hash value; and (d) provided that said authentication is successful, enabling access to said requested portion of non-volatile memory by said plurality of instructions for which said hash value has been authenticated. - View Dependent Claims (3, 4, 5, 6)
-
-
7. A device for executing program code while regulating access by such program code to a protected portion of nonvolatile memory, including:
-
(a) a virtual machine configured to execute said program code; (b) an interface for receiving from said program code running in said virtual machine a request specifying; (i) a portion of said nonvolatile memory for which access is requested, and (ii) a plurality of program instructions; (c) hash logic configured to compute a cryptographic hash of said plurality of program instructions; and (d) authentication logic configured to authenticate said hash and, if said authentication is successful, executing said specified instructions in said virtual machine such that such instructions have the ability to access said nonvolatile memory. - View Dependent Claims (8)
-
-
9. An apparatus comprising program instructions stored on machine-readable media, said program adapted to cause a machine to:
-
(a) receive a request from said machine-executable program that specifies; (i) a portion of nonvolatile memory for which access is requested; and (ii) a plurality of program instructions; (b) apply a cryptographic hash function to said plurality of program instructions to compute a hash value; (c) authenticate said hash value; and (d) provided that said authentication is successful, enabling access to said requested portion of non-volatile memory by said plurality of instructions for which said hash value has been authenticated.
-
Specification