Methods and systems for encoding and protecting data using digital signature and watermarking techniques
DC CAFCFirst Claim
1. A method for protecting a digital file against unauthorized modification, the method including:
- encoding the file, the encoding including;
inserting a first watermark into the file;
inserting a plurality of signature-containing watermarks into the file, each signature-containing watermark containing the digital signature of at least a portion of the file; and
decoding at least a portion of the encoded file, the decoding including;
searching at least a portion of the encoded file for a first signature-containing watermark;
if the first signature-containing watermark is found, retrieving a first digital signature from the first signature-containing watermark, and using the first digital signature to verify the authenticity of a portion of the encoded file to which the first digital signature corresponds;
if the first signature-containing watermark is not found, searching the encoded file for the first watermark;
if the first watermark is found, inhibiting at least one use of at least a portion of the file;
if the first watermark is not found, permitting at least one use of at least a portion of the file;
whereby the plurality of signature-containing watermarks are operable to facilitate detection of modifications to the encoded file, and the first watermark is operable to facilitate detection of removal of one or more of the signature-containing watermarks from the encoded file.
4 Assignments
Litigations
1 Petition
Accused Products
Abstract
Systems and methods are provided for protecting and managing electronic data signals that are registered in accordance with a predefined encoding scheme, while allowing access to unregistered data signals. In one embodiment a relatively hard-to-remove, easy-to-detect, strong watermark is inserted in a data signal. The data signal is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The data signal is then stored and distributed on, e.g., a compact disc, a DVD, or the like. When a user attempts to access or use a portion of the data signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If the signature-containing watermark is not found, the signal is checked for the presence of the strong watermark. If the strong watermark is found, further use of the signal is inhibited, as the presence of the strong watermark, in combination with the absence or corruption of the signature-containing watermark, provides evidence that the signal has been improperly modified. If, on the other hand, the strong mark is not found, further use of the data signal can be allowed, as the absence of the strong mark indicates that the data signal was never registered with the signature-containing watermark.
-
Citations
46 Claims
-
1. A method for protecting a digital file against unauthorized modification, the method including:
-
encoding the file, the encoding including;
inserting a first watermark into the file;
inserting a plurality of signature-containing watermarks into the file, each signature-containing watermark containing the digital signature of at least a portion of the file; and
decoding at least a portion of the encoded file, the decoding including;
searching at least a portion of the encoded file for a first signature-containing watermark;
if the first signature-containing watermark is found, retrieving a first digital signature from the first signature-containing watermark, and using the first digital signature to verify the authenticity of a portion of the encoded file to which the first digital signature corresponds;
if the first signature-containing watermark is not found, searching the encoded file for the first watermark;
if the first watermark is found, inhibiting at least one use of at least a portion of the file;
if the first watermark is not found, permitting at least one use of at least a portion of the file;
whereby the plurality of signature-containing watermarks are operable to facilitate detection of modifications to the encoded file, and the first watermark is operable to facilitate detection of removal of one or more of the signature-containing watermarks from the encoded file. - View Dependent Claims (2, 3, 4, 5, 6)
generating a first watermarked segment by inserting a second signature-containing watermark into a first segment of the file;
generating a first digital signature by encrypting a hash of at least a portion of the first watermarked segment; and
generating a second watermarked segment by inserting the first signature-containing watermark into a second segment of the file, wherein the first signature-containing watermark contains the first digital signature.
-
-
3. A method as in claim 2, in which the first signature-containing watermark further includes a multi-bit guess, and in which retrieving the first digital signature from the first signature-containing watermark and using the first digital signature to verify the authenticity of the portion of the encoded file to which the first digital signature corresponds further includes:
-
using the multi-bit guess to locate the portion of the first watermarked segment to which the first digital signature corresponds;
hashing the portion of the first watermarked segment to which the first digital signature corresponds to obtain a first hash value;
decrypting the first digital signature; and
comparing the first hash value with at least part of the decrypted first digital signature.
-
-
4. A method as in claim 2, in which the digital file comprises a series of multi-bit samples, and in which the first signature-containing watermark includes a quality indicator, the quality indicator specifying the number of bits in each multi-bit sample that should be considered when using the first digital signature to verify the authenticity of the portion of the encoded file to which the first digital signature corresponds.
-
5. A method as in claim 1, in which inserting the first watermark into the file includes:
-
analyzing the file to identify a first set of mark holder candidates;
using a key to select a sub-set of the first set of mark holder candidates into which to insert a predefined payload; and
inserting the predefined payload into the selected sub-set of mark holder candidates.
-
-
6. A method as in claim 5, in which searching the encoded file for the first watermark includes:
-
identifying a second set of mark holder candidates;
generating a predefined number of random keys;
using each random key to select a sub-set of the second set of mark holder candidates, and retrieving a payload from each selected sub-set;
recording the payload retrieved from each selected sub-set;
statistically analyzing the recorded payloads for randomness; and
determining that the first watermark is present if the randomness is less than a predefined threshold.
-
-
7. A method for encoding an electronic file in a manner designed to facilitate detection of modifications to the file, the method including:
-
inserting a first hidden code into the file;
generating a plurality of modification-detection codes, each modification-detection code corresponding, at least in part, to at least one file segment; and
inserting the plurality of modification-detection codes into the file, wherein the plurality of modification-detection codes can be used to detect modifications to the file segments to which they correspond, and wherein the first hidden code can be used to detect removal of one or more modification-detection codes from the file. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
analyzing the file to identify a set of mark holder candidates;
using a key to select a sub-set of the set of mark holder candidates into which to insert a predefined payload; and
inserting the predefined payload into the selected sub-set of mark holder candidates.
-
-
12. A method as in claim 7, in which the plurality of modification-detection codes comprise a plurality of digital signatures.
-
13. A method as in claim 7, in which the plurality of modification-detection codes comprise a signed progression of hash values.
-
14. A method as in claim 7, in which the plurality of modification-detection codes comprises a plurality of hash values, and in which inserting the plurality of modification-detection codes into the file comprises:
-
concatenating a first group of modification-detection codes together to form a first combined modification-detection code;
digitally signing the first combined modification-detection code; and
inserting the signed first combined modification-detection code into the file.
-
-
15. A method as in claim 14, further including:
-
concatenating a second group of modification-detection codes to form a second combined modification-detection code;
digitally signing the second combined modification-detection code; and
inserting the signed second combined modification-detection code into the file.
-
-
16. A method for encoding a file of electronic data, the method including:
-
inserting a first watermark into a first portion of the file, the first watermark containing a payload that includes a digital signature for a second portion of the file; and
inserting a second watermark into a third portion of the file, the second watermark containing a payload that includes a digital signature for the first portion of the file. - View Dependent Claims (17)
-
-
18. A method for detecting modifications to an electronic file, the method including:
-
searching at least a portion of the electronic file for a first signature-containing watermark;
if the first signature-containing watermark is found, retrieving a digital signature from the first signature-containing watermark, and using the digital signature to verify the authenticity of a portion of the electronic file to which the digital signature corresponds;
if verification of the authenticity of the portion of the electronic file fails, inhibiting at least one use of at least part of the electronic file; and
if the first signature-containing watermark is not found, searching the electronic file for a second watermark;
if the second watermark is found, inhibiting at least one use of at least a portion of the electronic file;
if the second watermark is not found, permitting use of at least part of the electronic file. - View Dependent Claims (19, 20, 21, 22, 23)
using the guess to locate the portion of the electronic file to which the digital signature corresponds.
-
-
20. A method as in claim 18, in which the electronic file comprises a series of multi-bit samples, and in which the first signature-containing watermark includes a quality indicator, the quality indicator specifying the number of bits in each multi-bit sample that should be included when using the digital signature to verify the authenticity of the portion of the electronic file to which the digital signature corresponds.
-
21. A method as in claim 18, in which the digital signature comprises an encrypted concatenation of a plurality of hash values, each hash value comprising the hash of a sub-portion of the portion of the electronic file to which the signature corresponds.
-
22. A method as in claim 21, in which using the digital signature to verify the authenticity of a portion of the electronic file includes:
-
decrypting the concatenation of hash values;
computing a hash of a sub-portion of the electronic file; and
comparing the computed hash with at least one of the plurality of hash values in the decrypted concatenation of hash values.
-
-
23. A method as in claim 18, in which searching the electronic file for the second watermark includes:
-
identifying a set of mark-holder candidates;
generating a predefined number of random keys;
retrieving a payload using each random key;
statistically analyzing the retrieved payloads for randomness; and
determining that the second watermark is present if the randomness of the retrieved payloads is less than a predefined threshold.
-
-
24. A computer program product for detecting modifications to an electronic file, the computer program product including:
-
computer code for searching at least a portion of the electronic file for a first signature-containing watermark;
computer code for retrieving a digital signature from the first signature-containing watermark, and for using the digital signature to verify the authenticity of a portion of the electronic file to which the digital signature corresponds;
computer code for inhibiting at least one use of at least part of the electronic file if verification of the authenticity of the portion of the electronic file fails;
computer code for searching the electronic file for a second watermark if the first signature-containing watermark is not found;
computer code for inhibiting at least one use of at least part of the electronic file if the second watermark is found;
computer code for permitting at least one use of at least part of the electronic file if the second watermark is not found; and
a computer-readable medium for storing the computer codes. - View Dependent Claims (25)
computer code for decrypting the concatenation of hash values;
computer code for generating a hash of a sub-portion of the electronic file;
computer code for comparing the generated hash with at least one of the plurality of hash values in the decrypted concatenation of hash values.
-
-
26. A method for authenticating electronic data, the method including:
-
obtaining an authentication file associated with the electronic data, the authentication file containing a plurality of bash values and a plurality of hints;
using a hint to search a predefined portion of the data for a first portion of the data that potentially corresponds to a first one of the plurality of hash values;
hashing the first portion of the data to obtain a hash of the first portion of data;
comparing the hash of the first portion of the data with the first one of the plurality of hash values;
if the hash of the first portion of the data is not equal to the first one of the plurality of hash values, using the hint to locate a second portion of the data that potentially corresponds to the first one of the plurality of hash values;
hashing the second portion of the data to obtain a hash of the second portion of data; and
comparing the hash of the second portion of the data with the first one of the plurality of hash values.
-
-
27. A system for providing access to an electronic file, the system including:
-
a memory unit for storing portions of the electronic file;
a processing unit;
a data retrieval unit for loading a portion of the electronic file into the memory unit;
a first watermark detection engine for detecting a signature-containing watermark in the electronic file, and for retrieving a digital signature associated with the watermark;
a signature verification engine for verifying the integrity a portion of the electronic file using a digital signature;
a second watermark detection engine for detecting a strong watermark in the electronic file; and
a file handling unit for granting a user access to at least part of the electronic file upon successful verification of the integrity of said part of the electronic file by the signature verification engine, or upon failure to detect the presence of a signature-containing watermark by the first watermark-detection engine and failure to detect the strong watermark by the second watermark detection engine. - View Dependent Claims (28)
-
-
29. A method of detecting modifications to an electronic file, the method including:
-
encoding the electronic file by applying a first content protection technique and a second content protection technique, whereby the encoded file includes at least a first detectable characteristic and a second detectable characteristic, the first detectable characteristic indicating the application of the first content protection technique and the second detectable characteristic indicating the application of the second content protection technique;
storing the encoded file on a computer readable storage medium;
loading at least a portion of the encoded file into system memory of a decoding device;
checking the encoded file for the presence of the second detectable characteristic; and
if the second detectable characteristic is not found, checking the encoded file for the presence of the first detectable characteristic and inhibiting at least one use of at least a portion of the encoded file if the first detectable characteristic is found. - View Dependent Claims (30, 31, 32, 33, 34)
analyzing the electronic file to identify a set of mark holder candidates;
using a key to select a sub-set of the set of mark holder candidates into which to insert a predefined payload; and
inserting the predefined payload into the selected sub-set of mark holder candidates.
-
-
32. A method as in claim 30, in which checking the encoded file for the presence of the first detectable characteristic includes:
-
identifying a set of mark holder candidates;
generating a predefined number of random keys;
using each random key to select a sub-set of mark holder candidates from which to retrieve a payload, and retrieving a payload from each selected sub-set of mark holder candidates;
statistically analyzing the retrieved payloads for randomness; and
determining that the first detectable characteristic is present if the randomness is less than a predefined threshold.
-
-
33. A method as in claim 29, in which applying a second content protection technique includes inserting a plurality of signature-containing watermarks into the file.
-
34. A method as in claim 33, in which inserting the plurality of signature-containing watermarks into the file includes:
-
generating a first watermarked segment by inserting a first signature-containing watermark into a first segment of the file;
generating a first digital signature by encrypting a hash of at least a portion of the first watermarked segment; and
generating a second watermarked segment by inserting a second signature-containing watermark into a second segment of the file, wherein the second signature-containing watermark includes the first digital signature.
-
-
35. A method for encoding data to facilitate detection of modifications to the data, the method including:
-
generating a first watermarked segment by inserting a first watermark into a first segment of the data;
compressing the first watermarked segment using a predefined compression algorithm;
decompressing the compressed first watermarked segment;
generating a first signature by encrypting a hash of at least a portion of the decompressed first watermarked segment;
generating a second watermarked segment by inserting a second watermark into a second segment of the data, wherein the second watermark includes the first signature;
compressing the second watermarked segment using the predefined compression algorithm; and
transmitting the compressed first watermarked segment and the compressed second watermarked segment to a computer readable storage medium. - View Dependent Claims (36, 37, 38, 39)
decompressing the compressed second watermarked segment;
generating a second signature by encrypting a hash of at least a portion of the decompressed second watermarked segment;
generating a third watermarked segment by inserting a third watermark into a third segment of the data, wherein the third watermark includes the second signature;
compressing the third watermarked segment using the predefined compression algorithm; and
transmitting the third watermarked segment to the computer readable storage medium.
-
-
38. A method as in claim 35, further including:
-
retrieving the first watermarked segment and the second watermarked segment from the computer readable storage medium;
decompressing the first watermarked segment and the second watermarked segment;
detecting the second watermark;
extracting the first signature from the second watermark; and
using the first signature to verify the authenticity of the portion of the decompressed first watermarked segment to which the first signature corresponds.
-
-
39. A method as in claim 35, further including:
inserting a strong watermark into the data, the strong watermark being operable to facilitate detection of removal of the first or second watermarks.
-
40. A method for managing at least one use of a file of electronic data, the method including:
-
(a) receiving a request to use the file in a predefined manner;
(b) searching the file for a signature-containing watermark;
(c) if the signature-containing watermark is found, extracting a digital signature from the signature-containing watermark;
(i) performing an authenticity check on at least a portion of the file using the digital signature;
(ii) granting the request to use the file in the predefined manner if the authenticity check is successful;
(d) if the signature-containing watermark is not found, searching the file for a predefined watermark; and
(e) if the predefined watermark is found, denying the request to use the file in the predefined manner. - View Dependent Claims (41)
-
-
42. A method for managing at least one use of a file of electronic data, the method including:
-
receiving a request to use the file in a predefined manner;
retrieving at least one digital signature and at least one check value associated with the file;
verifying the authenticity of the at least one check value using the digital signature;
verifying the authenticity of at least a portion of the file using the at least one check value; and
granting the request to use the file in the predefined manner. - View Dependent Claims (43)
hashing at least a portion of the file to obtain a first hash value; and
comparing the first hash value to at least one of the one or more hash values.
-
-
44. A method for managing the use of a file of electronic data by one or more consumers, the method including:
-
(a) creating an authentication file associated with the file of electronic data;
(b) receiving a request at a first consumer system to use the file of electronic data in a predefined manner;
(c) searching for the authentication file;
(d) if the authentication file is found, using the authentication file to verify the authenticity of at least a portion of the file of electronic data;
(e) if the authentication file is not found, searching the file of electronic data for a predefined watermark; and
(f) granting the request to use the file of electronic data in the predefined manner. - View Dependent Claims (45, 46)
(a)(i) storing the authentication file at a networked server;
(b)(ii) sending a request for the authentication file to the networked server.
-
-
46. A method as in claim 44, in which the authentication file comprises at least one digital signature and one or more hash values.
Specification