Passive and active software objects containing bore resistant watermarking
First Claim
1. Apparatus for a imparting resistance to a given software object against break-once-run-everywhere (BORE) attacks, the apparatus comprising:
- a computer having;
a processor; and
a memory having computer executable instructions stored therein; and
wherein the processor, in response to the stored executable instructions;
produces, in response to a random seed value and through a pseudo-random number generator, a sequence of n pseudo-random watermark keys, wherein each watermark key defines a pointer to a specific one location in a software object at which a corresponding one of n watermarks is to be embedded into the object so as to define a plurality of specific locations; and
embeds each one of the n watermarks into the object, at a corresponding one of the plurality of specific locations in the software object specified by a different corresponding one of the watermark keys so as to yield a watermarked object having resistance to BORE attacks.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for imparting substantial break-once-run-everywhere (BORE) resistance to passive and active software objects, and for controlling access and use of resulting protected objects by a client computer (400). Specifically, a relatively large number, n, of identical watermarks (1720) are embedded throughout a software object (1700), through use of n different secret watermark keys to form a protected object, with each key defining a pointer to a location in the protected object at which a corresponding watermark appears. Once a user has downloaded a protected object through a client computer, the user transacts with a publisher'"'"'s web server (335) to obtain an electronic license, cryptographically signed by the publisher to an enforcer (600, 600′) located in that client computer, which specifies rights, which the publisher accords, for accessing and using this object, to this computer and an “expected” value of a parameter contained in the watermarks. The enforcer is equipped with only one of the n watermark keys. Whenever the client computer attempts to access a file containing the protected object, the enforcer examines the object using its secret watermark key. If the object contains a watermark appearing at a location specified by the enforcer'"'"'s watermark key, a digital rights management system (456) executing in a client operating system (454) accesses a license database (570) to determine whether a signed license made to the enforcer and linked, via the publisher'"'"'s cryptographic signature, to this protected object resides in that database. If no such license exists, the enforcer inhibits any further access to the object. Otherwise, the enforcer determines whether: the “expected” parameter value matches an actual value for the same parameter detected in a watermark contained in the object, and the license is signed by the vendor whose identification is embedded in the watermark; and, if so, permits access to the object in accordance with the rights specified in the license.
295 Citations
58 Claims
-
1. Apparatus for a imparting resistance to a given software object against break-once-run-everywhere (BORE) attacks, the apparatus comprising:
-
a computer having;
a processor; and
a memory having computer executable instructions stored therein; and
wherein the processor, in response to the stored executable instructions;
produces, in response to a random seed value and through a pseudo-random number generator, a sequence of n pseudo-random watermark keys, wherein each watermark key defines a pointer to a specific one location in a software object at which a corresponding one of n watermarks is to be embedded into the object so as to define a plurality of specific locations; and
embeds each one of the n watermarks into the object, at a corresponding one of the plurality of specific locations in the software object specified by a different corresponding one of the watermark keys so as to yield a watermarked object having resistance to BORE attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
encrypts the watermarked object using a predefined encryption key so as to yield an encrypted watermarked object; and
supplies the encrypted watermarked object to a entity for subsequent distribution of the encrypted watermarked object to requesting users.
-
-
8. The apparatus in claim 7 wherein the predefined encryption key is a symmetric encryption key.
-
9. The apparatus in claim 7 wherein the processor, in response to the stored instructions, inserts a unique fingerprint value into the watermarked object before the watermarked object is encrypted.
-
10. The apparatus in claim 7 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
11. The apparatus in claim 7 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
12. The apparatus in claim 5 wherein a starting location of each one of the watermarks, as defined by the corresponding one of the watermark keys, is relative to either the physical size of the software object or a time period required to fully play the software object, or, in the case of a software object comprising an image frame, a starting frequency value, in a frequency domain of the frame, at which the one watermark is embedded.
-
13. The apparatus in claim 2 wherein the watermark comprises a predefined number of bits, wherein each bit is embedded, through use of a pseudo-random sequence, to provide predefined variations, as defined by the sequence, in a predefined succession of pixel values occurring in an image frame.
-
14. The apparatus in claim 13 wherein the specific one location is a starting location.
-
15. The apparatus in claim 13 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
16. The apparatus in claim 13 in which the variations, as specified by the marking sequence, correspond to one value of a watermark bit, and opposite variations are used to correspond to an opposite value of the watermark bit.
-
17. The apparatus in claim 13 wherein the processor, in response to the stored instructions, applies the watermark key as a seed to a pseudo-random number generator so as to yield a pseudo-random physical address of a pixel in an image at which a corresponding watermark is to start.
-
18. The apparatus in claim 17 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
19. The apparatus in claim 2 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
20. The apparatus in claim 19 wherein the specific one location is a starting location.
-
21. The apparatus in claim 19 wherein each one of the n watermarks embedded in the software object is at least 20-bits in length.
-
22. The apparatus in claim 19 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
23. The apparatus in claim 19 wherein, for an active software object, the watermark comprises a predefined instance of executable code which, given a watermark key, calculates a value of the corresponding one watermark, wherein the executable code instance, in terms of its execution flow, is inserted into the execution flow of the software object.
-
24. The apparatus in claim 19 wherein a separate instance of execution code is inserted for each of the n watermark keys.
-
25. The apparatus in claim 19 wherein the watermark value comprises a concatenation of an identifier associated with a publisher of the software object and an identifier associated with the software object.
-
26. A method, implemented in a computer system, for a imparting resistance to a given software object against break-once-run-everywhere (BORE) attacks, the system having a processor;
- and a memory having computer executable instructions stored therein;
wherein the method comprises the steps, performed by the processor and in response to the stored executable instructions, of;producing, in response to a random seed value and through a pseudo-random number generator, a sequence of n pseudo-random watermark keys, wherein each watermark key defines a pointer to a specific one location in a software object at which a corresponding one of n watermarks is to be embedded into the object so as to define a plurality of specific locations; and
embedding each one of the n watermarks, into the object, at a corresponding one of the plurality of specific locations in the software object specified by a different corresponding one of the watermark keys so as to yield a watermarked object having resistance to BORE attacks. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
encrypting the watermarked object using a predefined encryption key so as to yield an encrypted watermarked object; and
supplying the encrypted watermarked object to a entity for subsequent distribution of the encrypted watermarked object to requesting users.
- and a memory having computer executable instructions stored therein;
-
33. The method in claim 32 wherein the predefined encryption key is a symmetric encryption key.
-
34. The method in claim 32 further comprising the step of inserting a unique fingerprint value into the watermarked object before the watermarked object is encrypted.
-
35. The method in claim 32 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
36. The method in claim 32 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
37. The method in claim 30 wherein a starting location of each one of the watermarks, as defined by the corresponding one of the watermark keys, is relative to either the physical size of the software object or a time period required to fully play the software object, or, in the case of a software object comprising an image frame, a starting frequency value, in a frequency domain of the frame, at which the one watermark is embedded.
-
38. The method in claim 27 wherein the watermark comprises a predefined number of bits, wherein each bit is embedded, through use of a pseudo-random marking sequence, to provide predefined variations, as defined by the sequence, in a predefined succession of pixel values occurring in an image frame.
-
39. The method in claim 38 wherein the specific one location is a starting location.
-
40. The method in claim 38 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
41. The method in claim 38 in which the variations, as specified by the marking sequence, correspond to one value of a watermark bit, and opposite variations are used to correspond to an opposite value of the watermark bit.
-
42. The method in claim 38 further comprising the step of applying the watermark key as a seed to a pseudo-random number generator so as to yield a pseudo-random physical address of a pixel in an image at which a corresponding watermark is to start.
-
43. The method in claim 42 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
44. The method in claim 27 wherein the n watermark keys are used in watermarking a plurality of different software objects.
-
45. The method in claim 44 wherein the specific one location is a starting location.
-
46. The method in claim 44 wherein each one of the n watermarks embedded in the software object is at least 20-bits in length.
-
47. The method in claim 44 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
48. The method in claim 44 wherein, for an active software object, the watermark comprises a predefined instance of executable code which, given a watermark key, calculates a value of the corresponding one watermark, wherein the executable code instance, in terms of its execution flow, is inserted into the execution flow of the software object.
-
49. The method in claim 44 wherein a separate instance of execution code is inserted for each of the n watermark keys.
-
50. The method in claim 44 wherein the watermark value comprises a concatenation of an identifier associated with a publisher of the software object and an identifier associated with the software object.
-
51. A computer readable medium having computer executable instructions stored therein for performing the steps of claim 26.
-
52. A software object having a plurality of embedded watermarks and generated by a computer system, the system having a processor and a memory, the memory having computer executable instructions stored therein, characterized by the code having being produced by the steps, implemented by the processor in response to the executable instructions, recited in claim 26.
-
53. The object in claim 52 wherein the software object is either a passive or active object, the passive object comprising content and the active object comprising executable code.
-
54. The object in claim 53 wherein the specific one location is a starting location.
-
55. The object in claim 53 wherein all of the plurality of said watermarks embedded in the software object contain an identical watermark value.
-
56. The object in claim 53 wherein the object is encrypted using a predefined encryption key so as to yield an encrypted watermarked object.
-
57. The object in claim 56 further comprising a unique fingerprint value that has been inserted after the object has been watermarked but before it is encrypted.
-
58. The object in claim 56 wherein the predefined encryption key is a symmetric encryption key.
Specification